Critical Apache OFBiz Zero-day Flaw Exploited in the Wild
Researchers uncovered a critical authentication bypass zero-day flaw tracked as CVE-2023-51467, with a CVSS score of 9.8 affecting Apache OFBiz’s open-source enterprise resource planning (ERP) system.
The vulnerability allows attackers to bypass simple Server-Side Request Forgery (SSRF) authentication.
The pre-authenticated RCE vulnerability tracked as CVE-2023-49070 leads to the zero-day SSRF vulnerability CVE-2023-51467 in Apache OFBiz due to an incomplete patch.
“The security measures taken to patch CVE-2023-49070 left the root issue intact, and therefore, the authentication bypass was still present”, the SonicWall threat research team shared with Cyber Security News.
The vulnerability CVE-2023-49070 stems from an outdated, no-longer-maintained XML-RPC component within Apache OFBiz.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
Details of the Zero-Day Flaw That Affects Apache OfBiz
An open-source enterprise resource planning (ERP) system is called Apache OfBiz. Although it might not sound familiar, it is widely installed in well-known applications, including Atlassian’s JIRA, which more than 120K enterprises use.
Because of this, just like with many supply chain libraries, if threat actors take advantage of this vulnerability, the consequences might be severe.
“This flaw could lead to the exposure of sensitive information or even the ability to execute arbitrary code,” researchers said.
The login functionality contains the vulnerability tracked as CVE-2023-51467. Regardless of the username, password, or other arguments in an HTTP request, researchers found that the magic string requirePasswordChange=Y is the primary source of the authentication bypass.
Because of this, the vulnerability was not entirely fixed by removing the XML RPC code.
Affected Version
This vulnerability impacts Apache OFBiz before 18.12.11.
Patch Now
Anyone running Apache OFbiz is urged to update to version 18.12.11 or higher immediately. To identify any active exploitation of this vulnerability, SonicWall has created an IPS signature, IPS: 15949, in addition to the fix.
Try Kelltron’s cost-effective penetration testing services for free to assess and evaluate the security posture of digital systems.
In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters
Noteworthy stories that might have slipped under the radar: cybersecurity funding increases, new laws, and government’s illegal use of smartphone location data.
CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.
The development came after the vulnerabilities – an authentication bypass Read More
The Hacker News | #1 Trusted Cybersecurity News Site