Dec 28, 2023 at 4:50 PM

Zero-day authentication bypass vulnerability discovered in Apache OFBiz ERP system

The SonicWall threat research team has uncovered a zero-day authentication bypass vulnerability in Apache OFBiz, an open-source Enterprise Resource Planning (ERP) system. The vulnerability, tagged as CVE-2023-51467, holds a CVSS score of 9.8, indicating a high severity level.

The implications of this flaw could be significant if exploited by threat actors. The research indicates that it could lead to the disclosure of sensitive data or even grant the ability to execute arbitrary code.

Following this discovery, SonicWall has informed Apache OFBiz about the vulnerability, providing them with advanced notice to develop and deploy patches or other mitigation strategies.

For those utilizing Apache OFBiz, it is crucial to update to version 18.12.11 or later immediately to protect against potential exploitation of this vulnerability.

Dec 28, 2023 by Paul

MORE ABOUT: #CRM Systems #Apache OFBiz

Apache OFBiz

CRM System
Free
Open Source

Apache OFBiz is an open-source enterprise automation software project, licensed under the Apache License Version 2.0. It encompasses Open Source ERP (Enterprise Resource Planning) and CRM (Customer Relationship Management) functionalities. Rated 5, its primary alternatives include Odoo, ERPNext, and Dolibarr.

External links

SonicWall Discovers Critical Apache OFBiz Zero-day
SonicWall • Official source
Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack
The Hacker News
Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467)
Qualys

No comments so far, maybe you want to be first?