all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Apache OFBiz Arbitrary File Reading and Remote Code Execution Vulnerabilities (CVE-2023-50968/CVE-2023-51467) Alert

Add to bookmarks
Dec. 27, 2023, 6:48 a.m. | NSFOCUS

Security Boulevard securityboulevard.com

Overview Recently, NSFOCUS CERT detected that Apache officially released a security announcement and fixed two high-risk vulnerabilities in Apache Ofbiz. CVE-2023-50968: Due to problems in Apache Software Foundation, unauthorized attackers can read files and carry out SSRF attacks when operating uri calls; CVE-2023-51467: Due to a privilege verification logic error in Apache Ofbiz, an attacker […]


The post Apache OFBiz Arbitrary File Reading and Remote Code Execution Vulnerabilities (CVE-2023-50968/CVE-2023-51467) Alert appeared first on NSFOCUS, Inc., a global network and cyber …

alert announcement apache apache software foundation attackers attacks blog cert code code execution cve emergency-response file files foundation high nsfocus privilege problems remote code remote code execution risk security software ssrf uri verification vulnerabilities

Visit resource

More from securityboulevard.com / Security Boulevard

GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW an hour ago | securityboulevard.com
agency analytics & intelligence api security bug +70
Understanding the Link Between API Exposure and Vulnerability Risks 3 hours ago | securityboulevard.com
api apis application security architectures +19
Streamline NIS2 Compliance with Automation 4 hours ago | securityboulevard.com
automation complianc compliance nis2 +4
Cybersecurity Insights with Contrast CISO David Lindner | 5/3/24 5 hours ago | securityboulevard.com
application applications breach ciso +26
A Closer Look at Top 5 Vulnerabilities of April 2024 6 hours ago | securityboulevard.com
april closer critical cybersecurity +15
Insider Risk Digest: April 7 hours ago | securityboulevard.com
breaches cases digest dive +18
CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even … 8 hours ago | securityboulevard.com
big blog cert cisa +12
The Persistent Threat of Path Traversal Vulnerabilities in Software Development 9 hours ago | securityboulevard.com
advice advisory application protection best practices +34
Top 7 VAPT Testing Tools 9 hours ago | securityboulevard.com
applications automated autosect cyber +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Intern, Cyber Security Vulnerability Management

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Compliance - Global Privacy Office - Associate - Bengaluru

@ Goldman Sachs | Bengaluru, Karnataka, India
View on infosec-jobs.com

Cyber Security Engineer (m/w/d) Operational Technology

@ MAN Energy Solutions | Oberhausen, DE, 46145
View on infosec-jobs.com

Armed Security Officer - Hospital

@ Allied Universal | Sun Valley, CA, United States
View on infosec-jobs.com

Governance, Risk and Compliance Officer (Africa)

@ dLocal | Lagos (Remote)
View on infosec-jobs.com

Junior Cloud DevSecOps Network Engineer

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com
View more jobs