all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Apache OFBiz Authentication Bypass (CVE-2023-51467, CVE-2023-49070)

Add to bookmarks
Jan. 18, 2024, 7:30 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is the vulnerability? There is an authentication bypass vulnerability in Apache OFBiz tracked under CVE-2023-51467 and CVE-2023-49070. Successful exploitation would let an attacker circumvent authentication processes, enabling them to remotely execute arbitrary code and access sensitive information. Apache OFBiz is an open-source business application suite for Enterprise Resource Planning (ERP) which integrates and automates many of the business processes across industries.

What is the Vendor Solution?

Customers are advised to upgrade to Apache OFBiz version 18.12.11 to patch these …

access apache apache ofbiz application arbitrary code attacker authentication authentication bypass business bypass bypass vulnerability code cve cve-2023-49070 cve-2023-51467 enterprise erp exploitation information ofbiz planning processes resource sensitive sensitive information under vulnerability what is

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 12 hours ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 2 days, 14 hours ago | fortiguard.fortinet.com
adaptive security advisory april arcanedoor +22
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 2 days, 14 hours ago | fortiguard.fortinet.com
access advisory akira akira ransomware +17
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 1 week, 4 days ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 3 weeks, 2 days ago | fortiguard.fortinet.com
attack code compression cve +25
Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256) 4 weeks, 2 days ago | fortiguard.fortinet.com
access attacker code code execution +25
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) 1 month ago | fortiguard.fortinet.com
access application application developers attackers +31
Kimsuky Malware Attack 1 month ago | fortiguard.fortinet.com
attack cyber entities espionage +15
JetBrains TeamCity Authentication Bypass Vulnerabilities (CVE-2024-27198, CVE-2024-27199) 1 month, 1 week ago | fortiguard.fortinet.com
attacker authentication authentication bypass bypass +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Data & Security Engineer Lead

@ LiquidX | Singapore, Central Singapore, Singapore
View on infosec-jobs.com

IT and Cyber Risk Control Lead

@ GXS Bank | Singapore - OneNorth
View on infosec-jobs.com

Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Cyber Security Analyst (Weekend 1st Shift)

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com

Senior Manager, Cybersecurity

@ BlueTriton Brands | Stamford, CT, US
View on infosec-jobs.com
View more jobs