all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Critical Apache OFBiz Zero-day Flaw Exploited in the Wild

Add to bookmarks
Jan. 10, 2024, 6:51 a.m. | Dhivya

Cyber Security News cybersecuritynews.com

Researchers uncovered a critical authentication bypass zero-day flaw tracked as CVE-2023-51467, with a CVSS score of 9.8 affecting Apache OFBiz’s open-source enterprise resource planning (ERP) system. The vulnerability allows attackers to bypass simple Server-Side Request Forgery (SSRF) authentication. The pre-authenticated RCE vulnerability tracked as CVE-2023-49070 leads to the zero-day SSRF vulnerability CVE-2023-51467 in Apache OFBiz due […]


The post Critical Apache OFBiz Zero-day Flaw Exploited in the Wild appeared first on Cyber Security News.

apache apache ofbiz apache ofbiz zero-day attackers authentication authentication bypass bypass critical cve cvss cvss score enterprise erp exploited flaw forgery ofbiz planning rce request researchers resource score server server-side request forgery simple ssrf system uncovered vulnerability zero-day zero-day flaw

Visit resource

More from cybersecuritynews.com / Cyber Security News

LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely from … 12 hours ago | cybersecuritynews.com
browser browser security capital dell +24
Path Traversal Vulnerability In Popular Android Apps Let Attackers Overwrite Files 12 hours ago | cybersecuritynews.com
aim android android apps android security +26
ArcaneDoor Hackers Who Exploited Cisco Firewall Zero-Days Linked To China 12 hours ago | cybersecuritynews.com
access actor arcanedoor attacks +36
CISA Warns Of Hackers Actively Attacking GitLab Password Reset Vulnerability 12 hours ago | cybersecuritynews.com
access access control agency alert +28
NCSC Warns of Russian Hackers Attacking Critical National Infrastructure 14 hours ago | cybersecuritynews.com
alignment critical critical national infrastructure cyber +19
New macOS Adload Malware Bypasses Built-in macOS Antivirus Detection 16 hours ago | cybersecuritynews.com
adload antivirus apple authors +13
World Password Day 2024: Create Strong Passwords & Stay Safe Online 20 hours ago | cybersecuritynews.com
accounts cyber cyber security cyber threats +20
Beware! Threat Actors Selling RDP Access on Hacker Forums 20 hours ago | cybersecuritynews.com
access alert communities critical +28
Critical MailCleaner Vulnerabilities Let Attackers Execute arbitrary command 20 hours ago | cybersecuritynews.com
administrator attacker attackers command +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Information Security Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

Principal Security Researcher (Advanced Threat Prevention)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

EWT Infosec | IAM Technical Security Consultant - Manager

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Security Engineering Operations Manager

@ Gusto | San Francisco, CA; Denver, CO; Remote
View on infosec-jobs.com

Network Threat Detection Engineer

@ Meta | Denver, CO | Reston, VA | Menlo Park, CA | Washington, DC
View on infosec-jobs.com
View more jobs