Pre-auth RCE in Apache Ofbiz Prior to 18.12.10 Due to XML-RPC No Longer Maintained
Key Information
- Vendor
- Apache
- Status
- Apache Ofbiz
- Vendor
- CVE Published:
- 5 December 2023
Badges
Summary
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10
Affected Version(s)
Apache OFBiz <= 0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Critical Apache OFBiz Vulnerability in Attacker Crosshairs
Shadowserver sees possible in-the-wild exploitation of a critical Apache OFBiz vulnerability tracked as CVE-2023-49070.
9 months ago
Authentication bypass likely with new critical Apache OFBiz zero-day
Threat actors could evade authentication protections in Apache's OFBiz enterprise resource planning system by abusing a novel critical zero-day flaw, tracked as CVE-2023-51467, reports The Hacker News.
9 months ago
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers
A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits.
9 months ago
EPSS Score
84% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by The Hacker News
Vulnerability published.
Vulnerability Reserved.