Apache OFBiz: Arbitrary file properties reading and SSRF attack

CVE-2023-50968

What is CVE-2023-50968?

An arbitrary file properties reading vulnerability exists in Apache OFBiz that allows unauthorized users to execute URI calls without proper access controls. This vulnerability also opens the door to a possible Server-Side Request Forgery (SSRF) attack, enabling unauthenticated users to manipulate requests to internal systems. It is critical for users of affected versions to upgrade to version 18.12.11 to mitigate these security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

Security Boulevard

CVE-2023-50968CVE-2023-51467

Apache OFBiz Arbitrary File Reading and Remote Code Execution Vulnerabilities (CVE-2023-50968/CVE-2023-51467) Alert

Overview Recently, NSFOCUS CERT detected that Apache officially released a security announcement and fixed two high-risk vulnerabilities in Apache Ofbiz. CVE-2023-50968: Due to problems in Apache Software Foundation, unauthorized attackers can read files and carry out SSRF attacks when operating uri...

References