Remote Code Execution Vulnerability in Apache Struts

CVE-2023-51467

9.8CRITICAL

Key Information

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 26 December 2023

Badges

😄 Trended👾 Exploit Exists🔴 Public PoC🟡 EPSS 65%📰 News Worthy

Summary

The vulnerability CVE-2023-51467 allows attackers to bypass authentication processes in the Apache OFBiz open source enterprise resource planning (ERP) system, enabling them to remotely execute arbitrary code, and potentially gain server-side request forgery (SSRF) access in the backend interface. This vulnerability was discovered by SonicWall during a root cause analysis of another OFBiz bug, CVE-2023-49070. Exploits for this vulnerability have been used to execute arbitrary code on impacted hosts, and attempts have been made to exploit it in the wild. To mitigate the risk, Apache OFBiz developers have released version 18.12.11 to patch the vulnerability and urged users to update. The security firm SonicWall also disclosed technical details of the vulnerability, and indicators of in-the-wild exploitation have been reported. The vulnerability impacts Apache OFBiz versions 18.12.10 and earlier, and a security announcement was made to recommend upgrading to the unaffected version, Apache OFBiz 18.12.11, or applying protective measures to restrict access to the affected system. It has also been reported that other critical vulnerabilities in Apache software have been targeted by threat actors, indicating a broader trend of exploitation of Apache software vulnerabilities in recent times.

Affected Version(s)

Apache OFBiz < 18.12.11

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Apache-OFBiz-Authentication-Bypass
Created by jakabakos

CVE-2023-51467-Exploit
Created by JaneMandy

CVE-2023-51467-EXPLOIT
Created by K3ysTr0K3R

News Articles

The Hacker News

CVE-2023-51467

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Researchers expose critical flaw in Apache OFBiz, CVE-2023-51467, enabling stealthy memory-resident attacks

10 months ago

SecurityWeek

CVE-2023-49070CVE-2023-51467

Critical Apache OFBiz Vulnerability in Attacker Crosshairs

Shadowserver sees possible in-the-wild exploitation of a critical Apache OFBiz vulnerability tracked as CVE-2023-49070.

11 months ago

SC Magazine

CVE-2023-51467CVE-2023-49070

Authentication bypass likely with new critical Apache OFBiz zero-day

Threat actors could evade authentication protections in Apache's OFBiz enterprise resource planning system by abusing a novel critical zero-day flaw, tracked as CVE-2023-51467, reports The Hacker News.

11 months ago

EPSS Score

65% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit exists.
Aug 19, 2024
Vulnerability started trending.
Jan 9, 2024
First article discovered by Security Boulevard
Dec 27, 2023
Vulnerability published.
Dec 26, 2023
Vulnerability Reserved.
Dec 20, 2023

Collectors

NVD DatabaseMitre Database6 Proof of Concept(s)6 News Article(s)

Credit

Hasib Vhora, Senior Threat Researcher, SonicWall

Gao Tian

L0ne1y