Brother
Professional
- Messages
- 2,590
- Reaction score
- 483
- Points
- 83
The Apache OFBiz RCE vulnerability can cost businesses and reputations.
SonicWall has recorded thousands of daily attempts to exploit Apache OFBiz zero-day vulnerabilities for almost two weeks. The flaw was first made public on December 26, after which the number of exploitation attempts increased significantly.
Experts confirmed that the number of attacks remained stable since the beginning of 2024. Users of the Apache Software Foundation framework, which includes applications for automating business processes and other functions designed for enterprises, are advised to immediately update to OFBiz version 18.12.11. The update fixes both the specified vulnerability and the second, equally dangerous problem.
Vulnerability CVE-2023-51467 (CVSS score: 9.8), discovered in late December, is an authentication bypass error that allows an attacker to bypass authentication processes and execute arbitrary code on a remote device, which can lead to access to confidential information.
The researchers discovered the problem while analyzing the root cause of another, separate Remote Code Execution (RCE) authentication bypass vulnerability, designated as CVE-2023-49070 (CVSS score: 9.8).
Apache's fix for the second vulnerability was to remove the code for the XML-RPC API, which is no longer supported. However, additional analysis from SonicWall revealed that the root cause lies in the login function. The failure to fix the root cause of CVE-2023-49070 resulted in the authentication bypass vulnerability, which is currently widely used, still remaining in OFBiz.
It is noted that Apache OFBiz is used by a large number of users. For example, Atlassian Jira alone is used by more than 120,000 companies. However, Atlassian customer support stated that their Jira implementation is not vulnerable.
SonicWall researchers have developed two Proof-of-Concept (PoC) exploits that demonstrate the possibility of exploiting the vulnerability. The main reason for the exploit is that authentication bypass is caused by unexpected behavior when setting the requirePasswordChange parameter of the login function to the value" Y " in the URI. The Apache OFBiz team quickly fixed the issue, and the SonicWall PoC exploits applied to the patched version (18.12.11) no longer worked.
SonicWall has recorded thousands of daily attempts to exploit Apache OFBiz zero-day vulnerabilities for almost two weeks. The flaw was first made public on December 26, after which the number of exploitation attempts increased significantly.
Experts confirmed that the number of attacks remained stable since the beginning of 2024. Users of the Apache Software Foundation framework, which includes applications for automating business processes and other functions designed for enterprises, are advised to immediately update to OFBiz version 18.12.11. The update fixes both the specified vulnerability and the second, equally dangerous problem.
Vulnerability CVE-2023-51467 (CVSS score: 9.8), discovered in late December, is an authentication bypass error that allows an attacker to bypass authentication processes and execute arbitrary code on a remote device, which can lead to access to confidential information.
The researchers discovered the problem while analyzing the root cause of another, separate Remote Code Execution (RCE) authentication bypass vulnerability, designated as CVE-2023-49070 (CVSS score: 9.8).
Apache's fix for the second vulnerability was to remove the code for the XML-RPC API, which is no longer supported. However, additional analysis from SonicWall revealed that the root cause lies in the login function. The failure to fix the root cause of CVE-2023-49070 resulted in the authentication bypass vulnerability, which is currently widely used, still remaining in OFBiz.
It is noted that Apache OFBiz is used by a large number of users. For example, Atlassian Jira alone is used by more than 120,000 companies. However, Atlassian customer support stated that their Jira implementation is not vulnerable.
SonicWall researchers have developed two Proof-of-Concept (PoC) exploits that demonstrate the possibility of exploiting the vulnerability. The main reason for the exploit is that authentication bypass is caused by unexpected behavior when setting the requirePasswordChange parameter of the login function to the value" Y " in the URI. The Apache OFBiz team quickly fixed the issue, and the SonicWall PoC exploits applied to the patched version (18.12.11) no longer worked.
