'[oss-security] CVE-2023-51467: Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerab'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2023-51467: Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerab
From:       Deepak Dixit <deepak () apache ! org>
Date:       2023-12-26 12:02:12
Message-ID: 983f05b5-33be-d71b-6798-41a39faa971b () apache ! org
[Download RAW message or body]

Severity: critical

Affected versions:

- Apache OFBiz before 18.12.11

Description:

The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)

This issue is being tracked as OFBIZ-12873 

Credit:

Hasib Vhora, Senior Threat Researcher, SonicWall  (finder)
Gao Tian (finder)
L0ne1y (finder)

References:

https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://ofbiz.apache.org/release-notes-18.12.11.html
https://issues.apache.org/jira/browse/OFBIZ-12873
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-51467
https://issues.apache.org/jira/browse/OFBIZ-12873

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic