top of page
  • Clipeus

Apache OfBiz Critical Vulnerability


SonicWall discovered an authentication bypass vulnerability - tracked as CVE-2023-51467 - impacting the open source framework Apache OfBiz. The flaw affects versions prior to 18.12.10 and has been fixed in the subsequent version 18.12.11.


The vulnerability enables a potential malicious attacker to send to the targeted server an HTTP request with empty parameters for username and password, leading to a successful authentication. While there is not a this stage an official CVSS score on the NIST National Vulnerability Database, the severity has been assessed at a critical level with SonicWall providing a 9.8 score.


Ramifications of a potential exploitation are diverse, including server side request forgery.

Comments


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page