Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Apache OFBiz
Alerts

Critical Vulnerability in Apache OFBiz

29 December 2023

Apache has released updates addressing a critical vulnerability (CVE-2023-51467) in their OFBiz Enterprise Resource Planning (ERP) system. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.

Successful exploitation of this authentication bypass vulnerability could allow an attacker to achieve a Server-Side Request Forgery (SSRF) and perform remote code execution.

The vulnerability affects all Apache OFBIZ versions 18.12.10 and earlier.

Users and administrators of affected products are advised to update to the latest product versions immediately.

More information is available here:

https://lists.apache.org/thread/9tmf9qyyhgh6m052rhz7lg9vxn390bdv

https://issues.apache.org/jira/browse/OFBIZ-12873

https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/