Skip to main content
close search
site logo
Dive Brief

Apache OFBiz critical CVE leads to surge in exploitation attempts

A patch for a prior vulnerability failed to resolve the root cause of an issue, leading to additional threat activity.

Published Jan. 5, 2024
David Jones's headshot
Reporter
Threat actor views data file
iStock / Getty Images Plus via Getty Images

Dive Brief:

  • A critical vulnerability in Apache OFBiz was hit with a surge in exploitation attempts in recent weeks, which could allow attackers to take control of affected systems and launch supply chain attacks, according to researchers from SonicWall
  • Apache OFBiz is an open source enterprise resource system that is used in a wide range of software, including Atlassian Jira, which is used by more than 120,000 companies. "Jira uses a customized OFBiz Entity Engine that does not implement the vulnerable framework module," a spokesperson for Atlassian told Cybersecurity Dive via email.
  • The authentication bypass vulnerability, listed as CVE-2023-51467, has a CVSS score of 9.8 and could expose sensitive data or allow an unauthenticated attacker to execute arbitrary code.

Dive Insight:

Researchers from SonicWall Capture Labs discovered the vulnerability while conducting research on a prior Apache vulnerability, CVE-2023-49070

A patch designed to fix the prior vulnerability, however, did not fully resolve the issue and the ability to bypass authentication measures still remained. The patch removed XML-RPC code, but allowed the vulnerability to remain. 

“We have seen a large increase in exploitation attempts of this vulnerability since the public release of the information,” said Douglas McKee, executive director of threat research at SonicWall, said via email. 

Late last month, researchers from Shadowserver said they observed scanning using a published proof of concept for CVE-2023-49070, which began in early December.

SonicWall said Apache OfBiz users should immediately upgrade to at least version 18.12.11. Researchers have also developed an IPS signature — IPS:15949 — to detect active exploitation activity for the vulnerability.

The Apache Security Response Team has no first hand information about exploitation activity, but it is urging companies to assess the potential impact and immediately upgrade to the new version. 

Users should also employ best practices, including only exposing the system to users that need it and employing a regular update regime, according to a spokesperson.

Editor’s note: This article has been updated to include a statement from Atlassian. 

 

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell