- 334/2023
- Critical
Apache has released security updates to address several vulnerabilities across multiple versions of Apache OFBiz.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and gain access to the affected system by sending a specially crafted request.
Sample of the addressed vulnerabilities:
Apache Pre-authentication Remote Code Execution (CVE-2023-51467):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
It should be highlighted that “CVE-2023-51467” is a zero-day vulnerability that is actively exploited in the wild by many threat actors to deploy their malware.
Vulnerabilities
- CVE-2023-51467
- CVE-2023-50968
- CVE-2023-49070
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.