New critical Apache OFBiz vulnerability patched as older flaw is actively exploited
- by nlqip
It’s unclear how many enterprises employ Apache OFBiz as many organizations might use it internally, but based on public data known users include large organizations such as IBM, HP, Accenture, United Airlines, Home Depot, and Upwork. Some third-party commercial applications, such as Atlassian JIRA, also use OFBiz modules. The project is used globally and across many industries, but over 40% of known users are based in the US.
The Open Web Application Security Project (OWASP) recently updated its list of top 10 open source security risks for enterprises, with known vulnerabilities topping the list.
New flaw found by analyzing previous one
The new flaw is located in the override view functionality and allows unauthenticated attackers to access sensitive and restricted endpoints using specially crafted requests. This can pave the way for remote code execution.
Source link
lol
It’s unclear how many enterprises employ Apache OFBiz as many organizations might use it internally, but based on public data known users include large organizations such as IBM, HP, Accenture, United Airlines, Home Depot, and Upwork. Some third-party commercial applications, such as Atlassian JIRA, also use OFBiz modules. The project is used globally and across…
Recent Posts
- Windows 10 KB5046714 update fixes bug preventing app uninstalls
- Eight Key Takeaways From Kyndryl’s First Investor Day
- QNAP pulls buggy QTS firmware causing widespread NAS issues
- N-able Exec: ‘Cybersecurity And Compliance Are A Team Sport’
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’