New critical Apache OFBiz vulnerability patched as older flaw is actively exploited
- by nlqip
It’s unclear how many enterprises employ Apache OFBiz as many organizations might use it internally, but based on public data known users include large organizations such as IBM, HP, Accenture, United Airlines, Home Depot, and Upwork. Some third-party commercial applications, such as Atlassian JIRA, also use OFBiz modules. The project is used globally and across many industries, but over 40% of known users are based in the US.
The Open Web Application Security Project (OWASP) recently updated its list of top 10 open source security risks for enterprises, with known vulnerabilities topping the list.
New flaw found by analyzing previous one
The new flaw is located in the override view functionality and allows unauthenticated attackers to access sensitive and restricted endpoints using specially crafted requests. This can pave the way for remote code execution.
Source link
lol
It’s unclear how many enterprises employ Apache OFBiz as many organizations might use it internally, but based on public data known users include large organizations such as IBM, HP, Accenture, United Airlines, Home Depot, and Upwork. Some third-party commercial applications, such as Atlassian JIRA, also use OFBiz modules. The project is used globally and across…
Recent Posts
- Google says “Enhanced protection” feature in Chrome now uses AI
- Scammers target UK senior citizens with Winter Fuel Payment texts
- Malicious PyPI package with 37,000 downloads steals AWS keys
- Microsoft says recent Windows 11 updates break SSH connections
- Hands on with AI features in Windows 11 Paint and Notepad