New critical Apache OFBiz vulnerability patched as older flaw is actively exploited
- by nlqip
It’s unclear how many enterprises employ Apache OFBiz as many organizations might use it internally, but based on public data known users include large organizations such as IBM, HP, Accenture, United Airlines, Home Depot, and Upwork. Some third-party commercial applications, such as Atlassian JIRA, also use OFBiz modules. The project is used globally and across many industries, but over 40% of known users are based in the US.
The Open Web Application Security Project (OWASP) recently updated its list of top 10 open source security risks for enterprises, with known vulnerabilities topping the list.
New flaw found by analyzing previous one
The new flaw is located in the override view functionality and allows unauthenticated attackers to access sensitive and restricted endpoints using specially crafted requests. This can pave the way for remote code execution.
Source link
lol
It’s unclear how many enterprises employ Apache OFBiz as many organizations might use it internally, but based on public data known users include large organizations such as IBM, HP, Accenture, United Airlines, Home Depot, and Upwork. Some third-party commercial applications, such as Atlassian JIRA, also use OFBiz modules. The project is used globally and across…
Recent Posts
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues
- Microsoft Exchange adds warning to emails abusing spoofing flaw
- Fortinet Releases Security Updates for Multiple Products | CISA
- D-Link won’t fix critical bug in 60,000 exposed EoL modems
- Stellar Startup Cloud Vendors To Know In 2024