Critical Authentication Vulnerabilities in Apache OFBiz Require Immediate Attention
CVE-2023-51467 Discovered and Disclosed
A critical authentication bypass vulnerability, tracked as CVE-2023-51467, has been discovered in Apache OFBiz, an open-source enterprise resource planning (ERP) and customer relationship management (CRM) platform. This vulnerability has a CVSS score of 9.8, indicating its severe impact.
Vulnerability Details
The vulnerability allows attackers to bypass authentication and gain unauthorized access to sensitive information and functionality within Apache OFBiz installations. This could enable attackers to compromise user accounts, steal data, modify or delete records, and disrupt the availability of the application.
Security experts are strongly advising organizations using Apache OFBiz to apply the latest update (version 18.01.07) immediately to mitigate this vulnerability.
Comments