What has been reported a week after the discovery of a critical issue in Apache OFBiz?

SonicWall researchers have detected a significant increase in exploitation attempts following the report of a critical issue in the Apache OFBiz platform.

What is Apache OFBiz, and how is it related to Atlassian's Jira software?

Apache OFBiz is an extensively utilized open source enterprise resource planning (ERP) system that is incorporated into Atlassian's Jira software, a tool used by over 120,000 organizations.

What are the implications of the security issue tracked as CVE-2023-51467?

The security issue tracked as CVE-2023-51467 could enable data exposure and unauthorized code execution by attackers without authentication.

What are Apache OFBiz users advised to do in light of this security issue?

Apache OFBiz users are urgently advised to update to version 18.12.11 or later and to enhance security by following best practices such as limiting system exposure and maintaining a consistent update schedule.

Attack

Week after repored critical issue, Apache OFBiz actively attacked

published: Jan. 6, 2024

Take action: This is now an urgent action: If you are using Apache OfBiz, lock down access from the internet, then patch ASAP. Automated attacks have already started. Do your part not to get hacked.

Learn More

A week after the report of a critical issue in Apache OFBiz platform, SonicWall researchers have detected significant increase in exploitation attempts.

Apache OFBiz is an extensively utilized open source ERP, which is also incorporated into Atlassian's Jira software, a tool employed by over 120,000 organizations.

Atlassian has clarified that Jira’s custom OFBiz Entity Engine does not use the vulnerable module.

The security issue, tracked as CVE-2023-51467 enabled data exposure and unauthorized code execution by attackers without authentication.

Apache OFBiz users are urgently advised to update to version 18.12.11 or later. o enhance security, users are recommended to follow best practices such as limiting system exposure and maintaining a consistent update schedule.

Update - Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz to execute a memory-resident payload.

Week after repored critical issue, Apache OFBiz actively attacked

Read More
Zimbra Collaboration Suite flaw actively exploited with stored …
Critical RCE Vulnerability Exploited in Legacy D-Link DSL …
Phishing campaign targeting developers via GitHub uses OAuth …
Samsung makes a second patch for actively exploited …
CISA reports active exploitation of Mitel MiCollab flaws