22 Mar, 2021

OFBiz RCE Vulnerability

OFBiz RCE Vulnerability

Apache OFBiz, a Java-based web framework, is an enterprise resource planning (ERP) system. It offers a suite of enterprise applications that integrate and automate a business's many business processes. It is an open source ERP system that can be used in every industry.

Apache has released the high severity CVE-2021-26295 vulnerability on OFBiz that could allow an unauthenticated attacker to remotely take control of the ERP system. OFBiz affects all versions prior to 17.12.06 and allows unauthorized remote code execution. OFBiz is a Java-based web framework for automating enterprise processes and offers wide usage including accounting, customer relationship management, manufacturing operations management, order management, supply chain fulfillment and warehouse management system, among others. By exploiting the flaw, a malicious party could tamper with serialized data, adding code that, when deserialized, could potentially cause remote code execution.

Update https://ofbiz.apache.org/download.html we can do it at.

 

Source:

https://ofbiz.apache.org/download.html#vulnerabilities

https://issues.apache.org/jira/browse/OFBIZ-12167

https://seclists.org/oss-sec/2021/q1/255


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram