Apache OfBiz | Breaking Cybersecurity News | The Hacker News

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid credentials exploit missing view authorization checks in the web application to execute arbitrary code on the server," Rapid7 security researcher Ryan Emmons said in a new report. It's worth noting that CVE-2024-45195 is a bypass for a sequence of issues , CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856, which were addressed by the project maintainers over the past few months. Both CVE-2024-32113 and CVE-2024-38856 have since come under active exploitation in the wild, with the former leveraged to deploy the Mirai botnet malware. Rapid7 said all three older shortcomings stem from the ...

Cybersecurity researchers have  developed  a proof-of-concept (PoC) code that exploits a  recently disclosed critical flaw  in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is  CVE-2023-51467  (CVSS score: 9.8), a bypass for another severe shortcoming in the same software ( CVE-2023-49070 , CVSS score: 9.8) that could be weaponized to circumvent authentication and remotely execute arbitrary code. While it was fixed in  Apache OFbiz version 18.12.11  released last month, threat actors have been observed attempting to exploit the flaw, targeting vulnerable instances. The latest findings from VulnCheck show that CVE-2023-51467 can be exploited to execute a payload directly from memory, leaving little to no traces of malicious activity. Security flaws disclosed in Apache OFBiz (e.g.,  CVE-2020-9496 ) have been  exploited  by threat actors ...

Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker's perspective has never been more important. In this guide, we look at why attack surfaces are growing and how to monitor and manage them properly with  tools like Intruder . Let's dive in. What is your attack surface? First, it's important to understand what we mean when we talk about an attack surface. An attack surface is the sum of your digital assets that are 'reachable' by an attacker – whether they are secure or vulnerable, known or unknown, in active use or not. You can also have both internal and external attack surfaces - imagine for example a malicious email attachment landing in a colleague's inbox, vs a new FTP server being...