Apache OFBiz Critical Vulnerability — Fix Now

Home/Security Update, Software Issues/Apache OFBiz Critical Vulnerability — Fix Now

Apache OFBiz Critical Vulnerability — Fix Now

RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI — Patch to the latest version.

CVE-2021-26295 — Apache OFBiz Vulnerability

Apache OFBiz is an open source enterprise resource planning system. OFBiz is an Apache Software Foundation top level project.

Also, It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.


Apache OFBiz has unsafe deserialization prior to 17.12.06. The vulnerability addressed as HIGH severity vulnerability  allow an unauthenticated adversary to remotely seize control of the open-source Enterprise Resource Planning (ERP) system.

However, An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

Specifically, by exploiting this flaw — to insert arbitrary code a malicious party can tamper with serialized data that, when deserialized, can potentially result in remote code execution.

Vulnerable Platforms:

The versions affected due to this vulnerability — OFBiz versions prior to 17.12.06

Security Recommendation:

Importantly, To mitigate the risk associated with the flaw it’s recommended to upgrade Apache OFBiz to the latest version (17.12.06)

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2021-03-22T22:16:59+05:30 March 22nd, 2021|Security Update, Software Issues|

About the Author:

FirstHackersNews- Identifies Security

One Comment

  1. zortilonrel April 17, 2021 at 7:29 am - Reply

    There is obviously a bunch to know about this. I consider you made some nice points in features also.

Leave A Comment

Subscribe to our newsletter to receive security tips everday!