Apache OFBiz Critical Vulnerability — Fix Now

Home/Security Update, Software Issues/Apache OFBiz Critical Vulnerability — Fix Now

Apache OFBiz Critical Vulnerability — Fix Now

RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI — Patch to the latest version.

CVE-2021-26295 — Apache OFBiz Vulnerability

Apache OFBiz is an open source enterprise resource planning system. OFBiz is an Apache Software Foundation top level project.

Also, It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.

Description:

Apache OFBiz has unsafe deserialization prior to 17.12.06. The vulnerability addressed as HIGH severity vulnerability  allow an unauthenticated adversary to remotely seize control of the open-source Enterprise Resource Planning (ERP) system.

However, An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

Specifically, by exploiting this flaw — to insert arbitrary code a malicious party can tamper with serialized data that, when deserialized, can potentially result in remote code execution.

Vulnerable Platforms:

The versions affected due to this vulnerability — OFBiz versions prior to 17.12.06

Security Recommendation:

Importantly, To mitigate the risk associated with the flaw it’s recommended to upgrade Apache OFBiz to the latest version (17.12.06)

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2021-03-22T22:16:59+05:30 March 22nd, 2021|Security Update, Software Issues|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!