🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"🚨 Critical Zero-Day in Apache OFBiz - A Gateway to Confluence Server Exploits 🚨"</p><p>SonicWall's research team has uncovered a critical zero-day vulnerability in Apache OFBiz, a widely-used open-source enterprise resource planning system. The flaw, CVE-2023-49070, enables Pre-auth remote code execution (RCE), posing a severe risk to organizations. Attackers are leveraging this to find and exploit vulnerable Confluence servers. Users of Apache OFBiz are recommended to upgrade to version 18.12.11 as soon as possible. 🎯💻🔥</p><p>This vulnerability, tagged as T1190 (Exploit Public-Facing Application) in the MITRE ATT&CK framework, allows adversaries to execute arbitrary code remotely, potentially leading to full system compromise. </p><p>Stay vigilant and patch immediately! 🛡️🚨</p><p>Sources: <a href="https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/" rel="nofollow noopener" target="_blank">SonicWall Blog</a>, <a href="https://www.bleepingcomputer.com/news/security/apache-ofbiz-rce-flaw-exploited-to-find-vulnerable-confluence-servers/" rel="nofollow noopener" target="_blank">BleepingComputer</a></p><p>Tags: <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/ApacheOFBiz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ApacheOFBiz</span></a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://infosec.exchange/tags/Confluence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Confluence</span></a> <a href="https://infosec.exchange/tags/PatchManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchManagement</span></a> <a href="https://infosec.exchange/tags/VulnerabilityAlert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityAlert</span></a> <a href="https://infosec.exchange/tags/MITREATTACK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MITREATTACK</span></a> <a href="https://infosec.exchange/tags/ExploitPublicFacingApplication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ExploitPublicFacingApplication</span></a> 🌍🛡️💡</p>
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.
Administered by:
Server stats:
482active users
101010.pl: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.5.0-alpha.1
#ApacheOFBiz
0 posts · 0 participants · 0 posts today
heise online (inoffiziell)Die quelloffene Enterprise Resource Planning-Software OFBiz war aus der Ferne angreifbar. Eine abgesicherte Version und ein Patch stehen bereit.<br>
<a href="https://www.heise.de/news/Apache-OFBiz-Update-beseitigt-Remote-Luecke-aus-Open-Source-ERP-Software-5994429.html" rel="nofollow noopener" target="_blank">Apache OFBiz: Update beseitigt Remote-Lücke aus Open-Source-ERP-Software</a>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload