by vicarius
log in join community
by @jakaba
05 Jan 2024
#cve_analysis

Write a blog analysis for a CVE

publish

Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-49070 and CVE-2023-51467)

by @jakaba
by @jakaba
05 Jan 2024
#cve_analysis

Write a blog analysis for a CVE

publish

Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-49070 and CVE-2023-51467)

CVEs

CVE-2023-49070
N/A Severity
CVE-2023-51467
9.8 Critical Severity

Apps

O
OfbizApache
18.12.09.*
18.12.07.*
18.12.06.*
18.12.05.*
18.12.04.*
18.12.03.*
18.12.02.*
18.12.01.*
17.12.09.*
17.12.08.*

Screenshots from the blog posts

images/clqwgfnd36xgx1gon16mn3s78.pngimages/clqwgfnd36xgx1gon16mn3s78.png

PoC video

Summary

This article explores CVE-2023-51467, a zero-day SSRF vulnerability in Apache OFBiz, arising from an incomplete patch for CVE-2023-49070, a pre-authenticated RCE flaw.

Description

Tags

#RCE#exposed_to_RCE_attack#APACHE#trending#OFBiz#SSRF
users/photos/clj8b3h1k16g10uoihwvzgsxi.png

@jakaba

46 posts

Total vcoins

42.5K

Social media links

Comments (1)