Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - 20240103001

Overview

The WA SOC has been made aware of a critical Apache OFBiz pre-authentication remote code execution (RCE) vulnerability is being actively exploited using public proof of concept (PoC) exploit(s). The vulnerability could potentially enable attackers to elevate their privileges without authentication, perform arbitrary code execution, and access sensitive information.

What is the vulnerability?

CVE ID	Description
CVE-2023-51467	The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)
CVE-2023-49070	Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10

What is vulnerable?

The vulnerability affects the following products:

• Apache OFBiz versions prior to 18.12.11

What has been observed?

This vulnerability is being actively exploited using public proof of concept (PoC) exploits. The WASOC is not aware of any active exploitation of WA Government infrastructure at this time.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• It is highly recommended to upgrade Apache OFBiz to version 18.12.11 as soon as possible.

Additional References

• Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers (bleepingcomputer.com)
• SonicWall Discovers Critical Apache OFBiz Zero-day -AuthBiz | SonicWall
• [OFBIZ-12812] [SECURITY] Remove deprecated Apache XML-RPC related code (CVE-2023-49070) - ASF JIRA