CVE-2023-51467: Apache OFBiz Pre-Authentication RCE Vulnerability

Apache OFBiz is an open-source product for the automation of enterprise processes. It includes framework components and business applications for ERP, CRM, E-Business/E-Commerce, Supply Chain Management, and Manufacturing Resource Planning. OFBiz provides a foundation and starting point for reliable, secure, and scalable enterprise solutions. Two recent vulnerabilities in Apache OFBiz have put its users on high alert.

CVE-2023-50968: Arbitrary file properties reading and SSRF attack

Tagged with an ‘important‘ severity rating, CVE-2023-50968 exposes a chink in Apache OFBiz’s armor, allowing unauthorized reading of file properties and facilitating Server-Side Request Forgery (SSRF) attacks. This vulnerability is particularly insidious because it operates through a seemingly innocuous avenue: a URI call lacking proper authorizations.

The implications are significant. An attacker exploiting this vulnerability could gain insights into the system’s internal workings, potentially leading to more severe breaches. Credit for unmasking this threat goes to security researcher Yun Peng, whose efforts have been instrumental in identifying and mitigating this risk.

Affected versions of OFBiz include all releases up to 18.12.10. Users are advised to upgrade to version 18.12.11 to secure their systems against this vulnerability.

CVE-2023-51467: Pre-authentication Remote Code Execution (RCE) vulnerability

More alarming is CVE-2023-51467, classified as ‘critical.’ This vulnerability enables pre-authentication remote code execution (RCE), allowing attackers to bypass authentication mechanisms and directly perform SSRF attacks. The gravity of this threat cannot be overstated, as it gives attackers the potential to seize control of affected systems remotely.

This vulnerability was brought to light by the collaborative efforts of Hasib Vhora, a senior threat researcher at SonicWall, alongside Gao Tian and L0ne1y.

All versions of Apache OFBiz prior to 18.12.11 are vulnerable to this exploit. An immediate update to version 18.12.11 is strongly recommended to close this security loophole.

Key Takeaways for Users and Enterprises:

1. Regular Updates: Always keep software updated to the latest version to ensure security patches are in place.

2. Vigilance: Stay informed about potential vulnerabilities in the software your enterprise uses.

3. Collaboration: Leverage the cybersecurity community’s collective knowledge to enhance your security posture.

4. Comprehensive Security Strategies: Employ a multi-layered security approach, including firewalls, intrusion detection systems, and regular security audits.