Articles Uncategorized Critical bug fixed in Apache OFBiz

Critical bug fixed in Apache OFBiz

-

The developers of the Apache Software Foundation have fixed a vulnerability in Apache OFBiz that could allow an unauthenticated attacker to remotely take control of a vulnerable open source ERP system (Enterprise Resource Planning).

OFBiz is a Java-based platform designed to automate various corporate processes. The platform offers a wide range of functions including, for example, accounting, customer relationship management, manufacturing operations management, order management, supply chain control and a warehouse management system.

The vulnerability received the identifier  CVE-2021-26295  and affects all versions of OFBiz up to  12/17/06 . The issue is related to insecure deserialization and allows unauthorized remote attackers to directly execute arbitrary code on the server.

The developers explained that an attacker can change the serialized data by injecting arbitrary code into it, as a result, during deserialization, this can lead to remote execution of this code. That is, the bug can be used to fully capture control over Apache OFBiz.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you