by @jakaba
05 Jan 2024

Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-49070 and CVE-2023-51467)

by @jakaba
05 Jan 2024

Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-49070 and CVE-2023-51467)

CVEs

9.8 Critical Severity
9.8 Critical Severity

Apps

O
OfbizApache
18.12.09.*
18.12.07.*
18.12.06.*
18.12.05.*
18.12.04.*
18.12.03.*
18.12.02.*
18.12.01.*
17.12.09.*
17.12.08.*

PoC video

Summary

This article explores CVE-2023-51467, a zero-day SSRF vulnerability in Apache OFBiz, arising from an incomplete patch for CVE-2023-49070, a pre-authenticated RCE flaw.

Description

users/photos/clj8b3h1k16g10uoihwvzgsxi.png

@jakaba

74 posts

Total vcoins

64.3K

Social media links

Comments (1)