Tech »  Topic »  Critical remote code execution flaw in Apache OFBiz patched

Critical remote code execution flaw in Apache OFBiz patched


(Image credit: Passwork)

Apache released a patch for a critical severity vulnerability in its OFBiz software. The bug is an arbitrary code execution flaw, allowing threat actors to run any code on either Windows, or Linux servers.

Apache OFBiz (short for Open For Business) is an open-source enterprise resource planning (ERP) system that provides a suite of applications designed to automate and manage a wide range of business processes. It offers a comprehensive platform for businesses to handle operations such as customer relationship management (CRM), supply chain management, inventory management, accounting, e-commerce, and more.

According to cybersecurity researchers Rapid7, the bug stems from a forced browsing weakness that exposes restricted paths to unauthenticated direct request attacks. "An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server," the researchers explained.

Mitigations and fixes

The vulnerability is now tracked ...


Copyright of this story solely belongs to techradar.com . To see the full text click HERE