SonicWall has detected thousands of daily attempts to exploit a zero-day vulnerability in the Apache OFBiz open source ERP system. The vulnerability, which was first disclosed on December 26, is being actively exploited by attackers. The severity of the vulnerability is near-maximum, and it allows for authentication bypass and remote code execution.
Users of the Apache Software Foundation framework are advised to upgrade to OFBiz version 18.12.11 to patch this vulnerability as well as a second equally serious one. The second vulnerability, tracked as CVE-2023-49070, was found to be caused by an authentication bypass flaw in OFBiz’s login functionality.
Apache released a patch for the ‘070 bug, but further analysis revealed the root cause to be in the login functionality. Failing to patch the root cause left the authentication bypass vulnerability in OFBiz, which is currently under exploitation. Apache OFBiz has a wide install base, with SonicWall noting that organizations like Atlassian’s Jira rely on it. However, Atlassian customer support has confirmed that their products are not vulnerable.
SonicWall researchers have developed test cases to show how exploitation of the vulnerability is possible. They also commended the prompt response and remediation by the Apache OFBiz team. The two test cases developed by SonicWall were used against the patched version (18.12.11) and were no longer successful.