9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.861 High
EPSS
Percentile
98.5%
On December 26, researchers from SonicWall Capture Labs discovered an authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2023-51467. This bug has a CVSS score of 9.8 and allows attackers to achieve server-side request forgery (SSRF) by bypassing the programβs authentication.
This vulnerability follows one discovered earlier this month, tracked as CVE-2023-49070, which enables pre-authentication remote code execution (RCE) in Apache OFBiz. Researchers discovered that the patch did not completely resolve the issue, leading to authentication bypass and SSRF.
In less than one day, Imperva observed over 30,000 attempted attacks exploiting CVE-2023-51467. Attackers primarily used automated tools and targeted mainly US-based financial services sites.
Imperva customers are defended against both CVE-2023-51467 and CVE-2023-49070. Imperva Cloud WAF and WAF Gateway customers who have enabled and configured their Emergency Feed (THR) components are already protected out of the box, and On-Prem customers will need to enable the signatures manually. Even with protection, we urge our customers to remain vigilant and update their systems with the latest security patches.
The post Imperva defends customers against recent vulnerabilities in Apache OFBiz appeared first on Blog.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.861 High
EPSS
Percentile
98.5%