Vulnerability in Apache Software Foundation Ofbiz
CVE-2023-51467
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
EPSS: 0.940 (99.9th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Ofbiz — versions 0
Public proof-of-concept exploits
- jakabakos/Apache-OFBiz-Authentication-Bypass
- ImuSpirit/CVE-2023-51467-Exploit
- K3ysTr0K3R/CVE-2023-51467-EXPLOIT
- Chocapikk/CVE-2023-51467
- vulncheck-oss/cve-2023-51467
- ImuSpirit/CVE-2023-51467
- AhmedMansour93/Event-ID-217-Rule-Name-SOC254-Apache-OFBiz-Auth-Bypass-and-Code-Injection-0Day-CVE-2023-51467-
- jakeotte/BadBizness-CVE-2023-51467
- Subha-BOO7/Exploit_CVE-2023-51467
- rapid7/metasploit-framework
References
- ofbiz.apache.org/download.html (mitigation)
- ofbiz.apache.org/security.html (related)
- ofbiz.apache.org/release-notes-18.12.11.html (release-notes)
- issues.apache.org/jira/browse/OFBIZ-12873 (issue-tracking)
- lists.apache.org/thread/9tmf9qyyhgh6m052rhz7lg9vxn390bdv (vendor-advisory)
- lists.apache.org/thread/oj2s6objhdq72t6g29omqpcbd1wlp48o (vendor-advisory)
- www.openwall.com/lists/oss-security/2023/12/26/3
Frequently asked questions
- What is CVE-2023-51467?
- CVE-2023-51467 is a vulnerability in Apache Software Foundation Ofbiz. Published 2023-12-26.
- Is CVE-2023-51467 known to be exploited?
- 90 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.