Recently, AsiaInfo Security Cert has detected an update announcement on Apache Ofbiz, which fixes an unauthorized remote execution in Apache Ofbiz (CVE-2023-49070). The vulnerability stems from the presence of an XML-RPC component in Apache Ofbiz that is no longer maintained. XML-RPC is a remote procedure call protocol that enables communication between applications via XML. While XML-RPC was once widely used, it has been deprecated due to security concerns. The existence of this stale component in Apache Ofbiz introduces a critical vulnerability. An attacker can exploit this vulnerability to execute arbitrary ** on an affected Apache Ofbiz server without any prior authentication.
In response, the vendor has released a fixed version. Given the impact of this vulnerabilityASIX Security Cert advises users of the affected version to pay attention to official updates in a timely mannerTake relevant measures as soon as possible with reference to the official repair plan, and do a good job in asset self-inspection and prevention to avoid being attacked by hackers.
Apache OfBiz is a popular open-source enterprise resource planning (ERP) software that provides a comprehensive set of business applications for various industries.
cve-2023-49070
High Risk!**Execute.
apache ofbiz 18.12.Versions before 10.
The vulnerability has been fixed and affected users can upgrade Ofbiz to 1812.10 or later.