Rewterz Threat Alert – “Stealc” – An Information Stealer Malware – Active IOCs
December 27, 2023Rewterz Threat Advisory – CVE-2023-51656 – Apache IoTDB Vulnerability
December 27, 2023Rewterz Threat Alert – “Stealc” – An Information Stealer Malware – Active IOCs
December 27, 2023Rewterz Threat Advisory – CVE-2023-51656 – Apache IoTDB Vulnerability
December 27, 2023Severity
High
Analysis Summary
CVE-2023-51467 CVSS:9.8
Apache OFBiz is vulnerable to server-side request forgery, caused by improper authentication validation. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to execute arbitrary code.
CVE-2023-50968 CVSS:7.5
Apache OFBiz is vulnerable to server-side request forgery, caused by improper authorization validation when operating an uri call. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to read arbitrary file properties.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-51467
- CVE-2023-50968
Affected Vendors
Apache
Affected Products
- Apache OFBiz 18.12.10
Remediation
Upgrade to the latest version of Apache OFBiz, available from the Apache Website.