Rewterz Threat Advisory – CVE-2023-47804 – Apache OpenOffice Vulnerability
December 29, 2023Rewterz Threat Alert – SideWinder APT Group aka Rattlesnake – Active IOCs
December 30, 2023Rewterz Threat Advisory – CVE-2023-47804 – Apache OpenOffice Vulnerability
December 29, 2023Rewterz Threat Alert – SideWinder APT Group aka Rattlesnake – Active IOCs
December 30, 2023Severity
High
Analysis Summary
A critical zero-day security flaw, identified as CVE-2023-51467, has been discovered in Apache OFBiz, an open-source Enterprise Resource Planning (ERP) system. This vulnerability, stemming from an incomplete patch for a prior critical flaw (CVE-2023-49070), allows attackers to bypass authentication protections. The earlier flaw, CVE-2023-49070, was a pre-authenticated remote code execution vulnerability affecting versions before 18.12.10, allowing unauthorized control over the server and data exfiltration.
The incomplete patch for CVE-2023-49070 inadvertently preserved an authentication bypass in the login functionality, paving the way for CVE-2023-51467. The researchers note that triggering CVE-2023-51467 involves using empty or invalid USERNAME and PASSWORD parameters in an HTTP request. This manipulation results in an authentication success message, effectively circumventing security measures and enabling unauthorized access to internal resources. The attack leverages the “requirePasswordChange” parameter set to “Y” in the URL, allowing trivial bypass of authentication, leading to Server-Side Request Forgery (SSRF).
To mitigate potential threats, users relying on Apache OFBiz are urged to promptly update to version 18.12.11 or later. The severity of the vulnerability underscores the importance of swift action to safeguard systems from exploitation and potential unauthorized access.
Impact
- Unauthorized Access
- Data Exfiltration
Indicators Of Compromise
Affected Vendors
Apache
Affected Products
- Apache OFBiz 18.12.10
Remediation
- Upgrade to the latest version of Apache OFBiz, available from the Apache Website.
- Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
- Maintain up-to-date patches and antivirus software to prevent the exploitation of known vulnerabilities.
- Organizations should conduct regular vulnerability assessments and penetration testing to identify and mitigate potential security weaknesses.
- Emails from unknown senders should always be treated with caution.
- Never trust or open links and attachments received from unknown sources/senders.
- Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets.
- Implement robust security measures such as two-factor authentication, endpoint detection and response (EDR) tools, and employee security awareness training.