On December 26, researchers from SonicWall Capture Labs discovered an authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2023-51467. This bug has a CVSS score of 9.8 and allows attackers to achieve server-side request forgery (SSRF) by bypassing the program’s authentication.
This vulnerability follows one discovered earlier this month, tracked as CVE-2023-49070, which enables pre-authentication remote code execution (RCE) in Apache OFBiz. Researchers discovered that the patch did not completely resolve the issue, leading to authentication bypass and SSRF.
In less than one day, Imperva observed over 30,000 attempted attacks exploiting CVE-2023-51467. Attackers primarily used automated tools and targeted mainly US-based financial services sites.
Imperva customers are defended against both CVE-2023-51467 and CVE-2023-49070. Imperva Cloud WAF and WAF Gateway customers who have enabled and configured their Emergency Feed (THR) components are already protected out of the box, and On-Prem customers will need to enable the signatures manually. Even with protection, we urge our customers to remain vigilant and update their systems with the latest security patches.
Try Imperva for Free
Protect your business for 30 days on Imperva.