<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\u00a0Introduction<\/p>\n
On December 26, 2023, researchers at SonicWall announced the discovery of a zero-day security flaw in Apache OFBiz. Tracked as CVE-2023-51467, the vulnerability allows threat actors to bypass authentication and perform a Server-Side Request Forgery (SSRF). CVE-2023-51467 earned a critical CVSS score of 9.8. According to researchers at SonicWall, a patch released for another vulnerability, CVE-2023-49070, left the initial issue unresolved, making authentication bypass possible.
\nRecommendations<\/p>\n
Zscaler ThreatLabz strongly advises users of Apache OFBiz software to promptly upgrade to version 18.12.11, as this version contains crucial fixes to mitigate the identified security vulnerability (CVE-2023-51467).
\nAffected Versions<\/p>\n
The following versions of Apache OFBiz are affected by the disclosed vulnerabilities and should be updated immediately: <\/p>\n
\tAll versions 18.12.10 and below are impacted by CVE-2023-51467
\n\tAll versions 18.12.9 and below are impacted by CVE-2023-49070<\/p>\n
Background<\/p>\n
Apache OFBiz is an open-source Enterprise Resource Planning (ERP) system that provides business solutions for various industries. This includes tools to manage operations like customer relationships, order processing, human resource functions, and warehouse management.<\/p>\n
On December 4, 2023, Apache released a patch to fix CVE-2023-49070. For this fix, Apache removed the XMLRPC endpoint and the OFBiz XMLRPC library, which was not maintained regularly. However, this fix didn\u2019t resolve the root cause of CVE-2023-49070.<\/p>\n
While validating the fix for CVE-2023-49070, researchers from SonicWall bypassed authentication in the newly fixed version of Apache OFBiz, leading to CVE-2023-51467.
\nHow It Works<\/p>\n
A threat actor sends an HTTP request to exploit a flaw in the checkLogin function. When null or invalid username and password parameters are supplied and the requirePasswordChange parameter is set to Y in the URI, the checkLogin function fails to validate the credentials, leading to authentication bypass. This occurs because the program flow circumvents the conditional block meant to check the username and password fields. By manipulating login parameters, threat actors can achieve Remote Code Execution (RCE) on a target server.
\nZscaler Best Practices<\/p>\n
\tSafeguard crown jewel applications by limiting lateral movement using Zscaler Private Access\u2122 with application security modules turned on.
\n\tRoute all server traffic through Zscaler Private Access\u2122 with the application security module enabled and Zscaler Internet Access\u2122, which provides visibility to identify and stop malicious activity from compromised systems\/servers.
\n\tTurn on Zscaler Advanced Threat Protection\u2122 to block all known command-and-control domains \u2014 thereby adding another layer of protection if an attacker exploits this vulnerability to implant malware.
\n\tExtend command-and-control (C2) protection to all ports and protocols with Zscaler Cloud Firewall\u2122 (Cloud IPS module), including emerging C2 destinations. Doing so provides additional protection if the attacker exploits this vulnerability to implant malware.
\n\tUse Zscaler Cloud Sandbox\u2122 to prevent unknown malware delivered as part of a second-stage payload.
\n\tInspect all TLS\/SSL traffic and restrict traffic to critical infrastructure from an allowed list of known-good destinations.<\/p>\n
Conclusion<\/p>\n
Apache OFBiz systems should promptly be updated to version 18.12.11. Failing to do so leaves systems vulnerable to CVE-2023-51467, allowing threat actors to manipulate login parameters and execute arbitrary code on the target server.
\nZscaler Coverage<\/p>\n
The Zscaler ThreatLabz team has deployed the following.<\/p>\n
Zscaler Advanced Threat Protection<\/p>\n
\tAPP.EXPLOIT.CVE-2023-49070
\n\tAPP.EXPLOIT.CVE-2023-51467<\/p>\n
Zscaler Private Access AppProtection<\/p>\n
\t6000751 – Apache OFBiz XMLRPC Insecure Deserialization (CVE-2023-49070)
\n\t6000753 – Apache OFBiz Auth Bypass and Code Injection (CVE-2023-51467)<\/p>\n
For more details, visit the Zscaler Threat Library.
\nReferences<\/p>\n
\thttps:\/\/blog.sonicwall.com\/en-us\/2023\/12\/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz\/
\n\thttps:\/\/threatprotect.qualys.com\/2023\/12\/27\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467\/
\n\thttps:\/\/lists.apache.org\/thread\/9tmf9qyyhgh6m052rhz7lg9vxn390bdv\u00a0<\/p>","protected":false},"excerpt":{"rendered":"
Introduction On December 26, 2023, researchers at SonicWall announced the […]<\/p>\n","protected":false},"author":0,"featured_media":2086,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-2085","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zenith-zscaler"],"yoast_head":"\n
Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467) Nishant Gupta - JHC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467) Nishant Gupta\" \/>\n<meta property=\"og:description\" content=\"Introduction On December 26, 2023, researchers at SonicWall announced the […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/\" \/>\n<meta property=\"og:site_name\" content=\"JHC\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-08T17:52:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2024\/01\/zscaler-leader-gigaom-2023-blog-desktop-2x-9JrFRx.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1080\" \/>\n\t<meta property=\"og:image:height\" content=\"424\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/\"},\"author\":{\"name\":\"\",\"@id\":\"\"},\"headline\":\"Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467) Nishant Gupta\",\"datePublished\":\"2024-01-08T17:52:46+00:00\",\"dateModified\":\"2024-01-08T17:52:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/\"},\"wordCount\":1255,\"publisher\":{\"@id\":\"https:\/\/jacksonholdingcompany.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2024\/01\/zscaler-leader-gigaom-2023-blog-desktop-2x-9JrFRx.jpeg\",\"articleSection\":[\"Zenith: Zscaler\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/\",\"url\":\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/\",\"name\":\"Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467) Nishant Gupta - JHC\",\"isPartOf\":{\"@id\":\"https:\/\/jacksonholdingcompany.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2024\/01\/zscaler-leader-gigaom-2023-blog-desktop-2x-9JrFRx.jpeg\",\"datePublished\":\"2024-01-08T17:52:46+00:00\",\"dateModified\":\"2024-01-08T17:52:46+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#primaryimage\",\"url\":\"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2024\/01\/zscaler-leader-gigaom-2023-blog-desktop-2x-9JrFRx.jpeg\",\"contentUrl\":\"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2024\/01\/zscaler-leader-gigaom-2023-blog-desktop-2x-9JrFRx.jpeg\",\"width\":1080,\"height\":424},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jacksonholdingcompany.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467) Nishant Gupta\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jacksonholdingcompany.com\/#website\",\"url\":\"https:\/\/jacksonholdingcompany.com\/\",\"name\":\"JHC\",\"description\":\"Your Business Is Our Business\",\"publisher\":{\"@id\":\"https:\/\/jacksonholdingcompany.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jacksonholdingcompany.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jacksonholdingcompany.com\/#organization\",\"name\":\"JHC\",\"url\":\"https:\/\/jacksonholdingcompany.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jacksonholdingcompany.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2023\/07\/cropped-cropped-jHC-white-500-\u00d7-200-px-1-1.png\",\"contentUrl\":\"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2023\/07\/cropped-cropped-jHC-white-500-\u00d7-200-px-1-1.png\",\"width\":452,\"height\":149,\"caption\":\"JHC\"},\"image\":{\"@id\":\"https:\/\/jacksonholdingcompany.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467) Nishant Gupta - JHC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/","og_locale":"en_US","og_type":"article","og_title":"Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467) Nishant Gupta","og_description":"Introduction On December 26, 2023, researchers at SonicWall announced the […]","og_url":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/","og_site_name":"JHC","article_published_time":"2024-01-08T17:52:46+00:00","og_image":[{"width":1080,"height":424,"url":"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2024\/01\/zscaler-leader-gigaom-2023-blog-desktop-2x-9JrFRx.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#article","isPartOf":{"@id":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/"},"author":{"name":"","@id":""},"headline":"Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467) Nishant Gupta","datePublished":"2024-01-08T17:52:46+00:00","dateModified":"2024-01-08T17:52:46+00:00","mainEntityOfPage":{"@id":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/"},"wordCount":1255,"publisher":{"@id":"https:\/\/jacksonholdingcompany.com\/#organization"},"image":{"@id":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#primaryimage"},"thumbnailUrl":"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2024\/01\/zscaler-leader-gigaom-2023-blog-desktop-2x-9JrFRx.jpeg","articleSection":["Zenith: Zscaler"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/","url":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/","name":"Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467) Nishant Gupta - JHC","isPartOf":{"@id":"https:\/\/jacksonholdingcompany.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#primaryimage"},"image":{"@id":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#primaryimage"},"thumbnailUrl":"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2024\/01\/zscaler-leader-gigaom-2023-blog-desktop-2x-9JrFRx.jpeg","datePublished":"2024-01-08T17:52:46+00:00","dateModified":"2024-01-08T17:52:46+00:00","breadcrumb":{"@id":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#primaryimage","url":"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2024\/01\/zscaler-leader-gigaom-2023-blog-desktop-2x-9JrFRx.jpeg","contentUrl":"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2024\/01\/zscaler-leader-gigaom-2023-blog-desktop-2x-9JrFRx.jpeg","width":1080,"height":424},{"@type":"BreadcrumbList","@id":"https:\/\/jacksonholdingcompany.com\/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-51467-nishant-gupta\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jacksonholdingcompany.com\/"},{"@type":"ListItem","position":2,"name":"Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467) Nishant Gupta"}]},{"@type":"WebSite","@id":"https:\/\/jacksonholdingcompany.com\/#website","url":"https:\/\/jacksonholdingcompany.com\/","name":"JHC","description":"Your Business Is Our Business","publisher":{"@id":"https:\/\/jacksonholdingcompany.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jacksonholdingcompany.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jacksonholdingcompany.com\/#organization","name":"JHC","url":"https:\/\/jacksonholdingcompany.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jacksonholdingcompany.com\/#\/schema\/logo\/image\/","url":"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2023\/07\/cropped-cropped-jHC-white-500-\u00d7-200-px-1-1.png","contentUrl":"https:\/\/jacksonholdingcompany.com\/wp-content\/uploads\/2023\/07\/cropped-cropped-jHC-white-500-\u00d7-200-px-1-1.png","width":452,"height":149,"caption":"JHC"},"image":{"@id":"https:\/\/jacksonholdingcompany.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jacksonholdingcompany.com\/wp-json\/wp\/v2\/posts\/2085","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jacksonholdingcompany.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jacksonholdingcompany.com\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/jacksonholdingcompany.com\/wp-json\/wp\/v2\/comments?post=2085"}],"version-history":[{"count":0,"href":"https:\/\/jacksonholdingcompany.com\/wp-json\/wp\/v2\/posts\/2085\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jacksonholdingcompany.com\/wp-json\/wp\/v2\/media\/2086"}],"wp:attachment":[{"href":"https:\/\/jacksonholdingcompany.com\/wp-json\/wp\/v2\/media?parent=2085"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jacksonholdingcompany.com\/wp-json\/wp\/v2\/categories?post=2085"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jacksonholdingcompany.com\/wp-json\/wp\/v2\/tags?post=2085"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}