Apache OFBi

Apache OFBiz Arbitrary File Reading and Remote Code Execution Vulnerabilities (CVE-2023-50968/CVE-2023-51467) Alert

December 27, 2023

Overview Recently, NSFOCUS CERT detected that Apache officially released a security announcement and fixed two high-risk vulnerabilities in Apache Ofbiz. CVE-2023-50968: Due to problems in Apache Software Foundation, unauthorized attackers can read files and carry out SSRF attacks when operating uri calls; CVE-2023-51467: Due to a privilege verification logic error in Apache Ofbiz, an attacker […]


Subscribe to the NSFOCUS Blog