Urgent: High-Severity RCE Vulnerability Discovered in Apache OFBiz ERP Software – Immediate Patch Required

On March 22, 2021, the Apache Software Foundation disclosed a critical vulnerability in Apache OFBiz that poses a significant risk. Tracked as CVE-2021-26295, this flaw allows unauthenticated attackers to potentially take remote control of the open-source enterprise resource planning (ERP) system. It impacts all versions prior to 17.12.06 and involves an “unsafe deserialization” vulnerability that enables remote code execution on susceptible servers.

Apache OFBiz is a Java-based web framework designed for automating various enterprise processes, including accounting, customer relationship management, manufacturing, order management, supply chain fulfillment, and warehouse management. By exploiting this vulnerability, an attacker can manipulate serialized data to introduce arbitrary code. Once deserialized, this code can lead to unauthorized remote execution. It is crucial for users to implement the necessary patches immediately.

Critical Remote Code Execution Vulnerability Discovered in Apache OFBiz ERP Software—Immediate Patch Recommended

On March 22, 2021, the Apache Software Foundation reported a critical vulnerability in the Apache OFBiz enterprise resource planning (ERP) system that poses significant risks to users. Identified as CVE-2021-26295, this high-severity flaw could potentially enable an unauthenticated attacker to gain remote control over the software. The vulnerability impacts all versions of OFBiz prior to 17.12.06 and leverages an “unsafe deserialization” mechanism, which allows malicious actors to execute arbitrary code on affected servers.

Apache OFBiz, a Java-based framework designed for automating various enterprise processes, encompasses functionalities such as accounting, customer relationship management, and supply chain management. Exploiting the identified vulnerability allows a threat actor to manipulate serialized data, injecting harmful code that can be executed when the data is deserialized. This creates a pathway for unauthorized remote code execution, endangering the integrity and confidentiality of sensitive organizational data.

Given the widespread use of OFBiz among businesses, the implications of this vulnerability are particularly concerning. Organizations reliant on this ERP software are advised to implement the patch immediately to mitigate risks. The vulnerability underscores a broader concern within the cybersecurity landscape, where similar risks from unsafe deserialization can impact various applications, facilitating attacks that compromise system integrity.

In the context of the MITRE ATT&CK framework, several tactics and techniques may be applicable to this incident. The initial access could be achieved through such vulnerabilities, enabling attackers to establish a foothold within the system. Moreover, the persistence of the attack might allow adversaries to maintain access over time, exploiting the ERP’s functionalities for ongoing malicious activities. Privilege escalation could also be a potential goal for attackers to enhance their control over the affected environment.

Organizations are urged to prioritize cybersecurity measures, especially in the wake of vulnerabilities like CVE-2021-26295. The timely application of patches and updates is critical in defending against potential exploits that may arise from weaknesses in the software. Cybersecurity vigilance, combined with a proactive approach to vulnerability management, remains essential for safeguarding business operations and protecting sensitive data from cyber threats. Ensure that your systems are up to date and conduct regular security assessments to fortify the defenses against evolving cyber risks.

Source link

Related Posts

Critical Security Flaws Discovered in Netop Remote Learning Software

On March 22, 2021, cybersecurity researchers revealed significant vulnerabilities in the remote student monitoring tool, Netop Vision Pro. These weaknesses could potentially allow attackers to execute arbitrary code and gain control over Windows computers. The McAfee Labs Advanced Threat Research team warned that these vulnerabilities enable privilege escalation and could facilitate full access to students’ devices within the same network. The identified issues, labeled as CVE-2021-27192, CVE-2021-27193, CVE-2021-27194, and CVE-2021-27195, were reported to Netop on December 11, 2020. The Denmark-based company addressed these vulnerabilities in an update (version 9.7.2) released on February 25. According to Netop, this maintenance release resolved several security concerns, including local privilege escalation and transmitting sensitive data in plain text.

Critical Remote Code Execution Vulnerability Found in SolarWinds Orion Platform

On March 26, 2021, SolarWinds, a provider of IT infrastructure management solutions, announced a new update for its Orion network monitoring tool, addressing four security vulnerabilities. Among these, two critical flaws could be exploited by an authenticated attacker for remote code execution (RCE).

The most concerning issue involves a JSON deserialization vulnerability, allowing authenticated users to run arbitrary code through the “test alert actions” feature in the Orion Web Console, which simulates network events like unresponsive servers to trigger alerts during setup. This flaw has been classified as critical in severity.

The second vulnerability poses a high risk as it enables an attacker to execute RCE in the Orion Job Scheduler, although the attacker must first possess the credentials of an unprivileged local account on the Orion Server to exploit it. SolarWinds provided limited technical details in its advisory.

OpenSSL Issues Updates to Address Two Critical Security Vulnerabilities

On March 26, 2021, OpenSSL maintainers released fixes for two high-severity security flaws that could lead to denial-of-service (DoS) attacks and the circumvention of certificate verification. Identified as CVE-2021-3449 and CVE-2021-3450, these vulnerabilities have been patched in the latest update (version OpenSSL 1.1.1k), made available on Thursday. CVE-2021-3449 is applicable to all OpenSSL 1.1.1 versions, while CVE-2021-3450 affects versions 1.1.1h and later. OpenSSL provides cryptographic functions that support the Transport Layer Security protocol, aiding in the secure transmission of communication over networks. According to an advisory from OpenSSL, CVE-2021-3449 poses a potential DoS risk linked to NULL pointer dereferencing, which can result in an OpenSSL TLS server crash if a client sends a malicious “ClientHello” message during the handshake process.

New Vulnerabilities May Allow Hackers to Bypass Spectre Mitigations on Linux

Cybersecurity researchers have recently unveiled two critical vulnerabilities in Linux-based systems. If exploited, these flaws could enable attackers to bypass mitigations for speculative execution attacks like Spectre and access sensitive kernel memory. Identified by Piotr Krysiuk from Symantec’s Threat Hunter team, the vulnerabilities are designated as CVE-2020-27170 and CVE-2020-27171, both with a CVSS score of 5.5. They affect all Linux kernels released before version 5.11.8. Security patches were made available on March 20, with various distributions, including Ubuntu, Debian, and Red Hat, implementing fixes. CVE-2020-27170 can disclose content from any kernel memory location, while CVE-2020-27171 enables data retrieval from a 4GB segment of kernel memory. First reported in January 2018, the Spectre and Meltdown vulnerabilities exploit weaknesses in modern CPUs to leak sensitive data.