Critical Vulnerability Found in ERP Apache OFBiz Software


A remote code execution vulnerability has been identified in Apache OFBiz software ( CVE-2021-26295 ), the exploitation of which could allow an unauthorized attacker to remotely take control of an open source Enterprise Resource Planning (ERP) system.


The issue affects all software versions prior to 12/17/06, and an unauthorized attacker can use "insecure deserialization" as an attack vector to remotely and directly execute arbitrary code on the server.


In particular, by exploiting this issue, an attacker could tamper with the serialized data to inject arbitrary code, which, if deserialized, could potentially lead to remote code execution.


OFBiz is a Java-based web platform for enterprise process automation, containing a wide range of functions, including accounting, customer base management of manufacturing operations and orders, as well as supply chain execution and warehouse management system, among others.

Previous Post Next Post