The developers at Apache Software Foundation have recently fixed a critical RCE flaw (CVE-2021-26295) in Apache OFBiz. This flaw could allow an unauthenticated attacker to remotely execute and take control of a vulnerable open source Enterprise Resource Planning system (ERP).
Apache OFBiz is a Java-based platform that is designed to automate various corporate processes. OFBiz offers a wide range of functions and here we have mentioned them below:-
CVE-2021-26295 – RCE vulnerability in latest Apache OFBiz
This RCE flaw affects all the versions of the software prior to 17.12.06, and the security researchers have classified this flaw as high. This flaw allows an unauthorized attacker to use “insecure deserialization” as an attack vector to execute arbitrary code on the server remotely.
In short, a remote attacker can easily change the serialized data simply by injecting the arbitrary code into it, during the deserialization, and as a result, this could lead execution of this code remotely.
Expert’s advice
Cybersecurity analysts have recommended users to immediately update their current ..
Support the originator by clicking the read the rest link below.
