CVE-2021-29200 – Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack (27th Apr 2021)

Preface: According to market statistic, 152 companies that use Apache OFBiz. The companies using Apache OFBiz are most often found in United States and in the Computer Software industry.

Background: Apache OFBiz is a suite of business applications flexible enough to be used across any industry. OFBiz is an open source enterprise resource planning (ERP) system. A common architecture allows developers to easily extend or enhance it to create custom features.

Vulnerability focus: Expert found that lack of file extension check at catalog/control. Therefore it is able to allow to uploading a webshell jsp script. Meanwhile, if the vulnerable system run on top of Amazon Elastic Compute Cloud . It can retrieve the user credential due to AWS design principle.

Reserved set of security-credentials in AWS?

Instance-identity – security credentials are that can be generated using the metadata instance on every EC2 instance in AWS, even when no role is attached to the instance.

Official announcement https://issues.apache.org/jira/browse/OFBIZ-12080

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.