CVE-2023-51467
LogMeIn Remote Code Execution Authentication Bypass
Description
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
INFO
Published Date :
Dec. 26, 2023, 3:15 p.m.
Last Modified :
Jan. 4, 2024, 9:15 a.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
3.9
Public PoC/Exploit Available at Github
CVE-2023-51467 has a 48 public PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-51467
.
URL | Resource |
---|---|
https://issues.apache.org/jira/browse/OFBIZ-12873 | Issue Tracking Patch Vendor Advisory |
https://lists.apache.org/thread/9tmf9qyyhgh6m052rhz7lg9vxn390bdv | Mailing List Vendor Advisory |
https://lists.apache.org/thread/oj2s6objhdq72t6g29omqpcbd1wlp48o | Mailing List Vendor Advisory |
https://ofbiz.apache.org/download.html | Product |
https://ofbiz.apache.org/release-notes-18.12.11.html | Release Notes |
https://ofbiz.apache.org/security.html | Not Applicable |
https://www.openwall.com/lists/oss-security/2023/12/26/3 |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
This repository is designed to provide a comprehensive collection of study materials, notes, and resources for the Offensive Security Certified Professional (OSCP) exam. It covers all key topics from basic to advanced, helping aspiring penetration testers to prepare efficiently for the exam.
cybersecurity hacking oscp oscp-guide oscp-journey oscp-prep
None
Python C Shell PHP PowerShell ASP.NET
这是一个每天同步Vulnerability-Wiki中docs-base中内容的项目
HTML
🚨 Just completed an incident report on Event ID 217: Apache OFBiz Auth Bypass and Code Injection 0-Day (CVE-2023-51467). This critical vulnerability allows attackers to bypass authentication and execute code remotely! Stay vigilant and ensure your systems are patched! Big thanks to LetsDefend.io for the platform to practice real-world scenarios.
None
None
HTML
None
HTML
None
Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467 and CVE-2023-49070)
Python
None
Python
OSCP and stuffs
None
HTML Python
None
Python C Shell
HackTheBox Bizness Poc
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-51467
vulnerability anywhere in the article.
- The Hacker News
New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
Enterprise Security / Vulnerability A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system t ... Read more
- TheCyberThrone
Apple backports CVE-2024-23296 for older Mac models
Apple has backported a critical zero-day patch to older Mac models running macOS Monterey 12.7.6. The vulnerability, tracked as CVE-2024-23296, was addressed during this year March for newer devices b ... Read more
- TheCyberThrone
Bitdefender patches critical vulnerability -CVE-2024-6980
Bitdefender has released a patch for a critical vulnerability in its GravityZone Update Server. The vulnerability that could potentially allow attackers to perform server-side request forgery attacks ... Read more
- TheCyberThrone
Apache OfBiz Vulnerability CVE-2024-32113 Exploited in wild
Security researchers have observed up ticking reconnaissance attempts for the CVE-2024-32113 vulnerability in Apache OFBiz. The vulnerability, described as a path traversal issue, poses significant ri ... Read more
The following table lists the changes that have been made to the
CVE-2023-51467
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Jan. 04, 2024
Action Type Old Value New Value Changed Description The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code Added Reference Apache Software Foundation https://www.openwall.com/lists/oss-security/2023/12/26/3 [No types assigned] Removed Reference Apache Software Foundation http://www.openwall.com/lists/oss-security/2023/12/26/3 -
Initial Analysis by [email protected]
Jan. 04, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type http://www.openwall.com/lists/oss-security/2023/12/26/3 No Types Assigned http://www.openwall.com/lists/oss-security/2023/12/26/3 Mailing List, Third Party Advisory Changed Reference Type https://issues.apache.org/jira/browse/OFBIZ-12873 No Types Assigned https://issues.apache.org/jira/browse/OFBIZ-12873 Issue Tracking, Patch, Vendor Advisory Changed Reference Type https://lists.apache.org/thread/9tmf9qyyhgh6m052rhz7lg9vxn390bdv No Types Assigned https://lists.apache.org/thread/9tmf9qyyhgh6m052rhz7lg9vxn390bdv Mailing List, Vendor Advisory Changed Reference Type https://lists.apache.org/thread/oj2s6objhdq72t6g29omqpcbd1wlp48o No Types Assigned https://lists.apache.org/thread/oj2s6objhdq72t6g29omqpcbd1wlp48o Mailing List, Vendor Advisory Changed Reference Type https://ofbiz.apache.org/download.html No Types Assigned https://ofbiz.apache.org/download.html Product Changed Reference Type https://ofbiz.apache.org/release-notes-18.12.11.html No Types Assigned https://ofbiz.apache.org/release-notes-18.12.11.html Release Notes Changed Reference Type https://ofbiz.apache.org/security.html No Types Assigned https://ofbiz.apache.org/security.html Not Applicable Added CWE NIST CWE-918 Added CPE Configuration OR *cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* versions up to (excluding) 18.12.11 -
CVE Received by [email protected]
Dec. 26, 2023
Action Type Old Value New Value Added Description The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) Added Reference Apache Software Foundation https://ofbiz.apache.org/download.html [No types assigned] Added Reference Apache Software Foundation https://ofbiz.apache.org/security.html [No types assigned] Added Reference Apache Software Foundation https://ofbiz.apache.org/release-notes-18.12.11.html [No types assigned] Added Reference Apache Software Foundation https://issues.apache.org/jira/browse/OFBIZ-12873 [No types assigned] Added Reference Apache Software Foundation https://lists.apache.org/thread/9tmf9qyyhgh6m052rhz7lg9vxn390bdv [No types assigned] Added Reference Apache Software Foundation https://lists.apache.org/thread/oj2s6objhdq72t6g29omqpcbd1wlp48o [No types assigned] Added Reference Apache Software Foundation http://www.openwall.com/lists/oss-security/2023/12/26/3 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-51467
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-51467
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
65.16 }} -4.01%
score
0.97982
percentile