Security Advisory 2024-003

Release Date:

Critical Vulnerability in Apache OFBiz



  • 09/01/2024 --- v1.0 -- Initial publication


On December 26, 2023, the Apache OFBiz project released an update addressing a critical vulnerability in Apache OFBiz. The vulnerability allows attackers to bypass authentication, which could lead to remote code execution (RCE) [1].

Technical Details

The vulnerability, identified as CVE-2023-51467 with a CVSS score of 9.8 [2], may allow an attacker to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF). A successful exploit may allow the attacker to perform remote code execution.

Affected Products

This vulnerability affects Apache OFBiz versions below 18.12.11 [3,4].


It is recommended to upgrade to version 18.21.11 as soon as possible.






We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.