PRP: Request CVE-2023-49070 RCE Vulnerability in Apache OFBiz

[hh-hunter]

Hello.

I would like to start implementing a plugin to detect CVE-2023-49070,This vulnerability should be relatively new and has been patched.

• https://github.com/advisories/GHSA-9rm6-p86c-42xm
• https://nvd.nist.gov/vuln/detail/CVE-2023-40970
• https://issues.apache.org/jira/browse/OFBIZ-12812

The vulnerability has been assigned a CVE ID CVE-2023-40970 (CVSS score >= 7.0) and the severity level of the vulnerability is HIGH or CRITICAL: CVSS score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.

This vulnerability bypassed CVE-2020-9496, there is a deserialization issue caused by XMLRPC endpoint at /webtools/control/xmlrpc

Users are recommended to upgrade to version 18.12.10, which fixes this issue.

The vulnerability can be exploited remotely without authentication and user interaction.

Please let me know if this is in scope to start with its development.

[tooryx]

Hi @hh-hunter,

We will try to prioritize other issues that you have filed. As mentioned before, we want to have only one plugin per contributor at a time to be able to process everything. We will come back to this one once we reviewed your other contributions.

~tooryx