{"vulnerability": "CVE-2023-51467", "sightings": [{"uuid": "c2d0ef79-7017-4ed0-9f78-1b94cc7aee56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-31)", "content": "", "creation_timestamp": "2025-01-31T00:00:00.000000Z"}, {"uuid": "ef8efeaf-0d16-4a35-9e5b-1f271d849b68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "7f31967e-53ab-47d2-b6f2-986d7b9c83f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "cb551e29-a5fa-4e46-9d89-cb1e6be32c3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-22)", "content": "", "creation_timestamp": "2025-03-22T00:00:00.000000Z"}, {"uuid": "329a2e31-cc3c-470f-a41c-d70c30a8fe15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:58.000000Z"}, {"uuid": "edc72694-0287-49ee-9dd0-5c3681be8e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-07)", "content": "", "creation_timestamp": "2025-04-07T00:00:00.000000Z"}, {"uuid": "be655242-41bc-48c5-9741-438b11705b03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-01)", "content": "", "creation_timestamp": "2025-04-01T00:00:00.000000Z"}, {"uuid": "8791fb0d-b210-4f39-aa50-bd289a6b4f5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3luous6nctk2c", "content": "", "creation_timestamp": "2025-07-24T06:10:59.889177Z"}, {"uuid": "2c9f71a9-1c76-43db-ae47-d0ff7a113939", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-11)", "content": "", "creation_timestamp": "2025-04-11T00:00:00.000000Z"}, {"uuid": "f2ee94c3-0da4-4fb4-86a9-c6958756ea1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-26)", "content": "", "creation_timestamp": "2025-05-26T00:00:00.000000Z"}, {"uuid": "3c716a06-318e-4188-853c-71572c65fc61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-30)", "content": "", "creation_timestamp": "2025-06-30T00:00:00.000000Z"}, {"uuid": "a5f6e027-5ad1-4ee3-987b-97bd4a27be4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-13)", "content": "", "creation_timestamp": "2025-07-13T00:00:00.000000Z"}, {"uuid": "2cf799dd-e6f7-457f-a46d-cd1dc69f6a2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-24)", "content": "", "creation_timestamp": "2025-07-24T00:00:00.000000Z"}, {"uuid": "ccc641a2-121d-434b-ab67-e825a323a61c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "8266494d-a8c1-4354-ae10-f71b5fe7d091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-05)", "content": "", "creation_timestamp": "2025-10-05T00:00:00.000000Z"}, {"uuid": "f338b243-2cb0-454f-8afd-a47700dde590", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-29)", "content": "", "creation_timestamp": "2025-07-29T00:00:00.000000Z"}, {"uuid": "07c05719-4de7-4c26-b846-d735bba52831", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_ofbiz_deserialization.rb", "content": "", "creation_timestamp": "2021-03-11T18:53:17.000000Z"}, {"uuid": "737ab53c-780e-47c7-91b8-adf4af848c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-06)", "content": "", "creation_timestamp": "2026-02-06T00:00:00.000000Z"}, {"uuid": "8b29b6d1-53f9-49c5-a37d-3a425aa3cd2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-09)", "content": "", "creation_timestamp": "2025-11-09T00:00:00.000000Z"}, {"uuid": "d546137f-37c6-4b44-9425-0b3f8499adda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-05)", "content": "", "creation_timestamp": "2026-03-05T00:00:00.000000Z"}, {"uuid": "dd20e21e-2795-40f7-99e5-f1968ee9c83f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-31)", "content": "", "creation_timestamp": "2025-12-31T00:00:00.000000Z"}, {"uuid": "acd87c92-00d2-405d-bee3-1e0ff7d8376b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-17)", "content": "", "creation_timestamp": "2026-01-17T00:00:00.000000Z"}, {"uuid": "4bcb688c-6a81-42cb-a20e-b52403fa2548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-11)", "content": "", "creation_timestamp": "2026-01-11T00:00:00.000000Z"}, {"uuid": "7b06707f-e0ea-412a-bc8f-1a569f26b47a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-12)", "content": "", "creation_timestamp": "2026-03-12T00:00:00.000000Z"}, {"uuid": "1dc414f6-5fdb-41ba-b02b-ada95f2467c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-15)", "content": "", "creation_timestamp": "2026-01-15T00:00:00.000000Z"}, {"uuid": "16206985-74ea-4b33-b394-0e8ea6317a03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6360", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aThis repo is a PoC with to exploit CVE-2023-51467 and CVE-2023-49070 preauth RCE vulnerabilities found in Apache OFBiz.\nURL\uff1ahttps://github.com/jakabakos/Apache-OFBiz-Authentication-Bypass\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-01-02T14:22:43.000000Z"}, {"uuid": "ec1dd6c5-c8d8-439a-8ddc-58a675fe7b70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-18)", "content": "", "creation_timestamp": "2026-01-18T00:00:00.000000Z"}, {"uuid": "b8318c96-00b9-492e-aa89-1ec73a8b2b6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6324", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-51467 POC\nURL\uff1ahttps://github.com/JaneMandy/CVE-2023-51467\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-29T02:28:54.000000Z"}, {"uuid": "13196040-7edd-4fc6-96b0-3ce558cdc342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6334", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aApache OfBiz Auth Bypass Scanner for CVE-2023-51467\nURL\uff1ahttps://github.com/Chocapikk/CVE-2023-51467\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-29T15:09:42.000000Z"}, {"uuid": "183630b1-f05e-460c-bf8c-91a1ae60d1e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "https://t.me/itsec_news/3954", "content": "\u200b\u26a1\ufe0f0day \u0432 Apache OFBiz \u0441\u0442\u0430\u043b \u043f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u0435\u0436\u0435\u0434\u043d\u0435\u0432\u043d\u044b\u0445 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a \u043d\u0430 \u0441\u043e\u0442\u043d\u0438 \u0442\u044b\u0441\u044f\u0447 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f SonicWall \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0442\u044b\u0441\u044f\u0447\u0438 \u0435\u0436\u0435\u0434\u043d\u0435\u0432\u043d\u044b\u0445 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f Apache OFBiz \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u0447\u0442\u0438 \u0434\u0432\u0443\u0445 \u043d\u0435\u0434\u0435\u043b\u044c. \u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0431\u044b\u043b \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u043d 26 \u0434\u0435\u043a\u0430\u0431\u0440\u044f, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u043e\u0437\u0440\u043e\u0441\u043b\u043e.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0447\u0438\u0441\u043b\u043e \u0430\u0442\u0430\u043a \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u043e\u0441\u044c \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u043c \u0441 \u043d\u0430\u0447\u0430\u043b\u0430 2024 \u0433\u043e\u0434\u0430. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Apache Software Foundation, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0435\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0431\u0438\u0437\u043d\u0435\u0441-\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0439, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 OFBiz 18.12.11. \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043a\u0430\u043a \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0442\u0430\u043a \u0438 \u0432\u0442\u043e\u0440\u0443\u044e, \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-51467 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9.8), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0432 \u043a\u043e\u043d\u0446\u0435 \u0434\u0435\u043a\u0430\u0431\u0440\u044f, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0443 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u043f\u0440\u0438\u0447\u0438\u043d\u044b \u0434\u0440\u0443\u0433\u043e\u0439, \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (Remote Code Execution, RCE), \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u0439 \u043a\u0430\u043a CVE-2023-49070 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9.8).\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 Apache \u0434\u043b\u044f \u0432\u0442\u043e\u0440\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u043b\u0441\u044f \u0432 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0438 \u043a\u043e\u0434\u0430 \u0434\u043b\u044f API XML-RPC, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u043e\u043b\u044c\u0448\u0435 \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f. \u041e\u0434\u043d\u0430\u043a\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043e\u0442 SonicWall \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u043a\u043e\u0440\u043d\u0435\u0432\u0430\u044f \u043f\u0440\u0438\u0447\u0438\u043d\u0430 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0432\u0445\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443. \u041d\u0435\u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043e\u0441\u043d\u043e\u0432\u043d\u0443\u044e \u043f\u0440\u0438\u0447\u0438\u043d\u0443 CVE-2023-49070 \u043f\u0440\u0438\u0432\u0435\u043b\u0430 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f, \u0432\u0441\u0435 \u0435\u0449\u0435 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0430\u0441\u044c \u0432 OFBiz.\n\n\u041e\u0442\u043c\u0435\u0447\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e Apache OFBiz \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0431\u043e\u043b\u044c\u0448\u0438\u043c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0422\u0430\u043a, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0442\u043e\u043b\u044c\u043a\u043e Atlassian Jira \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 120 000 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c\u0438. \u041e\u0434\u043d\u0430\u043a\u043e \u0441\u043b\u0443\u0436\u0431\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 Atlassian \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0438\u0445 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f Jira \u043d\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 SonicWall \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u0434\u0432\u0430 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430 (Proof-of-Concept, PoC), \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u043f\u0440\u0438\u0447\u0438\u043d\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u044b\u0437\u0432\u0430\u043d \u043d\u0435\u043e\u0436\u0438\u0434\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 requirePasswordChange \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0432\u0445\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0432 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u00abY\u00bb \u0432 URI. \u041a\u043e\u043c\u0430\u043d\u0434\u0430 Apache OFBiz \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u0438 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b SonicWall, \u043f\u0440\u0438\u043c\u0435\u043d\u0451\u043d\u043d\u044b\u0435 \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 (18.12.11), \u0431\u043e\u043b\u044c\u0448\u0435 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-01-09T13:12:47.000000Z"}, {"uuid": "65da3dce-8c36-4b86-8dfb-990327d849eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "https://t.me/arpsyndicate/2273", "content": "#ExploitObserverAlert\n\nCVE-2023-51467\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-51467. The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)", "creation_timestamp": "2023-12-31T02:09:58.000000Z"}, {"uuid": "10950b3c-617b-440f-aa86-0e0e460a576a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "Telegram/g8TuUwu7ewyZF7zfdX8S-Rv3ZMy8zcyPtwYpOen0r0sAEg", "content": "", "creation_timestamp": "2024-01-09T10:40:50.000000Z"}, {"uuid": "f82df138-3d5c-4ef0-bb46-f064cdb8e8d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "https://t.me/arpsyndicate/2312", "content": "#ExploitObserverAlert\n\nCVE-2023-51467\n\nDESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-51467. The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)", "creation_timestamp": "2024-01-01T09:09:57.000000Z"}, {"uuid": "12b11c8e-bec0-46e5-b887-ddce9c3dcd9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "Telegram/iVSx4o3c8-uaaY7Bygr0U9FwKWutZIosL9YP3QHdt8FLeg", "content": "", "creation_timestamp": "2024-01-11T16:40:01.000000Z"}, {"uuid": "9246ff52-31d6-40c3-b8fa-e28a41d13136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "Telegram/bEsEYkFjSeLX6IJtnamQ-kGqB0wWPFHc6MMKPpwyQMoBXw", "content": "", "creation_timestamp": "2023-12-27T18:00:25.000000Z"}, {"uuid": "c4d67e92-4d90-43f1-814b-0e8b309dcaf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1342", "content": "", "creation_timestamp": "2024-01-02T23:24:27.000000Z"}, {"uuid": "298d0801-3ca3-46e1-ac7b-6c44e71afd20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "https://t.me/KomunitiSiber/1273", "content": "Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack\nhttps://thehackernews.com/2023/12/critical-zero-day-in-apache-ofbiz-erp.html\n\nA new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections.\nThe vulnerability, tracked as\u00a0CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was", "creation_timestamp": "2023-12-27T17:28:37.000000Z"}, {"uuid": "8ad57d56-c54b-42c2-b326-29e3a85f6ddc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3799", "content": "https://github.com/Chocapikk/CVE-2023-51467\n\n#github #exploit", "creation_timestamp": "2023-12-31T04:42:39.000000Z"}, {"uuid": "c7ffb170-d84d-4eb9-ba57-0ae460a645be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/breachdetector/409982", "content": "{\n  \"Source\": \"https://exploit.in/\",\n  \"Content\": \"0day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-51467 \u0432 Apache OfBiz\", \n  \"author\": \"News Support\",\n  \"Detection Date\": \"29 Dec 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-12-29T22:58:34.000000Z"}, {"uuid": "c0bd9c98-457d-4c22-89cc-ce8673fe2244", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/KomunitiSiber/1328", "content": "New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems\nhttps://thehackernews.com/2024/01/new-poc-exploit-for-apache-ofbiz.html\n\nCybersecurity researchers have\u00a0developed\u00a0a proof-of-concept (PoC) code that exploits a\u00a0recently disclosed critical flaw\u00a0in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload.\nThe vulnerability in question is\u00a0CVE-2023-51467\u00a0(CVSS score: 9.8), a bypass for another severe shortcoming in the same software (", "creation_timestamp": "2024-01-11T17:16:52.000000Z"}, {"uuid": "ec3f4804-8b10-4e8f-a773-dc7c9994e802", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/ZeroDay_TM/819", "content": "Apache OFBiz CVE-2023-51467 \n\nhttps://vulncheck.com/blog/ofbiz-cve-2023-51467\nhttps://xz.aliyun.com/t/13211?time__1311=mqmxnDBD9AYDq40vd4%2BxCwuQiARB8TD&amp;alichlgref=https%3A%2F%2Fvulncheck.com%2F\n\n-   -   -   -   -   -   -   -   -\n\u2022 @Old_Unclee\n\u2022 @ZeroDay_TM", "creation_timestamp": "2024-01-25T20:54:12.000000Z"}, {"uuid": "a9a3c070-b38e-4ca7-997e-aeb4c3a07621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "https://t.me/true_secator/5288", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 VulnCheck \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 PoC \u0434\u043b\u044f \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 ERP Apache OfBiz.\n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e CVE-2023-51467 \u0441 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u043e\u043c 9.8, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u043c \u043f\u0443\u0442\u0435\u043c \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0442\u043e\u043c \u0436\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 CVE-2023-49070 (CVSS: 9.8) \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u044d\u0442\u043e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0431\u044b\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 Apache OFbiz 18.12.11, \u043d\u0430\u0440\u0438\u0441\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u044b\u0442\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b. \n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0442 VulnCheck \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e CVE-2023-51467 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0438\u0437 \u043f\u0430\u043c\u044f\u0442\u0438, \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u043b\u0438\u0431\u043e \u043c\u0430\u043b\u043e \u043b\u0438\u0431\u043e \u0432\u043e\u043e\u0431\u0449\u0435 \u043d\u0435 \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u0441\u043b\u0435\u0434\u043e\u0432 \u0437\u043b\u043e\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u0441\u0442\u0430\u0440\u0430\u043b\u0438\u0441\u044c \u0438 \u043d\u0430\u043f\u0438\u0441\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Go, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u043e\u0431\u043e\u0439 \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043a\u0430\u043a \u0432 Windows, \u0442\u0430\u043a \u0438 \u0432 Linux.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0420\u043e\u0421 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u043f\u0438\u0441\u043e\u043a \u0437\u0430\u043f\u0440\u0435\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 groovy.util.Eval \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0439 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 Nashorn \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438.\n\n\u0425\u043e\u0442\u044c OFBiz \u043d\u0435 \u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0448\u0438\u0440\u043e\u043a\u043e\u0439 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c\u044e, \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u0432 \u0441\u0435\u0442\u0438 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0438 \u0442\u0435\u043f\u0435\u0440\u044c \u0432 \u0440\u0443\u043a\u0430\u0445 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u043f\u043e \u0441\u0443\u0442\u0438, \u0435\u0441\u0442\u044c \u0433\u043e\u0442\u043e\u0432\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435.", "creation_timestamp": "2024-01-12T15:55:53.000000Z"}, {"uuid": "a6986151-b78b-4ead-a87d-d57ee56fb4dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "exploited", "source": "https://t.me/true_secator/5257", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Apache OFBiz \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 PoC.\n\nApache OFBiz (Open For Business) \u2014 \u044d\u0442\u043e ERP-\u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043d\u043e\u0433\u0438\u0435 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438 \u0432 \u0441\u0444\u0435\u0440\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438, \u0440\u0430\u0431\u043e\u0442\u0435 \u0441 \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u043e\u043c \u0438 \u0431\u0443\u0445\u0433\u0430\u043b\u0442\u0435\u0440\u0441\u043a\u043e\u043c \u0443\u0447\u0435\u0442\u0435.\n\nOfBiz \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0447\u0430\u0441\u0442\u044c\u044e \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0442\u0430\u043a\u043e\u0435 \u041f\u041e, \u043a\u0430\u043a JIRA \u043e\u0442 Atlassian, \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 120 \u0442\u044b\u0441\u044f\u0447 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-49070 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 OFBiz \u0432\u0435\u0440\u0441\u0438\u0438 18.12.10, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0439 5 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2023 \u0433.\n\n\u042d\u0442\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044f \u043f\u0430\u0442\u0447 Apache OFBiz, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 SonicWall \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u043e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u043f\u0440\u0438\u0447\u0438\u043d\u0430 CVE-2023-49070 \u0432\u0441\u0435 \u0435\u0449\u0435 \u043d\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u0412 \u0441\u0432\u043e\u0435\u043c \u043e\u0442\u0447\u0435\u0442\u0435 SonicWall \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u043e\u0431\u0445\u043e\u0434\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f Apache \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-49070 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u0439 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041e\u043d \u0432\u044b\u0437\u0432\u0430\u043d \u043e\u0448\u0438\u0431\u043e\u0447\u043d\u043e\u0439 \u043b\u043e\u0433\u0438\u043a\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0443\u0441\u0442\u044b\u0445 \u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432.\n\nSonicWall \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u0441\u0432\u043e\u0438\u0445 \u0432\u044b\u0432\u043e\u0434\u0430\u0445 Apache, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043e\u043d\u0438 \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043a\u0430\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (SSRF).\n\n\u041d\u043e\u0432\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u043e\u0431\u0445\u043e\u0434\u0430 \u0431\u044b\u043b \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d CVE-2023-51467, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 OFBiz 18.12.11, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0439 26 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2023 \u0433.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043d\u0435\u043c\u043d\u043e\u0433\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0430 \u043e\u0431\u0438\u043b\u0438\u0435 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0434\u043b\u044f RCE \u0441 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0434\u0435\u043b\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u0440\u0438\u0432\u043b\u0435\u043a\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0434\u043b\u044f \u0445\u0430\u043a\u0435\u0440\u043e\u0432.\n\nShadowserver \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0431\u043e\u043b\u044c\u0448\u043e\u0433\u043e \u0447\u0438\u0441\u043b\u0430 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0439 \u0441 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 PoC \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0442\u0430\u0430\u0438\u0446\u0438\u0438  CVE-2023-49070, \u043e\u0436\u0438\u0434\u0430\u044f \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430 \u0438 \u0434\u043b\u044f CVE-2023-51467.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u0435\u0436\u0434\u0435 \u0432\u0441\u0435\u0433\u043e \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 Confluence.\n\n\u0414\u043b\u044f \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0438\u0441\u043a\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Apache OFBiz \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435\u00a0\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 18.12.11.", "creation_timestamp": "2023-12-28T18:01:30.000000Z"}, {"uuid": "8bfdfcc4-a5bd-403c-a23a-fbab71899a57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "https://t.me/ctinow/168649", "content": "https://ift.tt/2F9AGRj\nCritical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467)", "creation_timestamp": "2024-01-16T06:46:55.000000Z"}, {"uuid": "0030967a-61dc-4ddb-b0f3-0ebabf279d83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "https://t.me/thehackernews/4335", "content": "\ud83d\udea8 A new zero-day security flaw discovered in Apache OfBiz ERP system could allow unauthorized access. \n \nCVE-2023-51467 exposes incomplete patch for CVE-2023-49070 with a high CVSS score of 9.8. \n \nDetails: https://thehackernews.com/2023/12/critical-zero-day-in-apache-ofbiz-erp.html \n \nUpdate now to protect your system!", "creation_timestamp": "2023-12-27T16:45:34.000000Z"}, {"uuid": "da4d76ef-d326-4a88-adce-29ba8fe27e1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/168735", "content": "https://ift.tt/2F9AGRj\nCritical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467) - Security Boulevard", "creation_timestamp": "2024-01-16T10:46:50.000000Z"}, {"uuid": "a87327d3-c3a1-4799-9730-7ce9c029c558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "https://t.me/ctinow/160545", "content": "https://ift.tt/PJyCG6H\nCVE-2023-51467 Exploit", "creation_timestamp": "2023-12-29T15:16:49.000000Z"}, {"uuid": "76f62ed6-5b56-40f0-ad7c-fcf5fdb4ea6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "https://t.me/ctinow/159364", "content": "https://ift.tt/1sq3QDJ\nCVE-2023-51467", "creation_timestamp": "2023-12-26T16:27:07.000000Z"}, {"uuid": "104dd47f-fd99-4eab-90dd-5733f6ba093d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "https://t.me/ctinow/167246", "content": "https://ift.tt/3kyFoG5\nResearchers created a PoC for Apache OFBiz flaw CVE-2023-51467", "creation_timestamp": "2024-01-12T14:02:23.000000Z"}, {"uuid": "b9b4ed50-e72e-421e-b82f-aa006e6cd73f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "seen", "source": "https://t.me/ctinow/159716", "content": "https://ift.tt/NShB5db\nApache OFBiz Arbitrary File Reading and Remote Code Execution Vulnerabilities (CVE-2023-50968/CVE-2023-51467) Alert", "creation_timestamp": "2023-12-27T18:11:27.000000Z"}, {"uuid": "96f1ef84-bed3-4f6b-bd5e-c186e4f80ba7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1819", "content": "https://github.com/JaneMandy/CVE-2023-51467-Exploit\n\nApache Ofbiz CVE-2023-51467 \u56fe\u5f62\u5316\u6f0f\u6d1e\u5229\u7528\u5de5\u5177\n#github #Java #exploit", "creation_timestamp": "2024-01-11T02:56:36.000000Z"}, {"uuid": "c101a9bf-117c-49f5-b46d-893db60d7ed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1783", "content": "https://github.com/Chocapikk/CVE-2023-51467\n\n#github #exploit", "creation_timestamp": "2023-12-31T09:48:36.000000Z"}, {"uuid": "2c565409-e93f-4c32-bdb8-b7f426eabfb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9688", "content": "#exploit\n1. CVE-2023-51467:\nApache OfBiz Auth Bypass\nhttps://github.com/JaneMandy/CVE-2023-51467\n]-&gt; scanner: https://github.com/Chocapikk/CVE-2023-51467\n\n2. Remote pre-auth heap buffer overflow exploit for Avocent KVMs\nhttps://gist.github.com/aemmitt-ns/f76e770c9112faae86bf93fe223a497e\n\n3. CVE-2023-35985:\nAPI of Foxit Reader\u00a012.x - Arbitrary file creation vulnerability\nhttps://github.com/SpiralBL0CK/-CVE-2023-35985", "creation_timestamp": "2023-12-31T00:45:20.000000Z"}, {"uuid": "e24bbe24-726c-4db2-a467-4a201b77c7fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9743", "content": "#exploit\n1. CVE-2023-31446:\nDodge OPTIFY RCE\nhttps://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution\n\n2. CVE-2020-11110:\nGrafana Stored CSS\nhttps://github.com/AVE-Stoik/CVE-2020-11110-Proof-of-Concept/tree/main\n\n3.\u00a0CVE-2023-51467:\nApache Ofbiz Exploit\nhttps://github.com/JaneMandy/CVE-2023-51467-Exploit", "creation_timestamp": "2024-01-07T22:09:15.000000Z"}, {"uuid": "738da950-e567-477c-99fd-56c3da2683dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2360", "content": "#exploit\n1. CVE-2023-51467:\nApache OfBiz Auth Bypass\nhttps://github.com/JaneMandy/CVE-2023-51467\n]-&gt; scanner: https://github.com/Chocapikk/CVE-2023-51467\n\n2. Remote pre-auth heap buffer overflow exploit for Avocent KVMs\nhttps://gist.github.com/aemmitt-ns/f76e770c9112faae86bf93fe223a497e", "creation_timestamp": "2024-08-16T08:59:46.000000Z"}, {"uuid": "cf5b2463-2f71-4ff2-9f27-8f78d37e11c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/5978", "content": "CVE-2023-51467 - Apache Ofbiz Exploit\n\nGithub\n\n#CVE #Exploit \n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2024-01-10T11:19:04.000000Z"}, {"uuid": "76e0e038-31c3-4205-bd72-ac3b17083960", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-51467", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2439", "content": "#exploit\n1. CVE-2023-31446:\nDodge OPTIFY RCE\nhttps://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution\n\n2. CVE-2020-11110:\nGrafana Stored CSS\nhttps://github.com/AVE-Stoik/CVE-2020-11110-Proof-of-Concept/tree/main\n\n3.\u00a0CVE-2023-51467:\nApache Ofbiz Exploit\nhttps://github.com/JaneMandy/CVE-2023-51467-Exploit", "creation_timestamp": "2024-08-16T09:01:19.000000Z"}]}