It is unclear how many businesses use Apache OFBiz as many organizations may use it internally, but based on public data known users include large organizations such as IBM, HP, Accenture, United Airlines, Home Depot, and Upwork. Some third-party applications, such as Atlassian JIRA, also use OFBiz modules. The project is used worldwide and in many industries, but more than 40% of known users are based in the US.
The Open Web Application Security Project (OWASP) recently updated its list of the top 10 open source security risks for businesses, with known vulnerabilities at the top of the list.
A new error is found by analyzing the previous one
The new flaw is found in the output view functionality and allows unauthorized attackers to access sensitive and restricted endpoints using specially crafted requests. This can pave the way for remote code execution.
Source link