heise PlusAbo

Security update: Hardcoded key allows access to Apache OFBiz

Apache developers have closed several partially critical security vulnerabilities in the enterprise software OFBiz.

listen Print view
A sign with a symbolic update reminder.

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

Attackers can exploit vulnerabilities in Apache OFBiz to compromise PCs. In a recent version, developers have now closed several security vulnerabilities.

OFBiz can be used to organize and automate complex business processes. From the security section of the Apache OFBiz website, it is evident that developers have closed a total of 17 vulnerabilities in version 24.09.06. So far, there are no indications of attacks.

A “critical” vulnerability (CVE-2026-31986) is considered particularly dangerous. At this point, attackers can access instances due to a hardcoded cryptographic key. However, attackers can also execute malicious code remotely (e.g., CVE-2026-45434 “high”).

Videos by heise

To protect systems from possible attacks, administrators must install the repaired version promptly.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten