SonicWall discovered an authentication bypass vulnerability - tracked as CVE-2023-51467 - impacting the open source framework Apache OfBiz. The flaw affects versions prior to 18.12.10 and has been fixed in the subsequent version 18.12.11.
The vulnerability enables a potential malicious attacker to send to the targeted server an HTTP request with empty parameters for username and password, leading to a successful authentication. While there is not a this stage an official CVSS score on the NIST National Vulnerability Database, the severity has been assessed at a critical level with SonicWall providing a 9.8 score.
Ramifications of a potential exploitation are diverse, including server side request forgery.