![](https://static.wixstatic.com/media/34c96e_80b479e347804631a4a281bb0d74cc7e~mv2.jpg/v1/fill/w_147,h_147,al_c,q_80,usm_0.66_1.00_0.01,blur_2,enc_auto/34c96e_80b479e347804631a4a281bb0d74cc7e~mv2.jpg)
SonicWall discovered an authentication bypass vulnerability - tracked as CVE-2023-51467 - impacting the open source framework Apache OfBiz. The flaw affects versions prior to 18.12.10 and has been fixed in the subsequent version 18.12.11.
The vulnerability enables a potential malicious attacker to send to the targeted server an HTTP request with empty parameters for username and password, leading to a successful authentication. While there is not a this stage an official CVSS score on the NIST National Vulnerability Database, the severity has been assessed at a critical level with SonicWall providing a 9.8 score.
Ramifications of a potential exploitation are diverse, including server side request forgery.