Software developers using the open-source Apache OFBiz enterprise resource management and e-commerce suite are being urged to apply the latest security update after the discovery of a critical vulnerability that could allow a business to be hacked.
In technical terms, the vulnerability is called a Java serialization problem. Briefly, serialization converts a Java object into a byte stream which can be saved into a file on a local disk or sent over the network to any other machine. Deserialization reverses the process, restoring the serialized byte stream to an object again. This particular bug in OFBiz allows unsafe deserialization in versions prior to 17.12.06.
“An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz,” notes the description…