Hi everyone, I was recently made aware of an attack on an OFBiz deployment using the vulnerability described below. The attackers were able to exploit the xmlrpc endpoint to initiate a full export of the database. Fortunately this deployment had an extremely large database and the attempt set off a number of alerts which enabled the attack to be halted before any harm was done. A smaller (or lightly monitored) OFBiz installation would probably not have been so fortunate.
Just sharing this to let everyone know that this vulnerability is being exploited in the wild and if you haven't taken steps to lock down this endpoint then you should do so ASAP. Please also share this warning with anyone you know who might be affected but perhaps don't keep an eye on this list. https://issues.apache.org/jira/browse/OFBIZ-11716 Regards Scott
