Lucene search
HistoryFeb 20, 2022 - 7:15 p.m.
CVE-2022-23848
alluxio
logserver
input validation
security vulnerability
cve-2022-23848
nvd
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.1%
In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| alluxio:alluxio | alluxio | lt | 2.7.3 |
Related
attackerkb
attackerkb
CVE-2022-23848
2022-02-20 00:00:00
github
github
Command injection in Alluxio
2022-02-21 00:00:19
prion
prion
Input validation
2022-02-20 19:15:00
osv
osv
Command injection in Alluxio
2022-02-21 00:00:19
CVE-2022-23848
2022-02-20 19:15:09
Critical vulnerability in log4j may affect generated PEAR projects
2021-12-16 21:01:51
cvelist
cvelist
CVE-2022-23848
2022-02-20 18:09:57
cnvd
cnvd
Alluxio has an unspecified vulnerability
2022-02-22 00:00:00
trellix
trellix
Log4J and The Memory That Knew Too Much
2022-01-19 00:00:00
Log4J and The Memory That Knew Too Much
2022-01-19 00:00:00
ibm
ibm
threatpost
threatpost
Multi-Ransomwared Victims Have It Coming–Podcast
2022-03-10 14:00:32
What the Log4Shell Bug Means for SMBs: Experts Weigh In
2021-12-14 17:54:47
wallarmlab
wallarmlab
Update on Log4Shell (CVE-2021-44228)
2021-12-10 20:22:36
Log4j 0day mitigation update CVE-2021-44228
2021-12-10 20:56:40
trendmicroblog
trendmicroblog
Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited
2021-12-13 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: ███ ████████ running a vulnerable log4j
2021-12-31 00:55:49
U.S. Dept Of Defense: ██████████ running a vulnerable log4j
2021-12-11 00:16:38
qualysblog
qualysblog
Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation
2021-12-28 18:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-11 13:28:52
Exploit for Deserialization of Untrusted Data in Apache Log4J
2022-01-27 07:07:30
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-17 19:50:40
rapid7blog
rapid7blog
[Security Nation] Mike Hanley of GitHub on the Log4j Vulnerability
2022-01-19 21:47:30
Log4Shell Makes Its Appearance in Hacker Chatter: 4 Observations
2021-12-14 21:05:17
What's New in InsightVM and Nexpose: Q1 2022 in Review
2022-04-19 17:52:17
cisa
cisa
Ivanti Updates Log4j Advisory with Security Updates for Multiple Products
2022-01-14 00:00:00
hivepro
hivepro
Iranian hackers leveraged Log4Shell to penetrate US federal agency
2022-11-17 12:28:57
Monti ransomware infiltrates networks via the well-known Log4Shell
2022-09-16 10:51:13
msrc
msrc
CVE-2021-44228 Apache Log4j 2 に対するマイクロソフトの対応
2021-12-12 08:00:00
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
2021-12-12 05:28:18
mssecure
mssecure
MERCURY and DEV-1084: Destructive attack on hybrid environment
2023-04-07 16:00:00
nessus
nessus
Cisco SD-WAN vManage Log4j Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)
2022-05-16 00:00:00
FreeBSD : graylog -- include log4j patches (3fadd7e4-f8fb-45a0-a218-8fd6423c338f)
2021-12-13 00:00:00
Ubuntu 16.04 ESM : Apache Log4j 2 vulnerability (USN-5192-2)
2021-12-17 00:00:00
impervablog
impervablog
Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions
2021-12-14 22:55:49
Analytics Are Essential for Effective Database Security
2022-01-13 15:23:02
talosblog
talosblog
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity
2024-02-21 13:54:48
kaspersky
kaspersky
KLA12395 RCE vulnerability in Microsoft SQL Server
2021-12-16 00:00:00
KLA12392 RCE vulnerability in Microsoft Azure
2021-12-16 00:00:00
cisa_kev
cisa_kev
Apache Log4j2 Remote Code Execution Vulnerability
2021-12-10 00:00:00
redhat
redhat
fedora
fedora
[SECURITY] Fedora 34 Update: log4j-2.16.0-1.fc34
2021-12-22 01:14:26
openvas
openvas
Debian: Security Advisory (DLA-2842-1)
2021-12-13 00:00:00
openSUSE: Security Advisory for logback (openSUSE-SU-2021:1613-1)
2022-02-01 00:00:00
akamaiblog
akamaiblog
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
2021-12-17 19:30:00
veracode
veracode
Remote Code Execution (RCE)
2021-12-10 15:09:45
cve
cve
CVE-2021-44228
2021-12-10 10:15:00
packetstorm
packetstorm
Intel Data Center Manager 5.1 Local Privilege Escalation
2022-12-09 00:00:00
Log4Shell HTTP Header Injection
2022-01-12 00:00:00
MobileIron Log4Shell Remote Command Execution
2022-08-03 00:00:00
amd
amd
AMD Response to Log4j (Log4Shell) Vulnerability
2021-12-15 00:00:00
thn
thn
NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
2022-01-08 07:04:00
Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
2022-08-27 03:23:00
Last Years Open Source - Tomorrow's Vulnerabilities
2022-11-01 12:04:00
suse
suse
Security update for log4j (important)
2021-12-12 00:00:00
mmpc
mmpc
Build a stronger cybersecurity team through diversity and training
2022-01-20 17:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.1%
Related for CVE-2022-23848