Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Exploit for Deserialization of Untrusted Data in Apache Log4J

🗓️ 13 Dec 2021 19:01:43Type 
githubexploit
 githubexploit👁 243 Views

Exploit for Improper Input Validation in Apache Log4J. Remove transitive dependency for logging in SpringBoot, bring in `spring-boot-starter-log4j2` with `log4j-core` remote code exploit (RCE) vulnerability. Running API using `./gradlew clean build bootRun` or `Log4TestApplication.java`. JNDI value resolves to non-existent site resulting in `ConnectException`. Possible fix located in strategic-fix branch

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
ReporterTitlePublishedViews
Family
ibm		Security Bulletin: IBM TRIRIGA Reporting a component of IBM TRIRIGA Application Platform is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-44228 )
8 Feb 202216:23
ibm
ibm		Security Bulletin: Vulnerability in Apache Log4j affects IBM Event Streams (CVE-2021-44228)
21 Dec 202117:53
ibm
ibm		Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228) bundled with Predictive Maintenance and Quality and Predictive Maintenance Insights
14 Jan 202221:11
ibm
ibm		Security Bulletin: IBM Rational Build Forge is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228).
14 Jan 202215:10
ibm
ibm		Security Bulletin: A dependency of ElasticSearch as used in IBM® Resilient SOAR is vulnerable to Apache Log4j (CVE-2021-44228).
23 Dec 202117:25
ibm
ibm		Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) may affect IBM Watson Assistant for IBM Cloud Pak for Data
23 Dec 202113:07
ibm
ibm		Security Bulletin: Vulnerability in Apache Log4j affects IBM API Connect (APIC) (CVE-2021-44228)
22 Dec 202116:11
ibm
ibm		Security Bulletin: Vulnerability in Apache Log4j affects IBM Telco Network Cloud Manager (CVE-2021-44228)
22 Dec 202115:12
ibm
ibm		Security Bulletin: Log4JShell Vulnerability affects Watson Machine Learning in Cloud Pak for Data (CVE-2021-44228)
22 Dec 202100:07
ibm
ibm		Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Network Manager IP Edition (CVE-2021-44228)
21 Dec 202105:17
ibm
Rows per page

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
13 Dec 2021 19:43Current
10High risk
Vulners AI Score10
CVSS29.3
CVSS310
EPSS0.94381
apache log4jinput validationspringbootrce vulnerabilitygradlerunning apijndi valueconnectexceptionstrategic fixremote code exploit
243
.json
Report