Apache Struts 2.5.x Multiple Log4j Vulnerabilities (Log4Shell) - Active Check

Apache Struts is prone to multiple vulnerabilities in the Apache Log4j library. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Security Bulletin: IBM Db2 Big SQL for Hortonworks Data Platform, for Cloudera Data Platform Private Cloud, and IBM Db2 Big SQL on Cloud Pak for Data are affected by critical vulnerability in Log4j (CVE-2021-44228)

Summary There is a vulnerability in the version of the Log4j open source library that is part of IBM Db2 Big SQL for Hortonworks Data Platform, for Cloudera Data Platform Private Cloud, and IBM Db2 Big SQL on Cloud Pak for Data. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45105)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability CVE-2021-45105. Vulnerabili...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability CVE-2021-44228. Vulnerabili...

How to detect Apache Log4j vulnerabilities

Explore how to detect Apache Log4j Log4Shell vulnerabilities using cloud-native security tools...

Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers

An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response IR teams today,...

Acronis: [CVE-2021-44228] Arbitrary Code Execution on ng01-cloud.acronis.com

Vulnerability description not provided...

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

Malicious files doctored up to look like legitimate content related to the Israeli-Palestine conflict are being used to target prominent Palestinians, as well as activists and journalists in Turkey, with spyware. That’s according to a disclosure from Zscaler, which attributes the cyberattacks to...

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution Exploit

The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the remember field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and...

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UniFi Network Application Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q The Ubiquiti UniFi Network Application versions...

UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell)

The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the 'remember' field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and...

Security Advisory for "Log4Shell"

Impact A highly critical 0-day exploit CVE-2021-44228 is found in Apache log4j 2 library on December 9, 2021. This affects Apache log4j versions from 2.0-beta9 to 2.14.1 inclusive. This vulnerability allows a remote attacker to execute code on the server if the system logs an attacker-controlled...

MobileIron Core Log4Shell Direct Check (CVE-2021-44228)

Binary data mobileironlog4shell.nbin...

VMware vRealize Operations Manager Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)

Binary data vmwarevrealizeoperationsmanagerlog4shell.nbin...

VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtua...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Operational Decision Manager (CVE-2021-44228)

Summary Rule Designer, shipped with IBM Operational Decision Manager since version 8.10.4 includes log4j-core.jar that contains the vulnerable code. The fix includes Apache Log4j 2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 CVSS score: 5.3, the issue is an "input...

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution Exploit

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux...

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q VMware vCenter Server is affected by the Log4Shell...

Apache Log4j 2.0.x Multiple Vulnerabilities (SMTP, Log4Shell) - Active Check

Apache Log4j is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...