375 matches found
Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects Engineering Lifecycle Management and IBM Engineering products
Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-44228 which is used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Workflow Management EWM, IBM Engineering Systems...
How to Make Log4Shell Remediation Quick & Effective
Confronting the Log4Shell vulnerability in your environment has seemed anything but “easy” due to its prevalence in Java applications. Rapid remediation is critical. In this blog, Qualys offers some advice – and a new utility – to speed up the process. Remediation is a critical step to ensure tha...
Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High
2021 dragged itself to a close under a Log4Shell-induced blitzkrieg. With millions of Log4j-targeted attacks clocking in per hour since the flaw’s discovery last month, there’s been a record-breaking peak of 925 cyberattacks a week per organization, globally. The number comes out of a Monday repo...
A similar vulnerability like Log4shell discovered in H2 database console
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An unauthenticated remote code execution vulnerability similar to Log4shell has been discovered in H2 Database a popular Java SQL database console and has been assigned CVE-2021-42392. It is claimed to be similar to the...
Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries
A study of 16 different Uniform Resource Locator URL parsing libraries has unearthed inconsistencies and confusions that could be exploited to bypass validations and open the door to a wide range of attack vectors. In a deep-dive analysis jointly conducted by cybersecurity firms Claroty and Snyk,...
Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC
Summary Log4j is used by IBM Power Hardware Management Console HMC for logging system/application events for diagnostics. This bulletin provides a remediation for the vulnerability, CVE-2021-44228 by upgrading IBM Power Hardware Management Console HMC respective PTF and thus addressing the exposu...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228Apache Log4j Remote Code Execution) all log...
Log4Shell Strategic Response: 5 Practices for Vulnerability Management at Scale
This post is co-authored by Blake Cifelli, Senior Advisory Services Consultant. In today’s cybersecurity world, risks evolve faster than we can remediate them. To meet our goals and become resilient to these fast changes, we need the right balance of automation and human interaction. Enabling rap...
Metasploit Wrap-Up
Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...
Security Bulletin: Vulnerability in Apache Log4j addressed in IBM Spectrum Conductor
Summary Log4j is used by IBM Spectrum Conductor for generating logs in some of its components. This bulletin provides patches for the Log4Shell vulnaribility CVE-2021-44228 to IBM Spectrum Conductor. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attack...
Security Bulletin: Vulnerability in Apache Log4j addressed in IBM Spectrum Symphony
Summary Log4j is used by IBM Spectrum Symphony for generating logs in some of its components. This bulletin provides patches for the Log4Shell vulnerability CVE-2021-44228 to IBM Spectrum Symphony. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker...
Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console
Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the "first critical issue published since...
Apache Log4Shell RCE detection via callback correlation (Direct Check RPCBIND)
Binary data log4jlog4shellrpcbind.nbin...
Apache JSPWiki Log4Shell Direct Check (CVE-2021-44228)
Binary data apachejspwikilog4shell.nbin...
VMware Horizon Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)
Binary data vmwarehorizonlog4shell.nbin...
Vulnerability fixed in H2 Database Console
A vulnerability has been found in the Console component of H2 Database. This vulnerability allows a local malicious person to to execute arbitrary code under application privileges. Researchers at JFrog found this vulnerability during additional research on Java vulnerabilities following Log4j. S...
Log4Shell log4j Remote Code Execution – The COVID of the Internet
The Log4Shell zero day vulnerability is truly one of the most significant security threats of the past decade and its effects will be felt far into 2022 and beyond. Imperva has observed over 102M exploitation attempts across thousands of sites protected by Imperva Cloud Web Application Firewall...
Apache Solr Log4Shell Direct Check (CVE-2021-44228)
Binary data apachesolrlog4shell.nbin...
Microsoft Sees Rampant Log4j Exploit Attempts, Testing
No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library. “We have...
Security Bulletin: Vulnerability in Apache Log4J adressed in Crypto Hardware Initialization and Maintenance (CVE-2021-44228)
Summary Crypto Hardware Initialization and Maintenance CHIM 3.0.0 as shipped with CCA 7.2.55 for MTM 4769 is affected by a vulnerability in Apache Log4J CVE-2021-44228. CHIM is using Apache Log4J for internal logging purposes of regular user activity. Vulnerability Details CVEID: CVE-2021-44228...