New Options Profiles for Log4Shell Detection

We have now added two new option profiles to our library for Log4Shell vulnerabilities. Option profiles define the settings you want to use for your scan. These new option profiles are tuned to quickly detect the Log4Shell vulnerability on assets in your environment. The following two...

Answering Log4Shell-related questions

Important notice On December 18th, Log4j version 2.17.0 was released to address open vulnerabilities. It is highly recommended to update your systems as soon as possible. History of the Log4j library vulnerabilities CVE-2021-44228 initial vulnerability – partially fixed in 2.15.0 CVE-2021-45046...

A week in security (Dec 13 – 19)

Last week on Malwarebytes Labs: Spear phish, whale phish, regular phish: What’s the difference? Kronos crippled by ransomware, service may be out for weeks 5 security lessons from 18 months of working from home What SMBs can do to protect against Log4Shell attacks After Log4j, December’s Patch...

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2021-44228)

Summary There is a vulnerability in Apache Log4j used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to...

Security Bulletin: A vulnerability in Apache log4j affects IBM Operations Analytics Predictive Insights (CVE-2021-44228)

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Operations Analytics Predictive Insights. This affects the IBM Operations Analytics Predictive Insights Analytics, UI and REST Mediation components. This vulnerability has been addressed. Vulnerability Details...

6 Ways to Quickly Detect a Log4Shell Exploit in Your Environment

In recent days, the cybersecurity industry has been rapidly assessing the full impact of the Log4Shell CVE-2021-44228 and CVE-2021-45046 vulnerability. Many organizations are quickly trying to figure out whether this vulnerability is within their environment, and where. The next question a securi...

Apache JSPWiki 2.11.0 Log4j RCE Vulnerability (Log4Shell) - Version Check

Apache JSPWiki is prone to a remote code execution RCE vulnerability in the Apache Log4j library dubbed SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Apache JSPWiki 2.11.0 Log4j RCE Vulnerability (Log4Shell) - Active Check

Apache JSPWiki is prone to a remote code execution RCE vulnerability in the Apache Log4j library dubbed SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Apache Log4Shell RCE detection via callback correlation (Direct Check NetBIOS)

Binary data apachelog4shellnetbios.nbin...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell in action This project aims to demonstrate how the...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Self-contained lab environment PoC that runs a reverse-shell w...

Are Endpoints at Risk for Log4Shell Attacks?

We created a free assessment tool for scanning devices to know whether it is at risk for Log4Shell attacks...

Metasploit Wrap-Up

Log4Shell - Log4j HTTP Scanner Versions of Apache Log4j impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP endpoint for the...

Security Bulletin: Log4j as used in IBM® Disconnected Log Collector is vulnerable to remote code execution (RCE) (CVE-2021-44228)

Summary Log4j is used by IBM® Disconnected Log Collector to log system events. This bulletin provides a remediation for the vulnerability, CVE-2021-44228 by upgrading IBM® Disconnected Log Collector and thus addressing the exposure to the log4j vulnerability. Vulnerability Details CVEID:...

Security Bulletin: IBM Content Navigator container deployments are vulnerable to a remote execution vulnerability (Log4j)

Summary IBM Content Navigator container deployments are vulnerable to a remote execution vulnerability. IBM Content Navigator has addressed the vulnerability as described below. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrar...

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling Control Center (CVE-2021-44228)

Summary Apache Log4j is used by IBM Sterling Control Center. This bulletin provides fixes for the reported CVE-2021-44228 and work around mitigation. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused...

Security Bulletin: Vulnerability in Apache Log4j affects the components (Elastic Search and Hadoop) of IBM Financial Crimes Insight for Claims Fraud

Summary There is a vulnerability in the Apache Log4j open source library used by IBM Financial Crimes Insight for Claims Fraud for generating logs in some of its components. This bulletin provides mitigations for the Log4Shell vulnerability CVE-2021-44228 by applying the applicable workaround ste...

Out-of-Band Detection for Log4Shell

Log4j is the de facto logging library for all Java applications, as Log4j is used in most Java-based applications. The challenge is that Java applications that use the log4j-vulnerable library can be coded, packaged, and deployed using different methods – this introduces a challenge for detection...

Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-4104)

Summary There is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics. IBM SPSS Statistics has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by...

Brand-New Log4Shell Attack Vector Threatens Local Hosts

Defenders will once again be busy beavers this weekend: There’s an alternative attack vector for the ubiquitous Log4j vulnerability, which relies on a basic Javascript WebSocket connection to trigger remote code-execution RCE on servers locally, via drive-by compromise. In other words, an exploit...