VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q VMware vCenter Server is affected by the Log4Shell...

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution Exploit

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux...

Apache Log4j 2.0.x Multiple Vulnerabilities (SMTP, Log4Shell) - Active Check

Apache Log4j is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[Security Nation] Mike Hanley of GitHub on the Log4j Vulnerability

!\Security Nation\ Mike Hanley of GitHub on the Log4j Vulnerabilityhttps://blog.rapid7.com/content/images/2022/01/securitynationlogo.jpg In our first episode of Security Nation Season 5, Jen and Tod chat with Mike Hanley, Chief Security Officer at GitHub, all about the major vulnerability in...

Log4J and The Memory That Knew Too Much

Log4J and The Memory That Knew Too Much By Trellix · January 19, 2022 By Guilherme Venere, Ismael Valenzuela, Carlos Diaz, Cesar Vargas, Leandro Costantino, Juan Olle, Jose Luis Sanchez Martinez, AC3 Team Collaborators: Steve Povolny, Douglas McKee, Mark Bereza, Frederick House, Dileep Kumar...

Log4shell Vulnerability is the Coal in Our Stocking for 2021

Log4Shell Vulnerability is the Coal in our Stocking for 2021 By Steve Povolny and Douglas McKee · January 19, 2022 Overview On December 9, a vulnerability CVE-2021-44228 was released on Twitter along with a PoC on GitHub for the Apache Log4j logging library. The bug was originally disclosed to...

Will 2022 Be the Year of the Software Bill of Materials?

Here, have a can of soup. Nah, we don’t know what’s in it. Could be 30 percent insect parts, could be seasoned with rat hair, who can say? The ingredients keep changing anyway. Just pour it into your network and pray. That, unfortunately, is the current state of cybersecurity: a teeth-grinding...

The Log4j Vulnerability Puts Pressure on the Security World

It’s not my intention to be alarmist about the Log4j vulnerability CVE-2021-44228, known as Log4Shell, but this one is pretty bad. First of all, Log4j is a ubiquitous logging library that is very widely used by millions of computers. Second, the director of the U.S. Cybersecurity & Infrastructure...

Active Exploitation of VMware Horizon Servers

This post is co-authored by Charlie Stafford, Lead Security Researcher. We will update this blog with further information as it becomes available. CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Blog's Last Update ---|---|---|---|---|--- CVE-2021-44228 | VMware Advisory |...

Cybercriminals Actively Target VMware vSphere with Cryptominers

Organizations running sophisticated virtual networks with VMware’s vSphere service are actively being targeted by cryptojackers, who have figured out how to inject the XMRig commercial cryptominer into the environment, undetected. Uptycs’ Siddharth Sharma has released research showing threat acto...

Security Bulletin: Vulnerability in Apache Log4j affects Cloud Pak for Security (CVE-2021-44228)

Summary Cloud Pak for Security CP4S v1.9.0.0 and earlier is impacted by Log4Shell CVE-2021-44228, through the use of Apache Log4j's JNDI logging feature. This vulnerability has been addressed in the updated versions of CP4S images. Please see remediation steps below to apply fix. All customers ar...

Security Bulletin: Apache Log4j vulnerability affects IBM Cloud Pak for Automation (CVE-2021-44228)

Summary A remote code execution vulnerability has been reported for log4j-core-2.x libraries, which are used in various components of IBM Cloud Pak for Business Automation. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code...

Security Bulletin: Rational Test Automation Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary Apache Log4j vulnerability associated with the Rational Performance Tester Apache JMeter™ Test Extension impacts Rational Test Automation Server. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: IBM QMF Analytics for Multiplatforms is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary Apache Log4j is used by the QMF Vision component of IBM QMF Analytics for Multiplatforms as part of its logging infrastructure and is vulnerable to arbitrary code execution CVE-2021-44228. The fix includes Apache Log4j v2.17.0. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apac...

Metasploit Weekly Wrap-Up

Log4Shell goodness Log4Shell made an unfortunate end to 2021 for many organizations, but it also makes for some great additions to Metasploit Framework. Contributors sempervictus, schierlm, righel, timwr and our very own Spencer McIntyre have collaborated to bring us a Log4Shell module that uses...

Log4Shell HTTP Header Injection Exploit

This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an...

A December to Remember — Or, How We Improved InsightAppSec in Q4 in the Midst of Log4Shell

Ho, ho, holy cow — what a wild way to wrap up the year that was. Thousands of flights were cancelled during Christmas week, nearly every holiday party became a super-spreader event, and we lost a legend in Betty White. In our neck of the woods, Log4Shell has been dominating the conversation for...

Security Bulletin: Vulnerabilitiy in Apache Log4jaffects IBM Observability with Instana - Server and Agents (CVE-2021-44228)

Summary Vulnerabilities detected in Apache Log4j versions before v2.16.0 affects IBM Observability with Instana. These have been addressed in both the Server and Agent components. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects Engineering Lifecycle Management and IBM Engineering products

Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-44228 which is used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Workflow Management EWM, IBM Engineering Systems...

How to Make Log4Shell Remediation Quick & Effective

Confronting the Log4Shell vulnerability in your environment has seemed anything but “easy” due to its prevalence in Java applications. Rapid remediation is critical. In this blog, Qualys offers some advice – and a new utility – to speed up the process. Remediation is a critical step to ensure tha...