On December 17, the Apache disclosed CVE-2021-45105 (CVSS: 7.5/10) which was patched in log4j version 2.17.0.This vulnerability showed that in certain scenarios it can lead to an information leak and remote execution in some environments (macOS) and local code execution in all environments. On December 14, the Apache disclosed CVE-2021-45046 (CVSS: 9.0/10) which was patched in log4j version 2.16.0.Mainly Apache stack but also other applications.
The vulnerability CVE-2021-44228 is present in all applications embedding Log4j (from 2.0 to 2.15.0-rc2 version) for audit logging feature.In this blog, we provide background on Log4Shell vulnerability (CVE-2021-44228), detection guidance and we recommend mitigations. Log4Shell – Unauthenticated RCE 0-day exploit (CVE-2021-44228)
0 kommentar(er)
