![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – APT C-23 Highly Active
December 1, 2020![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Microsoft Outlook Web Phishing
December 1, 2020![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – APT C-23 Highly Active
December 1, 2020![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Microsoft Outlook Web Phishing
December 1, 2020Severity
High
Analysis Summary
Apache NiFi could allow a remote attacker to execute arbitrary code on the system, caused by improper access control by the NiFi API. By sending a specially-crafted request to create an ExecuteProcess processor, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Gain Access
- Remote code execution
Affected Vendors
Apache
Affected Products
Apache NiFi 1.12.1
Remediation
Refer to POC for more insights.
https://packetstormsecurity.com/files/160260/Apache-NiFi-API-Remote-Code-Execution.html