Rewterz Threat Alert – Fake Office 365 Used for Phishing Attacks on C-Suite Targets
January 29, 2021Rewterz Threat Advisory – CVE-2021-25226 – Trend Micro ServerProtect for Linux
February 1, 2021Rewterz Threat Alert – Fake Office 365 Used for Phishing Attacks on C-Suite Targets
January 29, 2021Rewterz Threat Advisory – CVE-2021-25226 – Trend Micro ServerProtect for Linux
February 1, 2021Severity
High
Analysis Summary
CVE-2021-25646
Apache Druid could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with the privileges of the Druid server process on the system.
Impact
Gain Access
Affected Vendors
Apache
Affected Products
Apache Druid 0.20.0
Remediation
Upgrade to the latest version of Druid (0.20.1 or later)