Rewterz Threat Alert – Cobalt Strike Malware – IOCs
August 13, 2021Rewterz Threat Advisory –CVE-2021-37699 – Node.js Next Module Vulnerability
August 13, 2021Rewterz Threat Alert – Cobalt Strike Malware – IOCs
August 13, 2021Rewterz Threat Advisory –CVE-2021-37699 – Node.js Next Module Vulnerability
August 13, 2021Severity
High
Analysis Summary
CVE-2021-37608
Apache OFBiz could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the Image Management. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system.
Impact
- Unauthorized Access
Affected Vendors
Apache
Affected Products
- Apache OFBiz 17.12.07
Remediation
Upgrade to the latest version of Apache OFBiz (17.12.08 or later), available from the Apache Web site.