Rewterz Threat Advisory – ICS: Hitachi Energy GMS600, PWC600, and Relion
December 13, 2021Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities
December 14, 2021Rewterz Threat Advisory – ICS: Hitachi Energy GMS600, PWC600, and Relion
December 13, 2021Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities
December 14, 2021Severity
High
Analysis Summary
CVE-2021-4104
Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Affected Vendors
Apache
Affected Products
- Apache Log4j 1.2
Remediation
Upgrade to the latest version of Log4j, available from the Apache Web site.