Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
December 20, 2021Rewterz Threat Advisory – ICS: Mitsubishi Electric FA Engineering Software and GX Works2
December 20, 2021Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
December 20, 2021Rewterz Threat Advisory – ICS: Mitsubishi Electric FA Engineering Software and GX Works2
December 20, 2021Severity
Medium
Analysis Summary
CVE-2021-44145
Apache NiFi could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the TransformXML processor. By using a specially-crafted XSLT file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Affected Vendors
Apache
Affected Products
- Apache NiFi 0.1.0
- Apache NiFi 1.15.0
Remediation
Upgrade to the latest version of Apache NiFi, available from the Apache Web site.