Rewterz Threat Alert – APT MustangPanda Targeting Germany – Active IOCs
December 28, 2021Rewterz Threat Alert – MuddyWater APT Group – Active IOCs
December 29, 2021Rewterz Threat Alert – APT MustangPanda Targeting Germany – Active IOCs
December 28, 2021Rewterz Threat Alert – MuddyWater APT Group – Active IOCs
December 29, 2021Severity
Medium
Analysis Summary
CVE-2021-44832
Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI, an attacker could exploit this vulnerability to execute remote code.
Impact
- Code Execution
Affected Vendors
Apache
Affected Products
- Apache Log4j 2.8.1
- Apache Log4j 2.13.1
- Apache Log4j 2.14.0
- Apache Log4j 2.14.1
Remediation
Upgrade to the latest version of Log4j, available from the Apache Web site.