Rewterz Threat Advisory – VMware Horizon Client for Linux Vulnerabilities
April 7, 2022Rewterz Threat Update – Anonymous Collective’s Activity Round-Up – Russian-Ukrainian Cyber Warfare
April 7, 2022Rewterz Threat Advisory – VMware Horizon Client for Linux Vulnerabilities
April 7, 2022Rewterz Threat Update – Anonymous Collective’s Activity Round-Up – Russian-Ukrainian Cyber Warfare
April 7, 2022Severity
Medium
Analysis Summary
CVE-2022-26850
Apache NiFi could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of username and a bcrypt hash of the configured password in the Login Identity Providers configuration file when creating or updating credentials for single-user access. By gaining access to the configuration file, an attacker could exploit this vulnerability to obtain username and password information, and use this information to launch further attacks against the affected system.
Impact
Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-26850
Affected Vendors
Apache
Affected Products
Apache NiFi 1.15.0
Remediation
Upgrade to the latest version of Apache NiFi, available from the Apache Web site.