July 23, 2024

This vulnerability from December 2021 ensured a busy start to 2022 for security teams. A zero-day vulnerability affected Log4j2 versions >= 2.0-beta9 and <= 2.15.0, which allowed an attacker to execute arbitrary code on a vulnerable system through specially crafted log messages. Successful exploitation (remote code execution) of this issue resulted in system-level privileges.

Workaround

Ensure that you have upgraded to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7) or 2.17.1 (for Java 8 and later).

About Author

Hack2Report Admin

See author's posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

OpenSSL Releases Security Advisory

OpenSSL Releases Security Advisory

Hackers Actively Exploiting Zero-Day in GoAnywhere MFT

Hackers Actively Exploiting Zero-Day in GoAnywhere MFT

You may have missed

Process flow vs Data flow diagrams for threat modeling.

Process flow vs Data flow diagrams for threat modeling.

Hunting Malware with Windows Sysinternals — Process Explorer

Hunting Malware with Windows Sysinternals — Process Explorer

Does Your Help Desk Know Who’s Calling?

Does Your Help Desk Know Who’s Calling?

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware

OWASP Top 10 Vulnerabilities in 2021: How to Mitigate Them?

OWASP Top 10 Vulnerabilities in 2021: How to Mitigate Them?