Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
October 22, 2021
Rewterz
Rewterz Threat Advisory – ICS: Siemens SINEC NMS and SIMATIC
October 22, 2021

Rewterz Threat Advisory – Multiple Apache Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-40865 

Apache Storm could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the worker services. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38294 

Apache Storm could allow a remote attacker to execute arbitrary code on the system, caused by a command injection flaw in the getTopologyHistory service. By sending a specially-crafted thrift request to the Nimbus server, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Code ExecutioN

Affected Vendors

Apache

Affected Products

  • Apache Storm 1.0.0
  • Apache Storm 2.1.0
  • Apache Storm 2.2.0

Remediation

Upgrade to the latest version of Apache Storm, available from the Apache Web site.

https://storm.apache.org/