Rewterz Threat Advisory – Apache NiFi code execution

Rewterz Threat Alert – APT C-23 Highly Active

December 1, 2020

Rewterz Threat Alert – Microsoft Outlook Web Phishing

December 1, 2020

Rewterz Threat Advisory – Apache NiFi code execution

Severity

High

Analysis Summary

Apache NiFi could allow a remote attacker to execute arbitrary code on the system, caused by improper access control by the NiFi API. By sending a specially-crafted request to create an ExecuteProcess processor, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Gain Access
Remote code execution

Affected Vendors

Apache

Affected Products

Apache NiFi 1.12.1

Remediation

Refer to POC for more insights.

https://packetstormsecurity.com/files/160260/Apache-NiFi-API-Remote-Code-Execution.html

Rewterz Threat Alert – APT C-23 Highly Active

Rewterz Threat Alert – Microsoft Outlook Web Phishing

Rewterz Threat Advisory – Apache NiFi code execution

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan