Request a Demo
Rewterz
Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
December 20, 2021
Rewterz
Rewterz Threat Advisory – ICS: Mitsubishi Electric FA Engineering Software and GX Works2
December 20, 2021

Rewterz Threat Advisory – CVE-2021-44145 – Apache NiFi Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-44145

Apache NiFi could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the TransformXML processor. By using a specially-crafted XSLT file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

Impact

  • Information Disclosure

Affected Vendors

Apache

Affected Products

  • Apache NiFi 0.1.0
  • Apache NiFi 1.15.0

Remediation

Upgrade to the latest version of Apache NiFi, available from the Apache Web site.

https://nifi.apache.org/