Request a Demo
Rewterz
Rewterz Threat Alert – APT MustangPanda Targeting Germany – Active IOCs
December 28, 2021
Rewterz
Rewterz Threat Alert – MuddyWater APT Group – Active IOCs
December 29, 2021

Rewterz Threat Advisory – CVE-2021-44832 – Apache Log4j

Severity

Medium

Analysis Summary

CVE-2021-44832 

Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI, an attacker could exploit this vulnerability to execute remote code.

Impact

  • Code Execution

Affected Vendors

Apache

Affected Products

  • Apache Log4j 2.8.1
  • Apache Log4j 2.13.1
  • Apache Log4j 2.14.0
  • Apache Log4j 2.14.1

Remediation

Upgrade to the latest version of Log4j, available from the Apache Web site.

https://logging.apache.org/log4j/2.x/security.html