Rewterz Threat Advisory – CVE-2022-21704 – log4js-node module for Node.js Vulnerability

Rewterz Threat Advisory – Multiple Trend Micro Deep Security and Cloud One Vulnerabilities

January 23, 2022

Rewterz Threat Advisory – CVE-2022-22733 – Apache ShardingSphere ElasticJob-UI Vulnerability

January 23, 2022

Rewterz Threat Advisory – CVE-2022-21704 – log4js-node module for Node.js Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-21704

log4js-node module for Node.js could allow a local authenticated attacker to obtain sensitive information, caused by an issue with the default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable. By gaining access to the log files, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

Impact

Information Disclosure

Affected Vendors

NodeJs

Affected Products

log4js-node log4js-node 6.3.0

Remediation

Upgrade to the latest version of log4js-node, available from the log4js-node GIT Repository.

https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q

Rewterz Threat Advisory – Multiple Trend Micro Deep Security and Cloud One Vulnerabilities

Rewterz Threat Advisory – CVE-2022-22733 – Apache ShardingSphere ElasticJob-UI Vulnerability

Rewterz Threat Advisory – CVE-2022-21704 – log4js-node module for Node.js Vulnerability

Severity

Analysis Summary

CVE-2022-21704

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan