February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
October 22, 2021Rewterz Threat Advisory – ICS: Siemens SINEC NMS and SIMATIC
October 22, 2021Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
October 22, 2021Rewterz Threat Advisory – ICS: Siemens SINEC NMS and SIMATIC
October 22, 2021
Severity
High
Analysis Summary
CVE-2021-40865
Apache Storm could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the worker services. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38294
Apache Storm could allow a remote attacker to execute arbitrary code on the system, caused by a command injection flaw in the getTopologyHistory service. By sending a specially-crafted thrift request to the Nimbus server, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code ExecutioN
Affected Vendors
Apache
Affected Products
- Apache Storm 1.0.0
- Apache Storm 2.1.0
- Apache Storm 2.2.0
Remediation
Upgrade to the latest version of Apache Storm, available from the Apache Web site.