Category: Vulnerability Management

List of vendors and software affected by the OpenSSL vulnerability

On this page we display a list of vendors and their software affected and not affected by the OpenSSL vulnerability in version 3.X. This page is being updated as soon as we issue the corresponding security bulletin and according of the feedback of the vendors.  

Continue reading

Advertisement

Critical Vulnerabilities Discovered in Veeam Products

Veeam annouced patches for critical vulnerabilities impacting their products this weekend. The flaws has been uncovevered by Positive Technologies, a cybersecurity company based in South Korea. Let’s take a closer look to this vulnerabilities found.

Continue reading

Advertisement

Log4J 2.17.0 is published

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError …

Continue reading

Advertisement

Veeam is not affected by Log4J vulnerability

Apache isn’t used by any Veeam product, however, the Veeam security team realized an investigation. Veeam products are not affected by this vulnerability (KB 4254). Basically, Apache Logs4J is not in use by any Veeam products. I’ll cross-post any important updates but you can see the thread yourself here.

Continue reading

Log4J Recommendations – Step by Step Guide

If you’re using any software running on Apache and Java, be aware of this critical zero-day vulnerability. Log4j is a ubiquitous logging tool included in almost every Java application, meaning this vulnerability affects literally millions of servers. The Log4J library vulnerability (CVE-2021-44228) allows an attacker to cause the target system to fetch and execute code …

Continue reading

error

Enjoy this blog? Please spread the word :)