Introduction Some NEC products and solutions include a version of the logging component “log4j” which is now known to have severe security vulnerabilities. The vulnerabilities may be mitigated by various actions. This article lists the known vulnerability status at time of writing and is intended to be useful to NEC partners and customers. It is …
Month: December 2021
Apache Log4j Remote Code Execution Vulnerability – Mitel Statement to Vulnerability
As you may be aware, a critical security vulnerability affecting Apache Log4J was recently disclosed. The vulnerability in the Apache Log4J Java logging library allows attackers to remotely execute arbitrary code, potentially impacting businesses and governments across the globe. Mitel has not observed a successful exploitation of the vulnerability, however, through rigorous investigations and analysis …
Apache Log4j Remote Code Execution Vulnerability – TigerTMS Statement to Vulnerability
Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. …