Apache’s Log4j Version 2.17.1 Addresses New Flaw

AMI Advance Manufacturing International, Inc. company logo

The latest flaw is the fifth disclosed in under a month – four around Log4j and another detected in the “logback” framework. All target the easily exploitable, arbitrary remote code execution flaw in the Java-based logging utility – which experts say is present in millions of devices worldwide, or more. Disclosure of the flaw, first reported Dec. 9, immediately sent security teams scrambling to identify vulnerable devices and systems, with subsequent patches from the nonprofit administrators pushed out semi-regularly thereafter. The new CVE – which carries a CVSS score of 6.6 – or “moderate” – can be exploited in a RCE attack, allowing malicious actors to craft a “configuration using a JDBC Appender with a data source referencing a JNDI (Java Naming and Directory) URI.” According to the MITRE Corp.’s CVE directory, 44832 is sufficiently addressed by Apache’s latest offering, 2.17.1.

Related Posts

About Us
AMI, Inc. it’s a nonprofit organization with a clear mission – to accelerate the digital transformation of small & medium manufacturers.

Let’s Socialize

Popular Post