The latest flaw is the fifth disclosed in under a month – four around Log4j and another detected in the “logback” framework. All target the easily exploitable, arbitrary remote code execution flaw in the Java-based logging utility – which experts say is present in millions of devices worldwide, or more. Disclosure of the flaw, first reported Dec. 9, immediately sent security teams scrambling to identify vulnerable devices and systems, with subsequent patches from the nonprofit administrators pushed out semi-regularly thereafter. The new CVE – which carries a CVSS score of 6.6 – or “moderate” – can be exploited in a RCE attack, allowing malicious actors to craft a “configuration using a JDBC Appender with a data source referencing a JNDI (Java Naming and Directory) URI.” According to the MITRE Corp.’s CVE directory, 44832 is sufficiently addressed by Apache’s latest offering, 2.17.1.
TALLAHASSEE, FL – Advanced Manufacturing International (AMI) has been awarded a $2M grant