1,438
edits
Changes
no edit summary
<translate>
<!--T:1-->
<div style="float: right;">__TOC__</div>
= Security Announces =<!--T:2-->
== December /2021 Log4J Vulnerabilities== <!--T:3-->
<!--T:4-->
The following vulnerabilities where addressed by TaticView security team:
<!--T:5-->
* [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832 CVE-2021-44832]: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.
* [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105 CVE-2021-45105]: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
* [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 CVE-2021-45046]: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations
=== Servers status === <!--T:6-->
Our security team quickly applied the corrections to our servers, and all operations are normal
=== TVCli === <!--T:7-->
We released a update to [[TVCli]] addressing the the problem.
<!--T:8-->
'''TVCli Version < 1.3.0 are vulnerable.'''
<!--T:9-->
You should [[TVCli Download|upgrade]] to new version, as soon as possible.
</translate>