HomePentest-Tools.com Logo

Apache Druid - Remote Code Execution (Apache Log4j) CVE-2021-44228

Severity
CVSSv3 Score
10
Vulnerability description

Apache Druid is vulnerable to RCE due to Log4j.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

We recommend you to upgrade the affected software to the latest version, which mitigates this vulnerability.

References
Not available
Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Dec 10, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available