AWS’s Log4j patches blew holes in its own security

20 April 2022

Amazon Web Services has updated its Log4j security patches after it was discovered the original fixes made customer deployments vulnerable to container escape and privilege escalation. The vulnerabilities introduced by Amazon’s Log4j hotpatch – CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, CVE-2022-0071 – are all high-severity bugs rated 8.8 out of 10 on the CVSS.

Read full article on The Register

Date:

20 April 2022

Categorie(s):

NEWS

Tag(s):

IT, Log4j, News

Flaws in Chinese keyboard apps leave 750 million users open to snooping, researchers claim26 April 2024
Most people still rely on memory or pen and paper for password management26 April 2024
LSA Whisperer: Open-source tools for interacting with authentication packages26 April 2024
What AI can tell organizations about their M&A risk26 April 2024
Breaking down the numbers: Cybersecurity funding activity recap26 April 2024