JNDI Code Injection due an outdated log4j component
Posted: Sun Oct 06, 2024 4:50 am
It seems that the machine is affected by the latest CVE-2021-44228 which grants any authenticated user command execution. The vulnerability affects the remote asset forum.acronis.com and this issue allows to remote attackers to perfom Remote Code Execution via JNDI exfiltration.
Steps To Reproduce
https://hackerone.com/reports/1430622
Steps To Reproduce
https://hackerone.com/reports/1430622