Threat Post

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality. SAP has identified 32 ...
Ars Technica

The Log4Shell zeroday 4 days on. What is it and how bad is it really?

Do I get this right: To exploit this, all you need to do is convince the attacked server to log a URL of your choice? So if the server logged the username field on a website as it is, I could just ...
CSOonline

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk. Researchers have warned ...
CSOonline

SQL injection, XSS vulnerabilities continue to plague organizations

Errors that allow SQL injection and cross-site scripting attacks are still the top vulnerabilities that pen-testers find, especially at smaller companies. Despite years topping vulnerability lists, ...
Infosecurity-magazine.com

Researchers Warn of New Log4Shell-Like Java Vulnerability

Security researchers are warning of a critical new Java bug with the same root cause as the notorious Log4Shell vulnerability currently being exploited around the globe. CVE-2021-42392 has yet to be ...