Description

Due to vulnerabilities in Log4j library used by Ubiquiti Unifi, an unauthenticated attacker can leak sensitive information or execute arbitrary code on the system.

Remediation

Upgrade to the latest version of Ubiquiti Unifi

References

UniFi Network Application 6.5.55

Related Vulnerabilities

Deserialization of Untrusted Data (Java JSON Deserialization) Jackson

Apache HTTP Server mod_proxy SSRF (CVE-2021-40438)

Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616

ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204)

WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)

Severity

High

Classification

CVE-2021-44228 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

Acumonitor Code Execution Information Disclosure