Description

Due to vulnerabilities in Log4j library used by Ubiquiti Unifi, an unauthenticated attacker can leak sensitive information or execute arbitrary code on the system.

Remediation

Upgrade to the latest version of Ubiquiti Unifi

References

UniFi Network Application 6.5.55

Related Vulnerabilities

Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950

Apache Struts2 Remote Command Execution (S2-052)

OpenCms Solr XML External Entity (XXE) vulnerability

Deserialization of Untrusted Data (XStream)

SAML Consumer Service XML entity injection (XXE)

Severity

High

Classification

CVE-2021-44228 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Acumonitor