all InfoSec news
Just Because You Don’t Use Log4j or Spring Beans Doesn’t Mean Your Application is Unaffected
April 20, 2022, 3:28 p.m. | hgoslin@veracode.com (hgoslin)
Application Security Research, News, and Education Blog www.veracode.com
As a recap, the Log4j vulnerability – made public on December 10, 2021 – was the result of an exploitable logging feature that, if successfully exploited, could allow attackers to perform an RCE (Remote Code Execution) and compromise the affected server.
The Spring Framework vulnerability – made public on March 29, 2021 – was caused by unforeseen access to Tomcat’s ClassLoader as a result of the …
More from www.veracode.com / Application Security Research, News, and Education Blog
Enhancing Developer Efficiency With AI-Powered Remediation
1 day, 17 hours ago |
www.veracode.com
Veracode Customers Shielded from NVD Disruptions
3 weeks, 6 days ago |
www.veracode.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Level 1 SOC Analyst
@ Telefonica Tech | Dublin, Ireland
Specialist, Database Security
@ OP Financial Group | Helsinki, FI
Senior Manager, Cyber Offensive Security
@ Edwards Lifesciences | Poland-Remote
Information System Security Officer
@ Booz Allen Hamilton | USA, AL, Huntsville (4200 Rideout Rd SW)
Senior Security Analyst - Protective Security (Open to remote across ANZ)
@ Canva | Sydney, Australia