#VulnerableApplications

Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE

December 18, 2023 by Xynik

December 18, 2023 at 05:43PM An unpatched Java deserialization vulnerability in the Google Web Toolkit (GWT) open source application framework remains unresolved after over eight years. This flaw, which enables remote code execution, could potentially require significant framework fixes for vulnerable applications. According to research by Bishop Fox, addressing this issue may necessitate architectural changes … Read more

Over 30% of Log4J apps use a vulnerable version of the library

December 10, 2023 by Xynik

December 10, 2023 at 10:39AM Around 38% of Apache Log4j applications are still vulnerable to security issues, including the critical Log4Shell flaw (CVE-2021-44228) allowing unauthenticated remote code execution. Despite available patches for over two years, many organizations continue to use insecure versions. It’s recommended that companies scan their environment and develop an emergency upgrade plan … Read more