CVE-2021-45046: Second Log4j Security Vulnerability Discovered

Aqua Cloud Native Blog \ Categories: SOFTWARE SUPPLY CHAIN SECURITY

SOFTWARE SUPPLY CHAIN SECURITY
CVE-2021-45046: Second Log4j Security Vulnerability Discovered
Dec 17 update: The CVSSv3 score for CVE-2021-45046 has been raised from 3.7 to 9.0. While many organizations are still dealing with the discovery and mitigation process for the previous Log4j CVE, the project has announced that another vulnerability CVE-2021-45046 has been discovered due to an incomplete fix in Log4j 2.15.0. In response, a new …
Read more
SOFTWARE SUPPLY CHAIN SECURITY
CVE-2021-44228 aka Log4Shell Vulnerability Explained
Log4Shell, a new, critical zero-day vulnerability that crashed onto the scene last Friday, shows how issues that are hidden in seemingly basic functionality can have major repercussions for enterprise security. When the dust settles from the immediate incident response and remediation, organizations should assess how they can improve their detection and responses, because this vulnerability …
Read more
SOFTWARE SUPPLY CHAIN SECURITY
Securing the World’s Software Supply Chains: Why Argon Joined Aqua
Last year, Argon set out on an exciting mission to solve one of the industry’s most urgent problems: secure the way companies build and release software. Today, we’re thrilled to hit another milestone on this journey as we join forces with Aqua Security, the well-known leader in cloud native security. This extraordinary accomplishment not only …
Read more
SOFTWARE SUPPLY CHAIN SECURITY
A Popular npm Library Compromised in a Supply Chain Attack: What to Do
https://www.aquasec.com/cloud-native-academy/application-security/cyber-kill-chain/In late October, a supply chain attack affected a popular npm library, ua-parser-js, which put many companies at risk of compromise. In this blog, we will describe the attack and outline a few ways that organizations can mitigate similar threats. This is an example in a growing trend of cyberattacks that leverage the software supply …
Read more
SOFTWARE SUPPLY CHAIN SECURITY
A Brief Guide to Supply Chain Security Best Practices
With the rise in attacks targeting the supply chain of cloud native applications, it’s important to understand how you can prepare for and stifle risks that enter your environments through third-party packages and tools. This post outlines the top software supply chain security best practices that should be included in any organization’s cloud native strategies.
Read more
SOFTWARE SUPPLY CHAIN SECURITY
Detecting Malicious Activity in CI/CD Pipeline with Tracee
With the growing popularity of CI platforms to build software, bad actors are increasingly looking to exploit these environments to target organizations. In our post about the recent Codecov breach, we explored how an attacker was able to get access to credentials from within the CI/CD pipeline. To prevent this from happening, you need to …
Read more
SOFTWARE SUPPLY CHAIN SECURITY
Scanning Registries at Scale with Rules-based Image Pulls
Let’s face it, the demands of modern application development put tremendous pressure on Dev. Just to keep up with production demands, most developers have to keep numerous images available in their registries. These images include production images, images being built and pushed regularly, recent “known good” images, outdated images, and more. With such a bloated …
Read more
SOFTWARE SUPPLY CHAIN SECURITY
Docker Hub Unauthorized Access Incident: What You Should Know
A few days ago, Docker discovered that a database holding the credentials of some 190,000 Docker Hub accounts was exposed to unauthorized access (about 5% of all Docker Hub accounts). We’ve been getting questions from customers on this, so I wanted to set the record straight on what we know and what we recommend doing.
Read more
Page 2 of 2‹ Prev12
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links