Log4j Flaw Needs Immediate Remediation

Advisories

Discover Network Security News

Log4j Flaw Needs Immediate Remediation

13.Lock StylizedMotherboard

After nearly two years of adopting major network and security changes wrought by COVID-19 and hybrid work, weary IT network and security teams didn’t need another big issue to take care of, but they have one: Stemming potential damage from the recently disclosed vulnerability in open source Java-logging Apache Log4j software.  

Log4j or Log4Shell has been around a long time—it was released in January, 2001—and is widely used in all manner of enterprise and consumer services, websites, and applications. Experts describe the system as an easy-to-use common utility to support client/server application development.

The Log4j weakness, defined in CVE-2021-44228  and CVE-2021-45046 in the National Vulnerability Database, basically lets an unauthenticated remote actor take control of an affected server system and gain access to company information or unleash a denial of service attack.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.