In December, the Apache Software Foundation quickly released information about two critical vulnerabilities in its Java-based Log4j library.
The first vulnerability, CVE-2021-44228, also known as Log4Shell or LogJam, was reported as an unauthenticated remote code execution (RCE) vulnerability. By exploiting the way the library logs
error messages, it can lead to a complete system takeover. Due to its critical nature and ease of implementation, it received the highest possible Common Vulnerability Scoring System (CVSS) score
of 10. The second vulnerability, CVE-2021-45046, was discovered shortly after the original vulnerability was patched. It is rated 3.7 out of 10 on CVSS and causes a Denial of Service (DOS).
As of this writing, patches have been released to address both vulnerabilities.
Why should I care about Log4j?
Log4j is one of the most widely used logging libraries in the world. Its adaptable logging capabilities make it suitable for any type of infrastructure or application. Countless enterprise, government, and open source applications use Log4j. So, since the vulnerability was announced, everyone has been patching their software quickly.
Critical Action: Apply the latest patch as soon as possible
Instantly update any server, application or resource that uses Log4j with the latest patches. This patch covers the latest DOS exploit and the original RCE exploit.
How SASE can help protect you against this type of risk:
Copyright and source: https://bit.ly/blog-220118-src