An Apache software vulnerability known as CVE-2021-44228 is triggering concern across the Internet. Log4j is a library for logging functionality in Java-based applications. The vulnerability allows unauthenticated, remote code execution (RCE) on any Java application running a vulnerable version of Apache’s Log4j, which is a popular logging module you may be unaware is being utilized in a vendor product. You may need to wait until your vendors push security updates out for their affected products. A list of known, but not comprehensive, as vendors continue to research this new vulnerability, impacted applications is here.
Please reach out to your designated iCorps contact should you have any concerns. We are working diligently to stay abreast of information regarding this vulnerability and will be installing security fixes as vendors make them available to affected clients.
Reference Information:
CISA.gov
National Vulnerability Database
