The Apache Log4J vulnerability has gotten some press in the last couple of days. This bulletin is put out to inform out customer and readers of the potential issues that it can bring.

What is the cyber security issue?

The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services.

Additional informational Resources:

More details are published on several sources. Below are some with helpful information and as well hints for proactive measures.

• CVE-2021-44228 Apache Log4j vulnerability

• https://www.rapid7.com/blog/post/2021/12/10/widespread-exploitation-of-critical-remote-code-execution-in-apache-log4j/