After nearly two years of adopting major network and security changes wrought by COVID-19 and hybrid work, weary IT network and security teams didn’t need another big issue to take care of, but they have one: Stemming potential damage from the recently disclosed vulnerability in open source Java-logging Apache Log4j software.
Log4j or Log4Shell has been around a long time—it was released in January, 2001—and is widely used in all manner of enterprise and consumer services, websites, and applications. Experts describe the system as an easy-to-use common utility to support client/server application development.
The Log4j weakness, defined in CVE-2021-44228 and CVE-2021-45046 in the National Vulnerability Database, basically lets an unauthenticated remote actor take control of an affected server system and gain access to company information or unleash a denial of service attack.
