On December 9th, 2021, the security industry became aware of a new vulnerability, CVE-2021-44228. With a CVSS (Common Vulnerability Scoring System) score of a perfect 10.0, CVE-2021-442288 has the highest and most critical alert level.
To give some technical background, a flaw was found in the Java logging library “Apache Log4j 2” in versions from 2.0-beta9 to 2.14.1. This could allow a remote attacker to execute code on a server running Apache if the system logs an attacker-controlled string value with the attacker’s JNDI LDAP server lookup.
More simply put, this exploit would allow attackers to execute malicious code on Java applications, and as such, it poses a significant risk due to the prevalence of Log4j across the global software estate.
Want to find out if your systems may be vulnerable? Watch this quick demo of how to find out - fast!