March 4, 2024

This vulnerability from December 2021 ensured a busy start to 2022 for security teams. A zero-day vulnerability affected Log4j2 versions >= 2.0-beta9 and <= 2.15.0, which allowed an attacker to execute arbitrary code on a vulnerable system through specially crafted log messages. Successful exploitation (remote code execution) of this issue resulted in system-level privileges.

Workaround

Ensure that you have upgraded to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7) or 2.17.1 (for Java 8 and later).

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *