The critical log4j vulnerability was disclosed 2 weeks ago in Java logging package log4j sent security shockwaves throughout the industry given how frequently that open-source library is used to develop corporate business software. A 0-day exploit was discovered on a popular Java library Log4j2 that can consequently result to a Remote Code Execution (RCE).

“Normally a vulnerability is reported privately to the software developers, who then have time to repair the issue and release an update, so attackers don‘t gain a temporary advantage,”

 

 

 “Log4j is used all throughout the Internet and [affects] multiple applications and systems with deep roots.”.
“it would not be a surprise to see further bugs disclosed – with or without a patch.”

 

 

IT Vendors affected by the log4j vulnerability

 

“Sadly, it appears this is going to affect organization’s continuously into the future as they identify more items that are affected by this vulnerability.”

 

List of IT Vendors

Amazon Web Services

Broadcom

Cisco

ConnectWise

FortinetFortinet Fortiguard

HCL

IBM

N-Able

Okta

VMware

Apache – Make sure your web hosting company upgrade their Apache Web Server with Apache Log4j 2.17

 

 

“keeping a lot of security professionals up at night.”