On December 9, 2021, Apache disclosed CVE-2021-44228 , a remote code execution vulnerability affecting the Apache Log4j2, a Java-based logging framework widely used in commercial and open-source software products.
Vulnerability Details
Apache Log4j2 library is one of the most widely used Java-based logging utilities globally. Due to its widespread use in popular software and hardware platforms, a large number of third-party apps may be vulnerable to exploitation.
• CVE-2021-44228: A vulnerability in versions of Log4j2 prior to 2.15 allowing a malicious actor to access arbitrary resources through an encapsulated Java Naming and Directory Interface (JNDI) request.
• CVE-2021-45046: Similar to CVE-2021-44228 but only affecting Log4j2 version 2.15.0 which allows a malicious actor to launch a denial of service (DOS) attack on the hosting server.
Given how ubiquitous this library is, the impact of this zero-day exploit is quite severe. In terms of TitanHQ solutions, we do not use the affected component in any of our products. Nevertheless, as this is a dynamic situation we will continue to monitor for new developments and provide status updates and guidance to our customers as needed.
For advice on your email or web security needs don't hesitate to contact one of our product experts today.
Explore the World of Security Awareness: From understanding evolving cyber threats to practical tips for fortifying your digital defenses, this comprehensive guide equips you with actionable insights. Dive into threat...
Phishing scams are getting more sophisticated however there are lots of things users can do to avoid being phished.
Explore the 2023 Verizon Data Breach Investigations Report (DBIR), analyzing 16,000 incidents and 5,000 breaches across 20 industries. Spotlighting evolving trends and human manipulation in 74% of breaches, discover key insights to bolster your defenses.
Sign-up for email updates...
Call us on USA +1 813 304 2544 or IRL +353 91 545555
Contact Us