CyZen Threat & Vulnerability Alert: CVE-2021-44228 Log4j Zero-Day

Dec 15, 2021

This article was originally published December 15, 2021, and updated on December 16, 2021.

UPDATE: CyZen is aware and tracking vulnerability CVE-2021-45046 associated with the patch fixing the critical Log4j Zero-Day exploit. This new vulnerability is currently being exploited in the wild. It was found that the Apache Log4J 2.15.0 update was incomplete in certain non-default configurations. This flaw enabled attackers to perform denial-of-service attacks, as well as an information disclosure error that could expose sensitive data.

Summary: Log4Shell is a critical severity vulnerability (CVE-2021-44228, CVSSv3 10.0) impacting multiple versions of the Apache Log4j 2 utility. It was disclosed publicly via the project’s GitHub on December 9, 2021. This vulnerability, which was discovered by Chen Zhaojun of Alibaba Cloud Security Team, impacts Apache Log4j 2 versions 2.0 to 2.14.1. The vulnerability allows for unauthenticated remote code execution.

Read the Article

Message Us 212.842.7005

Sign up for Our Blog!

* All fields are required

By choosing to submit data, you are agreeing to the storage and usage of your contact information to deliver the requested services.