This article was originally published December 15, 2021, and updated on December 16, 2021.
UPDATE: CyZen is aware and tracking vulnerability CVE-2021-45046 associated with the patch fixing the critical Log4j Zero-Day exploit. This new vulnerability is currently being exploited in the wild. It was found that the Apache Log4J 2.15.0 update was incomplete in certain non-default configurations. This flaw enabled attackers to perform denial-of-service attacks, as well as an information disclosure error that could expose sensitive data.
Summary: Log4Shell is a critical severity vulnerability (CVE-2021-44228, CVSSv3 10.0) impacting multiple versions of the Apache Log4j 2 utility. It was disclosed publicly via the project’s GitHub on December 9, 2021. This vulnerability, which was discovered by Chen Zhaojun of Alibaba Cloud Security Team, impacts Apache Log4j 2 versions 2.0 to 2.14.1. The vulnerability allows for unauthenticated remote code execution.
Read the Article