Log4j Weaponized Threat
A vulnerability in Log4j which is a very popular Java-based logging tool has been weaponized. The threat is impacting millions.
Extremely Dangerous Vulnerability Discovered
Last weekend a vulnerability in Log4j which is a very popular Java-based logging tool has been Weaponized. All versions of Log4j prior to 2.14.1 are vulnerable, this does not just impact the stand alone installer. Any application which uses Log4j for log file management or LDAP queries could also be vulnerable, unfortunately where this is the case the vendor must provide updates for those 3rd party updates.
The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.
What makes this extra serious, is that the Scope (we call it a Jump Point) is Changed – meaning that exploitation of this vulnerability could allow the attacked to affect resources beyond the security scope managed by the security authority of the vulnerable component.
CVE-2021-44228 – CVSS Score: 10
Attack Vector: Any Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope (Jump Point): Yes
As always, we recommend full testing be performed prior to live deployment to your device.
How to Protect Your Business from Logj4
Although a number of popular IT management and security tools are vulnerable, Tuearis is pleased to confirm that our tools do NOT use Log4j.
Tuearis is working to help our clients remediate this vulnerability. If we can help your organization please contact us today!