The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow.
The vulnerability (CVE-2021-44228) was publicly disclosed on December 9 and enables remote code execution and access to servers. What makes it such a major issue is Log4j is widely used in commonly deployed enterprise systems.
In some cases, organisations may not even be aware that the Java logging library forms part of the applications they’re using, meaning they could be vulnerable without knowing it. Online attackers have been quick to take advantage of the vulnerability – also known as Log4Shell – as soon as they can.
Read more…
Source: ZDNet