Log4j Vulnerability CVE-2021-44228
The Log4j flaw (also now known as "Log4Shell") is a zero-day vulnerability (CVE-2021-44228) that first came to light on December 9, with warnings that it can allow unauthenticated remote code execution and access to servers.
Impact to Ordway Labs services and Platform - None
None of the services at Ordway Labs are impacted by CVE-2021-44228.
Affected Versions
Log4j version 2 versions <= 2.14.1 are vulnerable.
Vulnerability Explained
Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps. The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it.
Workaround Recommendation
The recommendation is to still update to 2.15.0 where possible. A temporary remedial advice (setting the formatMsgNoLookups=true property) and wait for the patched versions to become available.
Comments
0 comments
Please sign in to leave a comment.