The Apache Log4j vulnerability wreaking havoc has a far greater impact than anticipated. We published a detailed blog post about the CVE-2021-44228 Log4j vulnerability and its exploitation on Friday, 10th December. However, we have seen that there is still a great panic despite a patch being available for Log4j.
Apache Log4j is a widely used Java library used in many commercial and open-source software products as a Java logging framework. The CVE-2021-44228 is a remote code execution (RCE) vulnerability that can be exploited without authentication. The vulnerability's criticality is rated as 10 (out of 10) in the common vulnerability scoring system (CVSS).
You can discover how the Picus platform can help you reduce risk and optimize your security controls to prevent exploitation by reading this report.