The Log4Shell vulnerability
Once in a while, the IT world is rocked by a security vulnerability in software that grips the entire industry. Last Friday, another new one was added: a leak in Apache Log4j named Log4Shell. The services we offer to clients do not use Java and/or the vulnerable log4j tool. But we want to inform you about this. You can find the full article on Log4Shell at our sister organization Cyso.
WHAT IS GOING ON?
A serious vulnerability has been found in the widely used log4j tool, which is used for logging Java applications. The vulnerability in the software allows unauthenticated users to remotely inject and execute arbitrary code with relative ease under the same privileges as the affected Java application. It resides in many hundreds, if not thousands, of software products and (cloud) applications. The risk of exploits and misuse was immediately labeled as life-threatening.