The biggest problem everyone has is identifying which software and service are impacted. You can read more about the vulnerabilities in our dedicated log4j blog post. To ensure you're not vulnerable, the applications and services you use must update the log4j component to version 2.16.0. On December 14, a second vulnerability was disclosed, CVE-2021-45046, while this one has a much lower CVSS score of 3.7, it again requires software publishers to update their log4j components. The vulnerability is easily exploitable by sending a specific string to the application and therefore got a CVSS score of 10 out of 10! This logging component is used in a massive amount of applications for (drumroll) logging. To recap briefly what happened, on December 10, CVE-2021-44228 was disclosed impacting the log4j Java library. This week, I want to take a closer look at how Lansweeper can help. Due to the number of applications impacted the scope is so large that most organizations literally have to review every application and service they use. The log4j vulnerability was disclosed last week and ever since it has become more and more clear that it will be something a lot of people will struggle with for some time.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |