Vulnerability in Apache Log4j

Last week, a vulnerability in ApacheLog4j was found. Also known as Log4shell, this weakness enables a threat actor to execute arbitrary code by sending crafted log messages.

What is Apache Log4j?

Log4j, an open-source logging library commonly used by apps and services across the internet. Log4j is used worldwide across software applications and online services, and the vulnerability requires very little expertise to exploit. This makes Log4shell potentially the most severe computer vulnerability in years.

What is the issue?

The vulnerability has been given a Common Vulnerability Scoring System (CVSS) score of 10 which is the highest severity and deemed to be critical and if left unfixed, attackers can break into systems, steal credentials, extract data, and implant malicious software.

What you need to do

The National Cyber Security Centre (NCSC) have published guidance which can be found here advising all companies to ensure their systems and applications are patched to the latest update.

You should also check any systems implemented to see whether Apache Log4j has been used in the development process. Apache have released an update version too.

Want to know more about our services? Get in touch with the team by calling 03332 409 321 or emailing solutions@Jigsaw24.com. For the latest news, follow us on LinkedIn and Twitter. Alternatively, drop your details into the form below and one of the team will be in touch.

Want to know more?

Just drop your details in the form and one of the team will be in touch.

*We would like to send you information on our latest special offers as well as relevant news, articles and event invites. Click here for examples. We’ll always treat your details with respect and the information you provide will only be used to better target the communications you receive. You can read our full Privacy Notice here.

Update: Vulnerability in Apache Log4j

Want to know more?

Related Articles