Log4j Vulnerability Detected Affecting Multiple Platforms and Devices
A flaw has been identified in Log4j, a Java library for logging error messages in applications. This exploit is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10 by the cybersecurity industry's rating system, known as CVSS.
The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework. A remote code execution (RCE) flaw in Log4j has already been exploited. Warnings have been issued by several national cybersecurity agencies including the Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC).
What Devices and Applications Are at Risk?
Basically, any device that's exposed to the internet is at risk if it's running Apache Log4J, versions 2.0 to 2.14.1.
Cisco and VMware have released patches for their affected products.
AWS has detailed how the flaw impacts its services.
IBM has confirmed Websphere 8.5 and 9.0 are vulnerable, and Oracle has also provided patches.
See these pages for background information:
Vulnerabilities in Apache Log4j Library Affecting Cisco Products
Log4j zero-day flaw: What you need to know and how to protect yourself
Call Progent for Help Securing Your Affected Systems
If you have questions or need help securing systems impacted by the vulnerabilities in the Apache Log4j Library, call Progent's Technical Response Center (24x7 support) at 866-776-4368 or visit Contact Progent.
You can also conact:
Vice President of Business Development
(800) 494-8800 x429 Direct voice