CVE-2021-44228 – Arbitrary Code Execution - Log4j 2 Vulnerability Information Sharing

[aaron-kumar]

On 10 December 2021, a critical (CVSS score 10, the highest score possible) vulnerability was discovered in log4j 2, a popular Java logging package that results in Remote Code Execution (RCE) by logging a certain string i.e it gives attackers the ability to launch any application they want, including malicious payloads. This vulnerability is fixed in log4j 2 version 2.15.0 and higher

More details can be found here: CVE-2021-44228

Oxalis is Not affected by this vulnerability. Though AP provider are advised to take corrective action if their system is using exploited version (2.0 <= Apache log4j <= 2.14.1)

P.S. Article / Discussion is for information purpose only

[aaron-kumar]

Information/Advise: If your backend system is using log4j then you are advised to take corrective action based on recent developments. Please follow link for regular updates from Apache