The December Log4j vulnerability is a security threat which has emerged as one of the most severe in recent memory, with a CVSS score of 10.
The reasons for this include:
- Log4j is a Java logging library, allowing programmers to keep logs of critical information and history on their software.
- A bug in 4j means the library can be told to contact an external survey for more information.
- Remote code execution vulnerability- attackers can exploit this to run code on a remote computer system.
- Zero-day vulnerability - the bug was known and being exploited by scripts before a workaround and a permanent fix were developed. If you haven't applied it yet, you are at risk.
- With Java as the bedrock for most common applications or components, the issue is very widespread without a full grasp on exactly how many products and services are affected as a result.
Make sure your cybersecurity isn't compromised as a result of this critical issue.
If you and your team need more information, assistance and support for this issue, OSS Group are here to help. Get in touch and we can help resolve it with you.
