This blog is intended to detail some of these observations. VMware’s Threat Analysis Unit has observed indicators of active exploitation attempts and will continue to monitor and evaluate adversary activities. Updating to Log4j version 2.16.0 now appears to be the only direct route to mitigate this vulnerability as it disables access to JNDI by default. The vulnerability impacts Apache Log4j versions 2.15.0 and below. A new CVE-2021-45046 has been released stating upgrading to Log4j version 2.15.0 is insufficient and is still vulnerable to Log4Shell. CVE-2021-44228 has been assigned a the highest “Critical” severity rating with a maximum risk score of 10. A zero-day vulnerability ( CVE-2021-44228), publicly released on 9 December 2021 and known as Log4j or Log4Shell, is actively being targeted in the wild.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |