Published on: 29 December 2021
Apache Software Foundation has released a security advisory to address a vulnerability in Apache Log4j. A remote authenticated attacker could perform arbitrary code execution on a vulnerable system by exploiting the vulnerability.
Reports indicate a remote code execution vulnerability (CVE-2021-44832) in Apache Log4j is at high risk of exploitation. You are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.
Successful exploitation of the vulnerability could lead to remote code execution on an affected system.
Apache Software Foundation has released new version of the product to address the issue and it can be downloaded at the following URL:
https://logging.apache.org/log4j/2.x/security.html
Please note that Java 6 and Java 7 are obsoleted development branches without public security updates. Users should arrange upgrading their Java to the latest supported versions.
In addition to in-house and self-developed systems/applications, commercial products and open-source software/libraries may also be affected by the vulnerability. It is recommended to consult product vendors if the used software products are affected and corresponding patches/mitigation measures are available. If so, system administrators should apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.