hero-binoculars2

Vulnerability found in the Java Library, Log4j could lead to a breach.

December 9th, a vulnerability with the Log4J Java Library was published, along with proof-of-concept exploit code. It has since been given the designation CVE-2021-44228, and is nicknamed "Log4Shell"

The vulnerability affects unpatched versions of the Log4j from 2.0-beta9 to 2.15.

"Apache Log4j 2 JNDI features are used in configuration, log messages and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints," nvd.nist.gov states.

According to nvd.nist.gov, a hacker can gain control of those log messages or log parameters to then execute a code loaded from LDAP servers when message lookup substitution is enabled. Older versions (>2.10) can mitigate this by setting the system property "log4j2.formatMsgNoLookups" to "True", or by removing the JndiLookup class from the classpath.


Related Articles & Resources:

> Detection of Log4Shell (CVE-2021-44228) using QRadar (ibm.com)

> An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog

> Log4j2 Vulnerability: How to Mitigate CVE-2021-44228 | CrowdStrike

> Companies Respond to Log4Shell Vulnerability as Attacks Rise | SecurityWeek.Com

> The Log4j security flaw could impact the entire internet. Here's what you should know - CNN

>"Log4Shell": The Latest News, Updates, & Prevention Tips | CrowdStrike


To learn more about the vulnerability, IBM Security X-Force is hosted a live webinar December 15th.  IBM covered the latest information about this flaw, and showed how to check for vulnerable versions of the Apache Log4j in your environment. In this webinar, IBM also helped you understand the risk of an attack against your organization.