Status: Log4shell (CVE-2021-44228)
The vulnerability in short
As most people hopefully already know, at the end of last week details relating to a highly critical vulnerability in the log4j Java component were released. The vulnerability scores 10/10 (CVSS v3), the highest possible among other things because of its ease of exploitation.
It allows access to execution of code and it can be used across networks. In addition, the procedures for exploitation are well defined and probably the most important thing - Java and the vulnerable component (log4j) is widely used and often with Internet-facing applications where it is easy for everyone on the Internet to attack. In short, this is the most critical vulnerability in recent years since Heartbleed and Shellshock in 2014.
More details can be found here:
Here are our recommendations:
We highly encourage you to follow them in order to secure your systems against exploitation of log4shell. As can be seen, several of the recommendations are complementary. This is done intentionally. The issue is expected to evolve and a security measure that we today believe to be sufficient may prove to have unforeseen limitations. In that case it is convenient to have used the well-known principle of Layered Security.
You can download our Log4j mitigation manual by clicking the link below:
Your company is IT-driven. We make sure it's safe and secure.