Request Demo
" CVE-2021-44228, a recently discovered remote code execution vulnerability found in Apache Log4j."
" CVE-2021-44228, a recently discovered remote code execution vulnerability found in Apache Log4j."
Andrey Gvozdenko
Andrey Gvozdenko
CIO | Cynergy
  • December 14, 2021
  • Vulnerabilities
  • 4 Min
Home » Blog » Log4j RCE- CVE-2021-44228

Log4j RCE- CVE-2021-44228

Table of Contents

Log4j RCE- CVE-2021-44228


Oracle issued a security alert advisory that addresses CVE-2021-44228, a recently discovered remote code execution vulnerability found in Apache Log4j. Malicious adversaries can exploit the vulnerability remotely without requiring authentication.
The Apache Log4j permits developers to log different data types within an application. The logged data is generated from user inputs. If the information consists of special characters and is logged within Apache Log4j, attackers can use the Java lookup method to execute a user-defined Java class remotely. Executing the Java class in the LDAP server results in remote code execution on the victim server.
The high-severity vulnerability impacts different Apache Log4j versions. Specifically, the vulnerability affects Apache Log4j 2 versions 2.0 to 2.14.1, and there are additional reports that it may also affect some 1.x series when using the JMS Appender class.
Since enterprise Java software depends on Log4j 2 library highly, it is hard to quantify the possible impacts once attackers exploit the vulnerability. As a result, there is a possibility that more vulnerable products will be discovered in the coming days. For example, ransomware attackers may leverage the vulnerability due to its applicability and ease of exploitation.
As a mitigation measure, it is recommended to update to a patched Apache Log4j version as soon as possible. However, all companies should assess and review security logs to detect unusual activities and impacted applications.

How Cynergy can help


The Cynergy solution discovers all assets deployed in your organization continuously. These include leaked employee data, publicly exposed interfaces, websites, and subdomains. More importantly, Cynergy helps you verify that all code developments and deployments are free of any vulnerabilities.
Through active exploitation, Cynergy can reveal vulnerabilities, that require immediate addressing. Cynergy builds a prioritized action plan based on the detected vulnerabilities that you can implement directly on the Cynergy platform.

Request a Live Demo

Want to enhance your cybersecurity operations?
Are you looking for your first cybersecurity expert?
Want to gain visibility for your exposed assets?

You can request a live demo by scheduling date and time on our available hours:

Schedule Now
Share:
Facebook
Twitter
Pinterest
LinkedIn
Email
Reddit
For you
Related Posts

Cynergy specializes in managing and automating the remediation of your organization’s external attack surface in the realm of cybersecurity.

© 2019-2024 All Rights Reserved For Cynergy

Solution

Use Cases

Resources

Contact

Request Demo

Follow us at

Linkedin Facebook Twitter Vimeo

Request a Live Demo

Looking for your first cybersecurity expert?
Need a platform that will guide you all the way to certification?
Want to gain visibility of your exposed assets?

We use cookies to make Cynergy’s website a better place. To learn more, and to see a full list of cookies we use, check out our Cookie Policy.
Got It