Monday 13th December 2021
Log4j Zero-Day Vulnerability Identified
THIS PAGE IS UP TO DATE AS OF 5TH JANUARY 2022
On December 10th a new critical vulnerability known as Log4J was exposed, allowing unauthenticated remote code execution. Click here for details.
Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache web servers. According to public sources, Chen Zhaojun of Alibaba officially reported a Log4j2 remote code execution (RCE) vulnerability to Apache on Nov. 24, 2021.2,3 This critical vulnerability, subsequently tracked as CVE-2021-44228 (aka “Log4Shell”), impacts all versions of Log4j2 from 2.0-beta9 to 2.14.1.
Summary
Mitigation Guidance
Bytes Response
In response to the Log4j exploit (CVE-2021-442281) Bytes have conducted a thorough investigation of systems to determine the impact on internal and customer applications. Find below the result of the investigation.
UPDATE: New vulnerabilties detected - CVE- 021-44224 (CVSS 3 - 8.2 high) and CVE-2021-44790 (CVSS 3 - 8.1 High - do not impact Bytes (the below).
Quantum: Not impacted
Commerce (Bytes portal): Not impacted
Snow managed service: Not impacted
Bytes internal services: Not impacted
For support and guidance, please reach out to your Bytes Account Manager or email [email protected]
Statements & Additional Resources From Our Vendors:
Want to keep informed? Sign up to our Newsletter