On December 9, 2021, TrustNet security officials became aware of a vulnerability in the Log4j logging framework, CVE-2021-44228. Log4j is a frequently used open-source utility distributed under the Apache Software License used within Java applications to generate logs. This logging framework has gained popularity due to its speed, reliability, and flexibility. The utility is used by numerous applications and companies, including the game Minecraft and in Apache frameworks like Struts2, Druid, Kafka, and Flink.
When activated, the vulnerability permits a Remote Code Execution (RCE) that lets the attackers bombard the host with arbitrary code. In most cases, this vulnerability is only experienced by authenticated system users. The one exception occurs when private mode is not activated. In this case, even unauthenticated users might experience the vulnerability. Because the Log4j utility has been widely adopted, this security leak has been given a critical severity rating of CVSS3 10.0.
It is important to note that clients who use TrustNet’s systems have nothing to worry about. No patching is necessary because our systems are not susceptible to this attack as they do not make use of this library. If you receive managed security services from us, rest assured that our vulnerability detection systems were updated to reflect this threat on December 10, 2021. Our expert specialists are always available to provide comprehensive assistance if you have any concerns or questions about Log4j Vulnerability CVE-2021-44229’s impact on your TrustNet-managed digital assets.