Understanding The Impact of Apache Log4j Vulnerability
It is critical for organisations to double down on immediate actions required to identify systems surrounding the Apache Log4j vulnerability. The initial Apache Log4j vulnerability (CVE-2021-44228) on 9 Dec 2021, which was assigned a maximum CVSS score of 10.0, led to the massive reconnaissance and exploitation activity by threat actors leveraging on the bug.
Ensign has published this supplementary threat advisory to complement the Threat Advisory: Apache Java Logging Library Log4j Critical RCE Vulnerability. In this advisory, we answer the top three questions about the impact of the Log4j vulnerability:
- Why the urgency to mitigate and remediate Log4j vulnerability?
- Why is there so much patching to do?
- Do we need to scan our systems using various Log4j scanners?