Analysis & Insights

Understanding The Impact of Apache Log4j Vulnerability

Gain a better understanding of how and why organisations are doubling down on immediate actions surrounding the Log4J vulnerability.

It is critical for organisations to double down on immediate actions required to identify systems surrounding the Apache Log4j vulnerability. The initial Apache Log4j vulnerability (CVE-2021-44228) on 9 Dec 2021, which was assigned a maximum CVSS score of 10.0, led to the massive reconnaissance and exploitation activity by threat actors leveraging on the bug.

Ensign has published this supplementary threat advisory to complement the Threat Advisory: Apache Java Logging Library Log4j Critical RCE Vulnerability. In this advisory, we answer the top three questions about the impact of the Log4j vulnerability:

  1. Why the urgency to mitigate and remediate Log4j vulnerability?

  2. Why is there so much patching to do?

  3. Do we need to scan our systems using various Log4j scanners?