It is critical for organisations to double down on immediate actions required to identify systems surrounding the Apache Log4j vulnerability. The initial Apache Log4j vulnerability (CVE-2021-44228) on 9 Dec 2021, which was assigned a maximum CVSS score of 10.0, led to the massive reconnaissance and exploitation activity by threat actors leveraging on the bug.
Ensign has published this supplementary threat advisory to complement the Threat Advisory: Apache Java Logging Library Log4j Critical RCE Vulnerability.
In this advisory, we answer the top three questions about the impact of the Log4j vulnerability: