Government of the Republic of Trinidad and Tobago

Securing the Nation's Digital Infrastructure

TT-CSIRT-400.10.12.21: Apache Log4j Critical RCE Vulnerability

The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. This vulnerability is …