TT-CSIRT-400.10.12.21: Apache Log4j Critical RCE Vulnerability
The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. This vulnerability is under active global exploitation and requires immediate action to safeguard your organization.
The TT-CSIRT strongly urges users and administrators to review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.