![]() ![]() This issue is widespread because many developers were unaware that Log4J was dangerous to use with unfiltered input. This particular vulnerability - tracked as CVE-2021-44228 with the maximum “critical” CVSS score of 10 - resides in Log4J’s lookup capability, combined with JNDI (Java Naming and Directory Interface). Internet discussion was abuzz on December 9th about an 0-day vulnerability that can yield remote code execution (RCE) in Apache’s popular Log4J logging library for Java. runZero is not a vulnerability scanner, but you can share runZero’s results with your security team for investigation and mitigation. RunZero can help you build an up-to-date asset inventory and search for assets that may be affected by Log4J vulnerabilities, such as Log4shell. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |