Log4j vulnerabilityDate: 17 December 2021 Tags: Miscellaneous
Vulnerability has been identified in Log4j logging library, resulting in leakage of sensitive data in some circumstances.
The Log4J is used by almost all major Java-based enterprise apps and servers across the industry.
Log4J is an open-source logging library, which is used to keep track of all the activity inside an application.
It is among the most widely used tools to collect information across corporate computer networks, websites and applications.
The flaw that has been identified can result in cybercriminals executing ‘arbitrary code’ and gain access to a computer system by inputting a string of code into the library.
It was found out by researchers at Alibaba first, with Microsoft’s Minecraft also issuing a statement confirming they were also impacted.
The vulnerability can result in data theft or unauthorised removal of the data from a device by cybercriminals.
Hackers can execute code remotely on a target computer, allowing them to steal data, install malware or take control.
Cyber experts are suggesting that all customers on Log4j versions 2.15.0 and below need to upgrade to 2.16.0 as quickly as possible.