For Sponsored Posts & Articles, please email us on 📧 networks.baseline@gmail.com

What's this “Log4j” vulnerability

“Log4j” vulnerability

Log4j's Java library was found to contain a Remote Code Execution vulnerability. The "message lookup substitution" function of Log4j enables malicious code to be executed on logged fields that contain maliciously crafted strings. Payloads can be deployed and executed this way, or commands can be executed with heightened privilege levels.




It’s one of the most pervasive Java libraries to date. Most Java applications log data, and there’s nothing that makes this easier than Log4j.

Log4j is a library that is used by many Java applications. It’s one of the most pervasive Java libraries to date. Most Java applications log data, and there’s nothing that makes this easier than Log4j.

Having confirmed that the vulnerability exists, reproducing it is trivial, thus the high score. The Vulnerability effects multiple vendors and multiple products and you need to contact your vendor on the specific product to understand and know about the product/solution effected with this vulnerability.

Several open source tools are able to scan an array of packaged dependency formats, identify whether they are vulnerable, and report on whether they contain vulnerabilities.

Especially when dealing with nested layers of JAR files, it is important to be able to scan JAR files. Software bill of materials (SBOM) are generated by Syft, and vulnerability scanners are generated by Grype.

Cisco Talos Report






Nutanix Report




No comments

Note: Only a member of this blog may post a comment.