This is to notify you of the Log4j2 Vulnerability (CVE-2021-42288) that is being exploited in wild. Below is a brief summary of this Vulnerability.
-Log4j2 Vulnerability Summary:
This exploit makes use of the Apache Log4j2 framework. An attacker injects a Remote code Execution payload and once the log is generated triggers the command that is attached to the log. Allowing the attack to get control over the system.
-Impact of this Vulnerability:
Several protocols were noticed to have been impacted by this Vulnerability, but the most critical protocol is the Lightweight Directory Access Protocol (LDAP) which can contain admin-level user credential.
-Effected software is as follows:
- Apache Struts
- Apache Solr
- Apache Flink
- ElasticSearch
- Flume
- Apache Dubbo
- Logstash
- Kafka
- Spring-Boot