This is to notify you of the Log4j2 Vulnerability (CVE-2021-42288) that is being exploited in wild. Below is a brief summary of this Vulnerability.

-Log4j2 Vulnerability Summary:

This exploit makes use of the Apache Log4j2 framework. An attacker injects a Remote code Execution payload and once the log is generated triggers the command that is attached to the log. Allowing the attack to get control over the system.

-Impact of this Vulnerability:

Several protocols were noticed to have been impacted by this Vulnerability, but the most critical protocol is the Lightweight Directory Access Protocol (LDAP) which can contain admin-level user credential. 

-Effected software is as follows:

  1. Apache Struts
  2. Apache Solr
  3. Apache Flink
  4. ElasticSearch
  5. Flume
  6. Apache Dubbo
  7. Logstash
  8. Kafka
  9. Spring-Boot
Chat WhatsApp