Community Alert: High Severity Log4Shell Zero-Day Exploit

Criminals are actively leveraging a new zero-day exploit, known as Log4Shell, to break into systems at organizations of all sizes, as well as cloud providers. Due to the wide range of applications that may be exploited and the large number of potential delivery mechanisms, Log4Shell is a high severity threat.

This vulnerability (tracked as CVE-2021-44228) affects the Apache Log4j 2 Java-based logging library, which is widely used in on-premises software, cloud services, and web applications. Due to the wide range of affected applications and the ease of exploitation, this has been dubbed “the worst computer vulnerability discovered in years.”