A high-risk security issue is affecting the Log4j logging framework

As of last week, a critical vulnerability has been made public that is affecting Apache’s Log4j Java framework which is used in a significant amount of software solutions, including Apache, Cisco, Oracle, Red Hat and others.

If you are using the log4j library, we strongly recommend you implement the provided solution as soon as possible: Upgrade to log4j-2.17.0 or newer. The log4j package may be bundled with the software you use provided by any given vendor. In this scenario, unfortunately, the vendors will need to push the security updates downstream. You can find a list of the affected vendors here: YfryTchsGD/Log4jAttackSurface (github.com)

This list is not complete and will grow in the coming days. Please check whether you are using any log4j packages and upgrade them accordingly.

More information can be found trough these links:

BlueTeam CheatSheet * Log4Shell* (github.com)

NVD - CVE-2021-44228 (nist.gov)

CVE - CVE-2021-44228 (mitre.org)

CVE-2021-44228- Red Hat Customer Portal

Please note that all software used by Intercept is not affected by this issue or has been patched.

If you have issues during upgrade or patching and need assistance from Intercept. Please send an email to our support team through support@intercept.cloud.