Number: AV21-626
Date: 10 December 2021
On 10 December 2021 Apache published a Security Advisory to address a critical vulnerability in the following product:
- Apache Log4j – version 2.0-beta9 to 2.14.1
Exploitation of this vulnerability could lead to remote code execution.
Open-source reporting indicates that this vulnerability is being exploited in the wild and that proofs of concept are being shared online.
The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.
Apache Log4j:
https://logging.apache.org/log4j/2.x/security.html