Log4Shell Zero-Day Vulnerability Exploit
Within "Log4j 2" Java Logging Package
By Elmer Rodriguez | December 14, 2021
CSS IMPACT Users,
As you know there has been a recent disclosed security vulnerabilities announcement related to Apache Log4j.
As a summary, the CVE-2021-44228 is a crucial zero-day vulnerability of the Log4j 2 library wherein a far off attacker who can manage log messages or log message parameters can execute arbitrary code on a server through a JNDI lookup.
The good news is that the CSS IMPACT Financial Ecosystem environment does not deploy “Log4j 2”, nor was it ever part of our platform library set.
For any technical details of the exploit, here is a nice writeup on it.
Best Regards,
Elmer A. Rodriguez
Chief Information Officer at CSS, Inc.
Get Started With CSS Impact
Sign-up and learn more about how our financial solutions can help make an impact on your bottom line.