Log4Shell Zero-Day Vulnerability Exploit

Within "Log4j 2" Java Logging Package

By Elmer Rodriguez | December 14, 2021


As you know there has been a recent disclosed security vulnerabilities announcement related to Apache Log4j.
As a summary, the CVE-2021-44228 is a crucial zero-day vulnerability of the Log4j 2 library wherein a far off attacker who can manage log messages or log message parameters can execute arbitrary code on a server through a JNDI lookup.
The good news is that the CSS IMPACT Financial Ecosystem environment does not deploy “Log4j 2”, nor was it ever part of our platform library set.
For any technical details of the exploit, here is a nice writeup on it.

Best Regards,
Elmer A. Rodriguez
Chief Information Officer at CSS, Inc.

Get Started With CSS Impact

Sign-up and learn more about how our financial solutions can help make an impact on your bottom line.

When software is designed to look this good, it tends to work that way, too.