Threat Advisory: Apache Log4j RCE – Version 13/12/2021

Scope of the vulnerability A significant number of Java-based applications use log4j as their logging utility. Apache Log4j version 2 <=2.14.1 JNDI features used in configurations, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code […]