Log4j Vulnerability

On December 9, 2021, a zero-day vulnerability in Log4j 2.x was announced via Twitter. Log4j is an open source logging utility commonly used in applications. In fact, our customer data shows that 88% of organizations with over 100 apps use Log4j. This is of great concern because, if successfully exploited, attackers are able to perform a Remote Code Execution attack and compromise the affected server. If you are wondering if your applications were affected, or if you’re looking for remediation guidance, please check out our resources below.

vulnerability resources

Video

Log4j Update: Brian Roche - Chief Product Officer

Blog

Analysis and Remediation Guidance

Blog

Insight Into Scope of Vulnerability

title

Community

SCA Instructions for Viewing Log4j Components

Community

Log4j FAQ

Video

Live Stream on Log4j Initial Response – Dec 10

title

Community

Veracode Response to Customers Regarding Log4j

Research

RCE Vulnerability in org.apache.logging.log4j:log4j-core

Research

DoS Vulnerability in org.apache.logging.log4j:log4j-core

title

Blog

A Review of Log4Shell Detection Methods

Research

DoS Vulnerability in Apache Log4j 1.x Compatibility API

Log4j Vulnerability

vulnerability resources

title

title

title

Interested in learning more about Veracode SCA?