Share This:
A new security vulnerability (named CVE-2021-44228 by the National Vulnerability Database) has been released. This vulnerability is related to a Java library called Log4j, which is used to log error messages in applications.
Since Log4j is widely used across web applications and internet-facing devices as well as on computers that utilize the Java framework, the impact could be devastating. The SANS Institute estimates that up to three billion devices are impacted by this vulnerability.
The Log4j vulnerability has been given the highest severity rating of 10 from the National Vulnerability Database’s Common Vulnerability Scoring System (CVSS). A CVSS rating of 10 indicates the vulnerability has proof of exploitation in the wild due to its low barrier of entry for attackers to exploit it. Low barrier of entry means that the skillset required to exploit this vulnerability is minimal, increasing the likelihood of exploitation.
The best place to start is by looking at your inventory of hardware and software. If you utilize Java as a framework, then you should utilize a vulnerability scanning tool and penetration testing to scan your assets.
If you are unsure of your assets, a vulnerability scan of your external network and applications will help determine which vulnerabilities exist, including the Log4j vulnerability. We recommend you conduct an external scan to identify your risks on a periodic basis.
Eide Bailly is a top-rated cybersecurity firm in the nation. We offer vulnerability scans as well as a variety of penetration testing to give you a clear picture of where unauthorized transactions are occurring on your network.
Plus, we can help you set up cybersecurity best practices to ensure you’re not only prepared for the Log4j security vulnerability, but you are also paving the way to a culture of security in your organization.