- Dec 12, 2021 4:45 pm GMT
The log4j vulnerability is indeed very dangerous, but it can also be difficult to determine if you may be running a vulnerable version of log4j, because some software vendors rename the log4j package when they incorporate it into their software package. This can result in a "false negative" search result when using a CVE repository to look for vulnerabilities in a software component you have already installed and are running, that has been renamed i.e. ant-apache-log4j.jar
I highly recommend following the wise advice offered by CISA (link below) to mitigate this vulnerability ASAP.
Microsoft is also providing real-time updates regarding the log4j vulnerability with pointers to guidance to mitigate the vulnerability: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.