Log4j “Log4Shell” Vulnerability explained.
Monday, December 20, 2021
What is it?
On December 9th, 2021, Log4j or Log4Shell, which was a critical new PC vulnerability was publicly released and is being touted as one of the worst cybersecurity flaws to have been discovered. This security vulnerability was found in Apache’s Log4J component and is commonly used in Java products for logging. The vulnerability uses the JNDI feature to cause malicious code to be downloaded and executed on a remote server.
Why is this a security risk?
The vulnerability is serious because exploiting it could allow hackers to control java-based web servers and launch what is called ‘remote code execution (RCE) attacks. In simple words, the vulnerability could allow a hacker to take control of a system. This new vulnerability allows hackers to remotely control and execute commands on the affected machines giving them the ability to import malware and compromise machines leaving them at risk. This could permit hackers to install the malware, steal user credentials, and more.
Is my Creditron Software safe?
Here at Creditron, we take the security of our software and our customer’s solutions very seriously. While the Log4j security vulnerability is a major concern for many systems, Creditron and its suite of software solutions do not use or rely on any of the affected technologies that this vulnerability uses. Our customers may rest easy knowing that using their Creditron solutions are safe to use and may continue to operate without risk of exposing unwanted vulnerabilities.
