Critical vulnerability in Apache log4j 2

14. December 2021
Critical

A critical open code vulnerability in Apache log4j 2, Java package during login to various applications such as iCloud, Twitter, Amazon, was discovered on December 9 and could be abused for remote code execution on the multitude of servers. Vulnerability CVE-2021-44228 has been rated 10 according to the CVSS rating system and the former’s details can be seen on the following link.

The National CERT’s recommendation is to upgrade to new version Log4j 2.16.0, as notified in Apache Log4j 2.16.0, for the purpose of protection from possible malicious attacks. 

The website www.cert.rs uses cookies for improvement of user experience and website functionality. By continuing to browse this website, you agree to the use of cookies.

Details