Background
On December 10, 2021, the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) reported that the Apache Software Foundation released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this JNDI (Java Naming and Directory Interface)vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. CISA has encouraged users and administrators to review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately. Also, on December 13, 2021, CISA announced the formation of a designated web page to track the Log4j vulnerabilities in partnership with the Joint Cyber Defense Collaborative.