A newly revealed vulnerability impacting Apache Log4j 2 versions 2.0 to 2.14.1 was disclosed on the project’s GitHub on December 9, 2021, and designated as CVE-2021-44228 with the highest severity rating of 10. The flaw has been dubbed Log4Shell.
Log4j 2 is an open-source Java logging library that is widely used in a range of software applications and services around the world. The vulnerability can allow threat actors the opportunity to take control of any Java-based, internet-facing server and engage in Remote Code Execution (RCE) attacks.
NetRise is aware of the Log4j vulnerability and has completed verification that this issue does not affect NetRise products or services. NetRise has patched Log4j and also removed JndiLookup and set log4j2.FormatMsgNoLookups to True.