Risk
Large and medium business entities  High
Small business entities  High
Home users  High

In review, a serious vulnerability in the Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions of consumer products to enterprise software and web applications. This vulnerability is being widely exploited by a growing set of attackers.

When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss, and other irreversible harms. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm. To update your Log4j software package?to?the most current version, you may follow this link:?https://logging.apache.org/log4j/2.x/security.html??

The Log4j vulnerability is part of a broader set of structural issues.?It is?one of thousands of unheralded?but critically important?open-source?services that are used across a near-innumerable variety of internet companies.?These projects?are often created and maintained by volunteers, who don’t?always have adequate resources and personnel for incident response and proactive maintenance even as their projects are critical to the internet economy.