Reference #: TB211201SU
Title: Apache Log4j Vulnerability
Date: December 16, 2021
On December 10, 2021, notice of a critical remote code vulnerability was published concerning the Apache Log4j library. Vulnerable versions include Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0. The vulnerability is specific to log4j-core and does not extend to log4net, log4cxx, or other Apache Logging Services. Bad actors may use log messages or log message parameters to execute arbitrary code on the targeted server. Salient Systems is in the process of assessing potential impact to its products. Follow the links in the following sections for more detailed information on the vulnerability.
Vulnerability ID: CVE-2021-44228