Log4j is a Java-based logging utility released by the Apache Software Foundation which is utilised in many Java-based applications and technologies.
On the 9th of December 2021, a critical vulnerability affecting Apache Log4j was publicly disclosed. This vulnerability allows an attacker to execute arbitrary code into any system running Apache Log4j version 2.15 or below.
On the 17th of December 2021, an additional critical vulnerability affecting Apache Log4j was disclosed, confirming that Apache Log4j version 2.16 is vulnerable to a denial of service attack.
Blue Connections have investigated our products and services to identify where mitigation is required and have subsequently implemented these mitigation techniques.
These products and techniques can be observed in the table below.