In order to give you a better service this website uses cookies. By continuing to browse the site you are agreeing to our use of cookies.

I agree.

Log4Shell

16.12.2021

On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j was discovered that results in Remote Code Execution by logging a certain string.

Log4Shell

General Description of the Vulnerability

The vulnerability (CVE-2021-44228 1) is critical, as it can be exploited from remote by an unauthenticated adversary to executed arbitrary code (remote code execution – RCE). The criticality of the vulnerability has a score of 10 (out of 10) in the common vulnerability scoring system (CVSS) which outlines how severe the vulnerability is.

Risk Classification: High

The risk classification can vary due to the specific deployment.

Action taken by SPIE

  • Check for "Log4j" threat of all our Managed Service Customers
  • Continuous monitoring of customer environments
  • In collaboration with customers, remediation steps are planned and initialized as required

General recommended actions for all customers

  • Identify affected systems with "Log4j" in your environment.
    • Follow provider advisories
    • Check individual systems
  • Update system offline to version Log4j 2.15.0 or above (best protection)
  • Workaround: the following parameter should be set to true when starting the Java Virtual Machine: log4j2.formatMsgNoLookups

Further Information

GovCert Blog


For any further requests, please contact your SPIE Service representative.


Kind regards
SPIE ICS AG

back to panels