Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk

The Apache Software Foundation has released fixes for a ‘zero-day’ vulnerability in the Apache Log4j Java-based logging library, widely used by many software manufacturers. The flaw, known as Log4Shell or LogJam, allows unauthenticated, remote code execution and affects versions Log4j 2.0-beta9 to 2.14.1. This vulnerability could result in a total system takeover and has scored a maximum 10/10 severity rating in the CVSS system.