The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a “severe risk” for an Apache software vulnerability, known as is CVE-2021-44228. The vulnerability, which affects a Java logging package known as Log4j. The CVE-2021-44228 vulnerability allows unauthenticated remote code execution (RCE) on any Java application running a vulnerable version of Apache’s Log4j 2.
A proof-of-concept exploit for the vulnerability was published on December 9, 2021. Cyber attacks started immediately after, making it a zero-day vulnerability.
Log4j releases 2.15.0 or 2.16.0 fix the issue and should be implemented on systems subject to this vulnerability.
Read more about it here.