Skip to content

THREAT INTELLIGENCE REPORT

CVE-2021-44228 Vulnerability
Log4j Java Logging 

Critical Vulnerability Results in
Remote Code Execution (RCE)

Fortress Information Security is working closely with government and commercial clients to assist in mitigation efforts of the recent CVE-2021-44228 vulnerability for the popular Java logging library, Log4j. So far we have identified over 250,000 open source projects that reference Log4j.

Log4j is developed by the Apache Foundation and used in thousands of applications including the Apache Struts code and impacts Cloudflare, Minecraft, Twitter, Apple, and many of the largest tech companies in the world. This vulnerability, and corresponding public exploits, are being actively exploited in the wild by abusing the Java Naming and Directory Interface (JNDI), a Java API used by the Java programming language.

This is a critical vulnerability which results in Remote Code Execution (RCE). Fortress has validated the Log4j vulnerability is easily identified via automated methods within a File Integrity Assurance (FIA) solution. Software Bills of Materials (SBOMs) are an effective means of determining when components are impacted by newly discovered vulnerabilities. Below is an example SBOM highlighting the affected version of Log4j in Keycloak, an open-source identity and access management solution. #Log4Shell

SBOM Snippet for Keycloak version 10.0.2:

log4j-sbom


We recommend concerned software suppliers or commercial software consumers who may be impacted by this vulnerability get in touch with us ASAP to assess and understand their exposure. Adversaries are actively exploiting this code. 

Fortress continuous software and file integrity assurance solution (FIA), released in early 2020, includes the capability to identify and analyze SBOMs on a continuous basis by performing daily checks of monitored software, retrieving new versions, and ensuring they are safe for use. We are releasing a new version on December 31 to expand this functionality with upgraded malicious threat actor capabilities and developer-centric analysis of open-source contributor risk factors.

Fortress provides a wide array of supply chain and vulnerability management services to the critical infrastructure and defense communities.

Access Complete Threat Intelligence Report: