CRITICAL ALERT: Log4Shell
Monday, December 13, 2021
CRITICAL ALERT: Log4Shell

Related Practices & Jurisdictions
Print Mail Download i

We want to make our readers and your security operations aware of a critical vulnerability that is actively being exploited in the wild.

CVE-2021-44228 can easily be exploited to gain complete access to the targeted system by getting the application to log  a specially crafted string.

Government organizations and the private sector are responding to the disclosure of a critical vulnerability affecting the widely used Log4j logging utility, as exploitation attempts are on the rise.

Tracked as CVE-2021-44228 and dubbed Log4Shell — that can be exploited to gain complete access to the targeted system by getting the affected application to log a specially crafted string.

Palo Alto Networks has an analysis here.

The list of affected companies and software includes Apple, Tencent, Twitter, Baidu, Steam, Minecraft, Cloudflare, Amazon, Tesla, IBM, Pulse Secure, Ghidra, ElasticSearch, Apache, Google, Webex, LinkedIn, Oracle, Cisco and VMware. The list is being regularly updated.

©1994-2024 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

Current Legal Analysis

More from Mintz

HIPAA Privacy Protections for PHI related to Reproductive Health Care: The Final Rule and what Covered Entities and Business Associates need to Know
by: Cassandra L. Paolillo
DOL Releases Final Rule Substantially Increasing Minimum Salary Thresholds for Most Exempt Employees
by: H. Andrew Matzkin , Evan M. Piercey
Federal Circuit Affirms Obviousness of Rifaximin Polymorph Patents and Denial of Motion to Modify Judgment After Post-Trial Patented Indication Carve Out
by: Joseph D. Rutkowski , Peter J. Cuomo
In Split Vote, FTC Approves Controversial Final Rule Banning Most Post-Employment Non-Competes; Rule Already Subject to Challenge in Court
by: Talia R. Weseley , Danielle M. Bereznay
EU Imposes ESG Compliance Requirements for Companies' Supply Chains
by: Jacob H. Hupart
DOJ’s Criminal Division Announces Pilot Program on Voluntary Self-Disclosure for Individuals
by: Eoin P. Beirne , Nick A. LaPalme
CMS Publishes Final Rules Implementing Part C and Part D Program Changes
by: Tara E. Dwyer , Bridgette A. Keller
USPTO Issues Guidance on AI Use to Patent Professionals — AI: The Washington Report
by: Terri Shieh-Newton, PhD , Bruce D. Sokler
Some Harm is All it Takes – the Supreme Court Lowers the Bar for Title VII Discrimination Claims Involving Lateral Job Transfers
by: Paul M. Huston , Delaney M. Busch
Canada’s Federal Budget 2024: More Changes to the Stock Option Rules = More Headaches for Employers
by: Katy Pitch

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins