Log4j is an open-sourced Java logging tool and software library developed by the Apache Software Foundation. It can be part of many different Java software services and is used in many common frameworks, including Apache Struts, Apache Solr, Apache Druid, and Apache Flink.
On December 10, 2021, a critical vulnerability that allows for unauthenticated remote code execution (RCE) was discovered in Apache Log4j 2. The Apache Software Foundation has identified the vulnerability as CVE-2021-44228. Since Log4j is commonly used, the vulnerability requires little skill to exploit, and its impact could be high, this vulnerability has the maximum severity rating of 10.
Popular platforms, such as iCloud, Minecraft, Steam, and more have been confirmed to be vulnerable at the time of writing—many more are likely to follow in the coming days.
We've added a Log4j Resource Center, available through our Knowledge Base, where we'll collect all the information we have as it becomes available.