Capterra Logo
Helping businesses choose better software since 1999

Capterra Glossary

Log4j

Log4j is an aspect of the Apache Logging Services Project. Log4j is one of the most widely deployed open source software solutions, as it provides logging capabilities for Java applications. Log4j is most commonly deployed as a Java service or as a software library within a program.

In late 2021, Log4j’s remote code execution (RCE) CVE-2021-44228 was found to be vulnerable to cyberattacks. This RCE flaw occurred because Log4j interacts with the Java Naming and Directory Interface (JNDI) without properly validating all requests. In other words: cyberattackers who spot the RCE flaw are able to gain access to logging messages and launch malicious code on the system to exploit the vulnerability, gaining access to the private information of many users.

Most software vendors whose products use Log4j have not fixed this system vulnerability, leaving users susceptible to cyberattackers.

What Small and Midsize Businesses Need to Know About Log4j

Although multiple attempts have been made to patch the flaw, many vendors that embed Log4j in their software offerings have not patched their applications, leaving users at risk for cyberattacks.

Since hackers have leveraged this system vulnerability to target more than 40% of corporate networks, small businesses should take the necessary steps to protect their Java-based applications from cyberattacks. Most organizations aren't even aware that their programs use Log4j (since it's an embedded software library in programs developed by third-party vendors).

To ensure your small business’ data stays secure, be sure to contact your software vendors and ask them if their solutions have been affected by this vulnerability, and if the latest version of their software has been patched. In addition, be sure to implement a network-based filtering or web application firewall on the cloud services used for business purposes to block potential exploits before they can attack vulnerable applications within your workplace.

Related Terms