Capterra Glossary
Log4j
Log4j is an aspect of the Apache Logging Services Project. Log4j is one of the most widely deployed open source software solutions, as it provides logging capabilities for Java applications. Log4j is most commonly deployed as a Java service or as a software library within a program.
In late 2021, Log4j’s remote code execution (RCE) CVE-2021-44228 was found to be vulnerable to cyberattacks. This RCE flaw occurred because Log4j interacts with the Java Naming and Directory Interface (JNDI) without properly validating all requests. In other words: cyberattackers who spot the RCE flaw are able to gain access to logging messages and launch malicious code on the system to exploit the vulnerability, gaining access to the private information of many users.
Most software vendors whose products use Log4j have not fixed this system vulnerability, leaving users susceptible to cyberattackers.
What Small and Midsize Businesses Need to Know About Log4j
Although multiple attempts have been made to patch the flaw, many vendors that embed Log4j in their software offerings have not patched their applications, leaving users at risk for cyberattacks.
Since hackers have leveraged this system vulnerability to target more than 40% of corporate networks, small businesses should take the necessary steps to protect their Java-based applications from cyberattacks. Most organizations aren't even aware that their programs use Log4j (since it's an embedded software library in programs developed by third-party vendors).
To ensure your small business’ data stays secure, be sure to contact your software vendors and ask them if their solutions have been affected by this vulnerability, and if the latest version of their software has been patched. In addition, be sure to implement a network-based filtering or web application firewall on the cloud services used for business purposes to block potential exploits before they can attack vulnerable applications within your workplace.
Related Terms
- Synchronous
- Software as a Service (SaaS)
- Intranet
- Security Orchestration, Automation and Response (SOAR)
- Identity and Access Management (IAM)
- Managed Service Provider (MSP)
- Haptics
- WAN (Wide-Area Network)
- Service-oriented Architecture (SOA)
- Augmented Reality (AR)
- Chief Information Officer (CIO)
- Security Information and Event Management (SIEM)
- Platform as a Service (PaaS)
- Service-Level Agreement (SLA)
- Scalability
- Data Center
- Authorization
- Multitenancy