Today Siemens published a new Log4j advisory and updated their original advisory.
New Advisory - Siemens published an advisory
discussing a new
Log4j vulnerability that affects Log4j versions through 17.0.
Update - Siemens published an update for their original Log4Shell advisory that was originally published on December 12th, 2021 and most recently updated on December 27th, 2021.
The new Log4j vulnerability almost certainly reflects the additional attention that is being focused on this no longer obscure but much used tool. Very few pieces of ‘modern’ software are apparently able to stand up to that sort of attention without yielding vulnerabilities. With no currently available exploits, nor a current Base Score, for the new vulnerability, owners will be forgiven for not paying as much attention to this new vulnerability. Unfortunately, I expect that exploits will be forthcoming more quickly than normal; the Log4j attention also attracts the ‘bad guys’.
For more details on the new advisory and update, see my
article on CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/12-28-31-siemens-log4shell-advisories
- subscription required.
Posts
No comments:
Post a Comment