The bug, CVE-2021-44228, affects a Java logging package called log4j. It was. Infosec leaders around the world are being urged to heed warnings from national computer emergency teams, ...

As of Tuesday the latest version of Log4j that should be in systems running Java 8 is 2.17.1. That’s the fifth vulnerability revealed since December 9th.

Contrast Security has found that 58% of Java applications have vulnerable versions present, but only 37% are actually using Log4j. The four issues go by CVE-2021-44228 , CVE-2021-45046 , CVE-2021 ...

More than 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly and will require coordination between different project teams to address the flaw.

There’s an enormous amount of software vulnerable to the Log4j bug through Java software supply chains — and administrators and security pros likely don’t even know where to look for it.

U.S. organizations that fail to secure customer data against Log4Shell, a zero-day vulnerability in the widely used Log4j Java logging library, could face legal repercussions, the Federal Trade ...

Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat. Researchers discovered a bug related to the Log4J logging library ...

That allows for Java code injection of remote code execution. There are a number of attack vectors that could be used to exploit the vulnerability, the most severe being through the H2 console.

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...

COMPANY NEWS: Since the first vulnerability in the Apache Foundation’s Log4j logging tool was revealed on 10 December, three sets of fixes to the Java library have been released as additional ...