Hackers gave themselves an early Christmas present this year with a critical security flaw in Log4j, a popular logging framework that is used across many programs, including some that run on IBM i. IBM i shops are encouraged to take this flaw very seriously, as the vulnerability already is being actively exploited in the wild. However, finding where Log4j exists in your stack is not always simple, which makes this particular flaw particularly nasty. The Log4j zero-day vulnerability, which was disclosed last week by security researchers with CERT New Zealand , was logged into the National Vulnerability Database as CVE-2021-44228 . It scored perfect 10 out of 10 on the CVSS v3 rating scale (although Nadia Comăneci will be happy to know it landed a mere 9.3 on the older CVSS v2 scale). The flaw, which exists in Log4j versions 2.0 and 2.14.1, gives cybercriminals the ability to execute […]

Click here to view original web page at www.itjungle.com