{"id":8623,"date":"2022-11-22T15:41:46","date_gmt":"2022-11-22T15:41:46","guid":{"rendered":"https:\/\/colortokens.vps3.simplesolution.dk\/?p=8623"},"modified":"2022-11-22T15:43:12","modified_gmt":"2022-11-22T15:43:12","slug":"is-your-application-compromised-by-log4j-vulnerability","status":"publish","type":"post","link":"https:\/\/colortokens.simpledigital.dev\/index.php\/2022\/11\/22\/is-your-application-compromised-by-log4j-vulnerability\/","title":{"rendered":"Is your application compromised by Log4j vulnerability?"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"8623\" class=\"elementor elementor-8623\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6b81e0d3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6b81e0d3\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7cd252a6\" data-id=\"7cd252a6\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-58c4f820 elementor-widget elementor-widget-text-editor\" data-id=\"58c4f820\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<h2>What is Log4j vulnerability?<\/h2><p><span data-contrast=\"auto\">Log4j is a critical open-source logging tool that helps developers keep a log of the system or applications found in most software libraries. across the internet. An engineer at Alibaba\u2019s cloud security team discovered the\u00a0<\/span><a href=\"https:\/\/blogs.apache.org\/foundation\/entry\/apache-log4j-cves\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Log4j vulnerability<\/span><\/a><span data-contrast=\"auto\">, also known as Log4Shell, in Dec 2021. Unpatched systems are vulnerable to attackers who can steal personal information, including login and passwords, and infect networks with malicious software.\u00a0<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9e08435 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9e08435\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-76fcef1\" data-id=\"76fcef1\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b97b14e elementor-widget elementor-widget-ld_fancy_image\" data-id=\"b97b14e\" data-element_type=\"widget\" data-widget_type=\"ld_fancy_image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\n\t\t\t<div class=\"lqd-imggrp-single d-inline-flex pos-rel align-items-center justify-content-center\"   >\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t<div class=\"lqd-imggrp-img-container pos-rel\" >\n\t\t\t\t\t\n\t\t\t\t\t<figure\n\t\t\t\t\t\tclass=\"w-100 pos-rel\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>\n\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/asymmetriceightpro.liquid-themes.com\/architecture-blog\/wp-content\/uploads\/2020\/09\/blog4.jpg\" title=\"\" alt=\"\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-91ec91c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"91ec91c\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-26534b4\" data-id=\"26534b4\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5212e7c elementor-widget elementor-widget-text-editor\" data-id=\"5212e7c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>Why it matters?<\/h2><p><span data-contrast=\"auto\">The Log4jShell vulnerability allows a remote code execution (RCE) attack where an attacker can remotely gain access and modify the logging configuration file to construct a malicious configuration. Log4jShell is now an extremely critical vulnerability according to\u00a0<\/span><a href=\"https:\/\/xcloud.spectrum.colortokens.com\/cve\/CVE-2021-44228\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">NIST \u2013 CVE-2021-44228<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p><p><span data-contrast=\"auto\">The Cyber Safety Review Board classified Log4j as an endemic vulnerability. Hence, organizations need to gain visibility and identify which commercially procured or home-grown applications are vulnerable and then remediate with a security patch by upgrading to Log4j 2.3.2 (for Java6), Log4j 2.12.4(for Java 7), or Log4j 2.17.1(for Java 8 and above).<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p><p><a href=\"https:\/\/www.cisa.gov\/uscert\/apache-log4j-vulnerability-guidance\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">CISA<\/span><\/a><span data-contrast=\"auto\">\u00a0(Cybersecurity and Infrastructure Agency), a federal entity, has recommended that organizations need to perform a comprehensive analysis of their software inventory. Organizations should compare their installed software with vulnerable software listed in\u00a0<\/span><a href=\"https:\/\/github.com\/cisagov\/log4j-affected-db\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">CISA\u2019s Log4j database<\/span><\/a><span data-contrast=\"auto\">. Organizations should patch their systems immediately; if not, they should apply mitigation measures to minimize any impact from an exploit. If security admins can neither patch nor use mitigation measures, they should remove the asset from the network.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d5f0ee2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d5f0ee2\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-db3a42c\" data-id=\"db3a42c\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-da7860b elementor-widget elementor-widget-ld_blog\" data-id=\"da7860b\" data-element_type=\"widget\" data-widget_type=\"ld_blog.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<div class=\"lqd-lp-grid da7860b blog-id-229082635 \"><div class=\"lqd-lp-row d-flex flex-wrap row pos-rel\" ><div class=\"lqd-lp-column d-flex flex-column col-md-12 cloud-security\"><article id=\"post-9421\" class=\"lqd-lp pos-rel lqd-lp-style-6 text-start post-9421 post type-post status-publish format-standard has-post-thumbnail hentry category-cloud-security\">\n\n<div class=\"lqd-lp-img pos-rel mb-4\">\n\n\t<figure class=\"pos-rel overflow-hidden\"><img fetchpriority=\"high\" decoding=\"async\" width=\"768\" height=\"384\" src=\"https:\/\/colortokens.simpledigital.dev\/wp-content\/uploads\/2023\/03\/Application-Whitelisting-768x384-1.png\" class=\"w-100 wp-post-image\" alt=\"\" srcset=\"https:\/\/colortokens.simpledigital.dev\/wp-content\/uploads\/2023\/03\/Application-Whitelisting-768x384-1.png 768w, https:\/\/colortokens.simpledigital.dev\/wp-content\/uploads\/2023\/03\/Application-Whitelisting-768x384-1-300x150.png 300w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/figure>\n\t<div class=\"lqd-lp-meta lqd-lp-meta-solid pos-b-l pos-abs pos-bl d-flex align-items-center p-0 no-padding\">\n\n\t\t<time class=\"lqd-lp-date pt-2 pb-2 ps-3 pe-3\" datetime=\"2023-03-06T11:10:45+00:00\">3 years ago<\/time>\n\t\t\n\t\t<span class=\"screen-reader-text\">Tags <\/span><ul class=\"lqd-lp-cat reset-ul inline-nav pos-rel z-index-3 pt-2 pb-2\"><li><a href=\"https:\/\/colortokens.simpledigital.dev\/index.php\/category\/blog\/cloud-security\/\" rel=\"category\">Cloud Security<\/a><\/li><\/ul>\n\t<\/div>\n\n<\/div>\n\n<header class=\"lqd-lp-header mb-2\">\n\t<h2 class=\"lqd-lp-title h5 m-0\">\n\t\t<a href=\"https:\/\/colortokens.simpledigital.dev\/index.php\/2023\/03\/06\/the-complete-guide-to-application-whitelisting\/\" data-split-text=\"true\" data-split-options='{\"type\": \"lines\", \"disableOnMobile\": true}'>The Complete Guide to Application Whitelisting<\/a>\n\t<\/h2>\n<\/header>\n\n\t\t\t<div class=\"lqd-lp-excerpt\">\n\t\t\t\t<p>As attacks grow more sophisticated and the number of unknown threats increases, securing business-critical applications has become more challenging. <\/p>\n\t\t\t<\/div>\n\t\t\n<footer class=\"lqd-lp-footer pos-rel z-index-3 mt-3\">\n\t<a href=\"https:\/\/colortokens.simpledigital.dev\/index.php\/2023\/03\/06\/the-complete-guide-to-application-whitelisting\/\" class=\"btn btn-naked btn-hover-swp\">\n\t\t<span class=\"btn-txt\">read more<\/span>\n\t\t<span class=\"btn-icon\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"32\" height=\"32\" viewBox=\"0 0 32 32\" style=\"height: 1em;\"><path fill=\"currentColor\" d=\"M17.806 25.788l8.631-8.375c.375-.363.563-.857.563-1.4v-.025c0-.544-.188-1.038-.563-1.4l-8.63-8.375c-.75-.782-1.957-.782-2.7 0s-.745 2.043 0 2.825L20.293 14H6.919C5.856 14 5 14.894 5 16c0 1.125.856 2 1.912 2h13.375L15.1 22.963a2.067 2.067 0 0 0 0 2.824c.75.782 1.956.782 2.706 0z\"><\/path><\/svg>\n\t\t<\/span>\n\t\t<span class=\"btn-icon\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"32\" height=\"32\" viewBox=\"0 0 32 32\" style=\"height: 1em;\"><path fill=\"currentColor\" d=\"M17.806 25.788l8.631-8.375c.375-.363.563-.857.563-1.4v-.025c0-.544-.188-1.038-.563-1.4l-8.63-8.375c-.75-.782-1.957-.782-2.7 0s-.745 2.043 0 2.825L20.293 14H6.919C5.856 14 5 14.894 5 16c0 1.125.856 2 1.912 2h13.375L15.1 22.963a2.067 2.067 0 0 0 0 2.824c.75.782 1.956.782 2.706 0z\"><\/path><\/svg>\n\t\t<\/span>\n\t<\/a>\n<\/footer>\n\n<a  href=\"https:\/\/colortokens.simpledigital.dev\/index.php\/2023\/03\/06\/the-complete-guide-to-application-whitelisting\/\" class=\"lqd-lp-overlay-link lqd-overlay z-index-2\"><\/a><\/article><\/div><\/div><!--\/ .row --><\/div><!--\/ .lqd-lp-grid -->\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-efdeac5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"efdeac5\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4a5fab8\" data-id=\"4a5fab8\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-cc494ed elementor-widget elementor-widget-text-editor\" data-id=\"cc494ed\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>How can we help?<\/h2><p><a href=\"https:\/\/colortokens.com\/products\/xcloud-cloud-security\/\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">Xcloud<\/span><\/a><span data-contrast=\"auto\">\u00a0runs a deep scan on all your\u00a0<\/span><a href=\"https:\/\/colortokens.com\/blog\/cloud-security-for-third-party\/\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">third-party libraries<\/span><\/a><span data-contrast=\"auto\">\u00a0in a multi-cloud environment. It displays the vulnerabilities, including Log4jShell highlighting its priority and remediation plan. Once security teams patch the cloud infrastructure, they can continuously monitor their current and new third-party libraries.\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:0,&quot;335559740&quot;:240}\">\u00a0<\/span><\/p><p><span data-contrast=\"auto\">Xcloud can help rule out critical risks such as Log4j hidden deep in your home-grown and commercially purchased applications or libraries in your acquired software supply chain by providing instant coverage and complete visibility of your entire cloud environment and all workloads. It enables organizations to gain comprehensive security coverage for all workloads, so security teams do not miss any risks. It is highly automated to reduce the workload and burden on your security and development team.\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:0,&quot;335559740&quot;:240}\">\u00a0<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Log4j is a critical open-source logging tool that helps developers keep a log of the system or applications found in most software libraries. across the internet<\/p>\n","protected":false},"author":1,"featured_media":8554,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":["post-8623","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-vulnerabilty"],"_links":{"self":[{"href":"https:\/\/colortokens.simpledigital.dev\/index.php\/wp-json\/wp\/v2\/posts\/8623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/colortokens.simpledigital.dev\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/colortokens.simpledigital.dev\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/colortokens.simpledigital.dev\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/colortokens.simpledigital.dev\/index.php\/wp-json\/wp\/v2\/comments?post=8623"}],"version-history":[{"count":4,"href":"https:\/\/colortokens.simpledigital.dev\/index.php\/wp-json\/wp\/v2\/posts\/8623\/revisions"}],"predecessor-version":[{"id":8627,"href":"https:\/\/colortokens.simpledigital.dev\/index.php\/wp-json\/wp\/v2\/posts\/8623\/revisions\/8627"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/colortokens.simpledigital.dev\/index.php\/wp-json\/wp\/v2\/media\/8554"}],"wp:attachment":[{"href":"https:\/\/colortokens.simpledigital.dev\/index.php\/wp-json\/wp\/v2\/media?parent=8623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/colortokens.simpledigital.dev\/index.php\/wp-json\/wp\/v2\/categories?post=8623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/colortokens.simpledigital.dev\/index.php\/wp-json\/wp\/v2\/tags?post=8623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}