Critical Apache Log4j vulnerability

Latest updates and resources


LACEWORK LABS RESEARCH & INTELLIGENCE

What is the Apache Log4j2 JNDI Vulnerability?

From the NIST National Vulnerability Database: “Apache Log4j2 <= 2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.”

Read more from Lacework Labs

Free 14-Day Cloud Threat Hunting Assessment

To help you quickly handle Log4j, our cloud security experts will work with you to find all vulnerable systems across your entire cloud and container environments and continuously monitor for active signs of compromise

Start with your free assessment here
Free 14-Day Cloud Threat Hunting Assessment

Lacework Impact

After review and analysis, Lacework engineers have determined our service was not impacted by the Log4j vulnerability. Out of an abundance of caution, our engineers will continue to monitor all aspects of the Lacework platform to ensure ongoing platform security.