Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.
Log4j Java vulnerability
Date
If you and/or your folks are not already working on finding/remediating the Apache log4j Java vulnerability (CVE-2021-44228), please prioritize this issue. It is a critical zero-day exploit.
When this vulnerability is exploited, the bad guy can run commands on your computers or servers, steal data, and/or use your computers to laterally pivot to other computers or servers.
Information about this vulnerability, who it affects, how to search for it, and mitigation strategies if you find it are on our webpage: Action Needed: Critical Vulnerability in Widespread Java Logging Library
We want to make sure that finding and fixing this vulnerability is high priority for everyone.
Thank you for helping to keep everyone’s data and information at UVA secure.