Search This Site

 

Main menu

Log4j Java vulnerability

Date: 
Monday, December 13, 2021 - 16:15

If you and/or your folks are not already working on finding/remediating the Apache log4j Java vulnerability (CVE-2021-44228), please prioritize this issue.  It is a critical zero-day exploit.

When this vulnerability is exploited, the bad guy can run commands on your computers or servers,  steal data, and/or use your computers to laterally pivot to other computers or servers. 

Information about this vulnerability, who it affects, how to search for it, and mitigation strategies if you find it are on our webpage: Action Needed: Critical Vulnerability in Widespread Java Logging Library

We want to make sure that finding and fixing this vulnerability is high priority for everyone. 

Thank you for helping to keep everyone’s data and information at UVA secure.  

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form