Remote code execution vulnerability in Java-based logging utility Log4j was first reported Dec. 9, after allegedly being detected by Alibaba’s cloud security unit. It immediately put security teams on high alert heading into the holiday season. Apache Software Foundation continues to push out semi-regular updates for the logging library to address another, less-severe RCE vulnerability – CVE-2021-44832 – disclosed last week. CISA this week cited progress among “large” agencies that are patching or mitigating against the threat.”]
Source: https://www.govinfosecurity.com/log4j-sen-peters-revisits-incident-reporting-legislation-a-18272