The Apache Log4j zero day vulnerability may be the most serious security vulnerability to have emerged in years. The vulnerability, CVE-2021-44228, can be exploited remotely by a single line of code. Experts are seeing the vulnerability exploited to install botnet code on devices. Many organizations may not even know if they’re vulnerable, and patching will take time. The long tail on this vulnerability is “quite, quite extraordinary over time,” says BugCrowd.com CTO Casey Ellis.”]
Source: https://www.databreachtoday.com/serious-log4j-security-flaw-race-underway-to-discern-scope-a-18107