A zero-day vulnerability detected in the Java logging library Apache Log4j can result in full server takeover. The unauthenticated remote code execution vulnerability – classified as severe and tracked as CVE-2021-44228 – is actively being exploited in the wild and proof-of-concept code has been published. Experts say the vulnerability is likely to affect “thousands of organizations” and “poses a significant real-world risk” Cloud applications, including those widely used across the enterprise, also remain vulnerable.”]
Source: https://www.cuinfosecurity.com/severe-apache-log4j-vulnerability-threatens-enterprise-apps-a-18101