Critical Apache Log4j vulnerability
Latest updates and resources
What is the Apache Log4j2 JNDI Vulnerability?
From the NIST National Vulnerability Database: “Apache Log4j2 <= 2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.”
Free 14-Day Cloud Threat Hunting Assessment
To help you quickly handle Log4j, our cloud security experts will work with you to find all vulnerable systems across your entire cloud and container environments and continuously monitor for active signs of compromiseStart with your free assessment here
After review and analysis, Lacework engineers have determined our service was not impacted by the Log4j vulnerability. Out of an abundance of caution, our engineers will continue to monitor all aspects of the Lacework platform to ensure ongoing platform security.
- Additional Insights