Apache Log4j is the most popular java logging library with over 400,000 downloads from its GitHub project. It used by a vast number of companies worldwide, enabling logging in a wide set of popular applications. Exploiting this vulnerability is simple and allows threat actors to control java-based web servers and launch remote code execution attacks.
In this CheckMates TechTalk Special Edition, Lotem Finklesteen, Director of Threat Intelligence and Research and Yaniv Shechtman, Head of Product Management, Threat Prevention tell you what you need to know about the log4j vulnerability (CVE-2021-44228, a.k.a. log4shell) and how you can protect your organization.
See also:
https://community.checkpoint.com/t5/General-Topics/Protect-yourself-against-a-widely-exploited-vulne...
SecureKnowledge Article "Check Point response to Apache Log4j Remote Code Execution (CVE-2021-44228)...
Check Point Blog Post about the vulnerability
Cyber Pandemic update – Critical vulnerability in Apache Log4j
Second Log4j Vulnerability (CVE-2021-45046) Discovered
