From blog.qualys.com
![](https://2jws2s3y97dy39441y2lgm98-wpengine.netdna-ssl.com/wp-content/uploads/2021/12/Screen-Shot-2021-12-14-at-8.55.27-PM.png)
On December 09, 2021, a critical remote code execution vulnerability was identified in Apache Log4j2 after proof-of-concepts were leaked publicly, affecting Apache Log4j 2.x <= 2.15.0-rc1. The vulnerability is being tracked as CVE-2021-44228 with CVSSv3 10 score and affects numerous applications which are using the Log4j2 library.