It’s been nearly four months since Alibaba Cloud’s security team first reported a remote code execution (RCE) vulnerability within Apache Log4j (also known as Log4Shell). Due to the popularity and widespread use of this application, it very quickly became a top priority for security operatives and administrators around the world.
Within weeks, Apache issued a patch for the logging library vulnerability (CVE-2021-44228), accompanied by the highest severity rating of 10.0. Despite the quick response, it is estimated that more than 89% of all environments across businesses and cloud providers have vulnerable Log4j libraries. This particular RCE vulnerability posed an enormous threat to affected organizations, given how widely used the application is around the globe. Suddenly, adversaries had unlimited administrative access to a very vulnerable system.