"Over 30% Of Log4j Apps Use a Vulnerable Version of the Library"

About 38 percent of applications using the Apache Log4j library are still vulnerable to security issues, including Log4Shell, a critical vulnerability with the highest severity rating. Log4Shell is a Remote Code Execution (RCE) flaw that enables complete control of systems running Log4j 2.0-beta9 and up to 2.15.0. On December 10, 2021, the flaw was discovered as an actively exploited zero-day, and its widespread impact, ease of exploitation, and security implications served as an invitation to threat actors. Despite warnings, many organizations continued to use vulnerable versions after patches became available, prompting an extensive campaign to notify affected project maintainers and system administrators. This article continues to discuss how Log4j apps are still using a vulnerable version of the library.

Bleeping Computer reports "Over 30% Of Log4J Apps Use a Vulnerable Version of the Library"

Submitted by grigby1