Log4Shell

General Description of the Vulnerability

The vulnerability (CVE-2021-44228 1) is critical, as it can be exploited from remote by an unauthenticated adversary to executed arbitrary code (remote code execution – RCE). The criticality of the vulnerability has a score of 10 (out of 10) in the common vulnerability scoring system (CVSS) which outlines how severe the vulnerability is.

Risk Classification: High

The risk classification can vary due to the specific deployment.

Action taken by SPIE

• Check for "Log4j" threat of all our Managed Service Customers
• Continuous monitoring of customer environments
• In collaboration with customers, remediation steps are planned and initialized as required

General recommended actions for all customers

• Identify affected systems with "Log4j" in your environment.
  • Follow provider advisories
  • Check individual systems
• Update system offline to version Log4j 2.15.0 or above (best protection)
• Workaround: the following parameter should be set to true when starting the Java Virtual Machine: log4j2.formatMsgNoLookups

Further Information

GovCert Blog

For any further requests, please contact your SPIE Service representative.

Kind regards
SPIE ICS AG