"Your flow chart missed the biggest decision point: Is your instance exposed and addressable to the Internet? If no, your risk is significantly reduced. If yes, continue.
Just because your app uses Log4J doesn't mean it is directly vulnerable. If…"
"SACHIN BP SHETTY That's some relief though. Also, we should make some frameworks for longterm resolution, so security teams are better prepared when the next Log4j hits. We've seen such instances before like heartbleed. Only this time, the impact is…"
We're talking about the latest Java-based vulnerability CVE-2021-44228. Recently, a critical Zero-day vulnerability has been found in log4j which permits Remote Code Execution (RCE) allowing the attackers to get remote access. The Vulnerability got…