December 11, 2021
Log4j High-Risk Vulnerability

Executive Summary

Apache Log4j, dubbed CVE-2021-44228, is an open-source logging utility in almost all major Java-based applications and servers. Currently running on 3 billion devices worldwide, Log4j has been exposed to a high-risk vulnerability underactive and vigorous exploitation. As of December 10th, nearly 10,000+ attacks exploiting this vulnerability have been discovered and that number continues to proliferate. The zero-day exploit named “Log4Shell” affects all industries and has impacted several popular services, including Apple iCloud, Twitter, Steam and Minecraft.

The exploitation of this vulnerability is simple and only requires the attacker to enter a piece of code into the target triggering the vulnerability, allowing the attacker to remotely control the user victim’s server.


“In the case of Minecraft, attackers were able to get remote code execution on Minecraft servers by simply pasting a short message into the chatbox.”

— Marcus Hutchins @MalwareTechBlog


Security Alert | Log4J

Mitigation | Recommendations

  • If possible, update to Log4j version 2.15.0
  • Flip setting for versions log4j 2.10.0 and up
    • Setting log4j2.formatMsgNoLookups to True
    • This is done by adding -Dlog4j2.formatMsgNoLookups=true in the JVM command line
  • Disable LDAP lookups


Read the Updated Alert


For additional information, contact:

Dan Gregory
VP | System Engineering, CBI | 313.649.4611



About the Author
CBI, A Converge Company
CBI Cybersecurity
CBI, A Converge Company, is a leading cybersecurity advisor to many of the world’s top tier organizations. Founded in 1991, CBI provides innovate, flexible and customizable solutions that help ensure data is secure, compliant and available. We engage in an advisory-led approach to safeguard our clients against the ever-changing threat landscape—giving them comprehensive visibility into their entire security program and helping them avoid cyber challenges before they can impact their data, business and brand. We are dedicated to the relentless pursuit of mitigating risks and elevating corporate security for a multitude of industries and companies of all sizes.
I Need To...