On December 9, 2021, a zero-day vulnerability in Log4j 2.x was discovered. This vulnerability is of great concern because if it’s successfully exploited, attackers are able to perform a RCE (Remote Code Execution) attack and compromise the affected server.  
Since we are a cloud-based Software Composition Analysis (SCA) provider, we have useful customer data that gives insight into the scope of the Log4j vulnerability.  
For starters, we found that 95 percent of our enterprise customers – organizations with over 100 applications – use Java.   

That doesn’t mean that every organization using Java is using Log4j … but most do. 88 percent of enterprises are using some version of Log4j – the most popular being version 1.2. 

That leads us to the million-dollar question: How many enterprises are using a vulnerable version of Log4j? Nearly 58 percent. 

And if we look at the data in terms of Java applications, approximately 17 percent have a Log4j vulnerability.  
What should you do if you…

Go to Source of this post
Author Of this post: hgoslin@veracode.com (hgoslin)

By admin