Due to the nature of the Log4j situation, vulnerabilities will be evolving over an extended period of time. It is our recommendation that all Admins do a daily check of the following web pages, and a periodic check of the CVEs listed herein, which are all being continually updated, to see if there are any additional actionable steps to be taken.
- Apache Log4j Vulnerability Guidance
- Community Sourced GitHub Repository
- Apache Change Release History Log
As of this date, the known CVEs (Critical Vulnerabilities & Exposures) are:
- 2021-44228 (severity 10/10)
- 2021-45046 (severity: 9/10)
- 2021-45105 (severity: 7.5/10)
Please do not forget to subscribe to the blog if you haven’t already done so, and email NYU IT’s Global Office of Information Security (GOIS) at security@nyu.edu, with “LOG4J STATUS” on the subject line, to share what action your school or unit has taken to patch this vulnerability.
Thank you for your partnership in keeping NYU secure!