A remote code execution vulnerability (CVE-2021-44228) has been identified in the Log4j library, one of the most widely used Java-based logging utilities globally.
The Australian Cyber Security Centre (ACSC) has published an alert about the vulnerability with detailed advice.
The ACSC has seen large volumes of reconnaissance scans by malicious actors attempting to find Australian entities vulnerable to the Log4j vulnerability. Multiple attackers are exploiting this flaw in Australia and globally, and the ACSC is aware of around 400 vendors who may use the Log4j library.
The ACSC is working with a significant number of victims and affected vendors across all sectors of the economy.
Affected Australian organisations should update to the latest available patch for all affected products and continue to monitor for new patches as they become available.