Experts: Log4j Bug Could Be Exploited for “Years”

Experts: Log4j Bug Could Be Exploited for “Years”

Security experts have warned that the Log4j vulnerability could still enable threat actors to launch attacks years from now, if security teams don’t up their game.

Forrester analyst, Allie Mellen, claimed the sheer scale and potential persistence of the threat was extremely worrying.

“This vulnerability is so dangerous because of its massive scale. Java is used on over three billion devices, and a large number of those use Log4j, which is where the vulnerability lies,” she added.

“It will be used for months if not years to attack enterprises, which is why security teams must strike while the iron is hot.”

A patch for the Apache logging product has been released, but although the vulnerability has a CVSS score of 10, many organizations might struggle to find instances running in their environment.

That’s in part because of the multiple layers of dependencies that exist in enterprise Java environments, in the form of Java archive (JAR) files. Any one of these may be hiding Log4j to help them log data.

BH Consulting founder and Infosecurity Europe Hall of Fame inductee, Brian Honan, agreed that the vulnerability “is likely to be with us for a

Read More: