Log4Shell is a zero-day vulnerability that was discovered in December of 2021 within the widely used Apache Log4j logging library. Log4j is used in almost every java-based commercial and open-source application around the world. This vulnerability allows an attacker to run arbitrary code on a device that gives full control over to the attacker. The malicious code that is executed can be anything from Ransomware to data-stealing malware. Due to the pervasiveness of Log4j within java-based applications, virtually every organization is at risk.

Carahsoft has compiled a list of resources and recommendations from our vendor partners that can be used to mitigate and address this vulnerability.