On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j (version 2) was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. It is now called “Log4Shell” for short.  It has now been published as CVE-2021-44228.

NoviFlow can confirm that their current deployed products are not exposed to the Log4Shell exploit found in log4j 2 (CVE-2021-44228) reported on Dec 9th, 2021.