- Level: Informational
- CVE(s): CVE-2021-44228
- Affected Devices: None
Overview
Log4Shell is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud’s security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021, the vulnerability circulated with the name “Log4Shell”, given by Free Wortley of the LunaSec team, which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score.
Are SMSEagle products are affected?
SMSEagle devices are not affected by recently found log4j/log4shell vulnerabilities – they’re not used in our software.
