It has been announced that a remotely exploitable 0-day vulnerability for the popular Java logging library Log4j has been discovered and that code to exploit this is in the public domain. If exploited, this enables execution of code and potentially full control of the target machine - scanning for vulnerable machines is now being reported.

CVE-2021-44228

Log4j is used widely by many applications for logging and the vulnerability affects versions 2.0 to 2.14.1 of Log4j

SMG is not affected by this vulnerability.

For the latest Broadcom Symantec product information regarding this vulnerability, please see the related Symantec Security Advisory. 

• CVE-2021-44228