SAP has been working around the clock to patch apps vulnerable to the Log4Shell flaw, releasing 21 fixes in its Patch Tuesday update. SAP has identified 32 different apps that have been affected by the critical vulnerability, which lies in the Apache Log4j Java-based jogging library that has been under
CISA Apache Log4j Vulnerability Guidance Webpage Up and Running with Mitigation Guidance from JCDC Partners
Relative to other cyber incidents in the last few months, Log4j is proving severely problematic. If you are in the middle of your impact and mitigation assessment, hands down the most important resource available is the webpage CISA launched yesterday to address the current Log4j activity. Per OODA CEO Matt Devost: “This is a great page and we should highlight that it exists for OODA Loop members. CISA has done a great job here.” Log4j is also the first US-CERT notification to put front and center private sector collaboration through the newly formed DHS CISA Joint Cyber Defense Collaborative (JCDC).