Apache Log4j (Log4Shell) Vulnerability

What happened?

On December 9, 2021, public information began to circulate about a critical zero-day vulnerability that has put a vast number of services and systems at risk.

Named Log4j (or Log4Shell), this open-source vulnerability has presented many dire challenges for security teams, as it affects several widely used enterprise applications and cloud services. This includes Apache Struts, Apache Solr, Apache Druid, Apache Dubbo, Elasticsearch, and VMware vCenter.

Apache Log4j

How is the situation evolving?

It is highly recommended that all customers apply vendor patches as they become available. Log4j version 2 is now public and ready for user update. Several independent sources have published potential temporary mitigation measures that involve changing configuration files.

Featured articles

Are Endpoints at Risk for Log4Shell Attacks?

The Log4j story, and how it has impacted our customers

How can Trend Micro help?

Trend Micro Research, along with the cybersecurity community, is actively analyzing the Log4j vulnerability. Take advantage of our scanning tool to identify compromised server applications. Take advantage of our comprehensive vulnerability assessment tool to identify compromised server applications.

Are you a target

Are you a target?

Quickly identify endpoints and server applications that may have Log4j.

Customers

Customers

Check for the latest updates to our products during this evolving situation.

Webinar: Log4j Vulnerability

What to know and what to do

Learn how to recognize the indicators of compromise (IoC) for this attack and what to do if your organization has been impacted.




Product Demo: Log4j Vulnerability

How to Discover, Detect, and Protect

Learn how our products enable discovery, detection, and protection for Log4shell in this 3-minute demo.




How our solutions help you detect and respond rapidly to threats that may breach your defenses.

Trend Cloud One

If you have server workloads, try virtual patching for the Log4j vulnerability via the 30-day free trial and always-free tiers of Trend Cloud One™, our all-in-one cloud security platform.

Trend Vision One

Expand your view of your attack surface with Trend Vision One™, our threat defense platform. Try it free for 60 days and experience the broadest native XDR sensor coverage in the cybersecurity market.

JOIN 500K+ GLOBAL CUSTOMERS

Get in touch with our experts