The anatomy of Log4Shell By now, we are all familiar with the fact that Log4Shell is just about as critical as a critical vulnerability can get – scoring a 10 out of 10 on the National Institute of Standards and Technology’s CVSS severity scale. As it targets a library – Apache Log4j2 – that nearly every Java application uses to log requests, this vulnerability is ubiquitous. Many applications use Log4j2 without even realizing it, meaning … Continue reading Qualys platform study: Log4Shell, the menace continues