Created: 2022-07-21
Tags: #fleeting
By National Vulnerability Database (NVD) count,
it had a 10.0 CVSSv3 score. That’s on a 0.1 to 10 scale.
But, hey, it was patched months ago. True, there was a security hiccup with the first Log4j patch, but it was quickly fixed.
!! WRONG !!.
Hackers, including state-sponsored advanced persistent threat (APT) actors are still exploiting CVE-2021-44228 (Log4Shell) in VMware Horizon and Unified Access Gateway (UAG).
“Since January 2022, VMware NSX Network Detection and Response has tracked over 25 million exploit attempts against Log4j.”