Log4j is an open source Java logging library that was recently found to have a vulnerability (CVE-2021-44228) allowing an attacker to take over a web server (or any device it runs on) and run commands from the device. This checklist is designed to help organizations find and remediate the Log4j exploit in their custom applications.

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.