SEIMs and Other Forensic Tools Vulnerable to Log4j Exploits

The Auopsy, Ghidra, Graylog, Log4j, and Splunk logos

This article was last updated on 2022-01-03.

After several Log4j vulnerabilities (known as Log4shell or LogJam in the tech press) were publicly exposed, IT teams around the globe have been rushing to patch all of their applications against the flaws. Log4j is an very popular open source software library for implementing logging in Java applications. The first discovered flaw, tracked as CVE-2021-44228, allows logged data to include remote lookup that would then download and execute arbitrary code from a remote server, which is known as a Remote Code Execution (RCE) vulnerability. Many security tools such as Splunk, Graylog, Autopsy, and Ghidra use Log4j to generate usage and diagnostic logs.

Tools commonly used by information security professionals to investigate breaches could be leveraged to cause a security breach.

Read more