Vulcan-Cyber has a dedicated Log4j (Log4Shell) dashboard widget to add visibility and to help you fully track this ongoing global event on the attack surfaces.

To provide more clarity around the data you see in this widget:

  • The amount of Vulnerable Assets is the total amount of all vulnerability-instances for ALL related Log4J / Log4shell vulnerabilities, regardless of their current scores (even if some might score low).

  • Fixed - The total amount of fixed vulnerability instances for ALL related Log4J/Log4shell vulnerabilities.

You can track this family of vulnerabilities in your environment by clicking on the Track button on the widget.

As the Log4J event is still unfolding, we will highlight and track the following Log4J CVEs:

  • CVE-2021-44228 - CVSS score 10 (RCE)

  • CVE-2021-45046 - CVSS score 9 (RCE)

  • CVE-2021-45105 - CVSS score 7.5 (DOS)

  • CVE-2021-44832 - CVSS score 6.6 (RCE) - score not final, awaiting reanalysis

This list will be updated from time to time based on new findings and rating updates.

Did this answer your question?