Tue. Jul 16th, 2024

Published on December 15, 2021

The European Commission, the EU Agency for Cybersecurity, CERT-EU and the network of the EU national computer security incident response teams (CSIRTs network) have been closely following the development of the Log4Shell vulnerability since 10 December 2021.

Log4Shell is a vulnerability in the well-known open source Java logging package Log4j, which is maintained by the Apache Software Foundation. Log4j is used in a wide array of applications and web services across the globe. Due to the nature of the vulnerability, its ubiquity and the complexity of patching in some of the impacted environments, it is important that all organisations, especially entities who fall under the Network and Information Security (NIS) Directive, assess their potential exposure as soon as possible.

The CSIRTs Network members are continuously updating a list of vulnerable software, which is maintained by the Dutch National Cyber Security Centre. It is important that adequate mitigation measures are applied in a timely manner and that organisations follow the guidance of their national cybersecurity authorities. The latest advisories published by the CSIRTs Network Members can be found in their relevant official communication channels. Organisations may also refer to guidance given by CERT-EU.

As this is a developing situation, we strongly recommend all organisations to regularly check the guidance provided by the CSIRTs Network Members and CERT-EU for the latest assessment and advice and to take actions as needed

The Agency and all relevant EU actors will continue to monitor this threat to contribute to the overall situational awareness at the Union level.

For technical background information about the vulnerability and recommendations: 

For guidance on response please refer to the relevant national authority:

The latest advisories published by CSIRTs Network Members are available here: 

  • https://github.com/enisaeu/CNW/blob/main/advisories.md

Source – ENISA

Forward to your friends