Veracode tau tshaj tawm cov txiaj ntsig ntawm kev tshawb fawb txog qhov cuam tshuam ntawm qhov tsis zoo tseem ceeb hauv Log4j Java lub tsev qiv ntawv, txheeb xyuas xyoo tas los thiab xyoo ua ntej. Tom qab kawm txog 38278 daim ntawv thov siv los ntawm 3866 lub koom haum, Veracode cov kws tshawb fawb pom tias 38% ntawm lawv siv cov qauv tsis zoo ntawm Log4j. Qhov laj thawj tseem ceeb ntawm kev txuas ntxiv siv cov cai qub qub yog kev koom ua ke ntawm cov tsev qiv ntawv qub rau hauv cov haujlwm lossis kev ua haujlwm ntawm kev tsiv teb tsaws los ntawm cov ceg tsis muaj kev txhawb nqa mus rau cov ceg ntoo tshiab uas rov qab sib xws (kev txiav txim los ntawm Veracode tsab ntawv ceeb toom dhau los, 79% ntawm cov tsev qiv ntawv thib peb tau tsiv mus rau hauv qhov project. code yeej tsis hloov kho tom qab).
Muaj peb pawg tseem ceeb ntawm cov ntawv thov uas siv qhov tsis zoo ntawm Log4j:
- 2.8% ntawm daim ntawv thov txuas ntxiv siv Log4j versions ntawm 2.0-beta9 mus rau 2.15.0, uas muaj qhov tsis zoo ntawm Log4Shell (CVE-2021-44228).
- 3.8% ntawm cov ntawv thov siv Log4j2 2.17.0 tso tawm, uas txhim kho Log4Shell qhov tsis muaj zog, tab sis tawm ntawm CVE-2021-44832 chaw taws teeb tswj kev ua tiav (RCE) qhov tsis muaj teeb meem.
- 32% ntawm cov ntawv thov siv Log4j2 1.2.x ceg, kev txhawb nqa uas tau xaus rov qab rau xyoo 2015. Cov ceg no raug cuam tshuam los ntawm qhov tsis zoo tseem ceeb CVE-2022-23307, CVE-2022-23305 thiab CVE-2022-23302, tau txheeb xyuas hauv 2022 7 xyoo tom qab qhov kawg ntawm kev saib xyuas.
Tau qhov twg los: opennet.ru