Veracode ebipụtala nsonaazụ nyocha nke mkpa nke adịghị ike dị egwu na ọbá akwụkwọ Log4j Java, nke a chọpụtara n'afọ gara aga na afọ gara aga. Mgbe ha nyochachara ngwa 38278 nke ụlọ ọrụ 3866 ji mee ihe, ndị nyocha Veracode chọpụtara na 38% n'ime ha na-eji ụdị Log4j adịghị ike. Isi ihe kpatara na-aga n'ihu na-eji koodu ihe nketa bụ ntinye nke ụlọ akwụkwọ ochie n'ime ọrụ ma ọ bụ ịrụsi ọrụ ike nke isi na alaka ndị na-akwadoghị gaa na alaka ọhụrụ na-adaba azụ (n'ikpe site na akụkọ Veracode gara aga, 79% nke ụlọ akwụkwọ ndị ọzọ kwagara n'ime oru ngo. Koodu anaghị emelite emelite).
Enwere ụdị ngwa atọ bụ isi na-eji ụdị Log4j adịghị ike:
- 2.8% nke ngwa na-aga n'ihu na-eji ụdị Log4j sitere na 2.0-beta9 ruo 2.15.0, nke nwere ọghọm Log4Shell (CVE-2021-44228).
- 3.8% nke ngwa na-eji Log4j2 2.17.0 ntọhapụ, nke na-edozi adịghị ike Log4Shell, mana na-ahapụ adịghị ike CVE-2021-44832 code code (RCE).
- 32% nke ngwa na-eji ngalaba Log4j2 1.2.x, nkwado nke kwụsịrị azụ na 2015. Alaka a na-emetụta adịghị ike dị egwu CVE-2022-23307, CVE-2022-23305 na CVE-2022-23302, chọpụtara na 2022 7 afọ mgbe njedebe nke mmezi.
isi: opennet.ru