Veracode na faʻasalalau iʻuga o se suʻesuʻega o le talafeagai o faʻafitauli ogaoga i totonu o le Log4j Java library, faʻaalia i le tausaga talu ai ma le tausaga na muamua atu. Ina ua maeʻa suʻesuʻega 38278 talosaga na faʻaaogaina e le 3866 faʻalapotopotoga, na maua e le au suʻesuʻe Veracode e 38% oi latou e faʻaogaina faʻafitauli vaivai o Log4j. O le mafuaʻaga autu mo le faʻaauauina o le faʻaaogaina o tulafono faʻaleaganuʻu o le tuʻufaʻatasia o faletusi tuai i totonu o galuega faatino poʻo le galue malosi o le faimalaga mai lala le lagolagoina i lala fou e fetaui i tua (faʻamasinoina e se lipoti a Veracode talu ai, 79% o faletusi lona tolu na malaga atu i totonu o le poloketi. code e le toe faʻafouina mulimuli ane).
E tolu vaega autu o talosaga o loʻo faʻaogaina faʻafitauli vaivai o Log4j:
- 2.8% o talosaga o loʻo faʻaauau pea ona faʻaogaina Log4j versions mai le 2.0-beta9 i le 2.15.0, lea e iai le Log4Shell vulnerability (CVE-2021-44228).
- 3.8% o talosaga e faʻaogaina le faʻamalolo o le Log4j2 2.17.0, lea e faʻaleleia ai le vaivai o le Log4Shell, ae tuʻu ai le CVE-2021-44832 mamao faʻataunuʻu code (RCE) faʻaletonu e leʻi faʻamautuina.
- 32% o talosaga o loʻo faʻaogaina le Log4j2 1.2.x lala, lagolago lea na faʻamutaina i le 2015. O lenei lala o loʻo aʻafia i faʻafitauli matuia CVE-2022-23307, CVE-2022-23305 ma CVE-2022-23302, faʻaalia i le 2022 7 tausaga talu ona maeʻa le tausiga.
puna: opennet.ru