Veracode yakaburitsa mhedzisiro yeongororo yekukoshera kwekunetseka kwakanyanya muLog4j Java raibhurari, yakaonekwa gore rapfuura uye gore rapfuura. Mushure mekudzidza 38278 zvikumbiro zvinoshandiswa ne3866 masangano, Veracode vaongorori vakawana kuti 38% yavo inoshandisa isina njodzi shanduro yeLog4j. Chikonzero chikuru chekuenderera mberi nekushandisa kodhi yenhaka kubatanidzwa kwemaraibhurari ekare kuita mapurojekiti kana kuneta kwekutama kubva kumapazi asina kutsigirwa kuenda kumapazi matsva anoenderana neshure (tichitarisa neyakapfuura Veracode report, 79% yemaraibhurari ebato rechitatu akatamira kuprojekiti. kodhi haina kuzombovandudzwa).
Pane matatu makuru mapoka emashandisirwo anoshandisa asina njodzi shanduro dzeLog4j:
- 2.8% yemashandisirwo anoenderera mberi nekushandisa Log4j shanduro kubva 2.0-beta9 kusvika 2.15.0, iyo ine Log4Shell vulnerability (CVE-2021-44228).
- 3.8% yemashandisirwo anoshandisa iyo Log4j2 2.17.0 kuburitswa, iyo inogadzirisa iyo Log4Shell kusagadzikana, asi inosiya iyo CVE-2021-44832 kure kodhi kuuraya (RCE) kusagadziriswa.
- 32% yezvikumbiro zvinoshandisa Log4j2 1.2.x bazi, rutsigiro rwakapera muna 2015. Iri bazi rinokanganiswa nekunetseka kwakanyanya CVE-2022-23307, CVE-2022-23305 uye CVE-2022-23302, yakaonekwa muna 2022 7 makore mushure mekupera kwekugadzirisa.
Source: opennet.ru