Back to blog

The Log4j Vulnerability is Still Out There: How a Dynamic SBOM Helps You Find It

John Vassiliou June 15, 2022
1 minute read
A lock sign and the words danger and attack

By: John Vassiliou

Despite the time that’s passed between its discovery and today, Log4Shell continues to plague the tech industry.

The number of downloads of exploitable Log4j packages has remained consistent, and because it nests itself deep in files, it is often difficult for current tools to find vulnerabilities.

A recent report from Rezilion finds that almost 60% of packages affected by the vulnerability remained untouched, and over 90,000 publicly facing servers are still running obsolete versions of Log4j. As people continue to unknowingly download components with unpatched versions, they open themselves up to attacks.

Organizations need better tools to monitor the third party software they rely on and know how to remediate and mitigate future exploits from slowing down their development process. The answer lies in a Dynamic SBOM, which gives full visibility into the software environment in real time.

Download this report to learn about:

  • How a Dynamic SBOM can help you hunt for Log4j
  • How to establish exploitability context
  • How to remediate Log4j instances

Keep reading

The CVE-2023-5217 Deja Vu – Another Actively Exploited Chrome Vulnerability Affecting a WebM Project Library (libvpx)
Blog

The CVE-2023-5217 Deja Vu – Another Actively Exploited Chrome Vulnerability Affecting a WebM Project Library (libvpx)

Read Now
Rezilion Researchers Uncover New Details on Severity of Google Chrome Zero-Day Vulnerability (CVE-2023-4863)
Blog

Rezilion Researchers Uncover New Details on Severity of Google Chrome Zero-Day Vulnerability (CVE-2023-4863)

Read Now
Uplevel to Next-Generation Vulnerability Management with our CISO Guide
Blog

Uplevel to Next-Generation Vulnerability Management with our CISO Guide

Read Now

Reduce your patching efforts by
85% or more in less than 10 minutes

Get Demo