The Log4j Vulnerability is Still Out There: How a Dynamic SBOM Helps You Find It

A lock sign and the words danger and attack

By: John Vassiliou

Despite the time that’s passed between its discovery and today, Log4Shell continues to plague the tech industry.

The number of downloads of exploitable Log4j packages has remained consistent, and because it nests itself deep in files, it is often difficult for current tools to find vulnerabilities.

A recent report from Rezilion finds that almost 60% of packages affected by the vulnerability remained untouched, and over 90,000 publicly facing servers are still running obsolete versions of Log4j. As people continue to unknowingly download components with unpatched versions, they open themselves up to attacks.

Organizations need better tools to monitor the third party software they rely on and know how to remediate and mitigate future exploits from slowing down their development process. The answer lies in a Dynamic SBOM, which gives full visibility into the software environment in real time.

Download this report to learn about:

  • How a Dynamic SBOM can help you hunt for Log4j
  • How to establish exploitability context
  • How to remediate Log4j instances

Reduce your patching efforts by
85% or more in less than 10 minutes