Logging software is a universal software that tracks activities such as site visits, clicks and chats. read also
Earlier this month, a researcher at Chinese tech company Alibaba warned the non-profit Apache Software Foundation that Log4j would not only track chats or clicks, but also follow links from external sites. With this, it can let a hacker take control of the server.
Apache released a fix for the program, but thousands of other programs use this free logger. There are many free software among them, which are maintained by volunteers. Also, there are programs of many big companies, in which some engineers work round the clock in many programs.
Kevin Beaumont, a security threat analyst helping CISA compile the list, said that many vendors still do not have security patches for this vulnerability.
Some companies, including Cisco Cisco, are updating the guidance several times daily to reduce or detect intrusions.
As of Thursday, CISA’s list included about 20 Cisco products that were vulnerable to attacks due to lack of patches. These included the Cisco WebEx Meetings Server, the Cisco Umbrella, and a cloud security product.
A company spokesperson said Cisco has tested more than 200 products and about 130 are safe. Software patches are available for many of the affected products.
VMware is also continuously updating the advisory on its site. Splunk Splunk has also removed the list. Along with this, suggestions have also been given to deal with hackers trying to misuse the vulnerability.
IBM has listed the product as non-vulnerable but has also said that it does not confirm or disclose external vulnerability until a fix is available.