{"id":13854,"date":"2025-03-20T21:17:08","date_gmt":"2025-03-21T05:17:08","guid":{"rendered":"http:\/\/www.sumologic.com\/?page_id=13854"},"modified":"2026-01-14T22:29:07","modified_gmt":"2026-01-15T06:29:07","slug":"log4j","status":"publish","type":"page","link":"https:\/\/www.sumologic.com\/solutions\/security\/log4j","title":{"rendered":"Log4j"},"content":{"rendered":"\n<section class=\"e-stn e-stn-123fadf620c2bf68b8019a401fc4bfec370b2069 e-stn--cta-with-content-buttons\"><style>@media only screen and (max-width: 9999px) {\n\t\t\t\t\t\t\t\t\t.e-stn.e-stn-123fadf620c2bf68b8019a401fc4bfec370b2069 { \n\t\t\t\t\t\t\t\t\t\tbackground-color: #101827; \n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}<\/style><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-0d9008e2df6be06c70b848263cf0b002bd5b4489 e-col--content-wrapper  col-sm-12 col-lg-6 col-xl-8 d-lg-flex flex-lg-column justify-content-lg-center\">\n<h1 class=\"wp-block-heading has-pure-white-color has-text-color has-link-color wp-elements-d8b7fa1669d7b1c7f96fc6e44ece6383\" id=\"log-management-your-solution-to-go-from-chaos-to-clarity\">Log4j<br>Vulnerability<br>Response Center<\/h1>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-7718b33dc17f8d6957b02edbe53482976331a554  col-sm-12 col-lg-6 col-xl-4 d-lg-flex flex-lg-column justify-content-lg-center\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"247\" height=\"247\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/icon-enhanced-security-color.svg\" alt=\"\" class=\"wp-image-13856\" title=\"\"><\/figure>\n<\/div><\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section id=\"section-7\" class=\"e-stn e-stn-0a4d04e509d285e023233a0e8d32dca0a6820859 e-stn--dynamic-grid-section e-mt-0 e-mb-0\"><style>@media only screen and (max-width: 9999px) {\n\t\t\t\t\t\t\t\t\t.e-stn.e-stn-0a4d04e509d285e023233a0e8d32dca0a6820859 { \n\t\t\t\t\t\t\t\t\t\tbackground-color: #ffffff; \n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}<\/style><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row justify-content-center\">\n<div class=\"wp-block-b3rg-column e-col e-col-23c491b9590ceaa0fec0c4d0a346887f5f358584  col-sm-7\">\n<p>Welcome to Sumo Logic\u2019s content hub for the Log4Shell vulnerability with Apache Log4j. You will find our latest updates and&nbsp;<strong><a href=\"#additional\">assets<\/a><\/strong>&nbsp;on this ongoing and developing issue.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center has-pure-black-color has-text-color has-link-color wp-elements-e8bc6c7ae12eb1a99db58a422eca0ef0\" id=\"sumo-logic-update-on-apache-log4j\">Sumo Logic update on Apache Log4j<\/h2>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-row e-row row e-row--dlt\">\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"45\" height=\"45\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/icon-security-2-color-1.svg\" alt=\"\" class=\"wp-image-13858\" style=\"aspect-ratio:1;width:63px\" title=\"\"><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading has-pure-black-color has-text-color has-link-color has-medium-font-size wp-elements-c6adf418e4a701f388692b22492d9de8\" id=\"automated-insights\"><strong>Was Sumo Logic exploited or the service impacted?<\/strong><\/h3>\n\n\n\n<p>For the initial Log4Shell vulnerability through the two subsequent CVEs, our security and engineering teams have confirmed Sumo Logic was&nbsp;<strong>NOT<\/strong>&nbsp;exploited and our Sumo Logic Service was&nbsp;<strong>never<\/strong>&nbsp;impacted.<\/p>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"64\" height=\"64\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/icon-manage-2-color-icon-1.svg\" alt=\"\" class=\"wp-image-13860\" style=\"aspect-ratio:1;width:63px\" title=\"\"><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading has-pure-black-color has-text-color has-link-color has-medium-font-size wp-elements-5621d2b643520d9db2ff210e0a9a6d24\" id=\"cloud-native-architecture\"><strong>What should Sumo Logic customers do?<\/strong><\/h3>\n\n\n\n<p>We recommend all customers upgrade their Installed Collectors to this&nbsp;<a href=\"https:\/\/help.sumologic.com\/Release-Notes\/Collector-Release-Notes#december-29-2021-19-375-4\" target=\"_blank\" rel=\"noreferrer noopener\">latest version (19.375-4)<\/a>&nbsp;immediately.<\/p>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"64\" height=\"64\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/icon-queries-2-color-icon-1.svg\" alt=\"\" class=\"wp-image-13861\" style=\"aspect-ratio:1;width:63px\" title=\"\"><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading has-pure-black-color has-text-color has-link-color has-medium-font-size wp-elements-1cef40087a7b8c03232ac708b8244a37\" id=\"single-collaborative-siem-platform\"><strong>How can I search for Log4j using Sumo Logic?<\/strong><\/h3>\n\n\n\n<p>For queries and a deeper technical dive on hunting for this activity, check out our&nbsp;<a href=\"\/blog\/log4shell-cve-2021-44228\" target=\"_blank\" rel=\"noreferrer noopener\">Log4Shell CVE-2021-44228 Situational Awareness Brief<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<div class=\"wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-6c531013 wp-block-group-is-layout-flex\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:12%\"><\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:60%\">\n<h2 class=\"wp-block-heading\" id=\"determining-if-you-re-affected\">Determining if you\u2019re affected<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If you\u2019re using Apache Log4j logging services in your organization, please compare your version against this&nbsp;<a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html\" target=\"_blank\" rel=\"noreferrer noopener\">Apache source<\/a>&nbsp;for details on updating to the latest version to address the recent security vulnerabilities.<\/li>\n\n\n\n<li>Our Content team is actively working on developing dashboards\/searches for customers to leverage to help identify potential cases of compromise within their environment.<\/li>\n\n\n\n<li>Using your Sumo Logic platform, here is a common search that you can use to find current versions of the exploit that bad actors may be attempting to abuse, which may help you identify cases in your own environment:<br><code>(\"jndi:\" or \"{lower:j\" or \"{upper:j\" or \"-j}\" or \":-j%7\") | parse regex \"(?&lt;jndi_string&gt;\\$\\{(?:\\$\\{[^\\}])?j\\}?(?:\\$\\{[^\\}])?n\\}?(?:\\$\\{[^\\}])?d\\}?(?:\\$\\{[^\\}])?i.*?:}?[^,;\\\"\\\\]+}?)[\\\\\\\";,]\" nodrop<\/code><\/li>\n\n\n\n<li>For a deeper technical dive on hunting for this activity, check out our Log4Shell CVE-2021-44228&nbsp;<a href=\"\/blog\/log4shell-cve-2021-44228\" target=\"_blank\" rel=\"noreferrer noopener\">Situational Awareness Brief<\/a>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-sumo-logic-mitigates-this-vulnerability\">How Sumo Logic mitigates this vulnerability<\/h2>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"what-steps-have-been-taken\">What steps have been taken?<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Beginning early in the morning on Dec. 10th, Sumo Logic\u2019s security team investigated and validated the nature and severity of the exploit against potential points of compromise and determined that&nbsp;<strong>at NO time<\/strong>&nbsp;was Sumo Logic exploited.<\/li>\n\n\n\n<li>We use a custom SumoLog4Layout library that never invokes custom lookups (as compared to Apache Log4j) so the Sumo Logic Service was never impacted.<\/li>\n\n\n\n<li>Sumo Logic\u2019s Installed Collector is designed to not invoke anything that it is receiving on the internet. Further, the logging that we do use Log4j for in our collector is for internal audit purposes only\u2014so this never posed any significant risk. As a precaution, we released an updated Installed Collector on Dec. 11th with Log4j v2.15.0 in case the situation escalated. With the discovery of CVE-2021-45046, we updated our collector on Dec. 16th with Log4j v2.16.0. With the discovery of CVE-2021-45105, we updated our collector on Dec. 19th with Log4j v2.17.0. On Dec. 29th we updated our collector with Log4j v2.17.1 to proactively protect against CVE-2021-44832.<\/li>\n\n\n\n<li>Sumo Logic remains in constant communication with our customers.<\/li>\n\n\n\n<li>Sumo Logic\u2019s System Security and Global Operations Center teams continue to monitor this situation closely for any change in the nature of the vulnerability, methods of compromise, and detection bypass methods.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"what-should-sumo-logic-customers-do\">What should Sumo Logic customers do?<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>On Dec. 29th we published a new version of our Installed Collector, release&nbsp;<a href=\"https:\/\/help.sumologic.com\/Release-Notes\/Collector-Release-Notes#december-29-2021-19-375-4\" target=\"_blank\" rel=\"noreferrer noopener\">19.375-4<\/a>, which has been updated to leverage Log4j v2.17.1 and address the vulnerability related to CVE-2021-44832.&nbsp;<strong><u>We recommend all customers upgrade their Installed Collectors to this latest version immediately.<\/u><\/strong><\/li>\n\n\n\n<li>Please stay up to date with our latest releases to ensure any potential undiscovered or undisclosed issues in prior Log4j versions are not exploitable.<\/li>\n\n\n\n<li>Sumo Logic\u2019s Customer Support team is following up directly with customers on known vulnerable versions to ensure all customers get to a secure\/safe version as soon as possible.<\/li>\n\n\n\n<li>If you have any questions, please contact us at&nbsp;<a href=\"mailto:support@sumologic.com\">support@sumologic.com<\/a><\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:28%\"><\/div>\n<\/div>\n<\/div>\n\n\n\n<section id=\"section-7\" class=\"e-stn e-stn-0a4d04e509d285e023233a0e8d32dca0a6820859 e-stn--dynamic-grid-section e-mt-0 e-mb-0\"><style>@media only screen and (max-width: 9999px) {\n\t\t\t\t\t\t\t\t\t.e-stn.e-stn-0a4d04e509d285e023233a0e8d32dca0a6820859 { \n\t\t\t\t\t\t\t\t\t\tbackground-color: #ffffff; \n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}<\/style><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row justify-content-center\">\n<div class=\"wp-block-b3rg-column e-col e-col-23c491b9590ceaa0fec0c4d0a346887f5f358584  col-sm-7\">\n<h2 class=\"wp-block-heading has-text-align-center has-pure-black-color has-text-color has-link-color wp-elements-ef07236a3fbdd324592653ca50ab1720\" id=\"sumo-logic-update-on-apache-log4j\">Cloud-native architecture really matters<\/h2>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-row e-row row e-row--dlt\">\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"64\" height=\"64\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/icon-scale-and-elastic-2-color-2.svg\" alt=\"\" class=\"wp-image-9750\" style=\"aspect-ratio:1;width:63px\" title=\"\"><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading has-pure-black-color has-text-color has-link-color wp-elements-6d7c09ee6768dc43e2aaccfeb97a7061\" id=\"automated-insights\"><strong>Built to scale<\/strong><\/h3>\n\n\n\n<p><strong>Dynamic, scalable, secure platform<\/strong><br>We analyze more than an exabyte of data and one quadrillion records daily for over 2,300 enterprises around the world.<\/p>\n\n\n\n<p><strong>Multi-tenant architecture<\/strong><br>Built for rapid deployment with consistent, continuously updated software and balanced resources across all customers.<\/p>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"64\" height=\"64\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/icon-soar-2-color-icon.svg\" alt=\"\" class=\"wp-image-13864\" style=\"aspect-ratio:1;width:63px\" title=\"\"><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading has-pure-black-color has-text-color has-link-color wp-elements-d8c200e062f8610c4854dce7cb6a44d4\" id=\"cloud-native-architecture\"><strong>Security by design<\/strong><\/h3>\n\n\n\n<p><strong>Built-in security from the ground up<\/strong><br>Protect your users&#8217; data with best-in-class security technologies, rigorous security process, and daily rotated, per-customer encryption keys.<\/p>\n\n\n\n<p><strong>Built with security-first principle in and for the cloud<\/strong><br>SOC 2 Type 2, PCI DSS 3.2.1, CSA Star, FedRAMP\u00ae Moderate and HIPAA certifications.<\/p>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/icon-machine-learning.svg\" alt=\"\" class=\"wp-image-13865\" style=\"aspect-ratio:1;width:63px\" title=\"\"><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading has-pure-black-color has-text-color has-link-color wp-elements-a165936006d9da3cae387b6bf11ecf51\" id=\"single-collaborative-siem-platform\"><strong>Machine-learning powered analytics<\/strong><\/h3>\n\n\n\n<p><strong>Insightful analytics<\/strong><br>Identify and predict anomalies in real-time with outlier detection and uncover root-causes using our patented LogReduce\u00ae and LogCompare pattern analyses.<\/p>\n\n\n\n<p><strong>Powerful and intuitive query-based analytics<\/strong><br>Unshackle power users with a rich operator library and enable all users with easy to use search templates.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section id=\"section-8\" class=\"e-stn e-stn-9dd56613981a9fe650ceef002457675d07b0eeaa e-stn--faq-accordion\"><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-029c01502d78b7cff6900cd3b2a145337ca3a946  col-sm-12 col-md-4\">\n<h2 class=\"wp-block-heading has-text-color has-link-color wp-elements-c6110cccd17f3e3e7cb741fb79650869\" id=\"frequently-asked-questions\" style=\"color:#141d2f\">Frequently asked questions<\/h2>\n\n\n<div class=\"e-btn e-btn--primary\"><a class=\"e-btn__link\"href=\"#\">\n<p class=\"title\"><\/p>\n<\/a><\/div><\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-1535be63930f7ed2ef76cc949c67e8736d5f40d3  col-sm-12 col-md-8\"><div class=\"e-acc e-acc--dlt\" data-settings='{\"forceExpand\":false,\"toggleMode\":true,\"colBreakPoint\":576,\"floatPanel\":false,\"autoSlide\":false,\"autoPlayInterval\":3000,\"pauseOnFocus\":true}' data-accordion='e-acc_69d84d17dd1e9'><div class=\"e-acc__itms-wrpr\"><div class=\"e-acc__itm-wrpr  active\" data-item-id='e-acc-itm-id-5'><div class=\"e-acc__itm\"><div class=\"e-acc__itm-hdr-wrpr\" data-toggle='collapse' data-target='e-acc-itm-id-5'><div class=\"e-acc__itm-hdr\">\n<h2 class=\"wp-block-heading has-text-color has-link-color wp-elements-9af1c57a7ca347feb9ce030087cf2b71\" id=\"do-i-have-to-upgrade-my-sumo-logic-collectors\" style=\"color:#141d2f\">Do I have to upgrade my Sumo Logic collectors?<\/h2>\n<\/div><\/div><div class=\"e-acc__itm-bdy-wrpr\" id='e-acc-itm-id-5' style='display:block'><div class=\"e-acc__itm-bdy\">\n<p>Yes, we highly recommend you update your Sumo Logic Installed Collector. Sumo Logic\u2019s Installed Collector is designed to not invoke anything that it is receiving on the internet. Further, the logging that we do use Log4j for in our collector is for internal audit purposes only\u2014so these vulnerabilities never posed any significant risk. As a precaution, we\u2019ve released four updates (as of 12\/29\/2021) to our Installed Collector to support patches and updates the Apache Software Foundation has made to their Log4j code.<\/p>\n<\/div><\/div><\/div><\/div><div class=\"e-acc__itm-wrpr\" data-item-id='e-acc-itm-id-6'><div class=\"e-acc__itm\"><div class=\"e-acc__itm-hdr-wrpr\" data-toggle='collapse' data-target='e-acc-itm-id-6'><div class=\"e-acc__itm-hdr\">\n<h2 class=\"wp-block-heading has-text-color has-link-color wp-elements-6945e9d431e4d7b75e65440752dfccf5\" id=\"what-is-log4shell\" style=\"color:#141d2f\">What is Log4Shell?<\/h2>\n<\/div><\/div><div class=\"e-acc__itm-bdy-wrpr\" id='e-acc-itm-id-6' style='display: none'><div class=\"e-acc__itm-bdy\">\n<p>Log4Shell is a critical (CVSS severity of 10) zero-day vulnerability in Apache Log4j, an open-source Java-based logging tool.<\/p>\n<\/div><\/div><\/div><\/div><div class=\"e-acc__itm-wrpr\" data-item-id='e-acc-itm-id-7'><div class=\"e-acc__itm\"><div class=\"e-acc__itm-hdr-wrpr\" data-toggle='collapse' data-target='e-acc-itm-id-7'><div class=\"e-acc__itm-hdr\">\n<h2 class=\"wp-block-heading has-text-color has-link-color wp-elements-7d765e02d84d4bcdbeedb4cb5dcb9f1d\" id=\"what-s-the-difference-between-log4shell-and-log4j\" style=\"color:#141d2f\">What\u2019s the difference between Log4Shell and Log4j?<\/h2>\n<\/div><\/div><div class=\"e-acc__itm-bdy-wrpr\" id='e-acc-itm-id-7' style='display: none'><div class=\"e-acc__itm-bdy\">\n<p>Apache Log4j is the logging tool that\u2019s had (as of this writing) four different vulnerabilities associated with it. The first vulnerability (CVE-2021-44228) garnered the name \u201cLog4Shell\u201d by many in the security community, however, the three subsequent vulnerabilities reported by CVE and the National Vulnerability Database have not been given a nickname at this time.<\/p>\n<\/div><\/div><\/div><\/div><div class=\"e-acc__itm-wrpr\" data-item-id='e-acc-itm-id-8'><div class=\"e-acc__itm\"><div class=\"e-acc__itm-hdr-wrpr\" data-toggle='collapse' data-target='e-acc-itm-id-8'><div class=\"e-acc__itm-hdr\">\n<h2 class=\"wp-block-heading has-text-color has-link-color wp-elements-25bdb1cb32110ebae6aca0d0e54eed4d\" id=\"how-is-log4j-exploited\" style=\"color:#141d2f\">How is Log4j exploited?<\/h2>\n<\/div><\/div><div class=\"e-acc__itm-bdy-wrpr\" id='e-acc-itm-id-8' style='display: none'><div class=\"e-acc__itm-bdy\">\n<p>Hackers can leverage the initial vulnerability (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44228\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2021-44228<\/a>) to send a specially crafted string containing the malicious code that gets logged by Log4j version 2.0 and higher, effectively enabling the threat actor to load arbitrary code from an attacker-controlled domain on a susceptible server and take over control. This is a RCE (remote code execution) attack.<\/p>\n\n<p>Later the security community learned the Log4Shell vulnerability fix still left Log4j open to attackers. This second vulnerability (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-45046\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2021-45046<\/a>) allows threat actors to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DoS) attack. The Apache Software Foundation mitigated this vector by completely removing message lookups feature with their Log4j v2.16.0. Sumo Logic proactively released an Installed Collector with v2.16.0 on Dec. 16th, 2021.<\/p>\n\n<p>On Dec. 18th, the NVD published a 3rd vulnerability (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-45105\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2021-45105<\/a>) since the Log4j v2.16.0 didn\u2019t protect from uncontrolled recursion from self-referential lookups, allowing an attacker to cause a DoS. Sumo Logic proactively released an Installed Collector with v2.17.0 on Dec. 19th, 2021.<\/p>\n\n<p>On Dec. 28th, the NVD published a 4th vulnerability (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44832\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2021-44832<\/a>) as Log4j v2.17.0 was vulnerable to an RCE attack if an attacker has control of the target LDAP server. Sumo Logic proactively released an Installed Collector with Log4j v2.17.1 on Dec. 29th, 2021.<\/p>\n<\/div><\/div><\/div><\/div><div class=\"e-acc__itm-wrpr\" data-item-id='e-acc-itm-id-9'><div class=\"e-acc__itm\"><div class=\"e-acc__itm-hdr-wrpr\" data-toggle='collapse' data-target='e-acc-itm-id-9'><div class=\"e-acc__itm-hdr\">\n<h2 class=\"wp-block-heading has-text-color has-link-color wp-elements-73d6ee57c1c1bb3bc001843f67932fe7\" id=\"how-is-log4j-exploited\" style=\"color:#141d2f\">Who is affected?<\/h2>\n<\/div><\/div><div class=\"e-acc__itm-bdy-wrpr\" id='e-acc-itm-id-9' style='display: none'><div class=\"e-acc__itm-bdy\">\n<p>Any server or device that uses an unpatched version of Apache Log4j is vulnerable, which is estimated at 3 billion devices at the time of the vulnerability disclosure.<\/p>\n<\/div><\/div><\/div><\/div><\/div> <\/div><\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"page-section resource-card-section gsbp-585e707 alignfull\" id=\"section-6\">\n<div>\n<div class=\"box-container resource-card-section__container\">\n<div class=\"resource-card-section__heading-wrapper\">\n<h2 class=\"resource-card-section__heading\">Additional resources<\/h2>\n<\/div>\n\n\n\n<div class=\"grid--l-3 grid--m-2 grid--s-1 gap--l resource-block-wrapper mt-3 grid--3\">\n<a class=\"resource-block\" href=\"https:\/\/sumo-logic.wistia.com\/medias\/k2679w781d\" target=\"_blank\" rel=\"noopener\">\n<div class=\"resource-block__img-wrap\">\n<figure class=\"resource-block__figure\">\n<img decoding=\"async\" class=\"resource-block__img\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/thumb-webinar-replay-thumb2.png\" alt=\"\" width=\"652\" height=\"366\" loading=\"lazy\" title=\"\">\n<\/figure>\n<\/div>\n\n\n\n<div class=\"resource-block__body-wrap\">\n<div class=\"resource-block__sub-heading\">video<\/div>\n\n\n\n<h3 class=\"resource-block__heading\">Webinar: Act Now on Log4Shell<\/h3>\n\n\n\n<p class=\"compare-items-sect__btm-item-text\">George Gerchow and Roland Palmer discuss the facts on Log4Shell vulnerability and how organizations should respond.<\/p>\n\n\n\n<div class=\"btn-right-arrow resource-block__link\">Watch video<\/div>\n<\/div>\n<\/a>\n\n\n\n<a class=\"resource-block\" href=\"https:\/\/www.sumologic.com\/blog\/log4shell-cve-2021-44228\">\n<div class=\"resource-block__img-wrap\">\n<figure class=\"resource-block__figure\">\n<img decoding=\"async\" class=\"resource-block__img\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/thumb-specops-min-1.png\" alt=\"\" width=\"652\" height=\"366\" loading=\"lazy\" title=\"\">\n<\/figure>\n<\/div>\n\n\n\n<div class=\"resource-block__body-wrap\">\n<div class=\"resource-block__sub-heading\">blog<\/div>\n\n\n\n<h3 class=\"resource-block__heading\">Situational Awareness Brief: Log4Shell CVE-2021-44228<\/h3>\n\n\n\n<p class=\"compare-items-sect__btm-item-text\">Sumo Logic\u2019s SpecOps team provides an overview and offers recommendations on hunting for and patching against the Log4Shell vulnerability.<\/p>\n\n\n\n<div class=\"btn-right-arrow resource-block__link\">Read blog<\/div>\n<\/div>\n<\/a>\n\n\n\n<a class=\"resource-block\" href=\"https:\/\/www.sumologic.com\/help\/release-notes-collector\/\" target=\"_blank\" rel=\"noopener\">\n<div class=\"resource-block__img-wrap\">\n<figure class=\"resource-block__figure\">\n<img decoding=\"async\" class=\"resource-block__img\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/thumb-Release-Notes-min.png\" alt=\"\" width=\"652\" height=\"366\" loading=\"lazy\" title=\"\">\n<\/figure>\n<\/div>\n\n\n\n<div class=\"resource-block__body-wrap\">\n<div class=\"resource-block__sub-heading\">DOCS<\/div>\n\n\n\n<h3 class=\"resource-block__heading\">LATEST: Sumo Logic Collector Release Notes<\/h3>\n\n\n\n<p class=\"compare-items-sect__btm-item-text\">Latest release notes for Sumo Logic\u2019s Installed Collector with links to instructions for upgrade options.<\/p>\n\n\n\n<div class=\"btn-right-arrow resource-block__link\">See notes<\/div>\n<\/div>\n<\/a>\n\n\n\n<a class=\"resource-block\" href=\"https:\/\/service.us2.sumologic.com\/ui\/dashboard.html?k=5q6zWCoVzOfwVliOoLfwbZONDYh5s7sNHhd9M8FXwfc8kBOCT6rrT4A6shso&amp;f=&amp;t=r\" target=\"_blank\" rel=\"noopener\">\n<div class=\"resource-block__img-wrap\">\n<figure class=\"resource-block__figure\">\n<img decoding=\"async\" class=\"resource-block__img\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/thumb-Exploit-tracker.png\" alt=\"\" width=\"652\" height=\"366\" loading=\"lazy\" title=\"\">\n<\/figure>\n<\/div>\n\n\n\n<div class=\"resource-block__body-wrap\">\n<div class=\"resource-block__sub-heading\">security<\/div>\n\n\n\n<h3 class=\"resource-block__heading\">Mjolnir Security Log4j Exploit Tracker<\/h3>\n\n\n\n<p class=\"compare-items-sect__btm-item-text\">Check out this live dashboard our friends at Mjolnir Security built using Sumo Logic\u2019s platform to track Log4j exploit activities.<\/p>\n\n\n\n<div class=\"btn-right-arrow resource-block__link\">Track exploits<\/div>\n<\/div>\n<\/a>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n\n\n\n<section id=\"section-7\" class=\"e-stn e-stn-0a4d04e509d285e023233a0e8d32dca0a6820859 e-stn--dynamic-grid-section e-mt-0 e-mb-0\"><style>@media only screen and (max-width: 9999px) {\n\t\t\t\t\t\t\t\t\t.e-stn.e-stn-0a4d04e509d285e023233a0e8d32dca0a6820859 { \n\t\t\t\t\t\t\t\t\t\tbackground-color: #ffffff; \n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}<\/style><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row e-row--dlt\">\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\">\n<h2 class=\"wp-block-heading has-pure-black-color has-text-color has-link-color wp-elements-4c8c8ef9f7a732d77751878cbbbff746\" id=\"automated-insights\">You\u2019re not alone<\/h2>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\">\n<h3 class=\"wp-block-heading has-pure-black-color has-text-color has-link-color wp-elements-8430519d5777db5db56e335e992ffe69\" id=\"automated-insights\">EXISTING CUSTOMERS<\/h3>\n\n\n\n<p>We understand this is likely an extremely stressful time for you and your security team. If you\u2019re a Sumo Logic customer, we want to assure you that our account team is standing by and ready to help. For any additional technical questions or concerns, please open a case with Sumo Logic Support&nbsp;<a href=\"mailto:support@sumologic.com\" target=\"_blank\" rel=\"noreferrer noopener\">by contacting them via email<\/a>, or submitting your request.<\/p>\n\n\n<div class=\"e-btn e-btn--underline-black-common-link-with-arrow\"><a class=\"e-btn__link\" href=\"https:\/\/support.sumologic.com\/hc\/en-us\/requests\/new\" target=\"_blank\" rel=\"noopener\">\n<p class=\"title\">Submit a request<\/p>\n<\/a><\/div><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\">\n<h3 class=\"wp-block-heading has-pure-black-color has-text-color has-link-color wp-elements-fb1fe80cf00de920150f40bf45c6a5b2\" id=\"cloud-native-architecture\">EVERYONE<\/h3>\n\n\n\n<p>If you\u2019re not yet a Sumo Logic customer but would like to gain a better understanding of how we\u2019re helping organizations navigate this and future challenges, please request your own free trial.<\/p>\n\n\n<div class=\"e-btn e-btn--underline-black-common-link-with-arrow\"><a class=\"e-btn__link\"href=\"\/sign-up\" target=\"_blank\">\n<p class=\"title\">Start free trial<\/p>\n<\/a><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Determining if you\u2019re affected How Sumo Logic mitigates this vulnerability What steps have been taken? What should Sumo Logic customers do?<\/p>\n","protected":false},"author":4,"featured_media":0,"parent":8550,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"6","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"translation_priority":[221]},"selected_primary_terms":[],"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":".gsbp-9713641{display:flex;justify-content:center;flex-direction:column;align-items:center;padding-right:var(--wp--custom--spacing--side, min(3vw, 20px));padding-left:var(--wp--custom--spacing--side, min(3vw, 20px));margin-top:0;margin-bottom:0;position:relative;padding-top:var(--cf-space-xl);padding-bottom:var(--cf-space-xl)}.gsbp-1581a8b{max-width:100%;width:1380px}.related-items__left-col{display:flex;flex-direction:column;column-gap:var(--cf-space-m);row-gap:var(--cf-space-3xs)}body .related-items__heading:is(h1,h2,h3,h4,h5,h6){font-size:var(--cf-text-2xl)}.related-items__right-col{display:flex;column-gap:var(--space-l);row-gap:var(--space-l)}.related-items__item{border-width:1px;border-style:solid;border-color:var(--cf-primary-30);padding-top:var(--space-xs);padding-bottom:var(--space-xs);padding-left:var(--space-xs);padding-right:var(--space-xs);display:flex;flex-direction:column;row-gap:var(--cf-space-xs);text-decoration:none}.related-items__item .relate-items__item-img{max-width:100%;height:auto;object-fit:cover}body .relate-items__item-title:is(h1,h2,h3,h4,h5,h6){text-decoration:none;color:var(--cf-primary)}.related-items__item .relate-items__item-img{text-decoration:none;margin-bottom:var(--cf-space-4xs)}.related-items__item .relate-items__item-title{text-decoration:none;font-size:var(--cf-text-l)}.related-items__item .related-items__item-btn{color:var(--cf-primary);padding-top:var(--cf-space-xs);padding-bottom:var(--cf-space-xs);padding-left:var(--cf-space-xs);padding-right:var(--cf-space-xs);border-width:1px;border-style:solid;max-width:150px;display:flex;justify-content:center}.related-items__item .related-items__item-text{color:var(--cf-primary)}","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"class_list":["post-13854","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/pages\/13854","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/comments?post=13854"}],"version-history":[{"count":14,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/pages\/13854\/revisions"}],"predecessor-version":[{"id":66593,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/pages\/13854\/revisions\/66593"}],"up":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/pages\/8550"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=13854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}