Tracked as CVE-2021-44228, the infamous Log4Shell vulnerability that was disclosed in November 2021 impacts the widely used Apache Log4j logging tool, and is described as a critical-severity flaw leading to remote code execution.
Exploitation of the vulnerability started less than two weeks after the bug was reported, prompting organizations to prioritize the deployment of available patches.
Since December 2021, numerous threat actors have been observed exploiting the vulnerability in VMware Horizon and UAG servers, including state-sponsored advanced persistent threat (APT) actors. VMware released fixes for this vulnerability in early December 2021.
