Scribd
Upload
112 views1 page

AIG Email Pattern

The AIG Cyber & Information Security Team notified the Product Development Team that a critical remote code execution vulnerability was discovered in Log4j versions 2.0-beta9 through 2.15.0 that could allow unauthenticated attackers to access and execute code on the Product Development Staging Environment infrastructure. They advised updating affected systems to Log4j versions 2.16.0 or 2.12.2 and monitoring for any signs of exploitation, and to contact security if any exploitation is found after remediation.

Uploaded by

Shahid Imran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
112 views1 page

AIG Email Pattern

The AIG Cyber & Information Security Team notified the Product Development Team that a critical remote code execution vulnerability was discovered in Log4j versions 2.0-beta9 through 2.15.0 that could allow unauthenticated attackers to access and execute code on the Product Development Staging Environment infrastructure. They advised updating affected systems to Log4j versions 2.16.0 or 2.12.2 and monitoring for any signs of exploitation, and to contact security if any exploitation is found after remediation.

Uploaded by

Shahid Imran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

From: 

AIG Cyber & Information Security Team


To: Product Development Team ([email protected])
Subject: Security Advisory concerning Product Development Staging
Environment | Log4j

Body:
Hello John Doe,
AIG Cyber & Information Security Team would like to inform you that a
recent Log4j vulnerability has been discovered in the security community
that may affect the Product Development Staging Environment
infrastructure.
Vulnerability Overview
Log4j is a common open-source tool used for application logging and
monitoring across the web. Recently, a vulnerability has been identified in
versions Log4j2 2.0-beta9 through 2.15.0 that would allow an
unauthenticated attacker to perform remote code execution on affected
infrastructure, making this a critical vulnerability. You can learn more in
the NIST disclosures: NVD - CVE-2021-44228 and NVD - CVE-2021-45046.
Affected products
Log4j2 2.0-beta9 through 2.15.0
Risk & Impact
Critical - remote code execution (RCE). An attacker will be able to remotely
access the Product Development Staging Environment infrastructure to
exfiltrate data or execute malicious actions.
Remediation
● Identify any assets or infrastructure running the affected Log4j version
● Update to the following versions: Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7)
● Be on the lookout for any signs of exploitation
If you identified any signs of exploitation, please immediately reach out.
After you have remediated this vulnerability, please confirm with the
security team by replying to this email.
For any questions or issues, don’t hesitate to reach out to us.
Kind regards,
AIG Cyber & Information Security Team

You might also like