As it is known, the recently discovered Log4Shell vulnerability in the open source Java Log4j library allows to remotely execute commands on the system.

This problem had also affected such companies as Intel, NVIDIA and Microsoft. Intel has listed applications that contain this vulnerability. The company is working on the release of fixed versions of applications that eliminate the Log4Shell vulnerability.

Nvidia also listed four products that are vulnerable to Log4Shell when using legacy software: CUDA Toolkit Visual Profiler and Nsight Eclipse Edition, DGX Systems, NetQ, and vGPU Software License Server.

Microsoft has released updates for two of its products that contain the Log4Shell vulnerability: Azure Spring Cloud and Microsoft Azure DevOps.

Source: securitylab.ru