The BSI, Germany’s federal cybersecurity watchdog, issued a red alert warning on a defect in widely used software on Saturday, saying it posed a “very significant threat” to web servers.
The BSI said in a statement on its website that a vulnerability in a Java-based library known as Log4j can be exploited to allow a total takeover of the afflicted machine.
“The reason for this assessment is the very wide distribution of the affected product and the associated impact on countless other products. The vulnerability is also easily exploitable, and a proof-of-concept is publicly available,” the BSI said.
“The BSI is aware of the world- and Germany-wide mass scans as well as attempted compromises. Initial successful compromises are also being publicly reported,” it added.
The BSI stated that while Log4j received a security upgrade, all products that used it needed to be updated as well, suggesting that businesses and organizations take the steps listed in the cyber security alert.