Learn about the LOG4j Advanced Probe available on the Security Rating.
The Security Rating makes available a probe that detect vulnerabilites Log4shell CVE-2021-44228 and CVE-2021-45046.
Those vulnerabilities allows to inject code into java projects by using the LOG4j module. In order to verify if a targeted asset is vulnerable, the Security Rating will send payloads to a server evaluated and verify if the latter makes a request to a third-party server, called "Out-Of-Band", belonging to Board of Cyber. If it is the case, the targeted asset is considered vulnerable.
The advanced probe is not applied during the evaluation process of third-party audits and subsidiaries, but can be applied to internal audit. It can also be set-up afterward.
In order to do so, go to companies, select the company you wish to add the advanced probe, and select "Advanced Probe".
The LOG4j scans do not have any impact on the rating.