A newly revealed vulnerability impacting Apache Log4j 2 versions 2.0 to 2.14.1 was disclosed on GitHub on 9.Dec.2021 and registered as CVE-2021-44228 with the highest severity rating. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. By utilizing this vulnerability, an attacker could take control of an affected system remotely. There is already information that attackers are actively engaged in mass Internet scanning to identify services vulnerable to exploitation.
Please check if we use log4j in Java Gateway. If so, does the logging configuration contain org.apache.log4j.net.JMSAppender parameter?