This module exploits a JNDI injection present in the log4j library. The deployed agent will run with the root user account privileges on Linux systems and with the same privileges than the user account that ran Apache James on Windows systems. This exploit will fail if the target system has jdk11.0.1 or newer.
CVE Link
Product Name