Security teams around the world are on high alert dealing with the Log4j vulnerability, but how risky is it, really?