CISA issues emergency directive to fix Log4j vulnerability