CVE-2021-44228

10.0

CRITICAL

Apache Log4j2 Remote Code Execution Vulnerability - [Actively Exploited]

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

INFO

Published Date :

Dec. 10, 2021, 10:15 a.m.

Last Modified :

July 24, 2024, 5:08 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

6.0

Exploitability Score :

3.9

CISA Notification

CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Due Date: Dec 24, 2021

Alert Date: Dec 10, 2021 | 960 days ago

Description :

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Required Action :

For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.

Public PoC/Exploit Available at Github

CVE-2021-44228 has a 1324 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2021-44228 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Cisco	finesse
2	Cisco	webex_meetings_server
3	Cisco	fxos
4	Cisco	enterprise_chat_and_email
5	Cisco	dna_center
6	Cisco	common_services_platform_collector
7	Cisco	mobility_services_engine
8	Cisco	unified_communications_manager_im_and_presence_service
9	Cisco	unified_contact_center_express
10	Cisco	identity_services_engine
11	Cisco	firepower_threat_defense
12	Cisco	unified_communications_manager
13	Cisco	emergency_responder
14	Cisco	unity_connection
15	Cisco	unified_intelligence_center
16	Cisco	network_assurance_engine
17	Cisco	unified_computing_system
18	Cisco	data_center_network_manager
19	Cisco	packaged_contact_center_enterprise
20	Cisco	network_services_orchestrator
21	Cisco	integrated_management_controller_supervisor
22	Cisco	ucs_director
23	Cisco	video_surveillance_manager
24	Cisco	cx_cloud_agent
25	Cisco	unified_contact_center_enterprise
26	Cisco	unified_intelligence_center
27	Cisco	prime_service_catalog
28	Cisco	unified_customer_voice_portal
29	Cisco	sd-wan_vmanage
30	Cisco	evolved_programmable_network_manager
31	Cisco	dna_spaces\
32	Cisco	video_surveillance_operations_manager
33	Cisco	unified_communications_manager_im_\&_presence_service
34	Cisco	ucs_central_software
35	Cisco	virtualized_voice_browser
36	Cisco	nexus_dashboard
37	Cisco	business_process_automation
38	Cisco	intersight_virtual_appliance
39	Cisco	connected_mobile_experiences
40	Cisco	cloudcenter
41	Cisco	unified_contact_center_management_portal
42	Cisco	fog_director
43	Cisco	advanced_malware_protection_virtual_private_cloud_appliance
44	Cisco	automated_subsea_tuning
45	Cisco	broadworks
46	Cisco	cloud_connect
47	Cisco	cloudcenter_cost_optimizer
48	Cisco	cloudcenter_suite_admin
49	Cisco	cloudcenter_workload_manager
50	Cisco	contact_center_domain_manager
51	Cisco	contact_center_management_portal
52	Cisco	crosswork_data_gateway
53	Cisco	crosswork_network_controller
54	Cisco	crosswork_optimization_engine
55	Cisco	crosswork_platform_infrastructure
56	Cisco	crosswork_zero_touch_provisioning
57	Cisco	customer_experience_cloud_agent
58	Cisco	cyber_vision_sensor_management_extension
59	Cisco	iot_operations_dashboard
60	Cisco	nexus_insights
61	Cisco	optical_network_controller
62	Cisco	paging_server
63	Cisco	smart_phy
64	Cisco	ucs_central
65	Cisco	virtual_topology_system
66	Cisco	virtualized_infrastructure_manager
67	Cisco	wan_automation_engine
68	Cisco	workload_optimization_manager
69	Cisco	unified_sip_proxy
70	Cisco	unified_workforce_optimization
71	Cisco	cloudcenter_suite
72	Cisco	connected_analytics_for_network_deployment
73	Cisco	crosswork_network_automation
74	Cisco	cyber_vision
75	Cisco	dna_spaces
76	Cisco	dna_spaces_connector
77	Cisco	network_dashboard_fabric_controller
78	Cisco	network_insights_for_data_center
79	Cisco	unified_sip_proxy
80	Cisco	unified_workforce_optimization
81	Cisco	firepower_1010
82	Cisco	firepower_1120
83	Cisco	firepower_1140
84	Cisco	firepower_1150
85	Cisco	firepower_2110
86	Cisco	firepower_2120
87	Cisco	firepower_2130
88	Cisco	firepower_2140
89	Cisco	firepower_4110
90	Cisco	firepower_4112
91	Cisco	firepower_4115
92	Cisco	firepower_4120
93	Cisco	firepower_4125
94	Cisco	firepower_4140
95	Cisco	firepower_4145
96	Cisco	firepower_4150
97	Cisco	firepower_9300
1	Siemens	logo\!_soft_comfort
2	Siemens	spectrum_power_4
3	Siemens	spectrum_power_7
4	Siemens	teamcenter
5	Siemens	sipass_integrated
6	Siemens	mendix
7	Siemens	comos
8	Siemens	siveillance_control_pro
9	Siemens	gma-manager
10	Siemens	operation_scheduler
11	Siemens	industrial_edge_management
12	Siemens	opcenter_intelligence
13	Siemens	sppa-t3000_ses3000_firmware
14	Siemens	captial
15	Siemens	desigo_cc_advanced_reports
16	Siemens	desigo_cc_info_center
17	Siemens	e-car_operation_center
18	Siemens	energy_engage
19	Siemens	energyip
20	Siemens	energyip_prepay
21	Siemens	head-end_system_universal_device_integration_system
22	Siemens	industrial_edge_management_hub
23	Siemens	mindsphere
24	Siemens	navigator
25	Siemens	nx
26	Siemens	sentron_powermanager
27	Siemens	siguard_dsa
28	Siemens	siveillance_command
29	Siemens	siveillance_identity
30	Siemens	siveillance_vantage
31	Siemens	siveillance_viewpoint
32	Siemens	solid_edge_cam_pro
33	Siemens	solid_edge_harness_design
34	Siemens	vesys
35	Siemens	xpedition_enterprise
36	Siemens	xpedition_package_integrator
37	Siemens	sppa-t3000_ses3000
1	Intel	data_center_manager
2	Intel	audio_development_kit
3	Intel	computer_vision_annotation_tool
4	Intel	genomics_kernel_library
5	Intel	oneapi_sample_browser
6	Intel	secure_device_onboard
7	Intel	sensor_solution_firmware_development_kit
8	Intel	system_debugger
9	Intel	system_studio
1	Netapp	active_iq_unified_manager
2	Netapp	oncommand_insight
3	Netapp	snapcenter
4	Netapp	cloud_insights
5	Netapp	ontap_tools
6	Netapp	cloud_secure_agent
7	Netapp	cloud_manager
1	Snowsoftware	snow_commander
2	Snowsoftware	vm_access_proxy
1	Bentley	synchro
2	Bentley	synchro_4d
1	Fedoraproject	fedora
1	Debian	debian_linux
1	Apple	xcode
1	Apache	log4j
1	Sonicwall	email_security
1	Percussion	rhythmyx

: Total Affected Vendor : 12 | Products : 160

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-44228.

URL	Resource
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2022/Dec/2	Exploit Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jul/11	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Mar/23	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/1	Mailing List Mitigation Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/2	Mailing List Mitigation Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/13/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/13/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
https://github.com/cisagov/log4j-affected-db	Third Party Advisory
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md	Broken Link Product US Government Resource
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/	Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/	Release Notes
https://logging.apache.org/log4j/2.x/security.html	Release Notes Vendor Advisory
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Patch Third Party Advisory Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
https://security.netapp.com/advisory/ntap-20211210-0007/	Third Party Advisory
https://support.apple.com/kb/HT213189	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
https://twitter.com/kurtseifried/status/1469345530182455296	Broken Link Exploit Third Party Advisory
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Third Party Advisory
https://www.debian.org/security/2021/dsa-5020	Mailing List Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
https://www.kb.cert.org/vuls/id/930724	Third Party Advisory US Government Resource
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Exploit Third Party Advisory
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

asd58584388/CVE-2021-44228

CVE-2021-44228 vulnerability study

Java

Updated: 11 hours, 6 minutes ago

0 stars 0 fork 0 watcher

Born at : July 26, 2024, 7:59 p.m. This repo has been linked 1 different CVEs too.

guardicode/log4shell-exploiter

None

Java Python

Updated: 3 days, 20 hours ago

0 stars 0 fork 0 watcher

Born at : July 23, 2024, 11:16 a.m. This repo has been linked 1 different CVEs too.

jackbwm-learns/PoC-on-SBOM

None

Dockerfile Standard ML Python Java

Updated: 2 days, 4 hours ago

0 stars 0 fork 0 watcher

Born at : July 17, 2024, 6:08 a.m. This repo has been linked 1 different CVEs too.

codie3/docker-jmeter

None

Dockerfile Makefile Shell

Updated: 1 week, 3 days ago

0 stars 0 fork 0 watcher

Born at : July 16, 2024, 9:50 p.m. This repo has been linked 2 different CVEs too.

ralvares/ssvc.me

Exploit & Vulnerability Intelligence Repository

Updated: 9 hours, 53 minutes ago

5 stars 0 fork 0 watcher

Born at : July 1, 2024, 12:22 p.m. This repo has been linked 2 different CVEs too.

0xFroggi/NessusProject

Nessus Vulnerability Scanner Implementation

Updated: 1 month ago

0 stars 0 fork 0 watcher

Born at : June 26, 2024, 10:13 p.m. This repo has been linked 1 different CVEs too.

integration-tests-JFrog/demo_java

None

Dockerfile Java

Updated: 1 month ago

0 stars 0 fork 0 watcher

Born at : June 25, 2024, 8:23 a.m. This repo has been linked 1 different CVEs too.

Vikramvi87/Search-log4Jvuln-AppScanSTD.

None

PowerShell

Updated: 1 month ago

0 stars 0 fork 0 watcher

Born at : June 20, 2024, 11:58 a.m. This repo has been linked 1 different CVEs too.

bananaacaat/Log4j-Detector

None

Java

Updated: 1 month, 1 week ago

0 stars 0 fork 0 watcher

Born at : June 16, 2024, 4:31 p.m. This repo has been linked 4 different CVEs too.

giovanni-shibaki/SSC0900_Minecraft_Log4Shell

Repositório para o trabalho prático da disciplina SSC0900 - Engenharia de Segurança (2024).

Java Python Dockerfile

Updated: 1 month, 1 week ago

0 stars 0 fork 0 watcher

Born at : June 15, 2024, 9:49 p.m. This repo has been linked 1 different CVEs too.

tadash10/Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment

Objective: Demonstrate the exploitation of the Log4Shell vulnerability (CVE-2021-44228) within a simulated banking application environment.

Shell

Updated: 1 month ago

1 stars 0 fork 0 watcher

Born at : June 9, 2024, 2:49 a.m. This repo has been linked 1 different CVEs too.

LibHunter/LibHunter

None

Python Shell Batchfile

Updated: 1 month, 2 weeks ago

0 stars 0 fork 0 watcher

Born at : June 5, 2024, 8:22 a.m. This repo has been linked 89 different CVEs too.

Dan-Duran/mitre-attack-mapper

Python script to map alert signatures to MITRE ATT&CK techniques.

Python

Updated: 1 month, 1 week ago

0 stars 0 fork 0 watcher

Born at : May 30, 2024, 4:59 p.m. This repo has been linked 1 different CVEs too.

demining/Japanese-version-of-Bitcoin-blockchain-cryptanalysis

ビットコイン暗号解析ツール

attack bitcoin bitcoin-wallet btc cryptoanalysis cryptography vulnerability privatekey secp256k1

Updated: 1 month, 3 weeks ago

1 stars 0 fork 0 watcher

Born at : May 29, 2024, 12:38 p.m. This repo has been linked 2 different CVEs too.

demining/Korean-version-of-Bitcoin-blockchain-cryptanalysis

비트코인 암호화 분석 도구

attack bitcoin bitcoin-wallet btc cryptoanalysis cryptography privatekey secp256k1 vulnerability

Updated: 1 month, 3 weeks ago

1 stars 0 fork 0 watcher

Born at : May 28, 2024, 8:26 p.m. This repo has been linked 2 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following table lists the changes that have been made to the CVE-2021-44228 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Modified Analysis by [email protected]

Jul. 24, 2024

Action	Type	Old Value	New Value
Changed	Reference Type	http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html Third Party Advisory, VDB Entry	http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html Exploit, Third Party Advisory, VDB Entry
Changed	Reference Type	http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html Third Party Advisory, VDB Entry	http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html Exploit, Third Party Advisory, VDB Entry
Changed	Reference Type	http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html Third Party Advisory, VDB Entry	http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry
Changed	Reference Type	http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html Third Party Advisory, VDB Entry	http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry
Changed	Reference Type	http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html No Types Assigned	http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html Third Party Advisory, VDB Entry
Changed	Reference Type	https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md Product, US Government Resource	https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md Broken Link, Product, US Government Resource
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ Release Notes
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/ No Types Assigned	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/ Release Notes
Changed	Reference Type	https://security.netapp.com/advisory/ntap-20211210-0007/ Vendor Advisory	https://security.netapp.com/advisory/ntap-20211210-0007/ Third Party Advisory
Changed	Reference Type	https://twitter.com/kurtseifried/status/1469345530182455296 Exploit, Third Party Advisory	https://twitter.com/kurtseifried/status/1469345530182455296 Broken Link, Exploit, Third Party Advisory
Changed	Reference Type	https://www.debian.org/security/2021/dsa-5020 Third Party Advisory	https://www.debian.org/security/2021/dsa-5020 Mailing List, Third Party Advisory
Changed	CPE Configuration	AND OR cpe:2.3:h:siemens:sppa-t3000_ses3000:-:::::::* OR cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware::::::::*	AND OR cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware::::::::* OR cpe:2.3:h:siemens:sppa-t3000_ses3000:-:::::::*
Added	CPE Configuration		OR cpe:2.3:a:apple:xcode::::::::* versions up to (excluding) 13.3

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

Action	Type	Old Value	New Value
Added	Reference		Apache Software Foundation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/ [No types assigned]
Added	Reference		Apache Software Foundation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ [No types assigned]
Removed	Reference	Apache Software Foundation https://lists.fedoraproject.org/archives/list/[email protected]/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/
Removed	Reference	Apache Software Foundation https://lists.fedoraproject.org/archives/list/[email protected]/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/

Action	Type	Old Value	New Value
Changed	Description	Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.	Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Added	Reference		https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf [No Types Assigned]
Added	Reference		http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html [No Types Assigned]
Added	Reference		https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf [No Types Assigned]
Added	Reference		http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html [No Types Assigned]
Added	Reference		https://lists.fedoraproject.org/archives/list/[email protected]/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ [No Types Assigned]

Action	Type	Old Value	New Value
Changed	Description	Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or it can be mitigated in prior releases (<2.10) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).	Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Added	Reference		http://www.openwall.com/lists/oss-security/2021/12/15/1 [No Types Assigned]

Action	Type	Old Value	New Value
Added	CVSS V2		NIST (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Changed	Reference Type	http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html No Types Assigned	http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html Third Party Advisory, VDB Entry
Changed	Reference Type	http://www.openwall.com/lists/oss-security/2021/12/10/1 No Types Assigned	http://www.openwall.com/lists/oss-security/2021/12/10/1 Mailing List, Mitigation, Third Party Advisory
Changed	Reference Type	http://www.openwall.com/lists/oss-security/2021/12/10/2 No Types Assigned	http://www.openwall.com/lists/oss-security/2021/12/10/2 Mailing List, Mitigation, Third Party Advisory
Changed	Reference Type	http://www.openwall.com/lists/oss-security/2021/12/10/3 No Types Assigned	http://www.openwall.com/lists/oss-security/2021/12/10/3 Mailing List, Third Party Advisory
Changed	Reference Type	https://logging.apache.org/log4j/2.x/security.html No Types Assigned	https://logging.apache.org/log4j/2.x/security.html Release Notes, Vendor Advisory
Changed	Reference Type	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 No Types Assigned	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 Third Party Advisory
Changed	Reference Type	https://security.netapp.com/advisory/ntap-20211210-0007/ No Types Assigned	https://security.netapp.com/advisory/ntap-20211210-0007/ Vendor Advisory
Changed	Reference Type	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd No Types Assigned	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd Third Party Advisory
Changed	Reference Type	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html No Types Assigned	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html Third Party Advisory
Added	CWE		NIST CWE-502
Added	CPE Configuration		OR cpe:2.3:a:apache:log4j:2.0:-::::::* cpe:2.3:a:apache:log4j:2.0:beta9::::::* cpe:2.3:a:apache:log4j:2.0:rc1::::::* cpe:2.3:a:apache:log4j:2.0:rc2::::::* cpe:2.3:a:apache:log4j::::::::* versions from (including) 2.0.1 up to (excluding) 2.15.0

Action	Type	Old Value	New Value
Changed	Reference Type	https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ Mitigation, Third Party Advisory	https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ Third Party Advisory
Added	CPE Configuration		OR cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00::::::: cpe:2.3:a:cisco:broadworks:-::::::: cpe:2.3:a:cisco:cloudcenter_suite:4.10\(0.15\)::::::: cpe:2.3:a:cisco:cloudcenter_suite:5.3\(0\)::::::: cpe:2.3:a:cisco:cloudcenter_suite:5.4\(1\)::::::: cpe:2.3:a:cisco:cloudcenter_suite:5.5\(0\)::::::: cpe:2.3:a:cisco:cloudcenter_suite:5.5\(1\)::::::: cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.000\)::::::: cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.001\)::::::: cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.002\)::::::: cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.000\)::::::: cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.001\)::::::: cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.002\)::::::: cpe:2.3:a:cisco:common_services_platform_collector:002.010\(000.000\)::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000::::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004::::::: cpe:2.3:a:cisco:crosswork_network_automation:-::::::: cpe:2.3:a:cisco:crosswork_network_automation:2.0.0::::::: cpe:2.3:a:cisco:crosswork_network_automation:3.0.0::::::: cpe:2.3:a:cisco:crosswork_network_automation:4.1.0::::::: cpe:2.3:a:cisco:crosswork_network_automation:4.1.1::::::: cpe:2.3:a:cisco:cx_cloud_agent:001.012::::::: cpe:2.3:a:cisco:cyber_vision:4.0.2::::::: cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2::::::: cpe:2.3:a:cisco:dna_center:2.2.2.8::::::: cpe:2.3:a:cisco:dna_spaces:-::::::: cpe:2.3:a:cisco:dna_spaces_connector:-::::::: cpe:2.3:a:cisco:emergency_responder:11.5::::::: cpe:2.3:a:cisco:emergency_responder:11.5\(4.65000.14\)::::::: cpe:2.3:a:cisco:emergency_responder:11.5\(4.66000.14\)::::::: cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\(1\)::::::: cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\(1\)::::::: cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\(1\)::::::: cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0::::::: cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1::::::: cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0::::::: cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1::::::: cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0::::::: cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1::::::: cpe:2.3:a:cisco:finesse:12.5\(1\):su1::::::* cpe:2.3:a:cisco:finesse:12.5\(1\):su2::::::* cpe:2.3:a:cisco:finesse:12.6\(1\):-::::::* cpe:2.3:a:cisco:finesse:12.6\(1\):es01::::::* cpe:2.3:a:cisco:finesse:12.6\(1\):es02::::::* cpe:2.3:a:cisco:finesse:12.6\(1\):es03::::::* cpe:2.3:a:cisco:firepower_threat_defense:6.2.3::::::: cpe:2.3:a:cisco:firepower_threat_defense:6.3.0::::::: cpe:2.3:a:cisco:firepower_threat_defense:6.4.0::::::: cpe:2.3:a:cisco:firepower_threat_defense:6.5.0::::::: cpe:2.3:a:cisco:firepower_threat_defense:6.6.0::::::: cpe:2.3:a:cisco:firepower_threat_defense:6.7.0::::::: cpe:2.3:a:cisco:firepower_threat_defense:7.0.0::::::: cpe:2.3:a:cisco:firepower_threat_defense:7.1.0::::::: cpe:2.3:a:cisco:identity_services_engine:002.004\(000.914\):-::::::* cpe:2.3:a:cisco:identity_services_engine:002.006\(000.156\):-::::::* cpe:2.3:a:cisco:identity_services_engine:002.007\(000.356\):-::::::* cpe:2.3:a:cisco:identity_services_engine:003.000\(000.458\):-::::::* cpe:2.3:a:cisco:identity_services_engine:003.001\(000.518\):-::::::* cpe:2.3:a:cisco:identity_services_engine:003.002\(000.116\):-::::::* cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\(002.000\)::::::: cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0::::::: cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343::::::: cpe:2.3:a:cisco:mobility_services_engine:-::::::: cpe:2.3:a:cisco:network_assurance_engine:6.0\(2.1912\)::::::: cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\(1\)::::::: cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\(1\)::::::: cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\(1\)::::::: cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\(1\)::::::: cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\(1\)::::::: cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(1\)::::::: cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(2\)::::::: cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(3\)::::::: cpe:2.3:a:cisco:network_insights_for_data_center:6.0\(2.1914\)::::::: cpe:2.3:a:cisco:network_services_orchestrator:-::::::: cpe:2.3:a:cisco:optical_network_controller:1.1::::::: cpe:2.3:a:cisco:paging_server:8.3\(1\)::::::: cpe:2.3:a:cisco:paging_server:8.4\(1\)::::::: cpe:2.3:a:cisco:paging_server:8.5\(1\)::::::: cpe:2.3:a:cisco:paging_server:9.0\(1\)::::::: cpe:2.3:a:cisco:paging_server:9.0\(2\)::::::: cpe:2.3:a:cisco:paging_server:9.1\(1\)::::::: cpe:2.3:a:cisco:paging_server:12.5\(2\)::::::: cpe:2.3:a:cisco:paging_server:14.0\(1\)::::::: cpe:2.3:a:cisco:prime_service_catalog:12.1::::::: cpe:2.3:a:cisco:sd-wan_vmanage:20.3::::::: cpe:2.3:a:cisco:sd-wan_vmanage:20.4::::::: cpe:2.3:a:cisco:sd-wan_vmanage:20.5::::::: cpe:2.3:a:cisco:sd-wan_vmanage:20.6::::::: cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1::::::: cpe:2.3:a:cisco:sd-wan_vmanage:20.7::::::: cpe:2.3:a:cisco:sd-wan_vmanage:20.8::::::: cpe:2.3:a:cisco:smart_phy:3.1.2::::::: cpe:2.3:a:cisco:smart_phy:3.1.3::::::: cpe:2.3:a:cisco:smart_phy:3.1.4::::::: cpe:2.3:a:cisco:smart_phy:3.1.5::::::: cpe:2.3:a:cisco:smart_phy:3.2.1::::::: cpe:2.3:a:cisco:smart_phy:21.3::::::: cpe:2.3:a:cisco:ucs_central_software:2.0::::::: cpe:2.3:a:cisco:ucs_central_software:2.0\(1a\)::::::: cpe:2.3:a:cisco:ucs_central_software:2.0\(1b\)::::::: cpe:2.3:a:cisco:ucs_central_software:2.0\(1c\)::::::: cpe:2.3:a:cisco:ucs_central_software:2.0\(1d\)::::::: cpe:2.3:a:cisco:ucs_central_software:2.0\(1e\)::::::: cpe:2.3:a:cisco:ucs_central_software:2.0\(1f\)::::::: cpe:2.3:a:cisco:ucs_central_software:2.0\(1g\)::::::: cpe:2.3:a:cisco:ucs_central_software:2.0\(1h\)::::::: cpe:2.3:a:cisco:ucs_central_software:2.0\(1k\)::::::: cpe:2.3:a:cisco:ucs_central_software:2.0\(1l\)::::::: cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.17900.52\)::::::: cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18119.2\)::::::: cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18900.97\)::::::: cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.21900.40\)::::::: cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.22900.28\)::::::: cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1\)::::::: cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1.22900.6\)::::::: cpe:2.3:a:cisco:unified_computing_system:006.008\(001.000\)::::::: cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\)::::::: cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\(1\)::::::: cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\(1\)::::::: cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(1\)::::::: cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\)::::::: cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):su1::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.6\(1\)::::::: cpe:2.3:a:cisco:unified_contact_center_express:12.6\(2\)::::::: cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\(1\)::::::: cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\(1\)::::::: cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\(1\)::::::: cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\(1\)::::::: cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\(1\)::::::: cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):-::::::* cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es01::::::* cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es02::::::* cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):-::::::* cpe:2.3:a:cisco:unified_sip_proxy:010.000\(000\)::::::: cpe:2.3:a:cisco:unified_sip_proxy:010.000\(001\)::::::: cpe:2.3:a:cisco:unified_sip_proxy:010.002\(000\)::::::: cpe:2.3:a:cisco:unified_sip_proxy:010.002\(001\)::::::: cpe:2.3:a:cisco:unified_workforce_optimization:11.5\(1\):sr7::::::* cpe:2.3:a:cisco:unity_connection:11.5::::::: cpe:2.3:a:cisco:unity_connection:11.5\(1.10000.6\)::::::: cpe:2.3:a:cisco:video_surveillance_manager:7.14\(1.26\)::::::: cpe:2.3:a:cisco:video_surveillance_manager:7.14\(2.26\)::::::: cpe:2.3:a:cisco:video_surveillance_manager:7.14\(3.025\)::::::: cpe:2.3:a:cisco:video_surveillance_manager:7.14\(4.018\)::::::: cpe:2.3:a:cisco:virtual_topology_system:2.6.6::::::: cpe:2.3:a:cisco:wan_automation_engine:7.1.3::::::: cpe:2.3:a:cisco:wan_automation_engine:7.2.1::::::: cpe:2.3:a:cisco:wan_automation_engine:7.2.2::::::: cpe:2.3:a:cisco:wan_automation_engine:7.2.3::::::: cpe:2.3:a:cisco:wan_automation_engine:7.3::::::: cpe:2.3:a:cisco:wan_automation_engine:7.4::::::: cpe:2.3:a:cisco:wan_automation_engine:7.5::::::: cpe:2.3:a:cisco:wan_automation_engine:7.6::::::: cpe:2.3:a:cisco:webex_meetings_server:3.0::::::: cpe:2.3:a:cisco:webex_meetings_server:4.0:::::::

CVE-2021-44228

Apache Log4j2 Remote Code Execution Vulnerability - [Actively Exploited]

Description

INFO

Dec. 10, 2021, 10:15 a.m.

July 24, 2024, 5:08 p.m.

Yes !

6.0

3.9

CISA KEV (Known Exploited Vulnerabilities)

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

Reanalysis by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Reanalysis by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Reanalysis by [email protected]

Reanalysis by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

96.98 }} -0.58%

0.99767

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width