← Back to CVEs
CVE-2021-44228
CRITICALCISA KEV10.0
Description
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVE Details
CVSS v3.1 Score10.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/10/2021
Last Modified2/20/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorApache
ProductLog4j2
Vulnerability NameApache Log4j2 Remote Code Execution Vulnerability
KEV Date Added2021-12-10
Remediation Due Date2021-12-24
Ransomware UseKnown
Affected Products
apache:log4japple:xcodebentley:synchrobentley:synchro_4dcisco:advanced_malware_protection_virtual_private_cloud_appliancecisco:automated_subsea_tuningcisco:broadworkscisco:business_process_automationcisco:cloud_connectcisco:cloudcentercisco:cloudcenter_cost_optimizercisco:cloudcenter_suitecisco:cloudcenter_suite_admincisco:cloudcenter_workload_managercisco:common_services_platform_collectorcisco:connected_mobile_experiencescisco:contact_center_domain_managercisco:contact_center_management_portalcisco:crosswork_data_gatewaycisco:crosswork_network_automationcisco:crosswork_network_controllercisco:crosswork_optimization_enginecisco:crosswork_platform_infrastructurecisco:crosswork_zero_touch_provisioningcisco:customer_experience_cloud_agentcisco:cx_cloud_agentcisco:cyber_visioncisco:cyber_vision_sensor_management_extensioncisco:data_center_network_managercisco:dna_centercisco:dna_spacescisco:dna_spaces\cisco:dna_spaces_connectorcisco:emergency_respondercisco:enterprise_chat_and_emailcisco:evolved_programmable_network_managercisco:finessecisco:firepower_1010cisco:firepower_1120cisco:firepower_1140cisco:firepower_1150cisco:firepower_2110cisco:firepower_2120cisco:firepower_2130cisco:firepower_2140cisco:firepower_4110cisco:firepower_4112cisco:firepower_4115cisco:firepower_4120cisco:firepower_4125cisco:firepower_4140cisco:firepower_4145cisco:firepower_4150cisco:firepower_9300cisco:firepower_threat_defensecisco:fog_directorcisco:fxoscisco:identity_services_enginecisco:integrated_management_controller_supervisorcisco:intersight_virtual_appliancecisco:iot_operations_dashboardcisco:mobility_services_enginecisco:network_assurance_enginecisco:network_dashboard_fabric_controllercisco:network_insights_for_data_centercisco:network_services_orchestratorcisco:nexus_dashboardcisco:nexus_insightscisco:optical_network_controllercisco:packaged_contact_center_enterprisecisco:paging_servercisco:prime_service_catalogcisco:sd-wan_vmanagecisco:smart_phycisco:ucs_centralcisco:ucs_central_softwarecisco:ucs_directorcisco:unified_communications_managercisco:unified_communications_manager_im_\&_presence_servicecisco:unified_communications_manager_im_and_presence_servicecisco:unified_computing_systemcisco:unified_contact_center_enterprisecisco:unified_contact_center_expresscisco:unified_contact_center_management_portalcisco:unified_customer_voice_portalcisco:unified_intelligence_centercisco:unified_sip_proxycisco:unified_workforce_optimizationcisco:unity_connectioncisco:video_surveillance_managercisco:video_surveillance_operations_managercisco:virtual_topology_systemcisco:virtualized_infrastructure_managercisco:virtualized_voice_browsercisco:wan_automation_enginecisco:webex_meetings_servercisco:workload_optimization_managerdebian:debian_linuxfedoraproject:fedoraintel:computer_vision_annotation_toolintel:datacenter_managerintel:genomics_kernel_libraryintel:oneapi_sample_browserintel:secure_device_onboardintel:system_studionetapp:active_iq_unified_managernetapp:brocade_san_navigatornetapp:cloud_insightsnetapp:cloud_managernetapp:cloud_secure_agentnetapp:oncommand_insightnetapp:ontap_toolsnetapp:snapcenternetapp:solidfire_\&_hci_storage_nodenetapp:solidfire_enterprise_sdspercussion:rhythmyxsiemens:6bk1602-0aa12-0tp0siemens:6bk1602-0aa12-0tp0_firmwaresiemens:6bk1602-0aa22-0tp0siemens:6bk1602-0aa22-0tp0_firmwaresiemens:6bk1602-0aa32-0tp0siemens:6bk1602-0aa32-0tp0_firmwaresiemens:6bk1602-0aa42-0tp0siemens:6bk1602-0aa42-0tp0_firmwaresiemens:6bk1602-0aa52-0tp0siemens:6bk1602-0aa52-0tp0_firmwaresiemens:capitalsiemens:comossiemens:desigo_cc_advanced_reportssiemens:desigo_cc_info_centersiemens:e-car_operation_centersiemens:energy_engagesiemens:energyipsiemens:energyip_prepaysiemens:gma-managersiemens:head-end_system_universal_device_integration_systemsiemens:industrial_edge_managementsiemens:industrial_edge_management_hubsiemens:logo\!_soft_comfortsiemens:mendixsiemens:mindspheresiemens:navigatorsiemens:nxsiemens:opcenter_intelligencesiemens:operation_schedulersiemens:sentron_powermanagersiemens:siguard_dsasiemens:sipass_integratedsiemens:siveillance_commandsiemens:siveillance_control_prosiemens:siveillance_identitysiemens:siveillance_vantagesiemens:siveillance_viewpointsiemens:solid_edge_cam_prosiemens:solid_edge_harness_designsiemens:spectrum_power_4siemens:spectrum_power_7siemens:sppa-t3000_ses3000siemens:sppa-t3000_ses3000_firmwaresiemens:teamcentersiemens:vesyssiemens:xpedition_enterprisesiemens:xpedition_package_integratorsnowsoftware:snow_commandersnowsoftware:vm_access_proxysonicwall:email_security
Weaknesses (CWE)
CWE-20CWE-400CWE-502CWE-917
References
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html(security@apache.org)
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html(security@apache.org)
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html(security@apache.org)
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html(security@apache.org)
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html(security@apache.org)
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html(security@apache.org)
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html(security@apache.org)
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html(security@apache.org)
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html(security@apache.org)
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html(security@apache.org)
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html(security@apache.org)
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html(security@apache.org)
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html(security@apache.org)
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html(security@apache.org)
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html(security@apache.org)
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html(security@apache.org)
http://seclists.org/fulldisclosure/2022/Dec/2(security@apache.org)
http://seclists.org/fulldisclosure/2022/Jul/11(security@apache.org)
http://seclists.org/fulldisclosure/2022/Mar/23(security@apache.org)
http://www.openwall.com/lists/oss-security/2021/12/10/1(security@apache.org)
http://www.openwall.com/lists/oss-security/2021/12/10/2(security@apache.org)
http://www.openwall.com/lists/oss-security/2021/12/10/3(security@apache.org)
http://www.openwall.com/lists/oss-security/2021/12/13/1(security@apache.org)
http://www.openwall.com/lists/oss-security/2021/12/13/2(security@apache.org)
http://www.openwall.com/lists/oss-security/2021/12/14/4(security@apache.org)
http://www.openwall.com/lists/oss-security/2021/12/15/3(security@apache.org)
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf(security@apache.org)
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf(security@apache.org)
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf(security@apache.org)
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf(security@apache.org)
https://github.com/cisagov/log4j-affected-db(security@apache.org)
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md(security@apache.org)
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228(security@apache.org)
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html(security@apache.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/(security@apache.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/(security@apache.org)
https://logging.apache.org/log4j/2.x/security.html(security@apache.org)
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/(security@apache.org)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032(security@apache.org)
https://security.netapp.com/advisory/ntap-20211210-0007/(security@apache.org)
https://support.apple.com/kb/HT213189(security@apache.org)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd(security@apache.org)
https://twitter.com/kurtseifried/status/1469345530182455296(security@apache.org)
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001(security@apache.org)
https://www.debian.org/security/2021/dsa-5020(security@apache.org)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html(security@apache.org)
https://www.kb.cert.org/vuls/id/930724(security@apache.org)
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html(security@apache.org)
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html(security@apache.org)
https://www.oracle.com/security-alerts/cpuapr2022.html(security@apache.org)
https://www.oracle.com/security-alerts/cpujan2022.html(security@apache.org)
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2022/Dec/2(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2022/Jul/11(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2022/Mar/23(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/12/10/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/12/10/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/12/10/3(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/12/13/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/12/13/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/12/14/4(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/12/15/3(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cisagov/log4j-affected-db(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/(af854a3a-2127-422b-91ae-364da2661108)
https://logging.apache.org/log4j/2.x/security.html(af854a3a-2127-422b-91ae-364da2661108)
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/(af854a3a-2127-422b-91ae-364da2661108)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20211210-0007/(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT213189(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd(af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/kurtseifried/status/1469345530182455296(af854a3a-2127-422b-91ae-364da2661108)
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2021/dsa-5020(af854a3a-2127-422b-91ae-364da2661108)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/930724(af854a3a-2127-422b-91ae-364da2661108)
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.