CVE ID
CVE-2021-44228
Vulnerability Name
Apache Log4j2 Remote Code Execution Vulnerability
- Project: Apache
- Product: Log4j2
Date
- Date Added: 2021-12-10
- Due Date: 2021-12-24
Description
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
Known To Be Used in Ransomware Campaigns?
Known
Action
For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Related Security News
- From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools
- Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
- 768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
- What 2024 taught us about security vulnerabilties
- Emerging Threats & Vulnerabilities to Prepare for in 2025
- Zero-days dominate top frequently exploited vulnerabilities
- Anatomy of an Attack
- Log4Shell shows no sign of fading, spotted in 30% of CVE exploits
- Find out which cyber threats you should be concerned about
Top comments (0)