Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2021-44228

UNKNOWN
Published 2021-12-10T00:00:00.000Z
Actions:

CVSS Score

V3.1
10.0
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.972
probability
of exploitation in the wild

There is a 97.2% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.999
Higher than 99.9% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Available Exploits

Apache Log4j2 - Remote Code Injection

Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

ID: CVE-2021-45046-DAST
Author: princechaddha Critical

References:

Apache Log4j2 Remote Code Injection

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

ID: CVE-2021-44228
Author: melbadry9dhiyaneshDKdaffainfoanon-artist0xcebaTeaj4vaovo Critical

References:

Apache Log4j2 - Remote Code Injection

Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

ID: CVE-2021-45046
Author: ImNightmaree Critical

References:

Apache OFBiz - JNDI Remote Code Execution (Apache Log4j)

Apache OFBiz is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can exploit this, via a web request, to execute arbitrary code with the permission level of the running Java process.

ID: apache-ofbiz-log4j-rce
Author: pdteam Critical

References:

Apache Solr 7+ - Remote Code Execution (Apache Log4j)

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. This vulnerability affects Solr 7+.

ID: apache-solr-log4j-rce
Author: EvanRubinsteinnvn1729j4vaovo Critical

References:

JamF Pro - Remote Code Execution (Apache Log4j)

JamF is susceptible to Lof4j JNDI remote code execution. JamF is the industry standard when it comes to the management of iOS devices (iPhones and iPads), macOS computers (MacBooks, iMacs, etc.), and tvOS devices (Apple TV).

ID: jamf-pro-log4j-rce
Author: DhiyaneshDKpdteam Critical

References:

Cisco CloudCenter Suite (Log4j) - Remote Code Execution

Cisco CloudCenter Suite is susceptible to remote code execution via the Apache Log4j library. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

ID: cisco-cloudcenter-suite-log4j-rce
Author: pwnhxl Critical

References:

Cisco Unified Communications - Remote Code Execution (Apache Log4j)

Cisco Unified Communications is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

ID: cisco-unified-communications-log4j
Author: DhiyaneshDK Critical

References:

Cisco vManage (Log4j) - Remote Code Execution

Cisco vManage is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. More information is available in the cisco-sa-apache-log4j-qRuKNEbd advisory.

ID: cisco-vmanage-log4j
Author: DhiyaneshDK Critical

References:

Apache Code42 - Remote Code Execution (Apache Log4j)

Multiple Code42 components are impacted by the logj4 vulnerability. Affected Code42 components include: - Code42 cloud: Updated Log4j from 2.15.0 to 2.17.1 on January 26, 2022 - Code42 app for Incydr Basic and Advanced and CrashPlan Cloud product plans: Updated Log4j from 2.16.0 to 2.17.1 on January 18, 2022 - Code42 User Directory Sync (UDS): Updated Log4j from 2.15.0 to 2.17.1 on February 2, 2022 - On-premises Code42 server: Mitigated from Log4j vulnerabilities by following these steps - On-premises Code42 app: Updated to Log4j 2.16 on December 17, 2021

ID: code42-log4j-rce
Author: AdamCrosser Critical

References:

JamF (Log4j) - Remote Code Execution

JamF is susceptible to remote code execution via the Apache log4j library. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

ID: jamf-log4j-jndi-rce
Author: pdteam Critical

References:

Ivanti MobileIron (Log4j) - Remote Code Execution

Ivanti MobileIron is susceptible to remote code execution via the Apache Log4j2 library. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

ID: mobileiron-log4j-jndi-rce
Author: meme-lord Critical

References:

Elasticsearch 5 - Remote Code Execution (Apache Log4j)

Elasticsearch 5 is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

ID: elasticsearch5-log4j-rce
Author: akincibor Critical

References:

GoAnywhere Managed File Transfer - Remote Code Execution (Apache Log4j)

GoAnywhere Managed File Transfer is vulnerable to a remote command execution (RCE) issue via the included Apache Log4j.

ID: goanywhere-mft-log4j-rce
Author: pussycat0x Critical

References:

Graylog (Log4j) - Remote Code Execution

Graylog is susceptible to remote code execution via the Apache Log4j 2 library prior to 2.15.0 by recording its own log information, specifically with specially crafted values sent as user input. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

ID: graylog-log4j
Author: DhiyaneshDK Critical

References:

Metabase - Remote Code Execution (Apache Log4j)

Metabase is susceptible to remote code execution due to an incomplete patch in Apache Log4j 2.15.0 in certain non-default configurations. A remote attacker can pass malicious data and perform a denial of service attack, exfiltrate data, or execute arbitrary code.

ID: metabase-log4j
Author: DhiyaneshDK Critical

References:

OpenNMS - JNDI Remote Code Execution (Apache Log4j)

OpenNMS JNDI is susceptible to remote code execution via Apache Log4j 2.14.1 and before. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

ID: opennms-log4j-jndi-rce
Author: johnk3r Critical

References:

Rundeck - Remote Code Execution (Apache Log4j)

Rundeck is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

ID: rundeck-log4j
Author: DhiyaneshDK Critical

References:

Seeyon OA (Log4j) - Remote Code Execution

Seeyon OA is susceptible to remote code execution via the Apache Log4j 2 library prior to 2.15.0 by recording its own log information, specifically with specially crafted values sent as user input. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

ID: seeyon-oa-log4j
Author: SleepingBag945 Critical

References:

UniFi Network Application - Remote Code Execution (Apache Log4j)

UniFi Network Application is susceptible to a critical vulnerability in Apache Log4j (CVE-2021-44228) that may allow for remote code execution in an impacted implementation.

ID: unifi-network-log4j-rce
Author: KrE80r Critical

References:

VMware Site Recovery Manager - Remote Code Execution (Apache Log4j)

VMware Site Recovery Manager is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

ID: vmware-siterecovery-log4j-rce
Author: akincibor Critical

References:

Spring Boot - Remote Code Execution (Apache Log4j)

Spring Boot is susceptible to remote code execution via Apache Log4j.

ID: springboot-log4j-rce
Author: pdteam Critical

References:

VMware HCX - Remote Code Execution (Apache Log4j)

VMware HCX is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

ID: vmware-hcx-log4j
Author: pussycat0xDhiyaneshDK Critical

References:

VMware Horizon - JNDI Remote Code Execution (Apache Log4j)

VMware Horizon is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

ID: vmware-horizon-log4j-jndi-rce
Author: johnk3r Critical

References:

VMware NSX - Remote Code Execution (Apache Log4j)

VMware NSX is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

ID: vmware-nsx-log4j
Author: DhiyaneshDK Critical

References:

VMware Operations Manager - Remote Code Execution (Apache Log4j)

VMware Operations Manager is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

ID: vmware-operation-manager-log4j
Author: DhiyaneshDK Critical

References:

VMware VCenter - Remote Code Execution (Apache Log4j)

VMware VCenter is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

ID: vmware-vcenter-log4j-jndi-rce
Author: _0xf4n9x_ Critical

References:

VMware vRealize Operations Tenant - JNDI Remote Code Execution (Apache Log4j)

VMware vRealize Operations is susceptible to a critical vulnerability in Apache Log4j which may allow remote code execution in an impacted vRealize Operations Tenant application.

ID: vrealize-operations-log4j-rce
Author: bughuntersurya Critical

References:

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Log4j2

Affected Versions:

2.0-beta9

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

December 24, 2021

Added to KEV

December 10, 2021

Required Action

For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.

Affected Product

Vendor/Project: Apache
Product: Log4j2

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.01.24 Released: January 24, 2025

References

https://logging.apache.org/log4j/2.x/security.html
http://www.openwall.com/lists/oss-security/2021/12/10/1
http://www.openwall.com/lists/oss-security/2021/12/10/2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
http://www.openwall.com/lists/oss-security/2021/12/10/3
https://security.netapp.com/advisory/ntap-20211210-0007/
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
https://www.debian.org/security/2021/dsa-5020
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
http://www.openwall.com/lists/oss-security/2021/12/13/2
http://www.openwall.com/lists/oss-security/2021/12/13/1
http://www.openwall.com/lists/oss-security/2021/12/14/4
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
https://www.kb.cert.org/vuls/id/930724
https://twitter.com/kurtseifried/status/1469345530182455296
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
http://www.openwall.com/lists/oss-security/2021/12/15/3
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
https://www.oracle.com/security-alerts/cpujan2022.html
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2022/Mar/23
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001
https://github.com/cisagov/log4j-affected-db
https://support.apple.com/kb/HT213189
https://www.oracle.com/security-alerts/cpuapr2022.html
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html
http://seclists.org/fulldisclosure/2022/Jul/11
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html
http://seclists.org/fulldisclosure/2022/Dec/2
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html

HackerOne Reports

Remote code injection in Log4j on https://mymtn.mtncongo.net - CVE-2021-44228 Critical
renzi
MTN Group
OS Command Injection
View Report
[CVE-2021-44228] nps.acronis.com is vulnerable to the recent log4shell 0-day Critical
rhinestonecowboy
Acronis
$1000.00
Deserialization of Untrusted Data
View Report
Remote code injection in Log4j on http://mtn1app.mtncameroon.net - CVE-2021-44228 Critical
renzi
MTN Group
OS Command Injection
View Report
██████████ running a vulnerable log4j Critical
alex_gaynor
U.S. Dept Of Defense
Use of Externally-Controlled Format String
View Report
Log4Shell: RCE 0-day exploit on █████████ Critical
mr_x_strange
U.S. Dept Of Defense
Code Injection
View Report
[forum.acronis.com] JNDI Code Injection due an outdated log4j component Critical
godiego
Acronis
OS Command Injection
View Report
LOGJ4 VUlnerability [HtUS] Critical
ferreiraklet_
U.S. Dept Of Defense
$1000.00
Command Injection - Generic
View Report
[CVE-2021-44228] Arbitrary Code Execution on ng01-cloud.acronis.com Critical
mikkocarreon
Acronis
View Report
Log4j RCE on https://judge.me/reviews None
bhishma14
Judge.me
$50.00
Code Injection
View Report
███ ████████ running a vulnerable log4j Critical
alex_gaynor
U.S. Dept Of Defense
Use of Externally-Controlled Format String
View Report
Published: 2021-12-10T00:00:00.000Z
Last Modified: 2025-02-04T14:25:37.215Z
Copied to clipboard!