logo

CVE-2021-44228 - Apache Log4j2 Remote Code Execution Vulnerability

CVE-2021-44228

Apache | Log4j2

  • Date Added:
  • 2021-12-10
  • Due Date:
  • 2021-12-24
Vulnerability Name

Apache Log4j2 Remote Code Execution Vulnerability

Description

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Known To Be Used in Ransomware Campaigns?

Known

Action

For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.

Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Related News Articles

Free security scan for your website