logo

CVE-2021-44228 - Apache Log4j2 Remote Code Execution Vulnerability

CVE-2021-44228

Apache | Log4j2

  • Date Added:
  • 2021-12-10
  • Due Date:
  • 2021-12-24
Vulnerability Name

Apache Log4j2 Remote Code Execution Vulnerability

Description

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Known To Be Used in Ransomware Campaigns?

Known

Action

For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.

Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Related News Articles

Zero-days dominate top frequently exploited vulnerabilitiesNovember 14, 2024

Anatomy of an AttackAugust 20, 2024

Log4Shell shows no sign of fading, spotted in 30% of CVE exploitsMay 14, 2024

Find out which cyber threats you should be concerned aboutJune 5, 2024

Free security scan for your website