Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. (CVE-2021-44228)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchlog4j< 2.13.3-1.1log4j-2.13.3-1.1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	log4j	< 2.13.3-1.1	log4j-2.13.3-1.1.mga8

References

bugs.mageia.org/show_bug.cgi?id=29753

www.openwall.com/lists/oss-security/2021/12/10/1

trellix 2

ibm 57

threatpost 46

wallarmlab 2

trendmicroblog 1

hackerone 2

qualysblog 1

githubexploit 37

rapid7blog 7

cisa 2

osv 4

hivepro 2

msrc 2

mssecure 1

nessus 9

impervablog 2

talosblog 1

kaspersky 2

cisa_kev 1

redhat 3

fedora 1

openvas 2

akamaiblog 1

veracode 1

cve 1

packetstorm 3

amd 1

thn 3

suse 1

mmpc 1

github 1

trellix

Log4J and The Memory That Knew Too Much

2022-01-19 00:00:00

Log4J and The Memory That Knew Too Much

2022-01-19 00:00:00

ibm

Security Bulletin: IBM Netcool Agile Service Manager is affected by a vulnerability in Apache Log4j (CVE-2021-44228)

2021-12-23 18:45:10

Security Bulletin: Cloudera Data Platform is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

2022-01-17 14:19:15

Security Bulletin: Apache Log4j vulnerability is affecting IBM Engineering Requirements Management DOORS

2021-12-16 21:13:54

threatpost

Multi-Ransomwared Victims Have It Coming–Podcast

2022-03-10 14:00:32

What the Log4Shell Bug Means for SMBs: Experts Weigh In

2021-12-14 17:54:47

Cyberattackers Target UPS Back-Up Power Devices in Mission-Critical Environments

2022-03-30 17:14:57

wallarmlab

Update on Log4Shell (CVE-2021-44228)

2021-12-10 20:22:36

Log4j 0day mitigation update CVE-2021-44228

2021-12-10 20:56:40

trendmicroblog

Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited

2021-12-13 00:00:00

hackerone

U.S. Dept Of Defense: ███ ████████ running a vulnerable log4j

2021-12-31 00:55:49

U.S. Dept Of Defense: ██████████ running a vulnerable log4j

2021-12-11 00:16:38

qualysblog

Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation

2021-12-28 18:00:00

githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-11 13:28:52

Exploit for Deserialization of Untrusted Data in Apache Log4J

2022-01-27 07:07:30

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-17 19:50:40

rapid7blog

[Security Nation] Mike Hanley of GitHub on the Log4j Vulnerability

2022-01-19 21:47:30

Log4Shell Makes Its Appearance in Hacker Chatter: 4 Observations

2021-12-14 21:05:17

What's New in InsightVM and Nexpose: Q1 2022 in Review

2022-04-19 17:52:17

cisa

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

2022-06-23 00:00:00

Ivanti Updates Log4j Advisory with Security Updates for Multiple Products

2022-01-14 00:00:00

osv

Critical vulnerability in log4j may affect generated PEAR projects

2021-12-16 21:01:51

apache-log4j2 vulnerability

2021-12-17 12:46:46

apache-log4j2 vulnerability

2021-12-14 13:39:20

hivepro

Iranian hackers leveraged Log4Shell to penetrate US federal agency

2022-11-17 12:28:57

Monti ransomware infiltrates networks via the well-known Log4Shell

2022-09-16 10:51:13

msrc

CVE-2021-44228 Apache Log4j 2 に対するマイクロソフトの対応

2021-12-12 08:00:00

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

2021-12-12 05:28:18

mssecure

MERCURY and DEV-1084: Destructive attack on hybrid environment

2023-04-07 16:00:00

nessus

Cisco SD-WAN vManage Log4j Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)

2022-05-16 00:00:00

FreeBSD : graylog -- include log4j patches (3fadd7e4-f8fb-45a0-a218-8fd6423c338f)

2021-12-13 00:00:00

Ubuntu 16.04 ESM : Apache Log4j 2 vulnerability (USN-5192-2)

2021-12-17 00:00:00

impervablog

Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions

2021-12-14 22:55:49

Analytics Are Essential for Effective Database Security

2022-01-13 15:23:02

talosblog

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

2024-02-21 13:54:48

kaspersky

KLA12395 RCE vulnerability in Microsoft SQL Server

2021-12-16 00:00:00

KLA12392 RCE vulnerability in Microsoft Azure

2021-12-16 00:00:00

cisa_kev

Apache Log4j2 Remote Code Execution Vulnerability

2021-12-10 00:00:00

redhat

(RHSA-2021:5126) Critical: Red Hat Integration Camel Extensions for Quarkus GA security update

2021-12-14 16:15:45

(RHSA-2021:5093) Critical: Red Hat build of Eclipse Vert.x 4.1.5 SP1 security update

2021-12-14 15:57:34

(RHSA-2021:5130) Critical: Red Hat Integration Camel-K 1.6.2 release and security update

2021-12-14 17:51:25

fedora

[SECURITY] Fedora 34 Update: log4j-2.16.0-1.fc34

2021-12-22 01:14:26

openvas

Debian: Security Advisory (DLA-2842-1)

2021-12-13 00:00:00

openSUSE: Security Advisory for logback (openSUSE-SU-2021:1613-1)

2022-02-01 00:00:00

akamaiblog

Threat Intelligence on Log4j CVE: Key Findings and Their Implications

2021-12-17 19:30:00

veracode

Remote Code Execution (RCE)

2021-12-10 15:09:45

cve

CVE-2021-44228

2021-12-10 10:15:00

packetstorm

Intel Data Center Manager 5.1 Local Privilege Escalation

2022-12-09 00:00:00

Log4Shell HTTP Header Injection

2022-01-12 00:00:00

MobileIron Log4Shell Remote Command Execution

2022-08-03 00:00:00

amd

AMD Response to Log4j (Log4Shell) Vulnerability

2021-12-15 00:00:00

thn

NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon

2022-01-08 07:04:00

Last Years Open Source - Tomorrow's Vulnerabilities

2022-11-01 12:04:00

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

2022-08-27 03:23:00

suse

Security update for log4j (important)

2021-12-12 00:00:00

mmpc

Build a stronger cybersecurity team through diversity and training

2022-01-20 17:00:00

github

Apache Log4j Remote Code Execution

2021-12-14 21:07:14

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.976 High

EPSS

Percentile

100.0%

JSON

Related for MGASA-2021-0556