Apache Log4j2 JNDI features do not protect against attacker
controlled LDAP and other JNDI related endpoints. An attacker
who can control log messages or paramters can execute arbitrary
code from attacker-controller LDAP servers when message lookup
substitution is enabled.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgraylog< 4.2.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	graylog	< 4.2.3	UNKNOWN

References

github.com/Graylog2/graylog2-server/commit/d3e441f1126f0dc292e986879039a87c59375b2a

logging.apache.org/log4j/2.x/security.html

rapid7blog 5

ibm 52

githubexploit 51

hackerone 3

nessus 10

threatpost 45

thn 3

github 1

cisa 2

trellix 2

fedora 2

mmpc 1

suse 1

packetstorm 3

hivepro 2

wallarmlab 2

metasploit 1

osv 3

kitploit 1

zdt 1

ubuntu 1

msrc 1

veracode 1

trendmicroblog 1

qualysblog 1

impervablog 1

amd 1

kaspersky 1

rapid7blog

Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List

2022-01-14 14:46:41

Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal

2022-02-17 18:00:00

What's New in InsightVM and Nexpose: Q1 2022 in Review

2022-04-19 17:52:17

ibm

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Operations Center (CVE-2021-44228)

2021-12-20 23:04:27

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Control (CVE-2021-44228)

2022-02-10 11:07:32

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Snapshot for VMware (CVE-2021-44228)

2022-02-01 11:37:31

githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

2022-01-08 00:28:32

Exploit for Deserialization of Untrusted Data in Apache Log4J

2022-04-18 09:16:05

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-12 04:17:08

hackerone

U.S. Dept Of Defense: Log4Shell: RCE 0-day exploit on █████████

2021-12-16 18:32:13

U.S. Dept Of Defense: ██████████ running a vulnerable log4j

2021-12-11 00:16:38

U.S. Dept Of Defense: ███ ████████ running a vulnerable log4j

2021-12-31 00:55:49

nessus

Cisco Identity Services Log4j Engine Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)

2022-05-02 00:00:00

Amazon Linux 2 : log4j-cve-2021-44228-hotpatch (ALAS-2022-1806)

2022-06-16 00:00:00

FreeBSD : serviio -- affected by log4j vulnerability (1ea05bb8-5d74-11ec-bb1e-001517a2e1a4)

2021-12-15 00:00:00

threatpost

PowerPoint Files Abused to Take Over Computers

2022-02-03 14:00:25

RCE Bugs in WhatsApp, Other Hugely Popular VoIP Apps: Patch Now!

2022-03-01 21:44:32

Top 3 Attack Trends in API Security – Podcast

2022-03-24 13:00:59

thn

Last Years Open Source - Tomorrow's Vulnerabilities

2022-11-01 12:04:00

NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon

2022-01-08 07:04:00

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

2022-08-27 03:23:00

github

Apache Log4j Remote Code Execution

2021-12-14 21:07:14

cisa

Ivanti Updates Log4j Advisory with Security Updates for Multiple Products

2022-01-14 00:00:00

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

2022-06-23 00:00:00

trellix

Log4J and The Memory That Knew Too Much

2022-01-19 00:00:00

Log4J and The Memory That Knew Too Much

2022-01-19 00:00:00

fedora

[SECURITY] Fedora 34 Update: jansi-2.1.1-4.fc34

2021-12-22 01:14:26

[SECURITY] Fedora 34 Update: log4j-2.16.0-1.fc34

2021-12-22 01:14:26

mmpc

Build a stronger cybersecurity team through diversity and training

2022-01-20 17:00:00

suse

Security update for log4j (important)

2021-12-12 00:00:00

packetstorm

Apache Log4j2 2.14.1 Information Disclosure

2021-12-14 00:00:00

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution

2022-01-24 00:00:00

Log4Shell HTTP Header Injection

2022-01-12 00:00:00

hivepro

Monti ransomware infiltrates networks via the well-known Log4Shell

2022-09-16 10:51:13

Iranian hackers leveraged Log4Shell to penetrate US federal agency

2022-11-17 12:28:57

wallarmlab

Log4j 0day mitigation update CVE-2021-44228

2021-12-10 20:56:40

Update on Log4Shell (CVE-2021-44228)

2021-12-10 20:22:36

metasploit

Log4Shell HTTP Header Injection

2021-12-29 14:10:07

osv

apache-log4j2 vulnerability

2021-12-17 12:46:46

apache-log4j2 - security update

2021-12-12 00:00:00

apache-log4j2 vulnerability

2021-12-14 13:39:20

kitploit

NodeSecurityShield - A Developer And Security Engineer Friendly Package For Securing NodeJS Applications

2022-05-14 21:30:00

zdt

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution Exploit

2022-01-24 00:00:00

ubuntu

Apache Log4j 2 vulnerability

2021-12-17 00:00:00

msrc

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

2021-12-12 05:28:18

veracode

Remote Code Execution (RCE)

2021-12-10 15:09:45

trendmicroblog

Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited

2021-12-13 00:00:00

qualysblog

Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation

2021-12-28 18:00:00

impervablog

Analytics Are Essential for Effective Database Security

2022-01-13 15:23:02

amd

AMD Response to Log4j (Log4Shell) Vulnerability

2021-12-15 00:00:00

kaspersky

KLA12395 RCE vulnerability in Microsoft SQL Server

2021-12-16 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%

JSON

Related for 3FADD7E4-F8FB-45A0-A218-8FD6423C338F