Lucene search
HistoryDec 10, 2021 - 10:15 a.m.
CVE-2021-44228
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.976 High
EPSS
Percentile
100.0%
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Affected configurations
Node
apachelog4jRange2.0.1–2.3.1
ORapachelog4jRange2.4.0–2.12.2
ORapachelog4jRange2.13.0–2.15.0
ORapachelog4jMatch2.0-
ORapachelog4jMatch2.0beta9
ORapachelog4jMatch2.0rc1
ORapachelog4jMatch2.0rc2
Node
siemenssppa-t3000_ses3000Match-
siemenssppa-t3000_ses3000_firmware
Node
siemenscaptialRange<2019.1
ORsiemenscaptialMatch2019.1-
ORsiemenscaptialMatch2019.1sp1912
ORsiemenscomos
ORsiemensdesigo_cc_advanced_reportsMatch4.0
ORsiemensdesigo_cc_advanced_reportsMatch4.1
ORsiemensdesigo_cc_advanced_reportsMatch4.2
ORsiemensdesigo_cc_advanced_reportsMatch5.0
ORsiemensdesigo_cc_advanced_reportsMatch5.1
ORsiemensdesigo_cc_info_centerMatch5.0
ORsiemensdesigo_cc_info_centerMatch5.1
ORsiemense-car_operation_centerRange<2021-12-13
ORsiemensenergy_engageMatch3.1
ORsiemensenergyipMatch8.5
ORsiemensenergyipMatch8.6
ORsiemensenergyipMatch8.7
ORsiemensenergyipMatch9.0
ORsiemensenergyip_prepayMatch3.7
ORsiemensenergyip_prepayMatch3.8
ORsiemensgma-managerRange<8.6.2j-398
ORsiemenshead-end_system_universal_device_integration_system
ORsiemensindustrial_edge_management
ORsiemensindustrial_edge_management_hubRange<2021-12-13
ORsiemenslogo\!_soft_comfort
ORsiemensmendix
ORsiemensmindsphereRange<2021-12-11
ORsiemensnavigatorRange<2021-12-13
ORsiemensnx
ORsiemensopcenter_intelligenceRange≤3.2
ORsiemensoperation_schedulerRange≤1.1.3
ORsiemenssentron_powermanagerMatch4.1
ORsiemenssentron_powermanagerMatch4.2
ORsiemenssiguard_dsaMatch4.2
ORsiemenssiguard_dsaMatch4.3
ORsiemenssiguard_dsaMatch4.4
ORsiemenssipass_integratedMatch2.80
ORsiemenssipass_integratedMatch2.85
ORsiemenssiveillance_commandRange≤4.16.2.1
ORsiemenssiveillance_control_pro
ORsiemenssiveillance_identityMatch1.5
ORsiemenssiveillance_identityMatch1.6
ORsiemenssiveillance_vantage
ORsiemenssiveillance_viewpoint
ORsiemenssolid_edge_cam_pro
ORsiemenssolid_edge_harness_designRange<2020
ORsiemenssolid_edge_harness_designMatch2020
ORsiemenssolid_edge_harness_designMatch2020-
ORsiemenssolid_edge_harness_designMatch2020sp2002
ORsiemensspectrum_power_4Range<4.70
ORsiemensspectrum_power_4Match4.70-
ORsiemensspectrum_power_4Match4.70sp7
ORsiemensspectrum_power_4Match4.70sp8
ORsiemensspectrum_power_7Range<2.30
ORsiemensspectrum_power_7Match2.30
ORsiemensspectrum_power_7Match2.30-
ORsiemensspectrum_power_7Match2.30sp2
ORsiemensteamcenter
ORsiemensvesysRange<2019.1
ORsiemensvesysMatch2019.1
ORsiemensvesysMatch2019.1-
ORsiemensvesysMatch2019.1sp1912
ORsiemensxpedition_enterpriseMatch-
ORsiemensxpedition_package_integratorMatch-
Node
intelaudio_development_kitMatch-
ORintelcomputer_vision_annotation_toolMatch-
ORinteldata_center_managerRange<5.1
ORintelgenomics_kernel_libraryMatch-
ORinteloneapi_sample_browserMatch-eclipse
ORintelsecure_device_onboardMatch-
ORintelsensor_solution_firmware_development_kitMatch-
ORintelsystem_debuggerMatch-
ORintelsystem_studioMatch-
Node
debiandebian_linuxMatch9.0
ORdebiandebian_linuxMatch10.0
ORdebiandebian_linuxMatch11.0
Node
fedoraprojectfedoraMatch34
ORfedoraprojectfedoraMatch35
Node
sonicwallemail_securityRange<10.0.12
Node
netappactive_iq_unified_managerMatch-linux
ORnetappactive_iq_unified_managerMatch-vmware_vsphere
ORnetappactive_iq_unified_managerMatch-windows
ORnetappcloud_insightsMatch-
ORnetappcloud_managerMatch-
ORnetappcloud_secure_agentMatch-
ORnetapponcommand_insightMatch-
ORnetappontap_toolsMatch-vmware_vsphere
ORnetappsnapcenterMatch-vmware_vsphere
Node
ciscoadvanced_malware_protection_virtual_private_cloud_applianceRange<3.5.4
ORciscoautomated_subsea_tuningRange<2.1.0
ORciscobroadworksRange<2021.11_1.162
ORciscobusiness_process_automationRange<3.0.000.115
ORciscobusiness_process_automationRange3.1.000.000–3.1.000.044
ORciscobusiness_process_automationRange3.2.000.000–3.2.000.009
ORciscocloud_connectRange<12.6\(1\)
ORciscocloudcenterRange<4.10.0.16
ORciscocloudcenter_cost_optimizerRange<5.5.2
ORciscocloudcenter_suite_adminRange<5.3.1
ORciscocloudcenter_workload_managerRange<5.5.2
ORciscocommon_services_platform_collectorRange<2.9.1.3
ORciscocommon_services_platform_collectorRange2.10.0–2.10.0.1
ORciscoconnected_mobile_experiencesMatch-
ORciscocontact_center_domain_managerRange<12.5\(1\)
ORciscocontact_center_management_portalRange<12.5\(1\)
ORciscocrosswork_data_gatewayRange<2.0.2
ORciscocrosswork_data_gatewayMatch3.0.0
ORciscocrosswork_network_controllerRange<2.0.1
ORciscocrosswork_network_controllerMatch3.0.0
ORciscocrosswork_optimization_engineRange<2.0.1
ORciscocrosswork_optimization_engineMatch3.0.0
ORciscocrosswork_platform_infrastructureRange<4.0.1
ORciscocrosswork_platform_infrastructureMatch4.1.0
ORciscocrosswork_zero_touch_provisioningRange<2.0.1
ORciscocrosswork_zero_touch_provisioningMatch3.0.0
ORciscocustomer_experience_cloud_agentRange<1.12.1
ORciscocyber_vision_sensor_management_extensionRange<4.0.3
ORciscodata_center_network_managerRange<11.3\(1\)
ORciscodata_center_network_managerMatch11.3\(1\)
ORciscodna_centerRange<2.1.2.8
ORciscodna_centerRange2.2.2.0–2.2.2.8
ORciscodna_centerRange2.2.3.0–2.2.3.4
ORciscodna_spaces\Match_connector
ORciscoemergency_responderRange<11.5\(4\)
ORciscoenterprise_chat_and_emailRange<12.0\(1\)
ORciscoevolved_programmable_network_managerRange≤4.1.1
ORciscofinesseRange<12.6\(1\)
ORciscofinesseMatch12.6\(1\)
ORciscofog_directorMatch-
ORciscoidentity_services_engineRange<2.4.0
ORciscoidentity_services_engineMatch2.4.0-
ORciscointegrated_management_controller_supervisorRange<2.3.2.1
ORciscointersight_virtual_applianceRange<1.0.9-361
ORciscoiot_operations_dashboardMatch-
ORcisconetwork_assurance_engineRange<6.0.2
ORcisconetwork_services_orchestratorRange<5.3.5.1
ORcisconetwork_services_orchestratorRange5.4–5.4.5.2
ORcisconetwork_services_orchestratorRange5.5–5.5.4.1
ORcisconetwork_services_orchestratorRange5.6–5.6.3.1
ORcisconexus_dashboardRange<2.1.2
ORcisconexus_insightsRange<6.0.2
ORciscooptical_network_controllerRange<1.1.0
ORciscopackaged_contact_center_enterpriseRange<11.6
ORciscopackaged_contact_center_enterpriseMatch11.6\(1\)
ORciscopaging_serverRange<14.4.1
ORciscoprime_service_catalogRange<12.1
ORciscosd-wan_vmanageRange<20.3.4.1
ORciscosd-wan_vmanageRange20.4–20.4.2.1
ORciscosd-wan_vmanageRange20.5–20.5.1.1
ORciscosd-wan_vmanageRange20.6–20.6.2.1
ORciscosmart_phyRange<3.2.1
ORciscoucs_centralRange<2.0\(1p\)
ORciscoucs_directorRange<6.8.2.0
ORciscounified_communications_managerRange<11.5\(1\)-
ORciscounified_communications_managerRange<11.5\(1\)session_management
ORciscounified_communications_managerMatch11.5\(1\)
ORciscounified_communications_managerMatch11.5\(1\)-
ORciscounified_communications_managerMatch11.5\(1\)session_management
ORciscounified_communications_managerMatch11.5\(1\)su3
ORciscounified_communications_manager_im_and_presence_serviceRange<11.5\(1\)
ORciscounified_communications_manager_im_and_presence_serviceMatch11.5\(1\)
ORciscounified_contact_center_enterpriseRange<11.6\(2\)
ORciscounified_contact_center_enterpriseMatch11.6\(2\)
ORciscounified_contact_center_expressRange<12.5\(1\)
ORciscounified_customer_voice_portalRange<11.6
ORciscounified_customer_voice_portalMatch11.6
ORciscounified_customer_voice_portalMatch12.0
ORciscounified_customer_voice_portalMatch12.5
ORciscounity_connectionRange<11.5\(1\)
ORciscovideo_surveillance_operations_managerRange<7.14.4
ORciscovirtual_topology_systemRange<2.6.7
ORciscovirtualized_infrastructure_managerRange<3.2.0
ORciscovirtualized_infrastructure_managerRange3.4.0–3.4.4
ORciscovirtualized_voice_browserRange<12.5\(1\)
ORciscowan_automation_engineRange<7.3.0.2
ORciscowebex_meetings_serverRange<3.0
ORciscowebex_meetings_serverMatch3.0-
ORciscowebex_meetings_serverMatch3.0maintenance_release1
ORciscowebex_meetings_serverMatch3.0maintenance_release2
ORciscowebex_meetings_serverMatch3.0maintenance_release3
ORciscowebex_meetings_serverMatch3.0maintenance_release3-
ORciscowebex_meetings_serverMatch3.0maintenance_release3_security_patch4
ORciscowebex_meetings_serverMatch3.0maintenance_release3_security_patch5
ORciscowebex_meetings_serverMatch3.0maintenance_release3_service_pack_2
ORciscowebex_meetings_serverMatch3.0maintenance_release3_service_pack_3
ORciscowebex_meetings_serverMatch3.0maintenance_release4
ORciscowebex_meetings_serverMatch4.0-
ORciscowebex_meetings_serverMatch4.0maintenance_release1
ORciscowebex_meetings_serverMatch4.0maintenance_release2
ORciscowebex_meetings_serverMatch4.0maintenance_release3
ORciscoworkload_optimization_managerRange<3.2.1
ORciscounified_intelligence_centerRange<12.6\(1\)
ORciscounified_sip_proxyRange<10.2.1v2
ORciscounified_workforce_optimizationRange<11.5\(1\)
Node
ciscofirepower_1010Match-
ORciscofirepower_1120Match-
ORciscofirepower_1140Match-
ORciscofirepower_1150Match-
ORciscofirepower_2110Match-
ORciscofirepower_2120Match-
ORciscofirepower_2130Match-
ORciscofirepower_2140Match-
ORciscofirepower_4110Match-
ORciscofirepower_4112Match-
ORciscofirepower_4115Match-
ORciscofirepower_4120Match-
ORciscofirepower_4125Match-
ORciscofirepower_4140Match-
ORciscofirepower_4145Match-
ORciscofirepower_4150Match-
ORciscofirepower_9300Match-
ciscofxosMatch6.2.3
ORciscofxosMatch6.3.0
ORciscofxosMatch6.4.0
ORciscofxosMatch6.5.0
ORciscofxosMatch6.6.0
ORciscofxosMatch6.7.0
ORciscofxosMatch7.0.0
ORciscofxosMatch7.1.0
Node
ciscoautomated_subsea_tuningMatch02.01.00
ORciscobroadworksMatch-
ORciscocloudcenter_suiteMatch4.10\(0.15\)
ORciscocloudcenter_suiteMatch5.3\(0\)
ORciscocloudcenter_suiteMatch5.4\(1\)
ORciscocloudcenter_suiteMatch5.5\(0\)
ORciscocloudcenter_suiteMatch5.5\(1\)
ORciscocommon_services_platform_collectorMatch002.009\(000.000\)
ORciscocommon_services_platform_collectorMatch002.009\(000.001\)
ORciscocommon_services_platform_collectorMatch002.009\(000.002\)
ORciscocommon_services_platform_collectorMatch002.009\(001.000\)
ORciscocommon_services_platform_collectorMatch002.009\(001.001\)
ORciscocommon_services_platform_collectorMatch002.009\(001.002\)
ORciscocommon_services_platform_collectorMatch002.010\(000.000\)
ORciscoconnected_analytics_for_network_deploymentMatch006.004.000.003
ORciscoconnected_analytics_for_network_deploymentMatch006.005.000.
ORciscoconnected_analytics_for_network_deploymentMatch006.005.000.000
ORciscoconnected_analytics_for_network_deploymentMatch007.000.001
ORciscoconnected_analytics_for_network_deploymentMatch007.001.000
ORciscoconnected_analytics_for_network_deploymentMatch007.002.000
ORciscoconnected_analytics_for_network_deploymentMatch7.3
ORciscoconnected_analytics_for_network_deploymentMatch007.003.000
ORciscoconnected_analytics_for_network_deploymentMatch007.003.001.001
ORciscoconnected_analytics_for_network_deploymentMatch007.003.003
ORciscoconnected_analytics_for_network_deploymentMatch008.000.000
ORciscoconnected_analytics_for_network_deploymentMatch008.000.000.000.004
ORciscocrosswork_network_automationMatch-
ORciscocrosswork_network_automationMatch2.0.0
ORciscocrosswork_network_automationMatch3.0.0
ORciscocrosswork_network_automationMatch4.1.0
ORciscocrosswork_network_automationMatch4.1.1
ORciscocx_cloud_agentMatch001.012
ORciscocyber_visionMatch4.0.2
ORciscocyber_vision_sensor_management_extensionMatch4.0.2
ORciscodna_centerMatch2.2.2.8
ORciscodna_spacesMatch-
ORciscodna_spaces_connectorMatch-
ORciscoemergency_responderMatch11.5
ORciscoemergency_responderMatch11.5\(4.65000.14\)
ORciscoemergency_responderMatch11.5\(4.66000.14\)
ORciscoenterprise_chat_and_emailMatch12.0\(1\)
ORciscoenterprise_chat_and_emailMatch12.5\(1\)
ORciscoenterprise_chat_and_emailMatch12.6\(1\)
ORciscoevolved_programmable_network_managerMatch3.0
ORciscoevolved_programmable_network_managerMatch3.1
ORciscoevolved_programmable_network_managerMatch4.0
ORciscoevolved_programmable_network_managerMatch4.1
ORciscoevolved_programmable_network_managerMatch5.0
ORciscoevolved_programmable_network_managerMatch5.1
ORciscofinesseMatch12.5\(1\)su1
ORciscofinesseMatch12.5\(1\)su2
ORciscofinesseMatch12.6\(1\)-
ORciscofinesseMatch12.6\(1\)es01
ORciscofinesseMatch12.6\(1\)es02
ORciscofinesseMatch12.6\(1\)es03
ORciscofirepower_threat_defenseMatch6.2.3
ORciscofirepower_threat_defenseMatch6.3.0
ORciscofirepower_threat_defenseMatch6.4.0
ORciscofirepower_threat_defenseMatch6.5.0
ORciscofirepower_threat_defenseMatch6.6.0
ORciscofirepower_threat_defenseMatch6.7.0
ORciscofirepower_threat_defenseMatch7.0.0
ORciscofirepower_threat_defenseMatch7.1.0
ORciscoidentity_services_engineMatch002.004\(000.914\)-
ORciscoidentity_services_engineMatch002.006\(000.156\)-
ORciscoidentity_services_engineMatch002.007\(000.356\)-
ORciscoidentity_services_engineMatch003.000\(000.458\)-
ORciscoidentity_services_engineMatch003.001\(000.518\)-
ORciscoidentity_services_engineMatch003.002\(000.116\)-
ORciscointegrated_management_controller_supervisorMatch002.003\(002.000\)
ORciscointegrated_management_controller_supervisorMatch2.3.2.0
ORciscointersight_virtual_applianceMatch1.0.9-343
ORciscomobility_services_engineMatch-
ORcisconetwork_assurance_engineMatch6.0\(2.1912\)
ORcisconetwork_dashboard_fabric_controllerMatch11.0\(1\)
ORcisconetwork_dashboard_fabric_controllerMatch11.1\(1\)
ORcisconetwork_dashboard_fabric_controllerMatch11.2\(1\)
ORcisconetwork_dashboard_fabric_controllerMatch11.3\(1\)
ORcisconetwork_dashboard_fabric_controllerMatch11.4\(1\)
ORcisconetwork_dashboard_fabric_controllerMatch11.5\(1\)
ORcisconetwork_dashboard_fabric_controllerMatch11.5\(2\)
ORcisconetwork_dashboard_fabric_controllerMatch11.5\(3\)
ORcisconetwork_insights_for_data_centerMatch6.0\(2.1914\)
ORcisconetwork_services_orchestratorMatch-
ORciscooptical_network_controllerMatch1.1
ORciscopaging_serverMatch8.3\(1\)
ORciscopaging_serverMatch8.4\(1\)
ORciscopaging_serverMatch8.5\(1\)
ORciscopaging_serverMatch9.0\(1\)
ORciscopaging_serverMatch9.0\(2\)
ORciscopaging_serverMatch9.1\(1\)
ORciscopaging_serverMatch12.5\(2\)
ORciscopaging_serverMatch14.0\(1\)
ORciscoprime_service_catalogMatch12.1
ORciscosd-wan_vmanageMatch20.3
ORciscosd-wan_vmanageMatch20.4
ORciscosd-wan_vmanageMatch20.5
ORciscosd-wan_vmanageMatch20.6
ORciscosd-wan_vmanageMatch20.6.1
ORciscosd-wan_vmanageMatch20.7
ORciscosd-wan_vmanageMatch20.8
ORciscosmart_phyMatch3.1.2
ORciscosmart_phyMatch3.1.3
ORciscosmart_phyMatch3.1.4
ORciscosmart_phyMatch3.1.5
ORciscosmart_phyMatch3.2.1
ORciscosmart_phyMatch21.3
ORciscoucs_central_softwareMatch2.0
ORciscoucs_central_softwareMatch2.0\(1a\)
ORciscoucs_central_softwareMatch2.0\(1b\)
ORciscoucs_central_softwareMatch2.0\(1c\)
ORciscoucs_central_softwareMatch2.0\(1d\)
ORciscoucs_central_softwareMatch2.0\(1e\)
ORciscoucs_central_softwareMatch2.0\(1f\)
ORciscoucs_central_softwareMatch2.0\(1g\)
ORciscoucs_central_softwareMatch2.0\(1h\)
ORciscoucs_central_softwareMatch2.0\(1k\)
ORciscoucs_central_softwareMatch2.0\(1l\)
ORciscounified_communications_managerMatch11.5\(1.17900.52\)
ORciscounified_communications_managerMatch11.5\(1.18119.2\)
ORciscounified_communications_managerMatch11.5\(1.18900.97\)
ORciscounified_communications_managerMatch11.5\(1.21900.40\)
ORciscounified_communications_managerMatch11.5\(1.22900.28\)
ORciscounified_communications_manager_im_\&_presence_serviceMatch11.5\(1\)
ORciscounified_communications_manager_im_\&_presence_serviceMatch11.5\(1.22900.6\)
ORciscounified_computing_systemMatch006.008\(001.000\)
ORciscounified_contact_center_enterpriseMatch11.6\(2\)
ORciscounified_contact_center_enterpriseMatch12.0\(1\)
ORciscounified_contact_center_enterpriseMatch12.5\(1\)
ORciscounified_contact_center_enterpriseMatch12.6\(1\)
ORciscounified_contact_center_enterpriseMatch12.6\(2\)
ORciscounified_contact_center_expressMatch12.5\(1\)-
ORciscounified_contact_center_expressMatch12.5\(1\)su1
ORciscounified_contact_center_expressMatch12.6\(1\)
ORciscounified_contact_center_expressMatch12.6\(2\)
ORciscounified_contact_center_management_portalMatch12.6\(1\)
ORciscounified_customer_voice_portalMatch11.6\(1\)
ORciscounified_customer_voice_portalMatch12.0\(1\)
ORciscounified_customer_voice_portalMatch12.5\(1\)
ORciscounified_customer_voice_portalMatch12.6\(1\)
ORciscounified_intelligence_centerMatch12.6\(1\)-
ORciscounified_intelligence_centerMatch12.6\(1\)es01
ORciscounified_intelligence_centerMatch12.6\(1\)es02
ORciscounified_intelligence_centerMatch12.6\(2\)-
ORciscounified_sip_proxyMatch010.000\(000\)
ORciscounified_sip_proxyMatch010.000\(001\)
ORciscounified_sip_proxyMatch010.002\(000\)
ORciscounified_sip_proxyMatch010.002\(001\)
ORciscounified_workforce_optimizationMatch11.5\(1\)sr7
ORciscounity_connectionMatch11.5
ORciscounity_connectionMatch11.5\(1.10000.6\)
ORciscovideo_surveillance_managerMatch7.14\(1.26\)
ORciscovideo_surveillance_managerMatch7.14\(2.26\)
ORciscovideo_surveillance_managerMatch7.14\(3.025\)
ORciscovideo_surveillance_managerMatch7.14\(4.018\)
ORciscovirtual_topology_systemMatch2.6.6
ORciscowan_automation_engineMatch7.1.3
ORciscowan_automation_engineMatch7.2.1
ORciscowan_automation_engineMatch7.2.2
ORciscowan_automation_engineMatch7.2.3
ORciscowan_automation_engineMatch7.3
ORciscowan_automation_engineMatch7.4
ORciscowan_automation_engineMatch7.5
ORciscowan_automation_engineMatch7.6
ORciscowebex_meetings_serverMatch3.0
ORciscowebex_meetings_serverMatch4.0
Node
snowsoftwaresnow_commanderRange<8.10.0
ORsnowsoftwarevm_access_proxyRange<3.6
Node
bentleysynchroRange6.1–6.4.3.2pro
ORbentleysynchro_4dRange<6.2.4.2pro
Node
percussionrhythmyxRange≤7.3.2
References
packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html
packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html
packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html
packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html
packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html
packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html
seclists.org/fulldisclosure/2022/Dec/2
seclists.org/fulldisclosure/2022/Jul/11
seclists.org/fulldisclosure/2022/Mar/23
www.openwall.com/lists/oss-security/2021/12/10/1
www.openwall.com/lists/oss-security/2021/12/10/2
www.openwall.com/lists/oss-security/2021/12/10/3
www.openwall.com/lists/oss-security/2021/12/13/1
www.openwall.com/lists/oss-security/2021/12/13/2
www.openwall.com/lists/oss-security/2021/12/14/4
www.openwall.com/lists/oss-security/2021/12/15/3
cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
github.com/cisagov/log4j-affected-db
github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228
lists.debian.org/debian-lts-announce/2021/12/msg00007.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/
logging.apache.org/log4j/2.x/security.html
msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
security.netapp.com/advisory/ntap-20211210-0007/
support.apple.com/kb/HT213189
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
twitter.com/kurtseifried/status/1469345530182455296
www.bentley.com/en/common-vulnerability-exposure/be-2022-0001
www.debian.org/security/2021/dsa-5020
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
www.kb.cert.org/vuls/id/930724
www.nu11secur1ty.com/2021/12/cve-2021-44228.html
www.oracle.com/security-alerts/alert-cve-2021-44228.html
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2022.html
Related
threatpost
threatpost
The Log4j Vulnerability Puts Pressure on the Security World
2022-01-18 20:21:04
Emotet Now Spreading Through Malicious Excel Files
2022-02-16 13:39:33
Cyberattackers Cook Up Employee Personal Data Heist for Meyer
2022-02-22 20:41:48
nessus
nessus
trellix
trellix
Log4J and The Memory That Knew Too Much
2022-01-19 00:00:00
kitploit
kitploit
ibm
ibm
Security Bulletin: Vulnerabilities in log4j could affect Name Analyzer in IBM InfoSphere Global Name Management (CVE-2021-44228)
2022-04-20 17:04:55
hivepro
hivepro
Monti ransomware infiltrates networks via the well-known Log4Shell
2022-09-16 10:51:13
osv
osv
apache-log4j2 - security update
2021-12-12 00:00:00
apache-log4j2 vulnerability
2021-12-17 12:46:46
apache-log4j2 vulnerability
2021-12-14 13:39:20
thn
thn
NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
2022-01-08 07:04:00
Last Years Open Source - Tomorrow's Vulnerabilities
2022-11-01 12:04:00
rapid7blog
rapid7blog
Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List
2022-01-14 14:46:41
Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal
2022-02-17 18:00:00
3 Takeaways From the 2022 Verizon Data Breach Investigations Report
2022-05-31 13:22:17
freebsd
freebsd
graylog -- include log4j patches
2021-12-10 00:00:00
suse
suse
Security update for log4j (important)
2021-12-12 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Log4Shell: RCE 0-day exploit on █████████
2021-12-16 18:32:13
openvas
openvas
Fedora: Security Advisory for log4j (FEDORA-2021-66d6c484f3)
2021-12-23 00:00:00
Apache JSPWiki 2.11.0 Log4j RCE Vulnerability (Log4Shell) - Active Check
2021-12-20 00:00:00
Mageia: Security Advisory (MGASA-2021-0556)
2022-01-28 00:00:00
cisa
cisa
Ivanti Updates Log4j Advisory with Security Updates for Multiple Products
2022-01-14 00:00:00
metasploit
metasploit
Log4Shell HTTP Header Injection
2021-12-29 14:10:07
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-12 10:53:15
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-12 12:27:39
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-10 18:06:06
ubuntu
ubuntu
Apache Log4j 2 vulnerability
2021-12-17 00:00:00
zdt
zdt
UniFi Network Application Unauthenticated Log4Shell Remote Code Execution Exploit
2022-01-24 00:00:00
AD Manager Plus 7122 - Remote Code Execution Vulnerability
2023-04-02 00:00:00
Apache Log4j 2 - Remote Code Execution Exploit
2021-12-14 00:00:00
wallarmlab
wallarmlab
Log4j 0day mitigation update CVE-2021-44228
2021-12-10 20:56:40
5 things you need to know about Log4Shell (CVE-2021-44228)
2021-12-10 20:40:07
github
github
Apache Log4j Remote Code Execution
2021-12-14 21:07:14
mmpc
mmpc
Build a stronger cybersecurity team through diversity and training
2022-01-20 17:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: jansi-2.1.1-4.fc34
2021-12-22 01:14:26
[SECURITY] Fedora 35 Update: log4j-2.15.0-1.fc35
2021-12-13 17:13:00
packetstorm
packetstorm
UniFi Network Application Unauthenticated Log4Shell Remote Code Execution
2022-01-24 00:00:00
Apache Log4j2 2.14.1 Information Disclosure
2021-12-14 00:00:00
prion
prion
Default configuration
2021-12-10 10:15:00
veeam
veeam
Log4j Vulnerability (CVE-2021-44228)
2021-12-13 00:00:00
akamaiblog
akamaiblog
Our Journey to Detect Log4j-Vulnerable Machines
2021-12-27 19:30:00
qualysblog
qualysblog
Put SecOps in the Driver’s Seat with Custom Assessment and Remediation
2022-05-20 13:00:00
malwarebytes
malwarebytes
CISA Log4Shell warning: Patch VMware Horizon installations immediately
2022-06-27 09:54:58
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.976 High
EPSS
Percentile
100.0%
Related for NVD:CVE-2021-44228