CVE-2021-44228
Unknown
Unknown - Not Provided
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3,
Publication date: 2021-12-10
Last updated on: 2026-02-20
Assigner: Apache Software Foundation
Description
Description
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| cisco | prime_service_catalog | 12.1 |
| cisco | firepower_threat_defense | 6.2.3 |
| cisco | webex_meetings_server | 3.0 |
| cisco | firepower_threat_defense | 6.4.0 |
| cisco | firepower_threat_defense | 6.3.0 |
| cisco | webex_meetings_server | 4.0 |
| cisco | unity_connection | 11.5 |
| cisco | firepower_threat_defense | 6.5.0 |
| cisco | firepower_threat_defense | 6.6.0 |
| cisco | sd-wan_vmanage | 20.3 |
| cisco | sd-wan_vmanage | 20.6 |
| cisco | sd-wan_vmanage | 20.5 |
| cisco | unified_contact_center_enterprise | 11.6(2) |
| cisco | cyber_vision_sensor_management_extension | 4.0.2 |
| cisco | dna_spaces_connector | * |
| cisco | unified_sip_proxy | 010.002(001) |
| cisco | unified_sip_proxy | 010.002(000) |
| cisco | unified_sip_proxy | 010.000(001) |
| cisco | unified_sip_proxy | 010.000(000) |
| cisco | unified_intelligence_center | 12.6(2) |
| cisco | unified_intelligence_center | 12.6(1) |
| cisco | unified_intelligence_center | 12.6(1) |
| cisco | unified_intelligence_center | 12.6(1) |
| cisco | unified_customer_voice_portal | 12.6(1) |
| cisco | unified_customer_voice_portal | 12.5(1) |
| cisco | unified_customer_voice_portal | 12.0(1) |
| cisco | unified_customer_voice_portal | 11.6(1) |
| cisco | unified_contact_center_express | 12.5(1) |
| cisco | unified_contact_center_express | 12.5(1) |
| cisco | unified_communications_manager_im_&_presence_service | 11.5(1.22900.6) |
| cisco | unified_communications_manager_im_&_presence_service | 11.5(1) |
| cisco | unified_communications_manager | 11.5(1.22900.28) |
| cisco | unified_communications_manager | 11.5(1.21900.40) |
| cisco | unified_communications_manager | 11.5(1.18900.97) |
| cisco | unified_communications_manager | 11.5(1.18119.2) |
| cisco | unified_communications_manager | 11.5(1.17900.52) |
| cisco | paging_server | 9.1(1) |
| cisco | paging_server | 9.0(2) |
| cisco | paging_server | 9.0(1) |
| cisco | paging_server | 8.5(1) |
| cisco | paging_server | 8.4(1) |
| cisco | paging_server | 8.3(1) |
| cisco | paging_server | 14.0(1) |
| cisco | paging_server | 12.5(2) |
| cisco | unified_contact_center_enterprise | 12.6(2) |
| cisco | unified_contact_center_enterprise | 12.6(1) |
| cisco | unified_contact_center_enterprise | 12.5(1) |
| cisco | unified_contact_center_enterprise | 12.0(1) |
| cisco | finesse | 12.6(1) |
| cisco | finesse | 12.6(1) |
| cisco | finesse | 12.6(1) |
| cisco | finesse | 12.6(1) |
| cisco | finesse | 12.5(1) |
| cisco | finesse | 12.5(1) |
| cisco | enterprise_chat_and_email | 12.6(1) |
| cisco | enterprise_chat_and_email | 12.5(1) |
| cisco | enterprise_chat_and_email | 12.0(1) |
| cisco | emergency_responder | 11.5(4.66000.14) |
| cisco | emergency_responder | 11.5(4.65000.14) |
| cisco | emergency_responder | 11.5 |
| cisco | unified_contact_center_management_portal | 12.6(1) |
| cisco | unified_contact_center_express | 12.6(2) |
| cisco | unified_contact_center_express | 12.6(1) |
| cisco | broadworks | * |
| cisco | unified_computing_system | 006.008(001.000) |
| cisco | ucs_central_software | 2.0(1l) |
| cisco | ucs_central_software | 2.0(1k) |
| cisco | ucs_central_software | 2.0(1h) |
| cisco | ucs_central_software | 2.0(1g) |
| cisco | ucs_central_software | 2.0(1f) |
| cisco | ucs_central_software | 2.0(1e) |
| cisco | ucs_central_software | 2.0(1d) |
| cisco | ucs_central_software | 2.0(1c) |
| cisco | ucs_central_software | 2.0(1b) |
| cisco | ucs_central_software | 2.0(1a) |
| cisco | ucs_central_software | 2.0 |
| cisco | integrated_management_controller_supervisor | 2.3.2.0 |
| cisco | integrated_management_controller_supervisor | 002.003(002.000) |
| cisco | sd-wan_vmanage | 20.6.1 |
| cisco | sd-wan_vmanage | 20.8 |
| cisco | sd-wan_vmanage | 20.7 |
| cisco | sd-wan_vmanage | 20.4 |
| cisco | optical_network_controller | 1.1 |
| cisco | network_assurance_engine | 6.0(2.1912) |
| cisco | dna_center | 2.2.2.8 |
| cisco | wan_automation_engine | 7.6 |
| cisco | wan_automation_engine | 7.5 |
| cisco | wan_automation_engine | 7.4 |
| cisco | wan_automation_engine | 7.3 |
| cisco | wan_automation_engine | 7.2.3 |
| cisco | wan_automation_engine | 7.2.2 |
| cisco | wan_automation_engine | 7.2.1 |
| cisco | wan_automation_engine | 7.1.3 |
| cisco | virtual_topology_system | 2.6.6 |
| cisco | smart_phy | 3.2.1 |
| cisco | smart_phy | 3.1.5 |
| cisco | smart_phy | 3.1.4 |
| cisco | smart_phy | 3.1.3 |
| cisco | smart_phy | 3.1.2 |
| cisco | smart_phy | 21.3 |
| cisco | network_services_orchestrator | * |
| cisco | intersight_virtual_appliance | 1.0.9-343 |
| cisco | evolved_programmable_network_manager | 5.1 |
| cisco | evolved_programmable_network_manager | 5.0 |
| cisco | evolved_programmable_network_manager | 4.1 |
| cisco | evolved_programmable_network_manager | 4.0 |
| cisco | evolved_programmable_network_manager | 3.1 |
| cisco | evolved_programmable_network_manager | 3.0 |
| cisco | network_dashboard_fabric_controller | 11.5(3) |
| cisco | network_dashboard_fabric_controller | 11.5(2) |
| cisco | network_dashboard_fabric_controller | 11.5(1) |
| cisco | network_dashboard_fabric_controller | 11.4(1) |
| cisco | network_dashboard_fabric_controller | 11.3(1) |
| cisco | network_dashboard_fabric_controller | 11.2(1) |
| cisco | network_dashboard_fabric_controller | 11.1(1) |
| cisco | network_dashboard_fabric_controller | 11.0(1) |
| cisco | video_surveillance_manager | 7.14(4.018) |
| cisco | video_surveillance_manager | 7.14(3.025) |
| cisco | video_surveillance_manager | 7.14(2.26) |
| cisco | video_surveillance_manager | 7.14(1.26) |
| cisco | unified_workforce_optimization | 11.5(1) |
| cisco | unity_connection | 11.5(1.10000.6) |
| cisco | automated_subsea_tuning | 02.01.00 |
| cisco | identity_services_engine | 003.002(000.116) |
| cisco | identity_services_engine | 003.001(000.518) |
| cisco | identity_services_engine | 003.000(000.458) |
| cisco | identity_services_engine | 002.007(000.356) |
| cisco | identity_services_engine | 002.006(000.156) |
| cisco | identity_services_engine | 002.004(000.914) |
| cisco | firepower_threat_defense | 7.1.0 |
| cisco | firepower_threat_defense | 7.0.0 |
| cisco | firepower_threat_defense | 6.7.0 |
| cisco | network_insights_for_data_center | 6.0(2.1914) |
| cisco | cx_cloud_agent | 001.012 |
| cisco | mobility_services_engine | * |
| cisco | dna_spaces | * |
| cisco | cyber_vision | 4.0.2 |
| cisco | crosswork_network_automation | 4.1.1 |
| cisco | crosswork_network_automation | 4.1.0 |
| cisco | crosswork_network_automation | * |
| cisco | crosswork_network_automation | 3.0.0 |
| cisco | crosswork_network_automation | 2.0.0 |
| cisco | common_services_platform_collector | 002.010(000.000) |
| cisco | common_services_platform_collector | 002.009(001.002) |
| cisco | common_services_platform_collector | 002.009(001.001) |
| cisco | common_services_platform_collector | 002.009(001.000) |
| cisco | common_services_platform_collector | 002.009(000.002) |
| cisco | common_services_platform_collector | 002.009(000.001) |
| cisco | common_services_platform_collector | 002.009(000.000) |
| cisco | cloudcenter_suite | 4.10.0.15 |
| cisco | cloudcenter_suite | 5.3.0 |
| cisco | cloudcenter_suite | 5.4.1 |
| cisco | cloudcenter_suite | 5.5.0 |
| cisco | cloudcenter_suite | 5.5.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-917 | The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. |
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me?
If you use software that relies on Apache Log4j2 and it is affected by this vulnerability, attackers could potentially take control of your system. This could lead to unauthorized access to sensitive information, data loss, or even complete system compromise.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?
This vulnerability could put your organization at risk of non-compliance with regulations like GDPR and HIPAA. If sensitive data is exposed or compromised due to this vulnerability, it could lead to legal penalties and damage to your reputation.
What immediate steps should I take to mitigate this vulnerability?
From log4j version 2.15.0, the vulnerable behavior has been disabled by default. To fully mitigate the vulnerability, upgrade to log4j version 2.16.0 or later, or apply the necessary patches if available.
Can you explain this vulnerability to me?
This vulnerability, known as CVE-2021-44228, affects a software called Apache Log4j2. It allows attackers to run harmful code on a server if they can control the messages that are logged. This is possible because the software did not properly secure certain features that let it connect to external servers. The issue has been fixed in later versions of the software.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2021-12-10
CVE Last Modified Date:
2026-02-20
Report Generation Date:
2026-02-21
AI Powered Q&A Generation:
2024-11-28
EPSS Last Evaluated Date:
2025-08-20
NVD Report Link: