CVE-2021-44228

GPTKB entity

Statements (35)
Predicate Object
gptkbp:instanceOf cybersecurity vulnerability
gptkbp:access false
gptkbp:affects gptkb:Apache_Log4j
gptkbp:allows remote code execution
gptkbp:alsoKnownAs gptkb:Log4Shell
gptkbp:complexity low
gptkbp:discoveredBy gptkb:Alibaba_Cloud_Security_Team
gptkb:Chen_Zhaojun
gptkbp:discoveredIn 2021
gptkbp:exploits true
publicly available
gptkbp:fixes gptkb:Log4j_2.15.0
gptkbp:hasCVSSScore 10.0
gptkbp:hasSeverity Critical
gptkbp:hasVersion gptkb:Log4j_2.0-beta9_to_2.14.1
https://www.w3.org/2000/01/rdf-schema#label CVE-2021-44228
gptkbp:impact integrity
availability
confidentiality
gptkbp:mitigatedBy remove JndiLookup class
update Log4j to 2.15.0 or later
set system property log4j2.formatMsgNoLookups to true
gptkbp:publishedIn 2021-12-09
gptkbp:referencedIn https://logging.apache.org/log4j/2.x/security.html
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-356a
gptkbp:usedIn ransomware attacks
botnet attacks
cryptojacking attacks
gptkbp:vectorFor gptkb:network_protocol
gptkbp:vulnerableTo gptkb:CWE-20
gptkb:CWE-502
JNDI lookup feature
gptkbp:bfsParent gptkb:Log4j
gptkbp:bfsLayer 6