CVE-2021-44228

GPTKB entity

Statements (61)
Predicate Object
gptkbp:instance_of gptkb:vulnerability
gptkbp:affected_platforms Any platform using Log4j.
gptkbp:attack_complexity gptkb:Low
gptkbp:availability gptkb:High
gptkbp:components JNDI.
gptkbp:cvssscore 10.0
gptkbp:data_privacy gptkb:High
gptkbp:description A critical vulnerability in Apache Log4j 2.
gptkbp:difficulty_levels Critical
critical
gptkbp:disclosure_type Full disclosure
gptkbp:discovered_by December 9, 2021
gptkbp:discovery Security researcher.
gptkbp:discovery_year 2021-12-09
gptkbp:distributor gptkb:Apache_Software_Foundation
gptkbp:environmental_initiatives Apply security patches.
gptkbp:exploit_availability Publicly available.
gptkbp:exploit_code_maturity gptkb:High
gptkbp:exploit_method JNDI injection.
gptkbp:exploitation_risk High.
gptkbp:has_enemies gptkb:networking
https://www.w3.org/2000/01/rdf-schema#label CVE-2021-44228
gptkbp:human_interaction gptkb:None
gptkbp:impact Java applications
Allows attackers to execute arbitrary code.
Remote Code Execution (RCE)
gptkbp:is_a_solution_for Upgrade to Log4j 2.15.0 or later.
gptkbp:is_referenced_in https://nvd.nist.gov/vuln/detail/ CVE-2021-44228
gptkbp:is_vulnerable_to Easily exploitable
JNDI lookup exploit
Zero-day.
gptkbp:latest_version Log4j 2.0 to 2.14.1
gptkbp:prevention Disable Jndi Lookup class.
gptkbp:privileges_required gptkb:None
gptkbp:provides_support_for gptkb:Apache_Log4j_2.x
Web servers using Log4j.
gptkbp:publication_year 2021-12-10
gptkbp:regulatory_compliance Apache Log4j Security Advisory.
gptkbp:related_cve gptkb:CVE-2021-45046
gptkb:CVE-2021-45105
gptkbp:released Available.
gptkbp:remediation_advice Update to the latest version.
gptkbp:reported_by Git Hub user
gptkbp:reports_to CVE Numbering Authority (CNA)
gptkbp:scope Unchanged
gptkbp:security gptkb:High
Severe.
Critical.
Immediate response required.
Log4j 2.15.0.
Monitor systems for exploitation.
gptkbp:status Publicly disclosed
gptkbp:type Vulnerability
gptkbp:updates Log4j 2.16.0.
gptkbp:vulnerability_class Code Injection
gptkbp:vulnerability_disclosure Responsible disclosure.
gptkbp:vulnerability_impact Severe impact on security.
gptkbp:vulnerability_status Under investigation.
gptkbp:vulnerability_timeline Ongoing.
gptkbp:bfsParent gptkb:Apache_Log4j
gptkbp:bfsLayer 5