gptkbp:instance_of
|
gptkb:vulnerability
|
gptkbp:affected_platforms
|
Any platform using Log4j.
|
gptkbp:attack_complexity
|
gptkb:Low
|
gptkbp:availability
|
gptkb:High
|
gptkbp:components
|
JNDI.
|
gptkbp:cvssscore
|
10.0
|
gptkbp:data_privacy
|
gptkb:High
|
gptkbp:description
|
A critical vulnerability in Apache Log4j 2.
|
gptkbp:difficulty_levels
|
Critical
critical
|
gptkbp:disclosure_type
|
Full disclosure
|
gptkbp:discovered_by
|
December 9, 2021
|
gptkbp:discovery
|
Security researcher.
|
gptkbp:discovery_year
|
2021-12-09
|
gptkbp:distributor
|
gptkb:Apache_Software_Foundation
|
gptkbp:environmental_initiatives
|
Apply security patches.
|
gptkbp:exploit_availability
|
Publicly available.
|
gptkbp:exploit_code_maturity
|
gptkb:High
|
gptkbp:exploit_method
|
JNDI injection.
|
gptkbp:exploitation_risk
|
High.
|
gptkbp:has_enemies
|
gptkb:networking
|
https://www.w3.org/2000/01/rdf-schema#label
|
CVE-2021-44228
|
gptkbp:human_interaction
|
gptkb:None
|
gptkbp:impact
|
Java applications
Allows attackers to execute arbitrary code.
Remote Code Execution (RCE)
|
gptkbp:is_a_solution_for
|
Upgrade to Log4j 2.15.0 or later.
|
gptkbp:is_referenced_in
|
https://nvd.nist.gov/vuln/detail/ CVE-2021-44228
|
gptkbp:is_vulnerable_to
|
Easily exploitable
JNDI lookup exploit
Zero-day.
|
gptkbp:latest_version
|
Log4j 2.0 to 2.14.1
|
gptkbp:prevention
|
Disable Jndi Lookup class.
|
gptkbp:privileges_required
|
gptkb:None
|
gptkbp:provides_support_for
|
gptkb:Apache_Log4j_2.x
Web servers using Log4j.
|
gptkbp:publication_year
|
2021-12-10
|
gptkbp:regulatory_compliance
|
Apache Log4j Security Advisory.
|
gptkbp:related_cve
|
gptkb:CVE-2021-45046
gptkb:CVE-2021-45105
|
gptkbp:released
|
Available.
|
gptkbp:remediation_advice
|
Update to the latest version.
|
gptkbp:reported_by
|
Git Hub user
|
gptkbp:reports_to
|
CVE Numbering Authority (CNA)
|
gptkbp:scope
|
Unchanged
|
gptkbp:security
|
gptkb:High
Severe.
Critical.
Immediate response required.
Log4j 2.15.0.
Monitor systems for exploitation.
|
gptkbp:status
|
Publicly disclosed
|
gptkbp:type
|
Vulnerability
|
gptkbp:updates
|
Log4j 2.16.0.
|
gptkbp:vulnerability_class
|
Code Injection
|
gptkbp:vulnerability_disclosure
|
Responsible disclosure.
|
gptkbp:vulnerability_impact
|
Severe impact on security.
|
gptkbp:vulnerability_status
|
Under investigation.
|
gptkbp:vulnerability_timeline
|
Ongoing.
|
gptkbp:bfsParent
|
gptkb:Apache_Log4j
|
gptkbp:bfsLayer
|
5
|