|
gptkbp:instanceOf
|
cybersecurity vulnerability
|
|
gptkbp:access
|
false
|
|
gptkbp:affects
|
gptkb:Apache_Log4j
|
|
gptkbp:allows
|
remote code execution
|
|
gptkbp:alsoKnownAs
|
gptkb:Log4Shell
|
|
gptkbp:complexity
|
low
|
|
gptkbp:discoveredBy
|
gptkb:Alibaba_Cloud_Security_Team
gptkb:Chen_Zhaojun
|
|
gptkbp:discoveredIn
|
2021
|
|
gptkbp:exploits
|
true
publicly available
|
|
gptkbp:fixes
|
gptkb:Log4j_2.15.0
|
|
gptkbp:hasCVSSScore
|
10.0
|
|
gptkbp:hasSeverity
|
Critical
|
|
gptkbp:hasVersion
|
gptkb:Log4j_2.0-beta9_to_2.14.1
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
CVE-2021-44228
|
|
gptkbp:impact
|
integrity
availability
confidentiality
|
|
gptkbp:mitigatedBy
|
remove JndiLookup class
update Log4j to 2.15.0 or later
set system property log4j2.formatMsgNoLookups to true
|
|
gptkbp:publishedIn
|
2021-12-09
|
|
gptkbp:referencedIn
|
https://logging.apache.org/log4j/2.x/security.html
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-356a
|
|
gptkbp:usedIn
|
ransomware attacks
botnet attacks
cryptojacking attacks
|
|
gptkbp:vectorFor
|
gptkb:network_protocol
|
|
gptkbp:vulnerableTo
|
gptkb:CWE-20
gptkb:CWE-502
JNDI lookup feature
|
|
gptkbp:bfsParent
|
gptkb:Log4j
|
|
gptkbp:bfsLayer
|
6
|