CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2021-44228

CVSS 10.0v3.1pub. 2021-12-10upd. 2026-02-20

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Apache Log4j

    APP
    Apache
    2.02.13.0 – 2.15.0 (bez)2.0.1 – 2.3.1 (bez)2.4.0 – 2.12.2 (bez)
  • Cisco Advanced Malware Protection Virtual Private Cloud Appliance

    APP
    Cisco
    < 3.5.4
  • Cisco Automated Subsea Tuning

    APP
    Cisco
    < 2.1.0
  • Cisco Broadworks

    APP
    Cisco
    < 2021.11_1.162
  • Cisco Business Process Automation

    APP
    Cisco
    3.2.000.000 – 3.2.000.009 (bez)3.1.000.000 – 3.1.000.044 (bez)< 3.0.000.115
  • Cisco Cloudcenter

    APP
    Cisco
    < 4.10.0.16
  • Cisco Cloud Connect

    APP
    Cisco
    < 12.6\(1\)
  • Debian

    OS
    Debian
    10.011.09.0
  • Fedora Project Fedora

    OS
    Fedoraproject
    3435
  • Intel Computer Vision Annotation Tool

    APP
    Intel
    wszystkie wersje
  • Intel Datacenter Manager

    APP
    Intel
    < 5.1
  • Intel Genomics Kernel Library

    APP
    Intel
    wszystkie wersje
  • Intel Oneapi Sample Browser

    APP
    Intel
    wszystkie wersje
  • Intel Secure Device Onboard

    APP
    Intel
    wszystkie wersje
  • Intel System Studio

    APP
    Intel
    wszystkie wersje
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Brocade San Navigator

    APP
    Netapp
    wszystkie wersje
  • Netapp Cloud Insights

    APP
    Netapp
    wszystkie wersje
  • Netapp Cloud Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Cloud Secure Agent

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Insight

    APP
    Netapp
    wszystkie wersje
  • Netapp Ontap Tools

    APP
    Netapp
    wszystkie wersje
  • Netapp Snapcenter

    APP
    Netapp
    wszystkie wersje
  • Netapp Solidfire Enterprise Sds

    APP
    Netapp
    wszystkie wersje
  • Netapp Solidfire \& Hci Storage Node

    APP
    Netapp
    wszystkie wersje
  • Siemens 6bk1602 0aa12 0tp0

    HW
    Siemens
    wszystkie wersje
  • Siemens 6bk1602 0aa12 0tp0 Firmware

    OS
    Siemens
    < 2.7.0
  • Siemens 6bk1602 0aa22 0tp0

    HW
    Siemens
    wszystkie wersje
  • Siemens 6bk1602 0aa22 0tp0 Firmware

    OS
    Siemens
    < 2.7.0
  • Siemens 6bk1602 0aa32 0tp0

    HW
    Siemens
    wszystkie wersje

CISA KEV — detailsi

Vendori
Apache
Producti
Log4j2
Added to KEVi
December 10, 2021
Remediation deadline (US Federal)i
December 24, 2021(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.

CISA descriptioni

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 24 grudnia 2021
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki