CVE-2021-44832

MEDIUM EXPLOITED IN THE WILD RANSOMWARE

Apache Log4j < 2.3.2 - Injection

Title source: rule

Description

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

Exploits (2)

nomisec WORKING POC 4 stars
by cckuailong · poc
https://github.com/cckuailong/log4j_RCE_CVE-2021-44832
nomisec SCANNER 1 stars
by name · poc
https://github.com/name/log4j-scanner

References (12)

Scores

CVSS v3 6.6
EPSS 0.5365
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-02-14
InTheWild.io 2022-05-25
Ransomware Use Confirmed
CWE
CWE-74 CWE-20
Status published
Products (44)
apache/log4j 2.0 (6 CPE variants)
apache/log4j 2.0.1 - 2.3.2
cisco/cloudcenter 4.10.0.16
debian/debian_linux 9.0
fedoraproject/fedora 34
fedoraproject/fedora 35
oracle/communications_brm_-_elastic_charging_engine 12.0.0.5.0
oracle/communications_brm_-_elastic_charging_engine < 12.0.0.4.6
oracle/communications_diameter_signaling_router 8.0.0.0 - 8.5.1.0
oracle/communications_interactive_session_recorder 6.3
... and 34 more
Published Dec 28, 2021
Tracked Since Feb 18, 2026