View all vulnerabilities

CVE-2021-44228

Remote code injection in Log4j

Description

# Summary


Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser.
As per [Apache's Log4j security guide](https://logging.apache.org/log4j/2.x/security.html): Apache Log4j2

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
10
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Versions
org.apache.logging.log4j:log4j-core >= 2.13.0 < 2.15.0; org.apache.logging.log4j:log4j-core >= 2.0-beta9 < 2.3.1; org.apache.logging.log4j:log4j-core >= 2.4 < 2.12.2; org.ops4j.pax.logging:pax-logging-log4j2 >= 1.8.0 < 1.9.2; org.ops4j.pax.logging:pax-logging-log4j2 >= 1.10.0 < 1.10.8; org.ops4j.pax.logging:pax-logging-log4j2 >= 1.11.0 < 1.11.10; org.ops4j.pax.logging:pax-logging-log4j2 >= 2.0.0 < 2.0.11
Severity
Critical
Critical
Critical
Ecosystem
Java
Publish Date
December 9, 2021
Modified Date
May 9, 2025