logo
Vulnerability feed
Contributors
About
Blog
CONTRIBUTE

Vulnerability

warn

CVE-2021-44832

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2021-44832

Description:
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
Last updated date:
08/09/2022

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
05/25/2022
Reference url to background

https://cybersecurityworks.com/howdymanage/uploads/file/Ransomware%20Report%202023_compressed.pdf

Type:
exploit
Confidence:
HIGH
Date of publishing:
12/29/2021
Reference url to background

https://github.com/cckuailong/log4j_RCE_CVE-2021-44832

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2025

Privacy Policy