VDB
RHSA-2021%3A5140
RHSA-2021%3A5140
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
Timeline
- Dec 15, 2021 CVE Published
- Apr 28, 2026 CVE Updated
- Apr 28, 2026 Distribution Patch
- Apr 28, 2026 Distribution Patch
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2021:5140 advisory
- https://access.redhat.com/security/updates/classification/#low advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4 advisory
- https://access.redhat.com/solutions/6577421 advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 advisory
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ advisory
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2030932 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5140.json advisory
- https://access.redhat.com/security/cve/CVE-2021-44228 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-44228 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228 advisory
- https://github.com/advisories/GHSA-jfh8-c2jp-5v3q advisory
- https://logging.apache.org/log4j/2.x/security.html advisory
- https://www.lunasec.io/docs/blog/log4j-zero-day/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit