NVD - CVE-2021-44832 (original) (raw)

CVE-2021-44832 Detail

Description

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST CVSS score

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST CVSS score

NIST: NVD

Base Score: 6.6 MEDIUM

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

ADP: CISA-ADP

Base Score: 6.6 MEDIUM

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 8.5 HIGH

Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://www.openwall.com/lists/oss-security/2021/12/28/1 Apache Software Foundation, CVE Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf Apache Software Foundation, CVE Third Party Advisory
https://issues.apache.org/jira/browse/LOG4J2-3293 Apache Software Foundation, CVE Issue Tracking Patch Vendor Advisory
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 Apache Software Foundation, CVE Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html Apache Software Foundation, CVE Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ Apache Software Foundation, CVE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ Apache Software Foundation, CVE
https://security.netapp.com/advisory/ntap-20220104-0001/ Apache Software Foundation, CVE Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd Apache Software Foundation, CVE Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Apache Software Foundation, CVE Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Apache Software Foundation, CVE Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Apache Software Foundation, CVE Patch Third Party Advisory

Weakness Enumeration

CWE-ID CWE Name Source
CWE-20 Improper Input Validation cwe source acceptance level NIST Apache Software Foundation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Apache Software Foundation

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

19 change records found show changes

CVE Modified by CISA-ADP 6/17/2026 12:12:52 AM

Action Type Old Value New Value
Added SSVC {"timestamp":"2026-05-29T18:53:35.535632Z","id":"CVE-2021-44832","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

CVE Modified by Apache Software Foundation 6/17/2026 12:12:52 AM

Action Type Old Value New Value
Added Affected [{"vendor":"Apache Software Foundation","product":"Apache Log4j2","versions":[{"version":"log4j-core","lessThan":"2.17.1","versionType":"custom","status":"affected","changes":[{"at":"2.13.0","status":"affected"},{"at":"2.12.4","status":"unaffected"},{"at":"2.4","status":"affected"},{"at":"2.3.2","status":"unaffected"},{"at":"2.0-beta7","status":"affected"}]}]}]

CVE Modified by CISA-ADP 5/29/2026 4:16:21 PM

Action Type Old Value New Value
Added CVSS V3.1 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE Modified by CVE 11/21/2024 1:31:34 AM

Action Type Old Value New Value
Added Reference http://www.openwall.com/lists/oss-security/2021/12/28/1
Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf
Added Reference https://issues.apache.org/jira/browse/LOG4J2-3293
Added Reference https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143
Added Reference https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html
Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/
Added Reference https://security.netapp.com/advisory/ntap-20220104-0001/
Added Reference https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Added Reference https://www.oracle.com/security-alerts/cpuapr2022.html
Added Reference https://www.oracle.com/security-alerts/cpujan2022.html
Added Reference https://www.oracle.com/security-alerts/cpujul2022.html

CVE Modified by Apache Software Foundation 5/14/2024 5:39:25 AM

Action Type Old Value New Value

CVE Modified by Apache Software Foundation 11/06/2023 10:39:43 PM

Action Type Old Value New Value
Added Reference Apache Software Foundation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ [No types assigned]
Added Reference Apache Software Foundation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ [No types assigned]
Removed Reference Apache Software Foundation https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
Removed Reference Apache Software Foundation https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/

Modified Analysis by NIST 8/08/2022 9:24:01 PM

Action Type Old Value New Value
Removed CWE NIST CWE-74
Changed CPE Configuration OR *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.3.0.0 up to (including) 8.5.1.0 *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0 up to (including) 17.12.11 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0 up to (including) 18.8.13 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0 up to (including) 19.12.12 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 20.12.0 up to (including) 20.12.7 *cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 19.12.0.0 up to (including) 19.12.18.0 *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 20.12.0.0 up to (including) 20.12.12.0 *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.12 *cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* Record truncated, showing 2048 of 3364 characters. View Entire Change Record OR *cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0.4.6 *cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.3.0.0 up to (including) 8.5.1.0 *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0.4.4 *cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:* *cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0 up to (including) 12.2.24 *cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0 up to (including) 12.2.24 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0 up to (including) 17.12.11 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0 up to (including) 18.8.13 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0 up to (including) 19.12.12 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 20.12.0 up to (including) 20.12.7 *cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 19.12.0.0 up to (including) 19.12.18.0 *cpe:2.3:a:oracle:primavera_p6_e
Changed Reference Type https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory
Changed Reference Type https://www.oracle.com/security-alerts/cpujul2022.html No Types Assigned https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory

CVE Modified by Apache Software Foundation 7/25/2022 2🔞22 PM

Action Type Old Value New Value
Added Reference https://www.oracle.com/security-alerts/cpujul2022.html [No Types Assigned]

Modified Analysis by NIST 7/01/2022 2:34:37 PM

Action Type Old Value New Value
Added CVSS V2 NIST (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Removed CVSS V2 NIST (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Added CPE Configuration OR *cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*
Added CPE Configuration OR *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.0.0.0 up to (including) 8.5.1.0 *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0 up to (including) 17.12.11 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0 up to (including) 18.8.13 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0 up to (including) 19.12.12 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 20.12.0 up to (including) 20.12.7 *cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 19.12.0 up to (including) 19.12.18.0 *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 20.12.0.0 up to (including) 20.12.12.0 *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Added CPE Configuration OR *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.3.0.0 up to (including) 8.5.1.0 *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0 up to (including) 17.12.11 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0 up to (including) 18.8.13 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0 up to (including) 19.12.12 *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 20.12.0 up to (including) 20.12.7 *cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 19.12.0.0 up to (including) 19.12.18.0 *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 20.12.0.0 up to (including) 20.12.12.0 *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.12 *cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Added CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Changed Reference Type https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html No Types Assigned https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html Mailing List, Third Party Advisory
Changed Reference Type https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ No Types Assigned https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ Mailing List, Third Party Advisory
Changed Reference Type https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ No Types Assigned https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ Mailing List, Third Party Advisory
Changed Reference Type https://security.netapp.com/advisory/ntap-20220104-0001/ No Types Assigned https://security.netapp.com/advisory/ntap-20220104-0001/ Third Party Advisory
Changed Reference Type https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd No Types Assigned https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd Third Party Advisory
Changed Reference Type https://www.oracle.com/security-alerts/cpuapr2022.html No Types Assigned https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory
Changed Reference Type https://www.oracle.com/security-alerts/cpujan2022.html No Types Assigned https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory

CVE Modified by Apache Software Foundation 4/19/2022 8:16:32 PM

Action Type Old Value New Value
Added Reference https://www.oracle.com/security-alerts/cpuapr2022.html [No Types Assigned]

CVE Modified by Apache Software Foundation 2/07/2022 11:16:34 AM

Action Type Old Value New Value
Added Reference https://www.oracle.com/security-alerts/cpujan2022.html [No Types Assigned]

CVE Modified by Apache Software Foundation 1/10/2022 9:10:26 AM

Action Type Old Value New Value
Added Reference https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd [No Types Assigned]

CVE Modified by Apache Software Foundation 1/05/2022 10:15:06 PM

Action Type Old Value New Value
Added Reference https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ [No Types Assigned]
Added Reference https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ [No Types Assigned]

CVE Modified by Apache Software Foundation 1/05/2022 11:15:08 AM

Action Type Old Value New Value
Added Reference https://security.netapp.com/advisory/ntap-20220104-0001/ [No Types Assigned]

CVE Modified by Apache Software Foundation 12/30/2021 11:15:07 AM

Action Type Old Value New Value
Changed Description Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

CVE Modified by Apache Software Foundation 12/29/2021 8:15:07 PM

Action Type Old Value New Value
Added Reference https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html [No Types Assigned]

Initial Analysis by NIST 12/29/2021 10:49:56 AM

Action Type Old Value New Value
Added CVSS V3.1 NIST AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Added CVSS V2 NIST (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Added CWE NIST CWE-20
Added CWE NIST CWE-74
Added CPE Configuration OR *cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:* *cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:* *cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:* *cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:* *cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:* *cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:* *cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* versions from (including) 2.0.1 up to (excluding) 2.3.2 *cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* versions from (including) 2.4 up to (excluding) 2.12.4 *cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* versions from (including) 2.13.0 up to (excluding) 2.17.1
Changed Reference Type http://www.openwall.com/lists/oss-security/2021/12/28/1 No Types Assigned http://www.openwall.com/lists/oss-security/2021/12/28/1 Mailing List, Third Party Advisory
Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf Third Party Advisory
Changed Reference Type https://issues.apache.org/jira/browse/LOG4J2-3293 No Types Assigned https://issues.apache.org/jira/browse/LOG4J2-3293 Issue Tracking, Patch, Vendor Advisory
Changed Reference Type https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 No Types Assigned https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 Mailing List, Vendor Advisory

CVE Modified by Apache Software Foundation 12/28/2021 7:15:08 PM

Action Type Old Value New Value
Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf [No Types Assigned]

CVE Modified by Apache Software Foundation 12/28/2021 5:15:07 PM

Action Type Old Value New Value
Added Reference http://www.openwall.com/lists/oss-security/2021/12/28/1 [No Types Assigned]

Quick Info

CVE Dictionary Entry:
CVE-2021-44832
NVD Published Date:
12/28/2021
NVD Last Modified:
06/17/2026
Source:
Apache Software Foundation