NVD - CVE-2021-44832

8 min read Original article ↗

CVE-2021-44832 Detail

Description

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:


NIST CVSS score

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:


NIST CVSS score

NIST: NVD

Base Score:  6.6 MEDIUM

Vector:  CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H


ADP:  CISA-ADP

Base Score:  6.6 MEDIUM

Vector:  CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score:  8.5 HIGH

Vector:  (AV:N/AC:M/Au:S/C:C/I:C/A:C)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://www.openwall.com/lists/oss-security/2021/12/28/1 Apache Software Foundation, CVE Mailing List  Third Party Advisory 
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf Apache Software Foundation, CVE Third Party Advisory 
https://issues.apache.org/jira/browse/LOG4J2-3293 Apache Software Foundation, CVE Issue Tracking  Patch  Vendor Advisory 
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 Apache Software Foundation, CVE Mailing List  Vendor Advisory 
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html Apache Software Foundation, CVE Mailing List  Third Party Advisory 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ Apache Software Foundation, CVE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ Apache Software Foundation, CVE
https://security.netapp.com/advisory/ntap-20220104-0001/ Apache Software Foundation, CVE Third Party Advisory 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd Apache Software Foundation, CVE Third Party Advisory 
https://www.oracle.com/security-alerts/cpuapr2022.html Apache Software Foundation, CVE Patch  Third Party Advisory 
https://www.oracle.com/security-alerts/cpujan2022.html Apache Software Foundation, CVE Patch  Third Party Advisory 
https://www.oracle.com/security-alerts/cpujul2022.html Apache Software Foundation, CVE Patch  Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-20 Improper Input Validation cwe source acceptance level NIST   Apache Software Foundation  
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Apache Software Foundation  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

19 change records found show changes

CVE Modified by CISA-ADP 6/17/2026 12:12:52 AM

Action Type Old Value New Value
Added SSVC
{"timestamp":"2026-05-29T18:53:35.535632Z","id":"CVE-2021-44832","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

CVE Modified by Apache Software Foundation 6/17/2026 12:12:52 AM

Action Type Old Value New Value
Added Affected
[{"vendor":"Apache Software Foundation","product":"Apache Log4j2","versions":[{"version":"log4j-core","lessThan":"2.17.1","versionType":"custom","status":"affected","changes":[{"at":"2.13.0","status":"affected"},{"at":"2.12.4","status":"unaffected"},{"at":"2.4","status":"affected"},{"at":"2.3.2","status":"unaffected"},{"at":"2.0-beta7","status":"affected"}]}]}]

CVE Modified by CISA-ADP 5/29/2026 4:16:21 PM

Action Type Old Value New Value
Added CVSS V3.1
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE Modified by CVE 11/21/2024 1:31:34 AM

Action Type Old Value New Value
Added Reference
http://www.openwall.com/lists/oss-security/2021/12/28/1
Added Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf
Added Reference
https://issues.apache.org/jira/browse/LOG4J2-3293
Added Reference
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143
Added Reference
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html
Added Reference
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
Added Reference
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/
Added Reference
https://security.netapp.com/advisory/ntap-20220104-0001/
Added Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Added Reference
https://www.oracle.com/security-alerts/cpuapr2022.html
Added Reference
https://www.oracle.com/security-alerts/cpujan2022.html
Added Reference
https://www.oracle.com/security-alerts/cpujul2022.html

CVE Modified by Apache Software Foundation 5/14/2024 5:39:25 AM

Action Type Old Value New Value

CVE Modified by Apache Software Foundation 11/06/2023 10:39:43 PM

Action Type Old Value New Value
Added Reference
Apache Software Foundation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ [No types assigned]
Added Reference
Apache Software Foundation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ [No types assigned]
Removed Reference
Apache Software Foundation https://lists.fedoraproject.org/archives/list/[email protected]/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
Removed Reference
Apache Software Foundation https://lists.fedoraproject.org/archives/list/[email protected]/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/

Modified Analysis by NIST 8/08/2022 9:24:01 PM

Action Type Old Value New Value
Removed CWE
NIST CWE-74
Changed CPE Configuration
OR
     *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.3.0.0 up to (including) 8.5.1.0
     *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0 up to (including) 17.12.11
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0 up to (including) 18.8.13
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0 up to (including) 19.12.12
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 20.12.0 up to (including) 20.12.7
     *cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 19.12.0.0 up to (including) 19.12.18.0
     *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 20.12.0.0 up to (including) 20.12.12.0
     *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.12
     *cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Record truncated, showing 2048 of 3364 characters.
View Entire Change Record
OR
     *cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0.4.6
     *cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.3.0.0 up to (including) 8.5.1.0
     *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0.4.4
     *cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0 up to (including) 12.2.24
     *cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0 up to (including) 12.2.24
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0 up to (including) 17.12.11
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0 up to (including) 18.8.13
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0 up to (including) 19.12.12
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 20.12.0 up to (including) 20.12.7
     *cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 19.12.0.0 up to (including) 19.12.18.0
     *cpe:2.3:a:oracle:primavera_p6_e
Changed Reference Type
https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory
Changed Reference Type
https://www.oracle.com/security-alerts/cpujul2022.html No Types Assigned
https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory

CVE Modified by Apache Software Foundation 7/25/2022 2:18:22 PM

Action Type Old Value New Value
Added Reference
https://www.oracle.com/security-alerts/cpujul2022.html [No Types Assigned]

Modified Analysis by NIST 7/01/2022 2:34:37 PM

Action Type Old Value New Value
Added CVSS V2
NIST (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Removed CVSS V2
NIST (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Added CPE Configuration
OR
     *cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*
Added CPE Configuration
OR
     *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.0.0.0 up to (including) 8.5.1.0
     *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0 up to (including) 17.12.11
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0 up to (including) 18.8.13
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0 up to (including) 19.12.12
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 20.12.0 up to (including) 20.12.7
     *cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 19.12.0 up to (including) 19.12.18.0
     *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 20.12.0.0 up to (including) 20.12.12.0
     *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Added CPE Configuration
OR
     *cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* versions from (including) 8.3.0.0 up to (including) 8.5.1.0
     *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0 up to (including) 17.12.11
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0 up to (including) 18.8.13
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0 up to (including) 19.12.12
     *cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 20.12.0 up to (including) 20.12.7
     *cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 19.12.0.0 up to (including) 19.12.18.0
     *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* versions from (including) 20.12.0.0 up to (including) 20.12.12.0
     *cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to (including) 21.12
     *cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Added CPE Configuration
OR
     *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Added CPE Configuration
OR
     *cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
     *cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Changed Reference Type
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html No Types Assigned
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html Mailing List, Third Party Advisory
Changed Reference Type
https://lists.fedoraproject.org/archives/list/[email protected]/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ No Types Assigned
https://lists.fedoraproject.org/archives/list/[email protected]/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ Mailing List, Third Party Advisory
Changed Reference Type
https://lists.fedoraproject.org/archives/list/[email protected]/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ No Types Assigned
https://lists.fedoraproject.org/archives/list/[email protected]/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ Mailing List, Third Party Advisory
Changed Reference Type
https://security.netapp.com/advisory/ntap-20220104-0001/ No Types Assigned
https://security.netapp.com/advisory/ntap-20220104-0001/ Third Party Advisory
Changed Reference Type
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd No Types Assigned
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd Third Party Advisory
Changed Reference Type
https://www.oracle.com/security-alerts/cpuapr2022.html No Types Assigned
https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory
Changed Reference Type
https://www.oracle.com/security-alerts/cpujan2022.html No Types Assigned
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory

CVE Modified by Apache Software Foundation 4/19/2022 8:16:32 PM

Action Type Old Value New Value
Added Reference
https://www.oracle.com/security-alerts/cpuapr2022.html [No Types Assigned]

CVE Modified by Apache Software Foundation 2/07/2022 11:16:34 AM

Action Type Old Value New Value
Added Reference
https://www.oracle.com/security-alerts/cpujan2022.html [No Types Assigned]

CVE Modified by Apache Software Foundation 1/10/2022 9:10:26 AM

Action Type Old Value New Value
Added Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd [No Types Assigned]

CVE Modified by Apache Software Foundation 1/05/2022 10:15:06 PM

Action Type Old Value New Value
Added Reference
https://lists.fedoraproject.org/archives/list/[email protected]/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/ [No Types Assigned]
Added Reference
https://lists.fedoraproject.org/archives/list/[email protected]/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/ [No Types Assigned]

CVE Modified by Apache Software Foundation 1/05/2022 11:15:08 AM

Action Type Old Value New Value
Added Reference
https://security.netapp.com/advisory/ntap-20220104-0001/ [No Types Assigned]

CVE Modified by Apache Software Foundation 12/30/2021 11:15:07 AM

Action Type Old Value New Value
Changed Description
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

CVE Modified by Apache Software Foundation 12/29/2021 8:15:07 PM

Action Type Old Value New Value
Added Reference
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html [No Types Assigned]

Initial Analysis by NIST 12/29/2021 10:49:56 AM

Action Type Old Value New Value
Added CVSS V3.1
NIST AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Added CVSS V2
NIST (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Added CWE
NIST CWE-20
Added CWE
NIST CWE-74
Added CPE Configuration
OR
     *cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*
     *cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*
     *cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*
     *cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
     *cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
     *cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
     *cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* versions from (including) 2.0.1 up to (excluding) 2.3.2
     *cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* versions from (including) 2.4 up to (excluding) 2.12.4
     *cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* versions from (including) 2.13.0 up to (excluding) 2.17.1
Changed Reference Type
http://www.openwall.com/lists/oss-security/2021/12/28/1 No Types Assigned
http://www.openwall.com/lists/oss-security/2021/12/28/1 Mailing List, Third Party Advisory
Changed Reference Type
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf No Types Assigned
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf Third Party Advisory
Changed Reference Type
https://issues.apache.org/jira/browse/LOG4J2-3293 No Types Assigned
https://issues.apache.org/jira/browse/LOG4J2-3293 Issue Tracking, Patch, Vendor Advisory
Changed Reference Type
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 No Types Assigned
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 Mailing List, Vendor Advisory

CVE Modified by Apache Software Foundation 12/28/2021 7:15:08 PM

Action Type Old Value New Value
Added Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf [No Types Assigned]

CVE Modified by Apache Software Foundation 12/28/2021 5:15:07 PM

Action Type Old Value New Value
Added Reference
http://www.openwall.com/lists/oss-security/2021/12/28/1 [No Types Assigned]

Quick Info

CVE Dictionary Entry:
CVE-2021-44832
NVD Published Date:
12/28/2021
NVD Last Modified:
06/17/2026
Source:
Apache Software Foundation