CISA Log4j (CVE-2021-44228) Vulnerability Guidance
This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
Official CISA Guidance & Resources:
CISA Director Jen Easterly's Statement: Statement from CISA Director Easterly on “Log4j” Vulnerability.
CISA Current Activity Alert: Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
National Vulnerability Database (NVD) Information: CVE-2021-44228
CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability.
Status Descriptions
Status |
Description |
Unknown |
Status unknown. Default choice. |
Affected |
Reported to be affected by CVE-2021-44228. |
Not Affected |
Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
Fixed |
Patch and/or mitigations available (see provided links). |
Under Investigation |
Vendor investigating status. |
Software List
Vendor |
Product |
Version |
Status |
Update Available |
Notes |
References |
Last Updated |
Sample-Vendor |
Product-A |
1.15.0 |
Affected |
Yes/No Link |
<Statement by vendor, vuln note, etc.> |
Link Here |
12/11/2021 |