Apache Log4j Security Vulnerabilities


Issue: Active Exploitation of Apache Log4j2 Arbitrary Code Execution (CVE-2021-44228)
CVSS Score: 10.0 / Critical
Date Published: 12/9/2021
Systems Affected: Apache Log4j2 < 2.15.0

A vulnerability in the Apache Log4j2 could allow an unauthenticated attacker to execute arbitrary code on an affected system through simple HTTP connections. If exploited, an attacker could take over an affected system. Due to the severity of the vulnerability, the widespread usage of Apache Log4j2 in applications, and the recent scanning and exploitation of the vulnerability, it is recommended that affected systems are updated or apply mitigations immediately.

NOTE: The information on this page may change at any time. Please check the vendor's websites for the most current updates.

Software Affected? More Information:
Acrobat Pro NO https://helpx.adobe.com/security/products/log4j-2-advisory.html
Dropbox NO https://www.dropboxforum.com/t5/Dropbox-accounts-billing/Log4j-Breach/td-p/563998">?
EndNote ? no documentation found
ESRI (ArcGIS) NO https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/
InCommon SSL NO https://sectigo.com/resource-library/sectigo-update-on-log4j-java-logging-exploit
JMP Pro NO https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html
Mathematica NO https://support.wolfram.com/56848
Microsoft NO* https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
* This affects Windows servers that utilize Apache Log4j, which is a Java-based logging component.
Minitab NO https://support.minitab.com/en-us/installation/frequently-asked-questions/other/apache-log4j-vulnerability/
NVivo NO https://support.qsrinternational.com/s/article/Vulnerability-CVE-2021-44228-Log4Shell-or-LogJam
SAS NO https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html
SPSS YES https://www.ibm.com/support/pages/node/6525830
VMware See List https://www.vmware.com/security/advisories/VMSA-2021-0028.html
Zoom No https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache


Resources:


For any questions regarding this please email us at sladmin@hawaii.edu.