top of page

Security advisory: Apache LOG4J remote code execution zero day vulnerability (CVE-2021-44228)


A remote-code execution vulnerability has been found in the prolific Java logging library

Log4j. This can allow an attacker to execute arbitrary code on software using this library,

which can then likely lead to the full attacker compromise of the underlying server. This

library is used in a significant number of applications, and can affect internally developed

and 3rd party applications. We are strongly advising everyone to review all internally

developed and 3rd party applications for their potential exposure to this Log4j vulnerability.

We will continue to update this page with updates as new information becomes available.

Security Advisory Details

CVE 2021-44228 is a critical remote code execution vulnerability that exploits the Apache Log4j2 library which can be found in a significant number of applications and platforms. In versions prior to 2.14.1 features used in configuration, log messages, and parameters do not protect against an attacker exploiting the Log4j mechanism to execute remote code on the vulnerable system. An attacker who can generate a log messages can execute arbitrary code which can in the worst case provide full system access when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases greater that 2.10 this behavior can be mitigated by disabling lookups in log event messages.

Keep yourself protected

  • Update to version 2.15 (or higher if available) immediately. Apply the update to resolve the vulnerability as soon as it is released by the affected Vendors.

  • In versions greater than 2.10 set the JVM Option - log4j2.formatMsgNoLookups=true

  • Utilise security monitoring to detect incoming JNDI attacks using crafted messages or HTTP requests and responses.

Affected products

A significant number of products from multiple vendors are affected, and investigations are still on-going as to which products and services are affected. We have provided a summary of some of the more notably affected software applications below.



Affected Version(s)

Mitigation / Remediation

Further Information



All log4j-core versions between 2.0-beta9 and 2.14.1

Update to verions 2.15.0

In releases >=2.10, setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true.

For releases >=2.7 and <=2.14.1, see link for more information.


Jira Server & Data Center

Confluence Server & Data Center


Only vulnerable when using non-default config, cloud version still under investigation

Disabling any configured appenders utilising org.apache.log4j.JMSAppender by commenting out the relevant lines in your Log4j configuration file and restarting the application


Datadog Agent

6 to 6.32.2

7 to 7.32.2

JMX monitoring component leverages an impacted version of log4j

Update to 7.32.2 - impacted library is still included however they have taken the recommended precautions to disable vulnerable logic


Endpoint ProxyPolicy ManagerPolicy Manager Proxy


Download the patch from the F-Secure server



< 3.3.15

< 4.0.14

< 4.1.9

< 4.2.3

Graylog development team incorporated this fix into all supported versions of the platform (v3.3.15, v4.0.14, v4.1.9, and v4.2.3). 

For any version under 3.3.15, upgrade or

apply a change to the Graylog startup configuration.


Continuous Delivery for Puppet Enterprise


< 4.10.2

Update available for version 4.x

Mitigations for 3.x which is EOL


Symantec Endpoint Protection Manager


  1. Set the system environment variable "LOG4J_FORMAT_MSG_NO_LOOKUPS" to "true".

  2. Restart the SEPM system services.


​UniFI Network Application

< 6.5.54

Upgrade to UniFi Network Application 6.5.54


Carbon Black Cloud Workload Appliance


Patch Pending



8.x, 7.x

Patch pending

Workaround: edit registry with -Dlog4j2.formatMsgNoLookups=true


Site Recovery Manager


Patch Pending

Workaround available, see link.


vCenter Server (Windows & Virtual Appliance)



Patches Pending Workarounds available, see links.

A more comprehensive list of affected vendors and software applications is being maintained at:

See our original advisory notification below.

2021-13-12 - Crossword Labs Security Advisory - Java Log4j Logging Library v3
Download PDF • 1.83MB


bottom of page