CVE•Published 2021-12-28•Modified 2026-05-29•1 article on news•6 live references•NVD data
CVE-2021-44832Apache · Log4j
Vulnerability data via NVD (ingested)
CVSS v3.1
6.6
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
98
Exploit Prediction Scoring System · top 2% of all CVEs
Weaknesses (CWE)
Description
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
Timeline
Published 2021-12-28
Modified 2026-05-29
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag1 hosts
vuln:CVE-2021-44832Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Apache Log4j"All exposed Apache Log4j instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Log4j"HTTP body or banner mentions "Log4j" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2021-44832Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2021-44832Censys host search filtered to this CVE id.
grep.app
CVE-2021-44832Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2021-44832GitHub code search for direct mentions.
Google dork
"CVE-2021-44832" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (4)
CVE-2021-448324 repos
palantir/log4j-snifferGo
A tool that scans archives to check for vulnerable log4j versions
aws/aws-msk-iam-authJava
Enables developers to use AWS Identity and Access Management (IAM) to connect to their Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters.
Qualys/log4jscanwinC
Log4j Vulnerability Scanner for Windows
clouditor/clouditorGo
The Clouditor is a tool to support continuous cloud assurance. Developed by Fraunhofer AISEC.