CVE-2021-44228 PoC — Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Source

Associated Vulnerability

Description

List of company advisories log4j

Readme

# CVE-2021-44228-Advisories
Please open Issues to include an advisory / No PRs.

# Please check out this list, got more traction than mine :)
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

This list includes all advisories of companies, even if they're just confirming that they're not using log4j at all.

|Company/Product|Link to advisory|Do you have to do something|
|---|---|---|
|Amazon Web Service|https://aws.amazon.com/de/security/security-bulletins/AWS-2021-005/|Yes|
|Atlassian|https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html|Maybe, depending on your configuration|
|Checkpoint|https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS|No|
|Cisco|https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd|Check later, they're currently investigating|
|Citrix|https://support.citrix.com/article/CTX335705|Check later, they're currently investigating|
|Elastic|https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476|Yes|
|F5|https://support.f5.com/csp/article/K19026212|No|
|Jenkins|https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/|Maybe, depending on your configuration|
|JFrog|https://twitter.com/jfrog/status/1469385793823199240|No|
|Minecraft|https://help.minecraft.net/hc/en-us/articles/4416199399693-Security-Vulnerability-in-Minecraft-Java-Edition|Yes|
|OpenMRS|https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341|Yes|
|N-Able|https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability|Maybe|
|NetApp|https://security.netapp.com/advisory/ntap-20211210-0007/|Yes, but nothing available yet|
|NSA Ghidra|https://github.com/NationalSecurityAgency/ghidra#warning|Yes|
|Paloalto Networks|https://security.paloaltonetworks.com/CVE-2021-44228|No|
|PulseSecure|https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/|No|
|Red Hat|https://access.redhat.com/security/vulnerabilities/RHSB-2021-009?sc_cid=701f2000000tyBjAAI|Yes|
|SalesForce|https://help.salesforce.com/s/articleView?id=000363736&type=1|Check later, they're currently investigating|
|SonarQube|https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721|Check later, they're currently investigating|
|Sonatype|https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild|Check later, they're currently investigating|
|Sophos|https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce|No|
|VMware|https://www.vmware.com/security/advisories/VMSA-2021-0028.html|Yes|

File Snapshot

 [4.0K]  /data/pocs/ae23ee98b8520dfab0074a726dd2fb6e6ae840ca
└── [2.6K]  README.md

0 directories, 1 file

Remarks