Last Update: January 04, 2022
Multiple vulnerabilities have been found in Apache Log4j.
CVE-2021-44832: Remote Code Execution Vulnerability
Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.
CVE-2021-45105: Denial of Service Vulnerability
Apache Log4j2 does not always protect from infinite recursion in lookup evaluation.
CVE-2021-45046: Code Execution Vulnerability
Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations.
CVE-2021-44228: Remote Code Execution Vulnerability
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints.
hitachi-sec-2021-225 : Security information Log4j for UPS products [Japanese]
hitachi-sec-2021-226 : Security information Log4j for Hitachi Enterprise Server EP8000 Series [Japanese]
hitachi-sec-2021-315 : Security information for Hitachi Disk Array Systems
hitachi-sec-2021-145 : Vulnerability in JP1/VERITAS
hitachi-sec-2021-146 : Vulnerability in Hitachi Device Manager, Hitachi Infrastructure Analytics Advisor, Hitachi Automation Director, Hitachi Ops Center Analyzer, Hitachi Ops Center Automator and Hitachi Ops Center Administrator
hitachi-sec-2021-147 : Vulnerability in Hitachi Storage Plug-in for VMware vCenter
Masato Terada (HIRT) and Naoko Ohnishi (HIRT)