CVE-2021-44228: Apache Log4j2 Remote Code Execution Vulnerability. Apache

Apache Log4j2 Remote Code Execution Vulnerability. Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

• CISA KEV-listed (remediation due 2021-12-24)
• used in ransomware campaigns
• EPSS 94.4% (100.0% percentile)

Detection rules

• Potential CVE-2021-44228 Exploitation Attempt - VMware Horizon high
• Log4j RCE CVE-2021-44228 Generic high
• Log4j RCE CVE-2021-44228 in Fields high

Related briefings

• Microsoft Reveals Andariel's New Dora RAT and Decade-Long Malware Arsenal Targeting Aerospace and Defence 2026-02-16
• U.S. and Allied Agencies Warn of North Korean Andariel Espionage Campaign Targeting Defense and Nuclear Sectors 2026-02-16
• Microsoft Exposes Onyx Sleet's Expanding Malware Arsenal Targeting Aerospace and Defense Organizations 2026-02-16
• Deep Panda Exploits Log4Shell in VMware Horizon to Deploy Milestone Backdoor and Novel Kernel Rootkit 2026-02-16

Browse the CVE database

Read the full analysis on IntelFusions