COOEY // HUBcompliance · community · intelligence

FAIL › dossier

Log4j2 product

2
failure events
1
zero-days
2
RCEs
2
on KEV
2
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 2 events

DateEventSevFlagsShameSummary
2023-05-01 CVE-2021-45046 critical ⚡RCE ⌖KEV 95 Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
2021-12-10 CVE-2021-44228 critical ⚡RCE ◐0day ⌖KEV 95 Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.