Log4J
by Apache
Take action — actively targeted
Log4J is actively targeted by attackers. A significant proportion of its known vulnerabilities are being exploited.
What to do
- Apply all available updates immediately
- Review your exposure — is this internet-facing?
- Monitor vendor advisories for this product
What Attackers Target
Vulnerabilities with high exploit probability
50.0%
Confirmed actively exploited (CISA)
14.3%
Public exploit code available
0.0%
Based on 14 known vulnerabilities. Percentages show the proportion that are actively dangerous — a low percentage means most vulnerabilities in this product are not being exploited.
Most Dangerous Vulnerabilities
| CVE | CVSS | Exploit Probability | Confirmed |
|---|---|---|---|
| CVE-2021-44228 | 10.0 | 94.4% | Yes |
| CVE-2021-45046 | 9.0 | 94.3% | Yes |
| CVE-2017-5645 | 9.8 | 94.0% | — |
| CVE-2021-45105 | 5.9 | 70.4% | — |
| CVE-2021-4104 | 7.5 | 69.3% | — |
| CVE-2021-44832 | 6.6 | 50.6% | — |
| CVE-2019-17571 | 9.8 | 37.0% | — |
| CVE-2022-23305 | 9.8 | 8.0% | — |
| CVE-2022-23307 | 8.8 | 2.2% | — |
| CVE-2022-23302 | 8.8 | 0.6% | — |
| CVE-2020-9493 | 9.8 | 0.3% | — |
| CVE-2023-26464 | 7.5 | 0.1% | — |
| CVE-2025-68161 | 4.8 | 0.0% | — |
| CVE-2020-9488 | 3.7 | 0.0% | — |
56
/ 100
high-risk
Active Threat
50/50 · Critical
Exploit Availability
6/50 · Minimal
Score uses Wilson score intervals to account for sample size. Products with few CVEs are scored conservatively.