Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Blog
  • Security Advisory – Apache Log4j2 CVE 2021-44228 (Log4Shell) current page
Link copied

Security Advisory – Apache Log4j2 CVE 2021-44228 (Log4Shell)

Dec 17, 2021
Blog banner default
Security Advisory – Apache Log4j2 CVE 2021-44228 (Log4Shell)

CVE-2021-44228 or "Log4Shell" is a remote code execution zero-day vulnerability in the Apache Log4j2 library, originally disclosed on the project's GitHub on December 9, 2021 and published to the NIST National Vulnerability Database on December 10, 2021.

BeyondTrust has evaluated all our solutions and determined that two products listed below contained the vulnerable component. There is no known exploitable path to the component.

  • Privilege Management (PM) Cloud
  • Privilege Management Reporting (PMR): 21.2 (for BeyondInsight 21.3)

To further reduce risk, BeyondTrust has removed the affected library. This action removes the risk from future Log4J vulnerabilities discovered against the open-source library and ensures our solutions are secure against similar types of attacks.

Privilege Management Cloud Solutions have been automatically patched in our SaaS solution as of December 16, 2021.

BeyondTrust recommends that you upgrade to the latest version of your Privilege Management Reporting solutions for BeyondInsight.

For more information, please contact BeyondTrust technical support.

  • Learn more about the log4j exploit in our podcast, The Adventures of Alice and Bob
Latest Posts
  • Mapping Every Privilege Escalation Path in AWS AgentCore
    Jun 15, 2026 Mapping Every Privilege Escalation Path in AWS AgentCore
    Blog
    12m
  • Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Jun 12, 2026 Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Blog
    7m
  • Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Jun 9, 2026 Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Blog
    6m
  • Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Jun 8, 2026 Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Blog
    5m
  • The Most Common & Most Dangerous Types of Shadow IT
    Jun 5, 2026 The Most Common & Most Dangerous Types of Shadow IT
    Blog
    19m
Related
  • Remote Work is Here to Stay: Is your Service Desk Prepared?
    Jul 28, 2020 Remote Work is Here to Stay: Is your Service Desk Prepared?
    Blog
    1m
  • Is social engineering the new norm?
    Oct 20, 2017 Is social engineering the new norm?
    Blog
    1m
Share this Article
  • Link
Stay up to Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.