What is the severity of CVE-2021-44228?

CVE-2021-44228 has a CVSS v3 score of 10, which is classified as Critical severity.

Is there an exploit available for CVE-2021-44228?

Yes, there are known exploits available for CVE-2021-44228. Immediate patching is recommended.

Is there a patch available for CVE-2021-44228?

Yes, patches are available for CVE-2021-44228. Check the vendor advisories for update instructions.

CVE-2021-44228

Published: May 12, 2026

Last updated:6 hours ago (May 12, 2026)

Exploit: YesZero-day: YesPatch: YesTrend: Viral

TL;DR

Updated May 12, 2026

CVE-2021-44228 is a critical severity vulnerability with a CVSS score of 10.0. Exploits are available; patches have been released and should be applied urgently. This is classified as a zero-day vulnerability.

Key Points

1Critical severity (CVSS 10.0/10)
2EPSS: 94.00% - very high likelihood of exploitation
3Public exploits are available
4Vendor patches are available
5Strobes Priority Score: 999/1000 (Critical)
6Affects products from 12 vendors

Test this CVE with Agentic AI

Deploy autonomous AI agents to validate this vulnerability in your environment.

Severity Scores

CVSS v310.0

CVSS v29.3

Priority Score999.0

EPSS Score94.0

Critical

Exploitation LikelihoodCritical

94.00%EPSS

Very high probability of exploitation in the next 30 days

Immediate patching required

94.00%

EPSS

10.0

CVSS

Yes

Exploit

Yes

Patch

Critical Priority

high EPSS • exploit exists • critical severity • high priority

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Multiple Atlassian products use the third-party Log4j library, which is vulnerable toCVE-2021-44228:

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Network

Scope:Changed

Confidentiality:High

Integrity:High

Availability:High

Exploit References

Exploit-DB Exploit-DB Exploit-DB Packetstormsecurity.com Packetstormsecurity.com Packetstormsecurity.com Packetstormsecurity.com Cisa.gov Packetstormsecurity.com Packetstormsecurity.com

Patch References

[email protected][email protected][email protected][email protected]

Trend Analysis

Viral

Vulnerable Products

Vendor	Product
Siemens	Desigo Cc Advanced Reports
Cisco	Identity Services Engine
Cisco	Firepower Threat Defense
Siemens	Vesys
Cisco	Emergency Responder
Siemens	Solid Edge Harness Design
Cisco	Unified Customer Voice Portal
Cisco	Unified Intelligence Center
Siemens	6bk1602 0aa32 0tp0
Cisco	Fxos

And 156 more...

Advisories

Atlassian GitHub Advisory

Msrc:

Netapp NVD

Paloaltonetworks: Apache Log4j Java library is vulnerable to a remote code execution vulnerability CVE-2021-44228, known as Log4Shell, and related vulnerabilities CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Log4Shell allows remote unauthenticated attackers with the ability to inject text into log messages to execute arbitrary code loaded from malicious servers with the privileges of the process utilizing Log4j. These products and services are not affected by Log4Shell: Bridgecrew, Cortex Data Lake, Cortex XDR agents, Cortex XSOAR, Cortex Xpanse, Enterprise Data Loss Prevention (DLP), Expedition, the GlobalProtect app, IoT Security, Okyo Garde, PAN-DB Private Cloud, PAN-OS software running on firewalls including VM and CN series, Prisma Access, Prisma Cloud, Prisma Cloud Compute, Prisma SD-WAN (CloudGenix), SaaS Security, Traps, User-ID Agent, WildFire Appliance (WF-500), and WildFire Cloud. We have determined that some configurations of Panorama appliances with PAN-OS 9.0, PAN-OS 9.1, and PAN-OS 10.0 are impacted by CVE-2021-44228 and CVE-2021-45046 through the use of Elasticsearch. Fixes were released on December 20, 2021 to address both vulnerabilities on impacted PAN-OS versions. Panorama appliances are not impacted by CVE-2021-45105 and CVE-2021-44832. NOTE: PAN-OS 8.1 and PAN-OS 10.1 versions for Panorama are not impacted by these issues. All versions of PAN-OS for firewalls and WildFire appliances are not affected. These vulnerabilities impact Exact Data Matching (EDM) CLI application versions 1.0 - 2.0 provided by Enterprise Data Loss Prevention (DLP). Enterprise DLP is not affected by these issues. The Palo Alto Networks Product Security Assurance team has completed evaluation of all products and services for these vulnerabilities. All cloud services with known possible impact have been remediated. At this time, our guidance and criteria for impacted Panorama appliances remain the same for all related vulnerabilities. The Exact Data Matching (EDM) CLI application should now be upgraded to EDM CLI version 2.1 or later versions.

Threat Intelligence

Threat Actors (7)

Bronze Starlight Sea Turtle APT41 APT35 HAFNIUM BRONZE STARLIGHT APT42

Cite This Page

APA Format

Strobes VI. (2026). CVE-2021-44228 - CVE Details and Analysis. Strobes VI. Retrieved May 13, 2026, from https://vi.strobes.co/cve/CVE-2021-44228

Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.

Vendor

Product

Siemens

Desigo Cc Advanced Reports

Cisco

Identity Services Engine

Cisco

Firepower Threat Defense

Siemens

Vesys

Cisco

Emergency Responder

Siemens

Solid Edge Harness Design

Cisco

Unified Customer Voice Portal

Cisco

Unified Intelligence Center

Siemens

6bk1602 0aa32 0tp0

Cisco

Fxos

CVE-2021-44228

Threat Intelligence

Ready for Agentic Automated Testing?

CVE-2021-44228

Threat Intelligence