{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2021-44228","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-03-11T22:38:57.042Z","generator":{"date":"2026-03-11T22:38:57.042Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"CVE-2021-44228","initial_release_date":"2021-12-10T21:45:00.000Z","revision_history":[{"number":"1","date":"2021-12-10T13:45:00.000Z","summary":"Initial publication"},{"number":"2","date":"2021-12-10T16:00:00.000Z","summary":"WildFire Appliance (WF-500) is confirmed to be unaffected"},{"number":"3","date":"2021-12-10T20:14:00.000Z","summary":"Panorama is confirmed to be unaffected (Update: 12/15: new information is available that changes this evaluation)"},{"number":"4","date":"2021-12-12T10:34:00.000Z","summary":"Bridgecrew is confirmed to be unaffected"},{"number":"5","date":"2021-12-13T11:40:00.000Z","summary":"Product status and Threat Prevention coverage updates"},{"number":"6","date":"2021-12-13T20:00:00.000Z","summary":"Prisma Access and Okyo Garde are confirmed to be unaffected. Context for Panorama's Log4j usage"},{"number":"7","date":"2021-12-13T23:30:00.000Z","summary":"The impact of the vulnerability on Panorama hardware and virtual appliances is under investigation"},{"number":"8","date":"2021-12-14T13:12:00.000Z","summary":"UserID-Agent is confirmed to be unaffected"},{"number":"9","date":"2021-12-15T12:25:00.000Z","summary":"Some versions of Panorama are confirmed to be susceptible to remote code execution. Evaluation of all products and services is complete"},{"number":"10","date":"2021-12-16T09:30:00.000Z","summary":"Clarification that there is no evidence of active Panorama exploitation"},{"number":"11","date":"2021-12-16T14:20:00.000Z","summary":"Added ETAs for PAN-OS fixed versions and additional information"},{"number":"12","date":"2021-12-16T22:45:00.000Z","summary":"Clarifications made for Panorama appliances. Exact Data Maching CLI application is confirmed to be affected"},{"number":"13","date":"2021-12-17T16:00:00.000Z","summary":"Added confirmation that PAN-DB Private Cloud is unaffected"},{"number":"14","date":"2021-12-17T19:00:00.000Z","summary":"Update for related vulnerability CVE-2021-45046. Guidance for impacted products remains the same"},{"number":"15","date":"2021-12-20T16:00:00.000Z","summary":"Fixes are available for impacted Panorama appliances. Updates around related vulnerability CVE-2021-45105"},{"number":"16","date":"2021-12-22T15:30:00.000Z","summary":"Clarified how Log4j was fixed in FAQ. Added note about deletion of Log4j code in PAN-OS 10.1.4"},{"number":"17","date":"2021-12-28T17:00:00.000Z","summary":"Update for related vulnerability CVE-2021-44832"},{"number":"18","date":"2021-12-29T16:30:00.000Z","summary":"Traps is confirmed to be unaffected"},{"number":"19","date":"2022-01-21T18:30:00.000Z","summary":"Panorama appliances are not impacted by CVE-2021-44832 and a new EDM CLI application fix is available"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"Prisma SD-WAN (CloudGenix)","category":"product_name","branches":[{"category":"product_version","name":"Prisma SD-WAN (CloudGenix) All","product":{"name":"Palo Alto Networks Prisma SD-WAN (CloudGenix)","product_id":"PANW-Prisma-SD-WAN-(CloudGenix)-1"}}]},{"name":"Cortex XSOAR","category":"product_name","branches":[{"category":"product_version","name":"Cortex XSOAR All","product":{"name":"Palo Alto Networks Cortex XSOAR","product_id":"PANW-Cortex-XSOAR-4"}}]},{"name":"GlobalProtect App","category":"product_name","branches":[{"category":"product_version","name":"GlobalProtect App All","product":{"name":"Palo Alto Networks GlobalProtect App","product_id":"PANW-GlobalProtect-App-1"}}]},{"name":"Cortex XDR Agent","category":"product_name","branches":[{"category":"product_version","name":"Cortex XDR Agent All","product":{"name":"Palo Alto Networks Cortex XDR Agent","product_id":"PANW-Cortex-XDR-Agent-1"}}]},{"name":"Prisma Cloud Compute","category":"product_name","branches":[{"category":"product_version","name":"Prisma Cloud Compute All","product":{"name":"Palo Alto Networks Prisma Cloud Compute","product_id":"PANW-Prisma-Cloud-Compute-1"}}]},{"name":"Prisma Cloud","category":"product_name","branches":[{"category":"product_version","name":"Prisma Cloud All","product":{"name":"Palo Alto Networks Prisma Cloud","product_id":"PANW-Prisma-Cloud-1"}}]},{"name":"Bridgecrew","category":"product_name","branches":[{"category":"product_version","name":"Bridgecrew All","product":{"name":"Palo Alto Networks Bridgecrew","product_id":"PANW-Bridgecrew-1"}}]},{"name":"WildFire Appliance (WF-500)","category":"product_name","branches":[{"category":"product_version","name":"WildFire Appliance (WF-500) All","product":{"name":"Palo Alto Networks WildFire Appliance (WF-500)","product_id":"PANW-WildFire-Appliance-(WF-500)-1"}}]},{"name":"SaaS Security","category":"product_name","branches":[{"category":"product_version","name":"SaaS Security All","product":{"name":"Palo Alto Networks SaaS Security","product_id":"PANW-SaaS-Security-1"}}]},{"name":"WildFire Cloud","category":"product_name","branches":[{"category":"product_version","name":"WildFire Cloud All","product":{"name":"Palo Alto Networks WildFire Cloud","product_id":"PANW-WildFire-Cloud-1"}}]},{"name":"IoT Security","category":"product_name","branches":[{"category":"product_version","name":"IoT Security All","product":{"name":"Palo Alto Networks IoT Security","product_id":"PANW-IoT-Security-1"}}]},{"name":"Cortex Xpanse","category":"product_name","branches":[{"category":"product_version","name":"Cortex Xpanse All","product":{"name":"Palo Alto Networks Cortex Xpanse","product_id":"PANW-Cortex-Xpanse-1"}}]},{"name":"Prisma Access","category":"product_name","branches":[{"category":"product_version","name":"Prisma Access All","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-1"}}]},{"name":"Okyo Garde","category":"product_name","branches":[{"category":"product_version","name":"Okyo Garde All","product":{"name":"Palo Alto Networks Okyo Garde","product_id":"PANW-Okyo-Garde-1"}}]},{"name":"User-ID Agent","category":"product_name","branches":[{"category":"product_version","name":"User-ID Agent All","product":{"name":"Palo Alto Networks User-ID Agent","product_id":"PANW-User-ID-Agent-1"}}]},{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version","name":"PAN-OS All","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-1"}},{"category":"product_version_range","name":"vers:generic/PAN-OS=9.0.15","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-520"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<10.0.8-h8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-521"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.0.8-h8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-521"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<9.1.12-h3","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-522"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=9.1.12-h3","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-522"}}]},{"name":"Expedition","category":"product_name","branches":[{"category":"product_version","name":"Expedition All","product":{"name":"Palo Alto Networks Expedition","product_id":"PANW-Expedition-8"}}]},{"name":"Cortex Data Lake","category":"product_name","branches":[{"category":"product_version","name":"Cortex Data Lake All","product":{"name":"Palo Alto Networks Cortex Data Lake","product_id":"PANW-Cortex-Data-Lake-1"}}]},{"name":"Enterprise Data Loss Prevention","category":"product_name","branches":[{"category":"product_version","name":"Enterprise Data Loss Prevention All","product":{"name":"Palo Alto Networks Enterprise Data Loss Prevention","product_id":"PANW-Enterprise-Data-Loss-Prevention-1"}}]},{"name":"Exact Data Matching CLI","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/Exact Data Matching CLI<2.1","product":{"name":"Palo Alto Networks Exact Data Matching CLI","product_id":"PANW-Exact-Data-Matching-CLI-3"}},{"category":"product_version_range","name":"vers:generic/Exact Data Matching CLI>=2.1","product":{"name":"Palo Alto Networks Exact Data Matching CLI","product_id":"PANW-Exact-Data-Matching-CLI-3"}}]},{"name":"PAN-DB Private Cloud","category":"product_name","branches":[{"category":"product_version","name":"PAN-DB Private Cloud All","product":{"name":"Palo Alto Networks PAN-DB Private Cloud","product_id":"PANW-PAN-DB-Private-Cloud-1"}}]},{"name":"Traps","category":"product_name","branches":[{"category":"product_version","name":"Traps All","product":{"name":"Palo Alto Networks Traps","product_id":"PANW-Traps-1"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2021-44228","product_status":{"fixed":["PANW-PAN-OS-520","PANW-PAN-OS-521","PANW-PAN-OS-522","PANW-Exact-Data-Matching-CLI-3"],"known_affected":["PANW-PAN-OS-520","PANW-PAN-OS-521","PANW-PAN-OS-522","PANW-Exact-Data-Matching-CLI-3"],"known_not_affected":["PANW-Prisma-SD-WAN-(CloudGenix)-1","PANW-Cortex-XSOAR-4","PANW-GlobalProtect-App-1","PANW-Cortex-XDR-Agent-1","PANW-Prisma-Cloud-Compute-1","PANW-Prisma-Cloud-1","PANW-Bridgecrew-1","PANW-WildFire-Appliance-(WF-500)-1","PANW-SaaS-Security-1","PANW-WildFire-Cloud-1","PANW-IoT-Security-1","PANW-Cortex-Xpanse-1","PANW-Prisma-Access-1","PANW-Okyo-Garde-1","PANW-User-ID-Agent-1","PANW-PAN-OS-1","PANW-PAN-OS-518","PANW-PAN-OS-519","PANW-Expedition-8","PANW-Cortex-Data-Lake-1","PANW-Enterprise-Data-Loss-Prevention-1","PANW-PAN-DB-Private-Cloud-1","PANW-Traps-1"]},"notes":[{"category":"description","text":"Apache Log4j Java library is vulnerable to a remote code execution vulnerability CVE-2021-44228, known as Log4Shell, and related vulnerabilities CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Log4Shell allows remote unauthenticated attackers with the ability to inject text into log messages to execute arbitrary code loaded from malicious servers with the privileges of the process utilizing Log4j.\n\nThese products and services are not affected by Log4Shell: Bridgecrew, Cortex Data Lake, Cortex XDR agents, Cortex XSOAR, Cortex Xpanse, Enterprise Data Loss Prevention (DLP), Expedition, the GlobalProtect app, IoT Security, Okyo Garde, PAN-DB Private Cloud, PAN-OS software running on firewalls including VM and CN series, Prisma Access, Prisma Cloud, Prisma Cloud Compute, Prisma SD-WAN (CloudGenix), SaaS Security, Traps, User-ID Agent, WildFire Appliance (WF-500), and WildFire Cloud. \n\nWe have determined that some configurations of Panorama appliances with PAN-OS 9.0, PAN-OS 9.1, and PAN-OS 10.0 are impacted by CVE-2021-44228 and CVE-2021-45046 through the use of Elasticsearch. Fixes were released on December 20, 2021 to address both vulnerabilities on impacted PAN-OS versions. Panorama appliances are not impacted by CVE-2021-45105 and CVE-2021-44832. \n\nNOTE: PAN-OS 8.1 and PAN-OS 10.1 versions for Panorama are not impacted by these issues. All versions of PAN-OS for firewalls and WildFire appliances are not affected.\n\nThese vulnerabilities impact Exact Data Matching (EDM) CLI application versions 1.0 - 2.0 provided by Enterprise Data Loss Prevention (DLP). Enterprise DLP is not affected by these issues.\n\nThe Palo Alto Networks Product Security Assurance team has completed evaluation of all products and services for these vulnerabilities. All cloud services with known possible impact have been remediated.\n\nAt this time, our guidance and criteria for impacted Panorama appliances remain the same for all related vulnerabilities. The Exact Data Matching (EDM) CLI application should now be upgraded to EDM CLI version 2.1 or later versions."}],"references":[{"category":"external","summary":"NVD - CVE-2021-44228","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44228"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2021-44228","url":"https://security.paloaltonetworks.com/CVE-2021-44228"}],"threats":[{"category":"impact","description":"Apache Log4j Java library is vulnerable to a remote code execution vulnerability CVE-2021-44228, known as Log4Shell, and related vulnerabilities CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Log4Shell allows remote unauthenticated attackers with the ability to inject text into log messages to execute arbitrary code loaded from malicious servers with the privileges of the process utilizing Log4j.\n\nThese products and services are not affected by Log4Shell: Bridgecrew, Cortex Data Lake, Cortex XDR agents, Cortex XSOAR, Cortex Xpanse, Enterprise Data Loss Prevention (DLP), Expedition, the GlobalProtect app, IoT Security, Okyo Garde, PAN-DB Private Cloud, PAN-OS software running on firewalls including VM and CN series, Prisma Access, Prisma Cloud, Prisma Cloud Compute, Prisma SD-WAN (CloudGenix), SaaS Security, Traps, User-ID Agent, WildFire Appliance (WF-500), and WildFire Cloud. \n\nWe have determined that some configurations of Panorama appliances with PAN-OS 9.0, PAN-OS 9.1, and PAN-OS 10.0 are impacted by CVE-2021-44228 and CVE-2021-45046 through the use of Elasticsearch. Fixes were released on December 20, 2021 to address both vulnerabilities on impacted PAN-OS versions. Panorama appliances are not impacted by CVE-2021-45105 and CVE-2021-44832. \n\nNOTE: PAN-OS 8.1 and PAN-OS 10.1 versions for Panorama are not impacted by these issues. All versions of PAN-OS for firewalls and WildFire appliances are not affected.\n\nThese vulnerabilities impact Exact Data Matching (EDM) CLI application versions 1.0 - 2.0 provided by Enterprise Data Loss Prevention (DLP). Enterprise DLP is not affected by these issues.\n\nThe Palo Alto Networks Product Security Assurance team has completed evaluation of all products and services for these vulnerabilities. All cloud services with known possible impact have been remediated.\n\nAt this time, our guidance and criteria for impacted Panorama appliances remain the same for all related vulnerabilities. The Exact Data Matching (EDM) CLI application should now be upgraded to EDM CLI version 2.1 or later versions."}],"scores":[{"cvss_v4":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"HIGH","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","exploitMaturity":"NOT_DEFINED","baseSeverity":"CRITICAL","baseScore":10,"threatSeverity":"CRITICAL","threatScore":10,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},"products":["PANW-PAN-OS-520","PANW-PAN-OS-521","PANW-PAN-OS-522","PANW-Exact-Data-Matching-CLI-3"]},{"cvss_v3":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"CRITICAL","baseScore":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"products":["PANW-PAN-OS-520","PANW-PAN-OS-521","PANW-PAN-OS-522","PANW-Exact-Data-Matching-CLI-3"]}]}]}