Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

CVE-2021-44228 Log4j2 Exploit

A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j2 utility was disclosed publicly via the projects GitHub on December 9th, 2021. The vulnerability affects Apache Log4j 2 versions 2.0 to 2.14.1.

We have validated that the following products are not susceptible to the Log4j vulnerability:

  • LoadMaster
  • LoadMaster GEO
  • LoadMaster MT
  • ECS Connection Manager
  • Kemp 360 Central
  • Kemp 360 Vision

For additional information on this vulnerability as it relates to other Progress products, refer to the Progress Security Center:

Please see the article below for help using content rules or our WAF engine to protect your applications/servers behind the LoadMaster.

Progress Kemp LoadMaster protects from security vulnerability Apache Log4j 2 (CVE-2021-44228) – Kemp Support (

We still highly recommend you patch your applications/servers, the above article is to help alleviate the risk.

Was this article helpful?
0 out of 0 found this helpful



Erick Jarin

how about the servers that is published behind KEMP ? 



Rush Enterprises

Is there a signature in WAF for this yet?



Paul Gallaway

Very concerned here as well regarding this one.  OWASP core rule set has been confirmed not to protect against this vulnerability.



Nick Smylie

I have updated this article with a link to a new KB in order help mitigate this CVE. Once again, we highly recommend you patch your servers behind the LoadMaster.



Mpho Ntshontsi

I did the Kemp Partner Training Program course Kemp Certified Technical Professional on a mobile app and passed.

I got the email below from Kemp Training:

When I try to login to the same URL that I used in the Mobile App, I get denied access with the following error message:

Kindly assist.