Showing results for 
Search instead for 
Did you mean: 
Frequent Visitor

CVE-2021-44228 Log4j 2 exploitation

Hi Community,


I do not know this is the right place to ask, but. 

Is the Microsoft-Power platform (Non-custom connectors, Canvas Apps, DAX etc?) vulnerable to this Log4j 2 Exploit? 



Regular Visitor


yes it's using log4j 2.12.1 in \Program Files (x86)\Power Automate Desktop\java-support\PAD.JavaBridge.jar, log4j 2.12.1

New Member

I have found this file to be vulnerable as well:
C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.2290.0_x64__8wekyb3d8bbwe\java-support\PAD.JavaBridge.jar


C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.2290.0_x64__8wekyb3d8bbwe\java-support\PAD.JavaBridge.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE


I have uninstalled Power Automate and the file remains

Helpful resources

Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

May UG Leader Call Carousel 768x460.png

June User Group Leader Call

Join us on June 28 for our monthly User Group leader call!

MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Power Automate Designer Feedback_carousel.jpg

Help make Flow Design easier

Are you new to designing flows? What is your biggest struggle with Power Automate Designer? Help us make it more user friendly!

Users online (1,172)