logo

CVE-2021-45046 - Apache Log4j2 Deserialization of Untrusted Data Vulnerability

CVE-2021-45046

Apache | Log4j2

  • Date Added:
  • 2023-05-01
  • Due Date:
  • 2023-05-22
Vulnerability Name

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

Description

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes
https://logging.apache.org/log4j/2.x/security.html; https://nvd.nist.gov/vuln/detail/CVE-2021-45046

Free security scan for your website