CVE-2021-45046 - Apache Log4j2 Deserialization of Untrusted Data Vulnerability
Project:Apache
Product:Log4j2
Date Added:2023-05-01Due Date:2023-05-22
Vulnerability Name
Apache Log4j2 Deserialization of Untrusted Data Vulnerability
Description
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://logging.apache.org/log4j/2.x/security.html
https://nvd.nist.gov/vuln/detail/CVE-2021-45046