CVE-2021-45046 - Apache Log4j2 Deserialization of Untrusted Data Vulnerability
CVE-2021-45046
Apache | Log4j2
- Date Added:
- 2023-05-01
- Due Date:
- 2023-05-22
- Vulnerability Name
Apache Log4j2 Deserialization of Untrusted Data Vulnerability
- Description
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
- Known To Be Used in Ransomware Campaigns?
Known
- Action
Apply updates per vendor instructions.
- Additional Notes
- https://logging.apache.org/log4j/2.x/security.html; https://nvd.nist.gov/vuln/detail/CVE-2021-45046
Free security scan for your website