Apache Log4j Remote Code Execution Vulnerability
RISK: Medium Risk
TYPE: Web services - Web Servers
A vulnerability has been identified in Apache Log4j. A remote user can exploit this vulnerability to trigger remote code execution and sensitive information disclosure on the targeted system.
The vulnerability CVE-2021-45046 was found when applying fix to address CVE-2021-44228 vulnerability in certain non-default configurations.
[Updated on 2021-12-21]
Updated Impact, Source and Related Links.
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Apache Log4j versions from 2.0-beta9 to 2.12.1
- Apache Log4j versions from 2.13.0 to 2.15.0
Non-default Pattern Layout in logging configuration is required to trigger CVE-2021-45046 vulnerability.
Before installation of the software, please visit the vendor web-site for more details.
For patch of Apache Log4j, please refer to the link below: