Skip to main content

Apache Log4j Remote Code Execution Vulnerability

Last Update Date: 21 Dec 2021 Release Date: 17 Dec 2021 6492 Views

RISK: Medium Risk

TYPE: Web services - Web Servers

TYPE: Web Servers

A vulnerability has been identified in Apache Log4j. A remote user can exploit this vulnerability to trigger remote code execution and sensitive information disclosure on the targeted system.



The vulnerability CVE-2021-45046 was found when applying fix to address CVE-2021-44228 vulnerability in certain non-default configurations.



[Updated on 2021-12-21]

Updated Impact, Source and Related Links.


  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Apache Log4j versions from 2.0-beta9 to 2.12.1
  • Apache Log4j versions from 2.13.0 to 2.15.0



Non-default Pattern Layout in logging configuration is required to trigger CVE-2021-45046 vulnerability.


Before installation of the software, please visit the vendor web-site for more details.


Vulnerability Identifier


Related Link