CVE-2021-45046

CVE Database · CVE-2021-45046

CVE-2021-45046

· CRITICALAnalyzed

CVSS v3.1

9.0

EPSS

99.98%

Published

Dec 14, 2021

Modified

Oct 27, 2025

CISA Known Exploited Vulnerability

Added: 2023-05-01 · Due: 2023-05-22

Apply updates per vendor instructions.

Public PoC / Exploit (10)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoClijiejie/log4j2_vul_local_scanner★85 GitHub PoCcckuailong/Log4j_CVE-2021-45046★21 GitHub PoCmergebase/log4j-samples★14 GitHub PoCifconfig-me/Log4Shell-Payloads★8 GitHub PoCBobTheShoplifter/CVE-2021-45046-Info★4 GitHub PoCludy-dev/cve-2021-45046★1 GitHub PoCCaptanMoss/Log4Shell-Sandbox-Signature★1 GitHub PoCtejas-nagchandi/CVE-2021-45046★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-917CWE-917

Affected Products (96)

apache · log4j (up to 2.12.2)vulnerable

apache · log4j (up to 2.16.0)vulnerable

apache · log4jvulnerable

cvat · computer_vision_annotation_toolvulnerable

intel · audio_development_kitvulnerable

intel · datacenter_managervulnerable

intel · genomics_kernel_library

References (20)

http://www.openwall.com/lists/oss-security/2021/12/14/4

Mailing ListMitigationThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/12/15/3

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/12/18/1

Mailing ListThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

KEV Catalog EPSS Scores Vendors All CVEs

intel · oneapivulnerable

intel · secure_device_onboardvulnerable

intel · sensor_solution_firmware_development_kitvulnerable

intel · system_debuggervulnerable

intel · system_studiovulnerable

siemens · sppa-t3000_ses3000_firmwarevulnerable

siemens · sppa-t3000_ses3000

siemens · captial (up to 2019.1)vulnerable

siemens · captialvulnerable

siemens · comosvulnerable

siemens · desigo_cc_advanced_reportsvulnerable

siemens · desigo_cc_info_centervulnerable

siemens · e-car_operation_center (up to 2021-12-13)vulnerable

siemens · energy_engagevulnerable

siemens · energyipvulnerable

siemens · energyip_prepayvulnerable

siemens · gma-manager (up to 8.6.2j-398)vulnerable

siemens · head-end_system_universal_device_integration_systemvulnerable

siemens · industrial_edge_managementvulnerable

siemens · industrial_edge_management_hub (up to 2021-12-13)vulnerable

siemens · logo\!_soft_comfortvulnerable

siemens · mendixvulnerable

siemens · mindsphere (up to 2021-12-11)vulnerable

siemens · navigator (up to 2021-12-13)vulnerable

siemens · nxvulnerable

siemens · opcenter_intelligencevulnerable

siemens · operation_schedulervulnerable

siemens · sentron_powermanagervulnerable

siemens · siguard_dsavulnerable

Third Party Advisory

https://logging.apache.org/log4j/2.x/security.html

MitigationRelease NotesVendor Advisory

https://www.kb.cert.org/vuls/id/930724

Third Party AdvisoryUS Government Resource