Executive Summary

Informations
Name CVE-2021-45046 First vendor Publication 2021-12-14
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Overall CVSS Score 9
Base Score 9 Environmental Score 9
impact SubScore 6 Temporal Score 9
Exploitabality Sub Score 2.2
 
Attack Vector Network Attack Complexity High
Privileges Required None User Interaction None
Scope Changed Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score 5.1 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 88
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 3
Application 1
Application 5
Application 2
Application 1
Application 1
Application 4
Application 2
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 2
Application 3
Application 2
Application 1
Application 2
Application 1
Application 1
Application 1
Application 4
Application 5
Application 5
Application 1
Application 1
Application 5
Application 1
Application 1
Application 4
Os 2
Os 2
Os 1
Os 1
Os 1

Sources (Detail)

http://www.openwall.com/lists/oss-security/2021/12/14/4
http://www.openwall.com/lists/oss-security/2021/12/15/3
http://www.openwall.com/lists/oss-security/2021/12/18/1
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://logging.apache.org/log4j/2.x/security.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://security.gentoo.org/glsa/202310-16
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://www.debian.org/security/2021/dsa-5022
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-006...
https://www.kb.cert.org/vuls/id/930724
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Date Informations
2024-11-28 14:03:01
  • Multiple Updates
2024-10-31 17:28:29
  • Multiple Updates
2024-06-28 00:27:59
  • Multiple Updates
2023-10-26 13:28:12
  • Multiple Updates
2023-06-27 21:27:47
  • Multiple Updates
2023-06-27 00:27:35
  • Multiple Updates
2022-10-06 09:27:33
  • Multiple Updates
2022-07-26 00:29:42
  • Multiple Updates
2022-07-15 02:05:04
  • Multiple Updates
2022-04-21 21:23:11
  • Multiple Updates
2022-04-20 09:23:11
  • Multiple Updates
2022-02-19 09:23:29
  • Multiple Updates
2022-02-07 21:23:10
  • Multiple Updates
2021-12-27 09:23:05
  • Multiple Updates
2021-12-22 09:23:05
  • Multiple Updates
2021-12-21 05:22:57
  • Multiple Updates
2021-12-20 21:22:54
  • Multiple Updates
2021-12-20 17:22:54
  • Multiple Updates
2021-12-18 21:22:54
  • Multiple Updates
2021-12-18 13:22:53
  • Multiple Updates
2021-12-18 05:22:55
  • Multiple Updates
2021-12-17 05:22:53
  • Multiple Updates
2021-12-17 01:50:12
  • Multiple Updates
2021-12-17 01:50:11
  • Multiple Updates
2021-12-17 00:23:00
  • Multiple Updates
2021-12-16 17:22:52
  • Multiple Updates
2021-12-16 09:22:56
  • Multiple Updates
2021-12-16 01:51:46
  • Multiple Updates
2021-12-16 00:22:53
  • Multiple Updates
2021-12-15 21:22:54
  • Multiple Updates
2021-12-15 09:23:08
  • Multiple Updates
2021-12-15 00:22:52
  • First insertion