REDLEGG BLOG

Critical Vulnerability Bulletin Update for Log4J

12/14/21 6:05 PM  |  by RedLegg Blog

LOG4J Remote Code Execution Vulnerability (Update)

Identifier: CVE-2021-44228 and CVE-2021-45046

Exploit or POC: YES.

Update:

https://nvd.nist.gov/vuln/detail/CVE-2021-44228https://nvd.nist.gov/vuln/detail/CVE-2021-45046 (Updated reference)

https://nvd.nist.gov/vuln/detail/CVE-2021-45046

Description: CVE-2021-44228 allows an attacker to remotely execute code on the widely used logging library (Log4j). Log4J, between versions 2.0 and 2.15.0 are all affected by CVE-2021-44228 . https://nvd.nist.gov/vuln/detail/CVE-2021-45046

Mitigation recommendation: The only current mitigation is patching LOG4J to version 2.16.0. NIST has determined previous mitigation methods were incomplete and are undergoing additional analysis.

Get Blog Updates

Related Articles

Patch Tuesday Recap - March 2023 threat intel, 96bravo, Bulletin

Patch Tuesday Recap - March 2023

About: In an effort to provide additional value to our customers RedLegg will be releasing monthly security bulletins ...
Emergency Vulnerability Bulletin - 02/06/23 threat intel, 96bravo, Bulletin

Emergency Vulnerability Bulletin - 02/06/23

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin