LOG4J Remote Code Execution Vulnerability (Update)
Identifier: CVE-2021-44228 and CVE-2021-45046
Exploit or POC: YES.
Update:
https://nvd.nist.gov/vuln/detail/CVE-2021-44228https://nvd.nist.gov/vuln/detail/CVE-2021-45046 (Updated reference)
https://nvd.nist.gov/vuln/detail/CVE-2021-45046
Description: CVE-2021-44228 allows an attacker to remotely execute code on the widely used logging library (Log4j). Log4J, between versions 2.0 and 2.15.0 are all affected by CVE-2021-44228 . https://nvd.nist.gov/vuln/detail/CVE-2021-45046
Mitigation recommendation: The only current mitigation is patching LOG4J to version 2.16.0. NIST has determined previous mitigation methods were incomplete and are undergoing additional analysis.