REDLEGG BLOG

Critical Vulnerability Bulletin Update for Log4J

12/14/21 6:05 PM  |  by RedLegg Blog

LOG4J Remote Code Execution Vulnerability (Update)

Identifier: CVE-2021-44228 and CVE-2021-45046

Exploit or POC: YES.

Update:

https://nvd.nist.gov/vuln/detail/CVE-2021-44228https://nvd.nist.gov/vuln/detail/CVE-2021-45046 (Updated reference)

https://nvd.nist.gov/vuln/detail/CVE-2021-45046

Description: CVE-2021-44228 allows an attacker to remotely execute code on the widely used logging library (Log4j). Log4J, between versions 2.0 and 2.15.0 are all affected by CVE-2021-44228 . https://nvd.nist.gov/vuln/detail/CVE-2021-45046

Mitigation recommendation: The only current mitigation is patching LOG4J to version 2.16.0. NIST has determined previous mitigation methods were incomplete and are undergoing additional analysis.

Get Blog Updates

Related Articles

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools threat intel, 96bravo

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools

EXECUTIVE SUMMARY RedLegg would like to recognize the efforts instituted by the Cybersecurity & Infrastructure ...
Patch Tuesday - August 2023 96bravo

Patch Tuesday - August 2023

*Important note: These are not the only vulnerabilities that have been recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin