Vulnerability lake

To find CVE, enter it here
Search
You may use syntax like CVE-2021-25322

CVE-2021-45046

Description

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

Severity

CVSS Version 3.x

Base score: 9 Exploit score: 2.2 Impact score: 6

Base Score (vectoral): CVSS:3.1 - AV:N - AC:H - PR:N - UI:N - S:C - C:H - I:H - A:H

CVSS Version 2.0

Base score: 5.1 Exploit score: 4.9 Impact score: 6.4

Base Score (vectoral): CVSS:2.0 - AV:N - AC:H - Au:N - C:P - I:P - A:P

Weakness Enumeration

CWE-917

CISA Exploit alert (by Cybersecurity and Infrastructure Security Agency)

Added: 2023-05-01

Required action: Apply updates per vendor instructions.

Change History

Last Modified: Mar 12, 2025

Known Affected Software Configurations

cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:cvat:computer_vision_annotation_tool:-:*:*:*:*:*:*:*

cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*

cpe:2.3:a:intel:datacenter_manager:-:*:*:*:*:*:*:*

cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*

cpe:2.3:a:intel:oneapi:-:*:*:*:*:eclipse:*:*

cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*

cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*

cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*

cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*

cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*

cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*

cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*

cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*

cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*

cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*

cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*

cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*

cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*

cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*

cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*

cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*

cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*

cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*

cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*

cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*

cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:logo\!_soft_comfort:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*

cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*

cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*

cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*

cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*

cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*

cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*

cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*

cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*

cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*

cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*

cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*

cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*

cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*

cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*

cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*

cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:tracealertserverplus:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*

cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*

cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*

cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*

cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*

cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*

References to Advisories, Solutions, and Tools

[security@apache.org] Mailing List, Mitigation, Third Party Advisory

[security@apache.org] Mailing List, Third Party Advisory

[security@apache.org] Mailing List, Third Party Advisory

[security@apache.org] Third Party Advisory

[security@apache.org] Third Party Advisory

[security@apache.org] Third Party Advisory

[security@apache.org] Third Party Advisory

[security@apache.org] Mailing List, Release Notes

[security@apache.org] Mailing List, Release Notes

[security@apache.org] Mitigation, Release Notes, Vendor Advisory

[security@apache.org] Third Party Advisory

[security@apache.org] Third Party Advisory

[security@apache.org] Third Party Advisory

[security@apache.org] Not Applicable

[security@apache.org] Third Party Advisory

[security@apache.org] Third Party Advisory

[security@apache.org] Third Party Advisory, US Government Resource

[security@apache.org] Third Party Advisory

[security@apache.org] Third Party Advisory

[security@apache.org] Patch, Third Party Advisory

[security@apache.org] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Mailing List, Mitigation, Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Mailing List, Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Mailing List, Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Mailing List, Release Notes

[af854a3a-2127-422b-91ae-364da2661108] Mailing List, Release Notes

[af854a3a-2127-422b-91ae-364da2661108] Mitigation, Release Notes, Vendor Advisory

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Not Applicable

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory, US Government Resource

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Patch, Third Party Advisory

[af854a3a-2127-422b-91ae-364da2661108] Third Party Advisory

Related articles

What is the 'Base Score'?
What is the 'Exploit Score'?
What is the 'Impact Score'?