Rewterz Threat Advisory – Multiple IBM PowerVM Hypervisor Vulnerabilities
December 14, 2021Rewterz Threat Alert – Hackers Exploiting Log4j Vulnerability to drop Khonsari Ransomware
December 15, 2021Rewterz Threat Advisory – Multiple IBM PowerVM Hypervisor Vulnerabilities
December 14, 2021Rewterz Threat Alert – Hackers Exploiting Log4j Vulnerability to drop Khonsari Ransomware
December 15, 2021Severity
Medium
Analysis Summary
CVE-2021-45046
Apache Log4j is vulnerable to a denial of service, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. A remote attacker with control over Thread Context Map (MDC) input data or a Thread Context Map pattern to exploit this vulnerability to craft malicious input data using a JNDI Lookup pattern and cause a denial of service.
Impact
- Denial of Service
Affected Vendors
Apache
Affected Products
- Apache Log4j 2.8.1
- Apache Log4j 2.13.1
- Apache Log4j 2.14.0
- Apache Log4j 2.14.1
- Apache Log4j 2.15.0
- Apache Log4j 2.0-beta9
- Apache Log4j 2.12.1
- Apache Log4j 2.13.0
Remediation
Upgrade to the latest version of Log4j, available from the Apache Web site.