All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2021-45046
NONEKEVpublish date unavailable
CVSS / 10
// description
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
// required action (CISA KEV)
Apply updates per vendor instructions.
added 2023-05-01 00:00 UTC