CVE-2021-45046
📋 TL;DR
CVE-2021-45046 is an incomplete fix for the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j 2.15.0 that allows attackers to execute arbitrary code via JNDI lookups in certain non-default logging configurations. This affects systems using Log4j 2.0-beta9 through 2.15.0 with specific Pattern Layout configurations. The vulnerability enables remote code execution in some environments and local code execution in all vulnerable configurations.
💻 Affected Systems
- Apache Log4j
📦 What is this software?
Captial by Siemens
Captial by Siemens
Captial by Siemens
Comos by Siemens
Email Security by Sonicwall
Energyip by Siemens
Energyip by Siemens
Energyip by Siemens
Energyip by Siemens
Fedora by Fedoraproject
Fedora by Fedoraproject
Gma Manager by Siemens
Head End System Universal Device Integration System by Siemens
View all CVEs affecting Head End System Universal Device Integration System →
Log4j by Apache
Log4j by Apache
Log4j by Apache
Log4j by Apache
Log4j by Apache
Log4j by Apache
Mendix by Siemens
Mindsphere by Siemens
Navigator by Siemens
Nx by Siemens
Oneapi by Intel
Sensor Solution Firmware Development Kit by Intel
View all CVEs affecting Sensor Solution Firmware Development Kit →
Siguard Dsa by Siemens
Siguard Dsa by Siemens
Siguard Dsa by Siemens
Teamcenter by Siemens
Vesys by Siemens
Vesys by Siemens
Vesys by Siemens
Vesys by Siemens
⚠️ Risk & Real-World Impact
Worst Case
Full remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.
Likely Case
Remote code execution leading to malware deployment, data theft, and system compromise in vulnerable configurations.
If Mitigated
Limited impact with proper network segmentation, egress filtering, and security controls in place.
🎯 Exploit Status
Widely exploited in the wild with numerous public proof-of-concept exploits available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.16.0 (Java 8) or 2.12.2 (Java 7)
Vendor Advisory: https://logging.apache.org/log4j/2.x/security.html
Restart Required: Yes
Instructions:
1. Identify all applications using Log4j 2.0-beta9 through 2.15.0. 2. Upgrade to Log4j 2.16.0 (Java 8) or 2.12.2 (Java 7). 3. Restart all affected applications. 4. Verify the fix by checking the Log4j version.
🔧 Temporary Workarounds
Remove JNDI Lookup Class
linuxRemove the JndiLookup class from the classpath to disable JNDI functionality.
find / -name "log4j-core-*.jar" -type f 2>/dev/null | xargs -I {} zip -q -d {} org/apache/logging/log4j/core/lookup/JndiLookup.class
Set System Property
allDisable JNDI lookups by setting the log4j2.formatMsgNoLookups system property.
java -Dlog4j2.formatMsgNoLookups=true -jar your-application.jar
🧯 If You Can't Patch
- Implement network segmentation to isolate vulnerable systems
- Deploy web application firewalls with Log4j attack signatures
🔍 How to Verify
Check if Vulnerable:
Check for Log4j JAR files version 2.0-beta9 through 2.15.0: find / -name "*log4j-core*.jar" -type f 2>/dev/null | xargs -I {} sh -c 'echo {}; unzip -p {} META-INF/MANIFEST.MF | grep "Implementation-Version"'Check Version:
java -cp log4j-core-*.jar org.apache.logging.log4j.core.VersionVerify Fix Applied:
Verify Log4j version is 2.16.0 or higher (Java 8) or 2.12.2 (Java 7) using the same command as above.📡 Detection & Monitoring
Log Indicators:
- JNDI lookup patterns like ${jndi:ldap://, ${jndi:rmi://, ${ctx:, ${sys:, ${env:
Network Indicators:
- Outbound LDAP/RMI connections from applications to unknown external servers
SIEM Query:
source="*log*" AND "${jndi:"🔗 References
- http://www.openwall.com/lists/oss-security/2021/12/14/4
- http://www.openwall.com/lists/oss-security/2021/12/15/3
- http://www.openwall.com/lists/oss-security/2021/12/18/1
- https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/
- https://logging.apache.org/log4j/2.x/security.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
- https://security.gentoo.org/glsa/202310-16
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
- https://www.cve.org/CVERecord?id=CVE-2021-44228
- https://www.debian.org/security/2021/dsa-5022
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
- https://www.kb.cert.org/vuls/id/930724
- https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://www.openwall.com/lists/oss-security/2021/12/14/4
- http://www.openwall.com/lists/oss-security/2021/12/15/3
- http://www.openwall.com/lists/oss-security/2021/12/18/1
- https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/
- https://logging.apache.org/log4j/2.x/security.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
- https://security.gentoo.org/glsa/202310-16
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
- https://www.cve.org/CVERecord?id=CVE-2021-44228
- https://www.debian.org/security/2021/dsa-5022
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
- https://www.kb.cert.org/vuls/id/930724
- https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-45046
