CVE-2021-45046 Vulnerability

Published: 2/20/2025

Red caution sign overlaid on a picture of a laptop with a hand on the trackpad

What is CVE-2021-45046 vulnerability?

CVE-2021-45046 is a Remote Code Execution (RCE) vulnerability connected to the widely-used Apache Log4j logging library, which allows attackers to manipulate logging data. Initially perceived as a denial-of-service risk, it was later revealed to enable attackers to execute arbitrary code in certain non-default configurations, making it highly critical.

When was it discovered?

CVE-2021-45046 was disclosed on December 14, 2021, following the initial CVE-2021-44228 ("Log4Shell") vulnerability. The flaw was identified during the response to the first issue, with contributions from Apache maintainers and security researchers.

Affected products & versions

Product	Versions Affected	Fixed Versions / Patch Links
Apache Log4j	2.0-beta9 to 2.15.0	Log4j 2.16.0

CVE-2021-45046 technical description

The vulnerability stems from improper handling of Java Naming and Directory Interface (JNDI) lookups in Log4j. Exploits occur when attackers craft malicious log messages containing specially formatted data that bypass initial mitigations. This flaw allows adversaries to escalate access and execute arbitrary code. A proof-of-concept exploit demonstrated the severity in vulnerable configurations.

Tactics, Techniques & Procedures (TTPs)

Attackers exploit CVE-2021-45046 by sending crafted input to vulnerable applications, often masking malicious payloads in JSON/HTTP headers or logs. Once executed, the payloads can create backdoors or lateral movement tools.

Indicators of compromise

Monitor for irregular JNDI requests, unexpected inbound connections from untrusted IPs, or abnormal execution of Java processes. Examine application logs for suspiciously formatted strings and flags indicative of exploitation attempts.

Known proof-of-concepts & exploits

Numerous proof-of-concept scripts exist across exploit frameworks, including public repositories. Exploitation attempts were rapidly observed in the wild after disclosure, targeting enterprise software and internal applications using Log4j.

How to detect CVE-2021-45046 vulnerability?

Organizations should scan systems for Log4j versions 2.0-beta9 to 2.15.0 and implement host-based monitoring for anomalous process activities. Use SIEM detection rules targeting JNDI lookups and inspect logs for indicators of malicious payloads.

Impact & risk of CVE-2021-45046 vulnerability

This vulnerability poses severe risks, including remote code execution, data breaches, and potential disruption of mission-critical environments. Exploits compromise confidentiality, integrity, and availability, enabling unauthorized access or malicious lateral activity.

Mitigation & remediation strategies

To mitigate this vulnerability, update to Log4j version 2.16.0 or later immediately. If updates are unfeasible, apply configurations to remove JNDI lookups. Disable vulnerable features and monitor systems actively for compromise until vendor recommendations are implemented.

CVE-2021-45046 Vulnerability FAQs

CVE-2021-45046 is a vulnerability in Apache Log4j allowing crafted input to exploit JNDI lookups, potentially leading to remote code execution. It bypasses previous fixes for CVE-2021-44228 in specific setups, making it critical to address promptly.

Attackers inject malicious payloads through logging data such as HTTP headers or application messages. Flawed handling of these inputs enables exploit payloads to execute code on impacted systems.

Unpatched systems or legacy software relying on outdated Log4j versions remain exposed. Always maintain updates and scan for vulnerable versions to mitigate long-term risks.

Organizations can safeguard systems by upgrading Log4j to version 2.16.0 or later, monitoring system activity, and configuring applications to disable vulnerable JNDI lookups. Comprehensive threat detection strengthens defenses.