NVD disclosure day

Published threat advisories for December 14, 2021

CVE-2021-45046

Apache Log4j Remote Code Execution Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in Apache Log4j affects systems using specific non-default configurations. Attackers can leverage this to gain unauthorized access and execute code, posing a significant business risk.

NVD published: December 14, 2021 • CISA KEV

CVE advisoryHIGH

CVE-2021-4104

Log4j 1.2 configuration flaw could allow an attacker to take control of your systems.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A Log4j 1.2 configuration flaw could allow remote code execution if an attacker can modify the application's logs, similar to CVE-2021-44228. This affects older, unsupported Log4j versions with specific JMSAppender configurations.

NVD published: December 14, 2021