A new RCE vulnerability on Log4j 2.17.0 (CVE-2021-4483)

</>

Dec 29, 2021 created

( Oct 14, 2023 modified )

@scqrinc

Series

Log4j vulnerabilities in the end of 2021

#log4j #security #vulnerability #cve

Log4j 2.17.1 was released because a new vulnerability on RCE (Remote Code Execution) had been found in 2.17.0. (CVE-2021-4483)

According to The Apache Software Founndation, CVSS is 6.6 and the severity is moderate.

There is the risk when an attacker has the permission to modify the logging configuration file.

This post is based on the tweet by my company.

Series

Log4j vulnerabilities in the end of 2021

Apache Log4j RCE vulnerability (CVE-2021-44228): Attack trials detected
About Apache Log4j RCE vulnerability (CVE-2021-44228)
New Log4j vulnerability was found in 2.15.0 which is less dangerous
Log4j 2: New vulnerability on DoS in 2.16.0 and below
A new RCE vulnerability on Log4j 2.17.0 (CVE-2021-4483)

Comments or feedbacks are welcomed and appreciated.