CVE-2021-45046: Log4j DoS/RCE Bypass

Score: 9
CRITICAL
Published: 2021-12-14Affected: Apache Log4j 2.x < 2.16.0CWE-917

Is Log4j 2.15.0 still vulnerable?

A bypass of the initial Log4Shell fix (CVE-2021-44228). The 2.15.0 patch was incomplete — certain non-default configurations still allowed JNDI injection, now enabling denial of service and, in some environments, remote code execution.

Impact & Exploitation

Organizations that raced to patch to Log4j 2.15.0 remained vulnerable. Required a second emergency patch cycle during the holiday season.

Related Resources

📖 Security Guides

🛡️ Notable Vulnerabilities

🔗 External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS9
SeverityCRITICAL
CWECWE-917
Published2021-12-14

Tags

javarcepatch-bypass

Quick Links

Is your system affected?

Precogs AI detects Log4j DoS/RCE Bypass in compiled binaries and firmware — even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2021-45046 Log4j DoS/RCE Bypass don’t just exist in source code — they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack — even when source code isn’t available.

Request Deep AnalysisBook a demo