close
magnifying glass
Get Started
magnifying glass
chevron
Support Language
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
chevron Get the white paper
            Experience Netskope
            Get Hands-on With the Netskope Platform
            Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            chevron Experience Netskope
              A Leader in SSE. Now a Leader in Single-Vendor SASE.
              Netskope is recognized as a Leader Furthest in Vision for both SSE and SASE Platforms
              2X a Leader in the Gartner® Magic Quadrant for SASE Platforms
              One unified platform built for your journey
              chevron Get the report
                ""
                Netskope One AI Security
                Organizations need secure AI to move their business forward, but controls and guardrails must not require sacrifices in speed or user experience. Netskope can help you say yes to the AI advantage.
                chevron Learn about Netskope One AI Security
                  ""
                  Netskope One AI Security
                  Organizations need secure AI to move their business forward, but controls and guardrails must not require sacrifices in speed or user experience. Netskope can help you say yes to the AI advantage.
                  chevron Learn about Netskope One AI Security
                    Modern data loss prevention (DLP) for Dummies eBook
                    Modern Data Loss Prevention (DLP) for Dummies
                    Get tips and tricks for transitioning to a cloud-delivered DLP.
                    chevron Get the eBook
                      Modern SD-WAN for SASE Dummies Book
                      Modern SD-WAN for SASE Dummies
                      Stop playing catch up with your networking architecture
                      chevron Get the eBook
                        Understanding where the risk lies
                        Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        chevron Watch the demo
                            2025-10-UZTNA-ebook
                            6 Reasons Universal ZTNA is a Smart Escape from VPN and NAC Chaos
                            Ditch the complexity of VPNs and NAC. Learn how Universal ZTNA secures every user and device with one consistent framework.
                            chevron Get the eBook
                              Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                              Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                              chevron Read the case study
                                Netskope GovCloud
                                Netskope achieves FedRAMP High Authorization
                                Choose Netskope GovCloud to accelerate your agency’s transformation.
                                chevron Learn about Netskope GovCloud
                                    Netskope Technical Support
                                    Netskope Technical Support
                                    Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                    chevron Technical Support
                                      Netskope video
                                      Netskope Training
                                      Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.
                                      chevron Explore Netskope Training
                                        ""
                                        Maximize your SASE ROI with Netskope Business Value Services
                                        Start proving ROI. Netskope BVS is a complimentary consulting service that quantifies the financial and strategic impact of your SASE transformation.
                                        chevron Request a consultation
                                          Let's do great things together
                                          ""
                                          Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                          chevron Netskope Partners

                                            CVE-2021-45046: New Log4j Vulnerability Discovered

                                            Dec 15 2021
                                            By Gustavo Palazolo

                                            Summary

                                            Shortly after the Apache Software Foundation (ASF) released the bug fix for the vulnerability known as Log4Shell or LogJam (CVE-2021-44228), a new vulnerability was discovered in Log4j Java-based logging library, tracked as CVE-2021-45046.

                                            While Log4Shell had the maximum CVSS score of 10, this new vulnerability is rated as 3.7, affecting all versions of Log4j between 2.0-beta9 and 2.12.1, as well as between 2.13.0 and 2.15.0.

                                            The fix addressing Log4Shell was incomplete in certain non-default configurations, which could allow an attacker to craft malicious input data using JNDI Lookup, resulting in denial of service (DoS) or worse, according to Apache.

                                            CVE-2021-45046

                                            This new vulnerability may allow attacks through the Thread Context Map (MDC) input data when the configuration uses a non-default Pattern Layout with either:

                                            • Context Lookup pattern, example: “$${ctx:loginId}”
                                            • Thread Context Map pattern, example: “%X”, “%mdc” or “%MDC”

                                            A crafted malicious input data could trigger a JNDI Lookup that results in denial of service (DoS) attack.

                                            Conclusion

                                            While many organizations are still dealing with Log4Shell (CVE-2021-44228), CVE-2021-45046 should further intensify efforts to update systems. We strongly recommend anyone using Log4j to update to the latest version or follow all of the mitigation steps recommended by Apache.

                                            Protection

                                            Netskope Threat Labs is actively monitoring this campaign and will ensure coverage for all known threat indicators and payloads. 

                                            Update/Patch

                                            The fix for CVE-2021-45046 was released in Log4j 2.12.2 and Log4j 2.16.0. Both vulnerabilities (CVE-2021-44228 and CVE-2021-45046) can also be mitigated by removing the JndiLookup class from the classpath. 

                                            Example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

                                            Furthermore, as of Log4j 2.15.0, the message lookups feature was disabled by default, but it still works in configuration. This feature can be disabled by setting system property “log4j2.formatMsgNoLookups” to “true”.

                                            Netskope Private Access

                                            If you are running internal applications that cannot be immediately patched, you can mitigate the risk of exploitation by limiting access to the app. A private access solution, such as Netskope Private Access, can be used to make private apps invisible to external attackers who seek to exploit vulnerable services. Furthermore, a private access solution can restrict access to a private app internally, such that only authorized users are able to access the app, reducing the risk that a compromised user or device could be used to exploit vulnerable services.

                                            < Threat Labs
                                            Next Story >
                                            < Back
                                            Next >
                                            author image
                                            Gustavo Palazolo
                                            Gustavo Palazolo is an expert in malware analysis, reverse engineering and security research, working many years in projects related to electronic fraud protection.
                                            Gustavo Palazolo is an expert in malware analysis, reverse engineering and security research, working many years in projects related to electronic fraud protection.
                                            Read More
                                            More Articles by Gustavo Palazolo
                                            Read full Bio
                                            More articles

                                            Related Articles

                                            card shape
                                            Threat Labs

                                            Attackers Weaponize Signed RMM Tools via Zoom, Meet, & Teams Lures

                                            By Jan Michael Alcantara
                                            chevron Read the blog
                                            card shape
                                            Threat Labs

                                            Malicious Bing Ads Lead to Widespread Azure Tech Support Scams

                                            By Ray Canzanese
                                            chevron Read the blog
                                            card shape
                                            Threat Labs

                                            OpenClaw/MoltBot/ClawdBot: The Risky Personal AI Agent and Netskope Protection

                                            By Gianpietro Cutolo
                                            chevron Read the blog
                                            Show More
                                            Connect with Netskope

                                            Subscribe to the Netskope Blog

                                            Sign up to receive a roundup of the latest Netskope content delivered directly in your inbox every month.
                                            Subscribe now