Vulnerability Details : CVE-2021-4104
Potential exploit
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Vulnerability category: Execute code
Products affected by CVE-2021-4104
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_a-mq_streaming:-:*:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:goldengate:-:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:timesten_grid:-:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:stream_analytics:-:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Threat overview for CVE-2021-4104
Top countries where our scanners detected CVE-2021-4104
Top open port discovered on systems with this issue
53
IPs affected by CVE-2021-4104 790,251
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2021-4104!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-4104
11.89%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-4104
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2021-4104
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
- security@apache.org (Secondary)
References for CVE-2021-4104
-
https://www.kb.cert.org/vuls/id/930724
VU#930724 - Apache Log4j allows insecure JNDI lookups
-
http://www.openwall.com/lists/oss-security/2022/01/18/3
oss-security - CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022
-
https://security.netapp.com/advisory/ntap-20211223-0007/
CVE-2021-4104 Apache Log4j Vulnerability in NetApp Products | NetApp Product Security
-
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
Restrict LDAP access via JNDI by rgoers · Pull Request #608 · apache/logging-log4j2 · GitHub
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022
-
https://security.gentoo.org/glsa/202312-02
Minecraft Server: Remote Code Execution (GLSA 202312-02) — Gentoo security
-
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
Security Advisory
-
https://security.gentoo.org/glsa/202310-16
Ubiquiti UniFi: remote code execution via bundled log4j (GLSA 202310-16) — Gentoo security
-
https://security.gentoo.org/glsa/202312-04
Arduino: Remote Code Execution (GLSA 202312-04) — Gentoo security
-
https://access.redhat.com/security/cve/CVE-2021-4104
CVE-2021-4104- Red Hat Customer Portal
-
https://www.cve.org/CVERecord?id=CVE-2021-44228
CVE Record | CVE
-
https://security.gentoo.org/glsa/202209-02
IBM Spectrum Protect: Multiple Vulnerabilities (GLSA 202209-02) — Gentoo security
-
https://www.oracle.com/security-alerts/cpujul2022.html
Oracle Critical Patch Update Advisory - July 2022
Jump to