JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Published 2021-12-14 12:15:12
Updated 2023-12-22 09:15:37
View at NVD,   CVE.org
Vulnerability category: Execute code

Threat overview for CVE-2021-4104

Top countries where our scanners detected CVE-2021-4104
Top open port discovered on systems with this issue 53
IPs affected by CVE-2021-4104 790,250
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2021-4104!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2021-4104

Probability of exploitation activity in the next 30 days: 15.63%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-4104

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
6.0
MEDIUM AV:N/AC:M/Au:S/C:P/I:P/A:P
6.8
6.4
nvd@nist.gov
7.5
HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1.6
5.9
nvd@nist.gov

CWE ids for CVE-2021-4104

  • The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
    Assigned by:
    • nvd@nist.gov (Primary)
    • secalert@redhat.com (Secondary)
    • security@apache.org (Secondary)

References for CVE-2021-4104

Products affected by CVE-2021-4104

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!