Vulnerability CVE-2021-4104


Published: 2021-12-14

Description:
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Type:

CWE-502

(Deserialization of Untrusted Data)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Redhat -> Openshift container platform 
Redhat -> Process automation 
Redhat -> Single sign-on 
Redhat -> Codeready studio 
Redhat -> Software collections 
Redhat -> Integration camel k 
Redhat -> Enterprise linux 
Redhat -> Integration camel quarkus 
Redhat -> Jboss a-mq 
Redhat -> Jboss a-mq streaming 
Redhat -> Jboss data grid 
Redhat -> Jboss data virtualization 
Redhat -> Jboss enterprise application platform 
Redhat -> Jboss fuse 
Redhat -> Jboss fuse service works 
Redhat -> Jboss operations network 
Redhat -> Jboss web server 
Redhat -> Openshift application runtimes 
Fedoraproject -> Fedora 
Apache -> Log4j 

 References:
https://access.redhat.com/security/cve/CVE-2021-4104
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
https://www.kb.cert.org/vuls/id/930724
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033

Copyright 2024, cxsecurity.com

 

Back to Top