Lucene search

RedhatCVELIST:CVE-2021-4125

HistoryAug 24, 2022 - 3:09 p.m.

CVE-2021-4125

2022-08-2415:09:17

CWE-20

redhat

www.cve.org

8.8 High

AI Score

Confidence

High

0.976 High

EPSS

Percentile

100.0%

JSON

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.

CNA Affected

[
  {
    "product": "kube-reporting/hive",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in v4.8, v4.7 and v4.6"
      }
    ]
  }
]

References

access.redhat.com/security/cve/CVE-2021-4125

access.redhat.com/security/cve/CVE-2021-44228

access.redhat.com/security/cve/CVE-2021-45046

bugzilla.redhat.com/show_bug.cgi?id=2033121

github.com/kube-reporting/hive/pull/71

github.com/kube-reporting/hive/pull/72

github.com/kube-reporting/hive/pull/73

prion

Authorization

2022-08-24 16:15:00

Default configuration

2021-12-14 19:15:00

nvd

CVE-2021-4125

2022-08-24 16:15:09

CVE-2021-45046

2021-12-14 19:15:07

cve

CVE-2021-4125

2022-08-24 16:15:09

CVE-2021-45046

2021-12-14 19:15:07

redhatcve

CVE-2021-4125

2021-12-16 02:02:08

CVE-2021-45046

2022-05-07 14:27:31

redhat

(RHSA-2021:5183) Critical: OpenShift Container Platform 4.8.24 security update

2021-12-16 21:10:20

(RHSA-2021:5186) Critical: OpenShift Container Platform 4.6.52 security update

2021-12-16 21:25:00

(RHSA-2021:5184) Critical: OpenShift Container Platform 4.7.40 security update

2021-12-16 21:35:00

nuclei

Apache Log4j2 - Remote Code Injection

2021-12-23 15:41:50

fortinet

Apache log4j2 log messages substitution (CVE-2021-44228)

2021-12-12 00:00:00

talosblog

Quarterly Report: Incident Response Trends in Q2 2022

2022-07-26 14:03:00

ibm

Security Bulletin: Multiple Vulnerabilities in Apache Log4j affect IBM Db2 Web Query for i

2021-12-21 17:06:21

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45046)

2022-01-27 12:22:10

Security Bulletin: There are multiple vulnerabilities in the Apache Log4j used in IBM® QRadar Risk Manager that may allow for remote code execution (RCE).

2022-01-07 16:37:57

amazon

Critical: java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk

2021-12-17 17:39:00

Critical: aws-kinesis-agent

2021-12-16 00:11:00

Critical: java-17-amazon-corretto, java-11-amazon-corretto, java-1.8.0-openjdk, java-1.7.0-openjdk

2021-12-17 18:12:00

nessus

FreeBSD : graylog -- remote code execution in log4j from user-controlled log input (650734b2-7665-4170-9a0a-eeced5e10a5e)

2021-12-21 00:00:00

Ubuntu 20.04 LTS : Apache Log4j 2 vulnerability (USN-5197-1)

2021-12-15 00:00:00

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2021-001)

2022-05-02 00:00:00

checkpoint_advisories

Apache Log4j Remote Code Execution (CVE-2021-44228; CVE-2021-45046)

2021-12-10 00:00:00

openvas

Debian: Security Advisory (DSA-5022-1)

2021-12-17 00:00:00

Apache Log4j 2.0.x Multiple Vulnerabilities (Windows, Log4Shell) - Version Check

2021-12-17 00:00:00

Apache Log4j 2.0.x Multiple Vulnerabilities (UDP, Log4Shell) - Active Check

2021-12-13 00:00:00

vmware

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-13 11:34:54

Exploit for Deserialization of Untrusted Data in Apache Log4J

2022-01-13 03:02:47

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-14 08:41:18

securelist

CVE-2021-44228 vulnerability in Apache Log4j library

2021-12-13 14:10:21

osv

CVE-2021-45046

2021-12-14 19:15:07

Incomplete fix for Apache Log4j vulnerability

2021-12-14 18:01:28

Remote code injection in Log4j

2021-12-10 00:40:56

threatpost

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

2021-12-30 16:16:23

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

2021-12-15 14:04:19

mssecure

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

2022-08-25 16:00:00

ubuntu

Apache Log4j 2 vulnerability

2021-12-15 00:00:00

debiancve

CVE-2021-45046

2021-12-14 19:15:07

kitploit

Log4J-Detector - Detects Log4J versions on your file-system within any application that are vulnerable to CVE-2021-44228 and CVE-2021-45046

2021-12-20 04:38:00

log4j-scan - A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

2021-12-20 11:30:00

cvelist

CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

2021-12-14 16:55:09

CVE-2022-33915

2022-06-17 07:01:30

typo3

Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

2021-12-16 00:00:00

intel

Intel® Product Advisory for Apache Log4j2 Vulnerabilities (CVE-2021-44228 & CVE-2021-45046)

2022-01-12 00:00:00

attackerkb

CVE-2021-45046

2021-12-14 00:00:00

CVE-2021-44228 (Log4Shell)

2022-02-08 00:00:00

CVE-2022-33915

2022-06-17 00:00:00

ubuntucve

CVE-2021-45046

2021-12-14 00:00:00

suse

Security update for log4j (important)

2021-12-17 00:00:00

Security update for log4j (important)

2021-12-20 00:00:00

github

Incomplete fix for Apache Log4j vulnerability

2021-12-14 18:01:28

Remote code injection in Log4j

2021-12-10 00:40:56

debian

[SECURITY] [DSA 5022-1] apache-log4j2 security update

2021-12-16 10:29:17

thn

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

2022-12-09 11:25:00

Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released

2021-12-15 05:26:00

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

2021-12-16 06:24:00

veracode

Denial Of Service (DoS)

2021-12-15 00:30:50

malwarebytes

[Update: CISA issues Log4j vulnerabilities scanner] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend

2021-12-10 18:03:28

mmpc

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

2022-08-25 16:00:00

K32171392 : Apache Log4j2 vulnerability CVE-2021-45046

2021-12-16 00:00:00

mageia

Updated log4j packages fix security vulnerability

2021-12-19 15:26:08

rapid7blog

How to Protect Your Applications Against Log4Shell With tCell

2021-12-15 14:58:14

impervablog

Log4Shell log4j Remote Code Execution – The COVID of the Internet

2022-01-06 16:41:56

cisa_kev

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

2023-05-01 00:00:00

huawei

Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products

2021-12-15 00:00:00

freebsd

graylog -- remote code execution in log4j from user-controlled log input

2021-11-14 00:00:00

fedora

[SECURITY] Fedora 34 Update: log4j-2.17.0-1.fc34

2021-12-27 00:56:30

avleonov

Log4j “Log4Shell” RCE explained (CVE-2021-44228)

2021-12-26 22:07:17

ics

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

2021-12-23 12:00:00

8.8 High

AI Score

Confidence

High

0.976 High

EPSS

Percentile

100.0%

JSON