Lucene search
K

101 matches found

Veracode
Veracode
added 2021/12/15 1:38 p.m.77 views

Deserialisation Of Untrusted Object

JMSAppender in log4j is vulnerable to deserialization of untrusted object. When an application is configured to use JMSAppender with the setting TopicBindingName or TopicConnectionFactoryBindingName to something that JNDI can handle - for example "ldap://host:port/a", an attacker is able to execu...

10CVSS2.1AI score0.99999EPSS
Exploits352References15Affected Software93
OSV
OSV
added 2021/12/15 10:32 a.m.10 views

SUSE-SU-2021:4097-1 Security update for storm-kit

This update for storm-kit fixes the following issues: - Remove JndiLookup from log4j 2.x jars during build to prevent 'log4shell' code injection. bsc1193641, bsc1193611, CVE-2021-44228 - Remove JMSAppender from log4j 1.2.x jars during build to prevent attacks when JMS is enabled bsc1193641,...

10CVSS9.8AI score0.99999EPSS
Exploits352References6
OSV
OSV
added 2021/12/15 10:31 a.m.14 views

SUSE-SU-2021:4096-1 Security update for storm

This update for storm fixes the following issues: - Remove JndiLookup from log4j 2.x jars during build to prevent 'log4shell' code injection. bsc1193641, bsc1193611, CVE-2021-44228 - Remove JMSAppender from log4j 1.2.x jars during build to prevent attacks when JMS is enabled bsc1193641, bsc119366...

10CVSS9.8AI score0.99999EPSS
Exploits352References6
Tenable Nessus
Tenable Nessus
added 2021/12/15 12:0 a.m.346 views

Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)

The version of Apache Log4j on the remote host is 1.2. It is, therefore, affected by a remote code execution vulnerability when specifically configured to use JMSAppender. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version numbe...

7.5CVSS8AI score0.81147EPSS
Exploits9References3
CERT
CERT
added 2021/12/15 12:0 a.m.1217 views

Apache Log4j allows insecure JNDI lookups

Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description Th...

10CVSS10AI score0.99999EPSS
Exploits354References22
OSV
OSV
added 2021/12/14 7:49 p.m.2 views

GHSA-FP5R-V3W9-4333 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.5CVSS7.4AI score0.99999EPSS
Exploits352References16
Github Security Blog
Github Security Blog
added 2021/12/14 7:49 p.m.114 views

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.5CVSS4.7AI score0.81147EPSS
Exploits9References16Affected Software2
NVD
NVD
added 2021/12/14 12:15 p.m.34 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.5CVSS0.81147EPSS
Exploits9References14
OSV
OSV
added 2021/12/14 12:15 p.m.11 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.5CVSS9.4AI score0.99999EPSS
Exploits352References14
ATTACKERKB
ATTACKERKB
added 2021/12/14 12:15 p.m.135 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

10CVSS7.9AI score0.99999EPSS
In wildExploits352References15
Prion
Prion
added 2021/12/14 12:15 p.m.48 views

Deserialization of untrusted data

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

6CVSS9.3AI score0.99999EPSS
Exploits352References14Affected Software38
UbuntuCve
UbuntuCve
added 2021/12/14 12:15 p.m.74 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.5CVSS7.4AI score0.81147EPSS
Exploits9References5
Vulnrichment
Vulnrichment
added 2021/12/14 12:0 a.m.5 views

CVE-2021-4104 Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.6AI score0.81147EPSS
Exploits9References14
CVE
CVE
added 2021/12/14 12:0 a.m.1453 views

CVE-2021-4104

CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...

7.5CVSS9.4AI score0.81147EPSS
In wildExploits9References14Affected Software1
Cvelist
Cvelist
added 2021/12/14 12:0 a.m.200 views

CVE-2021-4104 Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

8.9AI score0.81147EPSS
Exploits9References14
Debian CVE
Debian CVE
added 2021/12/14 12:0 a.m.123 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.5CVSS8.6AI score0.81147EPSS
Exploits9
Arista
Arista
added 2021/12/12 12:0 a.m.93 views

Security Advisory 0070

Security Advisory 0070 PDF Date: May 20th, 2022 Revision | Date | Changes ---|---|--- 1.6 | May 20th, 2022 | Update CVEs affected release info 1.5 | January 4th, 2022 | Add information about CVE-2021-44832 1.4 | December 21st, 2021 | Add information about CVE-2021-45105 1.3 | December 17th, 2021 ...

10CVSS10AI score0.99999EPSS
Exploits358
Broadcom
Broadcom
added 2021/12/11 12:0 a.m.12 views

BSA-2021-1652

Security Advisory ID : BSA-2021-1652 Component : JMSAppender in Log4j 1.2 Revision : 1.0 CVE-2021-4104 - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...

7.5CVSS8.4AI score0.81147EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2021/12/10 12:0 a.m.330 views

Apache Log4j < 2.15.0 Remote Code Execution (Windows)

The version of Apache Log4j on the remote host is 2.x 2.15.0. It is, therefore, affected by a remote code execution vulnerability in the JNDI parser due to improper log validation. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. Log4j...

10CVSS8.4AI score0.99999EPSS
Exploits351References3
Tenable Nessus
Tenable Nessus
added 2021/12/10 12:0 a.m.1240 views

Apache Log4j < 2.15.0 Remote Code Execution (Nix)

The version of Apache Log4j on the remote host is 2.x 2.3.1 / 2.4 2.12.2 / 2.13 2.15.0. It is, therefore, affected by a remote code execution vulnerability in the JDNI parser due to improper log validation. An unauthenticated, remote attacker can exploit this to bypass authentication and execute...

10CVSS8.8AI score0.99999EPSS
Exploits351References3
Rows per page
Query Builder