CVE-2021-4104 - Vulnerability Details

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.72202.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache Subscribe	Log4j Subscribe
Fedoraproject Subscribe	Fedora Subscribe
Oracle Subscribe	Advanced Supply Chain Planning Subscribe Business Intelligence Subscribe Business Process Management Suite Subscribe Communications Eagle Ftp Table Base Retrieval Subscribe Communications Messaging Server Subscribe Communications Network Integrity Subscribe Communications Offline Mediation Controller Subscribe Communications Unified Inventory Management Subscribe E-business Suite Cloud Manager And Cloud Backup Module Subscribe Enterprise Manager Base Platform Subscribe Financial Services Revenue Management And Billing Analytics Subscribe Fusion Middleware Common Libraries And Tools Subscribe Goldengate Subscribe Healthcare Data Repository Subscribe Hyperion Data Relationship Management Subscribe Hyperion Infrastructure Technology Subscribe Identity Management Suite Subscribe Jdeveloper Subscribe Mysql Enterprise Monitor Subscribe Retail Allocation Subscribe Retail Extract Transform And Load Subscribe Stream Analytics Subscribe Timesten Grid Subscribe Tuxedo Subscribe Utilities Testing Accelerator Subscribe Weblogic Server Subscribe
Redhat Subscribe	Codeready Studio Subscribe Enterprise Linux Subscribe Integration Camel K Subscribe Integration Camel Quarkus Subscribe Jboss A-mq Subscribe Jboss A-mq Streaming Subscribe Jboss Amq Subscribe Jboss Data Grid Subscribe Jboss Data Virtualization Subscribe Jboss Enterprise Application Platform Subscribe Jboss Enterprise Application Platform Eus Subscribe Jboss Enterprise Web Server Subscribe Jboss Fuse Subscribe Jboss Fuse Service Works Subscribe Jboss Operations Network Subscribe Jboss Web Server Subscribe Openshift Subscribe Openshift Application Runtimes Subscribe Openshift Container Platform Subscribe Process Automation Subscribe Red Hat Single Sign On Subscribe Rhel Aus Subscribe Rhel E4s Subscribe Rhel Els Subscribe Rhel Eus Subscribe Rhel Software Collections Subscribe Rhel Tus Subscribe Rhev Manager Subscribe Rhosemc Subscribe Single Sign-on Subscribe Software Collections Subscribe

Configuration 1 [-]

cpe:2.3:a:apache:log4j:1.2:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:codeready_studio:12.0:::::::*
	cpe:2.3:a:redhat:integration_camel_k:-:::::::*
	cpe:2.3:a:redhat:integration_camel_quarkus:-:::::::*
	cpe:2.3:a:redhat:jboss_a-mq:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_a-mq:7:::::::*
	cpe:2.3:a:redhat:jboss_a-mq_streaming:-:::::::*
	cpe:2.3:a:redhat:jboss_data_grid:7.0.0:::::::*
	cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:::::::*
	cpe:2.3:a:redhat:jboss_fuse:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_fuse:7.0.0:::::::*
	cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:::::::*
	cpe:2.3:a:redhat:jboss_operations_network:3.0:::::::*
	cpe:2.3:a:redhat:jboss_web_server:3.0:::::::*
	cpe:2.3:a:redhat:openshift_application_runtimes:-:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.6:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.7:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.8:::::::*
	cpe:2.3:a:redhat:process_automation:7.0:::::::*
	cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
	cpe:2.3:a:redhat:software_collections:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:::::::*
	cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:::::::*
	cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0::::enterprise:::
	cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0::::enterprise:::
	cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:::::::*
	cpe:2.3:a:oracle:communications_messaging_server:8.1:::::::*
	cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
	cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::
	cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*
	cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:::::::*
	cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:goldengate:-:::::::*
	cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:::::::*
	cpe:2.3:a:oracle:hyperion_data_relationship_management::::::::
	cpe:2.3:a:oracle:hyperion_infrastructure_technology::::::::
	cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:retail_allocation:14.1.3.2:::::::*
	cpe:2.3:a:oracle:retail_allocation:15.0.3.1:::::::*
	cpe:2.3:a:oracle:retail_allocation:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_allocation:19.0.1:::::::*
	cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:::::::*
	cpe:2.3:a:oracle:stream_analytics:-:::::::*
	cpe:2.3:a:oracle:timesten_grid:-:::::::*
	cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:::::::*
	cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:::::::*
	cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:::::::*
	cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Package	CPE	Advisory	Released Date
EAP 6.4.24 release
	cpe:/a:redhat:jboss_enterprise_application_platform:6	RHSA-2022:5458	2022-06-30T00:00:00Z
EAP 6.4 log4j async
log4j	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2022:0437	2022-02-03T00:00:00Z
EAP 7.4.4 release
log4j	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:1299	2022-04-11T00:00:00Z
EAP 7.4 log4j async
log4j	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:0435	2022-02-03T00:00:00Z
Red Hat Data Grid 7.3.9
log4j	cpe:/a:redhat:jboss_data_grid:7.3	RHSA-2022:0430	2022-02-03T00:00:00Z
Red Hat Enterprise Linux 6 Extended Lifecycle Support
log4j-0:1.2.14-6.5.el6_10	cpe:/o:redhat:rhel_els:6	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
log4j-0:1.2.17-16.el7_3	cpe:/o:redhat:rhel_aus:7.3	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_aus:7.6	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_tus:7.6	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_aus:7.7	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_tus:7.7	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_e4s:7.7	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 8
parfait:0.5-8050020220124063900.6b489b78	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:0290	2022-01-26T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
parfait:0.5-8010020220124232535.d5701770	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2022:0294	2022-01-26T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
parfait:0.5-8020020220124231008.1c5d4e8a	cpe:/a:redhat:rhel_eus:8.2	RHSA-2022:0291	2022-01-26T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
parfait:0.5-8040020220124230039.d304d9ed	cpe:/a:redhat:rhel_eus:8.4	RHSA-2022:0289	2022-01-26T00:00:00Z
Red Hat Fuse 7.10.1
log4j	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:0661	2022-02-23T00:00:00Z
Red Hat Fuse/AMQ 6.3.20
log4j	cpe:/a:redhat:jboss_amq:6.3	RHSA-2022:0553	2022-02-15T00:00:00Z
log4j	cpe:/a:redhat:jboss_fuse:6.3	RHSA-2022:0553	2022-02-15T00:00:00Z
Red Hat JBoss Data Virtualization 6.4.8.SP1
log4j	cpe:/a:redhat:jboss_data_virtualization:6.4	RHSA-2022:0497	2022-02-09T00:00:00Z
Red Hat JBoss Data Virtualization 6.4.8.SP2
log4j	cpe:/a:redhat:jboss_data_virtualization:6.4	RHSA-2022:0507	2022-02-10T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:0438	2022-02-03T00:00:00Z
log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:0438	2022-02-03T00:00:00Z
jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:0438	2022-02-03T00:00:00Z
log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:0438	2022-02-03T00:00:00Z
jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:5856	2024-08-26T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2022:0436	2022-02-03T00:00:00Z
eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2022:1297	2022-04-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2022:0436	2022-02-03T00:00:00Z
eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2022:1296	2022-04-11T00:00:00Z
Red Hat JBoss Web Server 3.1
log4j-eap6	cpe:/a:redhat:jboss_enterprise_web_server:3.1	RHSA-2022:0527	2022-02-14T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
tomcat7-0:7.0.70-46.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
tomcat8-0:8.0.36-49.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
tomcat-native-0:1.2.23-26.redhat_26.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-metering-hadoop:v4.6.0-202112150545.p0.gf381145.assembly.art3595	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5141	2021-12-16T00:00:00Z
openshift4/ose-metering-presto:v4.6.0-202112150545.p0.g190688a.assembly.art3595	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5141	2021-12-16T00:00:00Z
openshift4/ose-metering-hive:v4.6.0-202112160147.p0.gf139e12.assembly.stream	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5186	2021-12-16T00:00:00Z
Red Hat OpenShift Container Platform 4.7
openshift4/ose-metering-hadoop:v4.7.0-202112150631.p0.g6046504.assembly.4.7.40	cpe:/a:redhat:openshift:4.7::el8	RHSA-2021:5107	2021-12-16T00:00:00Z
openshift4/ose-metering-presto:v4.7.0-202112150631.p0.gd502108.assembly.4.7.40	cpe:/a:redhat:openshift:4.7::el8	RHSA-2021:5107	2021-12-16T00:00:00Z
openshift4/ose-metering-hive:v4.7.0-202112160422.p0.g6a2b6aa.assembly.4.7.40	cpe:/a:redhat:openshift:4.7::el8	RHSA-2021:5184	2021-12-16T00:00:00Z
Red Hat OpenShift Container Platform 4.8
openshift4/ose-metering-hadoop:v4.8.0-202112150431.p0.gebd9cb4.assembly.art3599	cpe:/a:redhat:openshift:4.8::el8	RHSA-2021:5148	2021-12-15T00:00:00Z
openshift4/ose-metering-presto:v4.8.0-202112150431.p0.g4b934ae.assembly.art3599	cpe:/a:redhat:openshift:4.8::el8	RHSA-2021:5148	2021-12-15T00:00:00Z
openshift4/ose-metering-hive:v4.8.0-202112160147.p0.g5672016.assembly.stream	cpe:/a:redhat:openshift:4.8::el8	RHSA-2021:5183	2021-12-16T00:00:00Z
Red Hat Single Sign-On 7.4.10
log4j	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2022:0446	2022-02-07T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 7
rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el7	RHSA-2022:0447	2022-02-07T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 8
rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el8	RHSA-2022:0448	2022-02-07T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-maven36-log4j12-0:1.2.17-23.3.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2021:5269	2021-12-22T00:00:00Z
Red Hat Virtualization Engine 4.4
org.ovirt.engine-root-0:4.4.10.6-1	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2022:0475	2022-02-08T00:00:00Z
snmp4j-0:3.6.4-0.1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2022:0475	2022-02-08T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso74-openshift-rhel8:7.4-45	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0444	2022-02-07T00:00:00Z
rh-sso-7/sso74-openj9-openshift-rhel8:7.4-60	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0445	2022-02-07T00:00:00Z
rh-sso-7/sso75-openshift-rhel8:7.5-17	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0450	2022-02-07T00:00:00Z
rh-sso-7/sso7-rhel8-operator-bundle:7.5.1-9	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0450	2022-02-07T00:00:00Z
RHSSO 7.5.1
log4j	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2022:0449	2022-02-07T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2905-1	apache-log4j1.2 security update
Github GHSA	GHSA-fp5r-v3w9-4333	JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
Ubuntu USN	USN-5223-1	Apache Log4j 1.2 vulnerability
Ubuntu USN	USN-5223-2	Apache Log4j 1.2 vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/01/18/3
https://access.redhat.com/security/cve/CVE-2021-4104
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301
https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx
https://nvd.nist.gov/vuln/detail/CVE-2021-4104
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
https://security.gentoo.org/glsa/202209-02
https://security.gentoo.org/glsa/202310-16
https://security.gentoo.org/glsa/202312-02
https://security.gentoo.org/glsa/202312-04
https://security.netapp.com/advisory/ntap-20211223-0007/
https://www.cve.org/CVERecord?id=CVE-2021-4104
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://www.kb.cert.org/vuls/id/930724
https://www.openwall.com/lists/oss-security/2021/12/13/1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html

History

Mon, 25 Nov 2024 14:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7

Mon, 26 Aug 2024 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-12-14T00:00:00

Updated: 2024-08-03T17:16:04.172Z

Reserved: 2021-12-13T00:00:00

Link: CVE-2021-4104

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-14T12:15:12.200

Modified: 2024-11-21T06:36:54.560

Link: CVE-2021-4104

Redhat

Severity : Moderate

Publid Date: 2021-12-10T00:00:00Z

Links: CVE-2021-4104 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object