CVE-2021-4104 - Vulnerability Details

Description

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Published: 2021-12-14

Score: 7.5 High

EPSS: 69.3% High

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apache Software Foundation

Apache Log4j 1.x

affected

Version	Status	Constraints
`Apache Log4j 1.2 1.2.x`	affected	—

Configuration 1 [-]

cpe:2.3:a:apache:log4j:1.2:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:codeready_studio:12.0:::::::*
	cpe:2.3:a:redhat:integration_camel_k:-:::::::*
	cpe:2.3:a:redhat:integration_camel_quarkus:-:::::::*
	cpe:2.3:a:redhat:jboss_a-mq:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_a-mq:7:::::::*
	cpe:2.3:a:redhat:jboss_a-mq_streaming:-:::::::*
	cpe:2.3:a:redhat:jboss_data_grid:7.0.0:::::::*
	cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:::::::*
	cpe:2.3:a:redhat:jboss_fuse:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_fuse:7.0.0:::::::*
	cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:::::::*
	cpe:2.3:a:redhat:jboss_operations_network:3.0:::::::*
	cpe:2.3:a:redhat:jboss_web_server:3.0:::::::*
	cpe:2.3:a:redhat:openshift_application_runtimes:-:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.6:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.7:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.8:::::::*
	cpe:2.3:a:redhat:process_automation:7.0:::::::*
	cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
	cpe:2.3:a:redhat:software_collections:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:::::::*
	cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:::::::*
	cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0::::enterprise:::
	cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0::::enterprise:::
	cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:::::::*
	cpe:2.3:a:oracle:communications_messaging_server:8.1:::::::*
	cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
	cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::
	cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*
	cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:::::::*
	cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:goldengate:-:::::::*
	cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:::::::*
	cpe:2.3:a:oracle:hyperion_data_relationship_management::::::::
	cpe:2.3:a:oracle:hyperion_infrastructure_technology::::::::
	cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:retail_allocation:14.1.3.2:::::::*
	cpe:2.3:a:oracle:retail_allocation:15.0.3.1:::::::*
	cpe:2.3:a:oracle:retail_allocation:16.0.3:::::::*
	cpe:2.3:a:oracle:retail_allocation:19.0.1:::::::*
	cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:::::::*
	cpe:2.3:a:oracle:stream_analytics:-:::::::*
	cpe:2.3:a:oracle:timesten_grid:-:::::::*
	cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:::::::*
	cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:::::::*
	cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:::::::*
	cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Package	CPE	Advisory	Released Date
EAP 6.4.24 release
	cpe:/a:redhat:jboss_enterprise_application_platform:6	RHSA-2022:5458	2022-06-30T00:00:00Z
EAP 6.4 log4j async
log4j	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2022:0437	2022-02-03T00:00:00Z
EAP 7.4.4 release
log4j	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:1299	2022-04-11T00:00:00Z
EAP 7.4 log4j async
log4j	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:0435	2022-02-03T00:00:00Z
Red Hat Data Grid 7.3.9
log4j	cpe:/a:redhat:jboss_data_grid:7.3	RHSA-2022:0430	2022-02-03T00:00:00Z
Red Hat Enterprise Linux 6 Extended Lifecycle Support
log4j-0:1.2.14-6.5.el6_10	cpe:/o:redhat:rhel_els:6	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
log4j-0:1.2.17-16.el7_3	cpe:/o:redhat:rhel_aus:7.3	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_aus:7.6	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_tus:7.6	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_aus:7.7	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_tus:7.7	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
log4j-0:1.2.17-17.el7_4	cpe:/o:redhat:rhel_e4s:7.7	RHSA-2021:5206	2021-12-20T00:00:00Z
Red Hat Enterprise Linux 8
parfait:0.5-8050020220124063900.6b489b78	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:0290	2022-01-26T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
parfait:0.5-8010020220124232535.d5701770	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2022:0294	2022-01-26T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
parfait:0.5-8020020220124231008.1c5d4e8a	cpe:/a:redhat:rhel_eus:8.2	RHSA-2022:0291	2022-01-26T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
parfait:0.5-8040020220124230039.d304d9ed	cpe:/a:redhat:rhel_eus:8.4	RHSA-2022:0289	2022-01-26T00:00:00Z
Red Hat Fuse 7.10.1
log4j	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:0661	2022-02-23T00:00:00Z
Red Hat Fuse/AMQ 6.3.20
log4j	cpe:/a:redhat:jboss_amq:6.3	RHSA-2022:0553	2022-02-15T00:00:00Z
log4j	cpe:/a:redhat:jboss_fuse:6.3	RHSA-2022:0553	2022-02-15T00:00:00Z
Red Hat JBoss Data Virtualization 6.4.8.SP1
log4j	cpe:/a:redhat:jboss_data_virtualization:6.4	RHSA-2022:0497	2022-02-09T00:00:00Z
Red Hat JBoss Data Virtualization 6.4.8.SP2
log4j	cpe:/a:redhat:jboss_data_virtualization:6.4	RHSA-2022:0507	2022-02-10T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:0438	2022-02-03T00:00:00Z
log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:0438	2022-02-03T00:00:00Z
jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:0438	2022-02-03T00:00:00Z
log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:0438	2022-02-03T00:00:00Z
jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:5856	2024-08-26T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2022:0436	2022-02-03T00:00:00Z
eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2022:1297	2022-04-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2022:0436	2022-02-03T00:00:00Z
eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2022:1296	2022-04-11T00:00:00Z
Red Hat JBoss Web Server 3.1
log4j-eap6	cpe:/a:redhat:jboss_enterprise_web_server:3.1	RHSA-2022:0527	2022-02-14T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
tomcat7-0:7.0.70-46.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
tomcat8-0:8.0.36-49.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
tomcat-native-0:1.2.23-26.redhat_26.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-metering-hadoop:v4.6.0-202112150545.p0.gf381145.assembly.art3595	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5141	2021-12-16T00:00:00Z
openshift4/ose-metering-presto:v4.6.0-202112150545.p0.g190688a.assembly.art3595	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5141	2021-12-16T00:00:00Z
openshift4/ose-metering-hive:v4.6.0-202112160147.p0.gf139e12.assembly.stream	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5186	2021-12-16T00:00:00Z
Red Hat OpenShift Container Platform 4.7
openshift4/ose-metering-hadoop:v4.7.0-202112150631.p0.g6046504.assembly.4.7.40	cpe:/a:redhat:openshift:4.7::el8	RHSA-2021:5107	2021-12-16T00:00:00Z
openshift4/ose-metering-presto:v4.7.0-202112150631.p0.gd502108.assembly.4.7.40	cpe:/a:redhat:openshift:4.7::el8	RHSA-2021:5107	2021-12-16T00:00:00Z
openshift4/ose-metering-hive:v4.7.0-202112160422.p0.g6a2b6aa.assembly.4.7.40	cpe:/a:redhat:openshift:4.7::el8	RHSA-2021:5184	2021-12-16T00:00:00Z
Red Hat OpenShift Container Platform 4.8
openshift4/ose-metering-hadoop:v4.8.0-202112150431.p0.gebd9cb4.assembly.art3599	cpe:/a:redhat:openshift:4.8::el8	RHSA-2021:5148	2021-12-15T00:00:00Z
openshift4/ose-metering-presto:v4.8.0-202112150431.p0.g4b934ae.assembly.art3599	cpe:/a:redhat:openshift:4.8::el8	RHSA-2021:5148	2021-12-15T00:00:00Z
openshift4/ose-metering-hive:v4.8.0-202112160147.p0.g5672016.assembly.stream	cpe:/a:redhat:openshift:4.8::el8	RHSA-2021:5183	2021-12-16T00:00:00Z
Red Hat Single Sign-On 7.4.10
log4j	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2022:0446	2022-02-07T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 7
rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el7	RHSA-2022:0447	2022-02-07T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 8
rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el8	RHSA-2022:0448	2022-02-07T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-maven36-log4j12-0:1.2.17-23.3.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2021:5269	2021-12-22T00:00:00Z
Red Hat Virtualization Engine 4.4
org.ovirt.engine-root-0:4.4.10.6-1	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2022:0475	2022-02-08T00:00:00Z
snmp4j-0:3.6.4-0.1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2022:0475	2022-02-08T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso74-openshift-rhel8:7.4-45	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0444	2022-02-07T00:00:00Z
rh-sso-7/sso74-openj9-openshift-rhel8:7.4-60	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0445	2022-02-07T00:00:00Z
rh-sso-7/sso75-openshift-rhel8:7.5-17	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0450	2022-02-07T00:00:00Z
rh-sso-7/sso7-rhel8-operator-bundle:7.5.1-9	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0450	2022-02-07T00:00:00Z
RHSSO 7.5.1
log4j	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2022:0449	2022-02-07T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-2905-1	apache-log4j1.2 security update
Github GHSA	GHSA-fp5r-v3w9-4333	JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
Ubuntu USN	USN-5223-1	Apache Log4j 1.2 vulnerability
Ubuntu USN	USN-5223-2	Apache Log4j 1.2 vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.69284.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/01/18/3
https://access.redhat.com/security/cve/CVE-2021-4104
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301
https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx
https://nvd.nist.gov/vuln/detail/CVE-2021-4104
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
https://security.gentoo.org/glsa/202209-02
https://security.gentoo.org/glsa/202310-16
https://security.gentoo.org/glsa/202312-02
https://security.gentoo.org/glsa/202312-04
https://security.netapp.com/advisory/ntap-20211223-0007/
https://www.cve.org/CVERecord?id=CVE-2021-4104
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://www.kb.cert.org/vuls/id/930724
https://www.openwall.com/lists/oss-security/2021/12/13/1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html

History

Mon, 25 Nov 2024 14:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7

Mon, 26 Aug 2024 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

Subscriptions

Apache Log4j

Fedoraproject Fedora

Oracle Advanced Supply Chain Planning Business Intelligence Business Process Management Suite Communications Eagle Ftp Table Base Retrieval Communications Messaging Server Communications Network Integrity Communications Offline Mediation Controller Communications Unified Inventory Management E-business Suite Cloud Manager And Cloud Backup Module Enterprise Manager Base Platform Financial Services Revenue Management And Billing Analytics Fusion Middleware Common Libraries And Tools Goldengate Healthcare Data Repository Hyperion Data Relationship Management Hyperion Infrastructure Technology Identity Management Suite Jdeveloper Mysql Enterprise Monitor Retail Allocation Retail Extract Transform And Load Stream Analytics Timesten Grid Tuxedo Utilities Testing Accelerator Weblogic Server

Redhat Codeready Studio Enterprise Linux Integration Camel K Integration Camel Quarkus Jboss A-mq Jboss A-mq Streaming Jboss Amq Jboss Data Grid Jboss Data Virtualization Jboss Enterprise Application Platform Jboss Enterprise Application Platform Eus Jboss Enterprise Web Server Jboss Fuse Jboss Fuse Service Works Jboss Operations Network Jboss Web Server Openshift Openshift Application Runtimes Openshift Container Platform Process Automation Red Hat Single Sign On Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Software Collections Rhel Tus Rhev Manager Rhosemc Single Sign-on Software Collections

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-12-14T00:00:00.000Z

Updated: 2024-08-03T17:16:04.172Z

Reserved: 2021-12-13T00:00:00.000Z

Link: CVE-2021-4104

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-14T12:15:12.200

Modified: 2024-11-21T06:36:54.560

Link: CVE-2021-4104

Redhat

Severity : Moderate

Publid Date: 2021-12-10T00:00:00Z

Links: CVE-2021-4104 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object