CVEID:CVE-2021-4104
**DESCRIPTION:**Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Data Studio client	All

Remediation/Fixes

Product

VRM

Remediation

—|—|—

IBM Data Studio Client

4.1.x

Upgrade to: IBM Data Studio Client 4.1.4 APAR1

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm data studioeq4.1.

CPE	Name	Operator	Version
	ibm data studio	eq	4.1.

kaspersky 1

ibm 111

openvas 13

centos 1

oraclelinux 2

cnvd 1

redhat 4

suse 4

nessus 21

ubuntu 2

osv 6

gentoo 3

cloudlinux 1

github 3

ubuntucve 3

f5 2

debiancve 2

atlassian 2

prion 2

veracode 1

nvd 2

cve 2

cvelist 2

redhatcve 2

threatpost 1

attackerkb 1

amazon 1

trellix 2

symantec 1

kaspersky

KLA12407 RCE vulnerability in Apache Log4j

2021-12-14 00:00:00

ibm

Security Bulletin: Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

2022-03-14 19:30:01

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

2022-02-15 09:51:25

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2021-4104)

2022-02-22 17:00:38

openvas

Ubuntu: Security Advisory (USN-5223-2)

2023-01-27 00:00:00

openSUSE: Security Advisory for log4j12 (openSUSE-SU-2021:4112-1)

2022-02-01 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:4111-1)

2021-12-18 00:00:00

centos

log4j security update

2021-12-21 21:36:17

oraclelinux

log4j security update

2022-01-26 00:00:00

log4j security update

2021-12-21 00:00:00

cnvd

Apache Log4j Code Execution Vulnerability

2021-12-16 00:00:00

redhat

(RHSA-2021:5269) Moderate: rh-maven36-log4j12 security update

2021-12-22 21:14:37

(RHSA-2021:5206) Moderate: log4j security update

2021-12-20 08:38:19

(RHSA-2021:5141) Critical: OpenShift Container Platform 4.6.52 security update

2021-12-16 07:44:46

suse

Security update for log4j (important)

2021-12-17 00:00:00

Security update for log4j12 (important)

2021-12-24 00:00:00

Security update for log4j12 (important)

2021-12-17 00:00:00

nessus

RHEL 7 : rh-maven36-log4j12 (RHSA-2021:5269)

2021-12-23 00:00:00

CentOS 7 : log4j (CESA-2021:5206)

2021-12-21 00:00:00

Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)

2021-12-15 00:00:00

ubuntu

Apache Log4j 1.2 vulnerability

2022-02-08 00:00:00

Apache Log4j 1.2 vulnerability

2022-01-12 00:00:00

osv

Using JMSAppender in log4j configuration may lead to deserialization of untrusted data

2021-12-17 20:42:38

apache-log4j1.2 vulnerability

2022-02-08 21:01:33

apache-log4j1.2 vulnerability

2022-01-12 19:31:51

gentoo

Arduino: Remote Code Execution

2023-12-22 00:00:00

Minecraft Server: Remote Code Execution

2023-12-20 00:00:00

Ubiquiti UniFi: remote code execution via bundled log4j

2023-10-26 00:00:00

cloudlinux

Fix of CVE: CVE-2021-4104

2022-01-17 14:23:20

github

Using JMSAppender in log4j configuration may lead to deserialization of untrusted data

2021-12-17 20:42:38

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data

2021-12-14 19:49:31

Deserialization of Untrusted Data in Log4j 1.x

2022-01-21 23:27:14

ubuntucve

CVE-2022-23302

2022-01-18 00:00:00

CVE-2021-4104

2021-12-14 00:00:00

CVE-2021-44228

2021-12-10 00:00:00

K24554520 : Apache Log4j Remote Code Execution vulnerability CVE-2021-4104

2021-12-15 00:00:00

K59563964 : Apache Log4j Remote Code Execution vulnerability CVE-2022-23302

2022-01-31 00:00:00

debiancve

CVE-2022-23302

2022-01-18 16:15:08

CVE-2021-4104

2021-12-14 12:15:12

atlassian

Update Log4J to 1.2.17-atlassian-15 to fix CVE-2021-4104

2022-03-07 08:14:14

Update Log4J to 1.2.17-atlassian-15 to fix CVE-2021-4104

2022-01-14 13:13:21

prion

Deserialization of untrusted data

2022-01-18 16:15:00

Deserialization of untrusted data

2021-12-14 12:15:00

veracode

Deserialisation Of Untrusted Object

2021-12-15 13:38:24

nvd

CVE-2022-23302

2022-01-18 16:15:08

CVE-2021-4104

2021-12-14 12:15:12

cve

CVE-2022-23302

2022-01-18 16:15:08

CVE-2021-4104

2021-12-14 12:15:12

cvelist

CVE-2021-4104 Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2

2021-12-14 00:00:00

CVE-2022-23302 Deserialization of untrusted data in JMSSink in Apache Log4j 1.x

2022-01-18 15:25:20

redhatcve

CVE-2021-4104

2022-05-07 14:29:21

CVE-2021-44228

2022-05-07 14:19:14

threatpost

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

2021-12-15 14:04:19

attackerkb

CVE-2021-44228 (Log4Shell)

2022-02-08 00:00:00

amazon

Important: log4j

2022-01-18 20:15:00

trellix

Log4shell Vulnerability is the Coal in Our Stocking for 2021

2022-01-19 00:00:00

Log4shell Vulnerability is the Coal in Our Stocking for 2021

2022-01-19 00:00:00

symantec

Symantec Security Advisory for Log4j Vulnerability

2021-12-11 01:06:47

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.127 Low

EPSS

Percentile

95.5%

JSON

Related for AEF7A95EE3DB6896F5C04951844A71B4C94EDDD29868D0C8038CC869982B4892