Lucene search
RedHatRHSA-2021:5107HistoryDec 16, 2021 - 2:53 p.m.
(RHSA-2021:5107) Critical: OpenShift Container Platform 4.7.40 security update
2021-12-1614:53:52
access.redhat.com
123
0.976 High
EPSS
Percentile
100.0%
Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
- log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
- log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
- log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Related
attackerkb
attackerkb
CVE-2021-44228 (Log4Shell)
2022-02-08 00:00:00
CVE-2021-45046
2021-12-14 00:00:00
redhat
redhat
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2021-4104, CVE-2021-45046)
2021-12-22 07:09:10
symantec
symantec
Symantec Security Advisory for Log4j Vulnerability
2021-12-11 01:06:47
nessus
nessus
GLSA-202310-16 : Ubiquiti UniFi: remote code execution via bundled log4j
2023-10-26 00:00:00
Ubuntu 20.04 LTS : Apache Log4j 2 vulnerability (USN-5197-1)
2021-12-15 00:00:00
threatpost
threatpost
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
2021-12-15 14:04:19
qualysblog
qualysblog
CVE-2021-44228: Apache Log4j2 Zero-Day Exploited in the Wild (Log4Shell)
2021-12-10 19:30:11
New Options Profiles for Log4Shell Detection
2021-12-20 17:33:11
rapid7blog
rapid7blog
The Everyperson’s Guide to Log4Shell (CVE-2021-44228)
2021-12-15 19:44:42
How to Protect Your Applications Against Log4Shell With tCell
2021-12-15 14:58:14
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-17 10:36:16
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-13 11:34:54
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-16 17:22:17
gentoo
gentoo
Ubiquiti UniFi: remote code execution via bundled log4j
2023-10-26 00:00:00
thn
thn
New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability
2021-12-18 12:18:00
Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released
2021-12-15 05:26:00
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges
2021-12-16 06:24:00
checkpoint_advisories
checkpoint_advisories
Apache Log4j Remote Code Execution (CVE-2021-44228; CVE-2021-45046)
2021-12-10 00:00:00
securelist
securelist
CVE-2021-44228 vulnerability in Apache Log4j library
2021-12-13 14:10:21
amazon
amazon
Critical: java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk
2021-12-17 17:39:00
Critical: java-17-amazon-corretto, java-11-amazon-corretto, java-1.8.0-openjdk, java-1.7.0-openjdk
2021-12-17 18:12:00
Critical: aws-kinesis-agent
2021-12-16 00:11:00
vmware
vmware
fortinet
fortinet
Apache log4j2 log messages substitution (CVE-2021-44228)
2021-12-12 00:00:00
talosblog
talosblog
Quarterly Report: Incident Response Trends in Q2 2022
2022-07-26 14:03:00
nuclei
nuclei
Apache Log4j2 - Remote Code Injection
2021-12-23 15:41:50
openvas
openvas
Debian: Security Advisory (DSA-5022-1)
2021-12-17 00:00:00
Apache Log4j 2.0.x Multiple Vulnerabilities (TCP, Log4Shell) - Active Check
2021-12-13 00:00:00
redhatcve
redhatcve
cve
cve
CVE-2021-45046
2021-12-14 19:15:07
CVE-2021-4104
2021-12-14 12:15:12
suse
suse
Security update for log4j (important)
2021-12-20 00:00:00
Security update for log4j (important)
2021-12-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-12-15 00:30:50
Deserialisation Of Untrusted Object
2021-12-15 13:38:24
prion
prion
Default configuration
2021-12-14 19:15:00
Deserialization of untrusted data
2021-12-14 12:15:00
nvd
nvd
CVE-2021-45046
2021-12-14 19:15:07
CVE-2021-4104
2021-12-14 12:15:12
ubuntucve
ubuntucve
CVE-2021-44228
2021-12-10 00:00:00
CVE-2021-45046
2021-12-14 00:00:00
cvelist
cvelist
debiancve
debiancve
CVE-2021-4104
2021-12-14 12:15:12
atlassian
atlassian
Update Log4J to 1.2.17-atlassian-15 to fix CVE-2021-4104
2022-01-14 13:13:21
Update Log4J to 1.2.17-atlassian-15 to fix CVE-2021-4104
2022-03-07 08:14:14
debian
debian
[SECURITY] [DSA 5022-1] apache-log4j2 security update
2021-12-16 10:29:17
github
github
Incomplete fix for Apache Log4j vulnerability
2021-12-14 18:01:28
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
2021-12-14 19:49:31
Remote code injection in Log4j
2021-12-10 00:40:56
osv
osv
Remote code injection in Log4j
2021-12-10 00:40:56
apache-log4j2 vulnerability
2021-12-15 19:02:14
arista
arista
Security Advisory 0070
2022-05-20 00:00:00
kitploit
kitploit
freebsd
freebsd
graylog -- remote code execution in log4j from user-controlled log input
2021-11-14 00:00:00
impervablog
impervablog
Log4Shell log4j Remote Code Execution – The COVID of the Internet
2022-01-06 16:41:56
mageia
mageia
Updated log4j packages fix security vulnerability
2021-12-19 15:26:08
mmpc
mmpc
huawei
huawei
cisa_kev
cisa_kev
Apache Log4j2 Deserialization of Untrusted Data Vulnerability
2023-05-01 00:00:00
f5
f5
K32171392 : Apache Log4j2 vulnerability CVE-2021-45046
2021-12-16 00:00:00