Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):

log4j-core: Remote code execution in Log4j 2.x when logs contain an
attacker-controlled string value (CVE-2021-44228)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

githubexploit 41

securelist 2

nessus 17

redhat 4

ibm 49

vmware 10

fortinet 1

talosblog 1

nuclei 1

openvas 23

checkpoint_advisories 1

amazon 5

thn 3

cve 2

suse 2

veracode 1

prion 1

nvd 1

redhatcve 1

packetstorm 1

threatpost 1

intel 1

metasploit 1

mssecure 1

osv 4

cvelist 1

debiancve 1

ubuntu 1

typo3 1

kitploit 2

mageia 1

mmpc 1

huawei 1

github 2

cisa_kev 1

malwarebytes 1

rapid7blog 1

f5 1

impervablog 1

freebsd 1

ubuntucve 1

debian 1

attackerkb 2

avleonov 1

symantec 1

qualysblog 1

githubexploit

Exploit for Expression Language Injection in Apache Log4J

2021-12-12 22:52:02

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-13 11:34:54

Exploit for Expression Language Injection in Apache Log4J

2021-12-14 23:33:51

securelist

CVE-2021-44228 vulnerability in Apache Log4j library

2021-12-13 14:10:21

Answering Log4Shell-related questions

2021-12-20 15:45:30

nessus

Ubuntu 20.04 LTS : Apache Log4j 2 vulnerability (USN-5197-1)

2021-12-15 00:00:00

FreeBSD : graylog -- remote code execution in log4j from user-controlled log input (650734b2-7665-4170-9a0a-eeced5e10a5e)

2021-12-21 00:00:00

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2021-001)

2022-05-02 00:00:00

redhat

(RHSA-2021:5106) Critical: OpenShift Container Platform 4.6.z security update

2021-12-16 06:06:42

(RHSA-2021:5094) Moderate: OpenShift Container Platform 3.11.z security update

2021-12-14 05:40:01

(RHSA-2021:5141) Critical: OpenShift Container Platform 4.6.52 security update

2021-12-16 07:44:46

ibm

Security Bulletin: Apache Log4j Vulnerability Afffects IBM Secure Proxy (CVE-2021-45046)

2021-12-21 21:33:12

Security Bulletin: Apache Log4j Vulnerability Affects IBM Secure Proxy (CVE-2021-44228)

2021-12-21 04:01:02

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45046)

2022-01-27 12:22:10

vmware

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

fortinet

Apache log4j2 log messages substitution (CVE-2021-44228)

2021-12-12 00:00:00

talosblog

Quarterly Report: Incident Response Trends in Q2 2022

2022-07-26 14:03:00

nuclei

Apache Log4j2 - Remote Code Injection

2021-12-23 15:41:50

openvas

Debian: Security Advisory (DSA-5022-1)

2021-12-17 00:00:00

Apache Log4j 2.0.x Multiple Vulnerabilities (Windows, Log4Shell) - Version Check

2021-12-17 00:00:00

Apache Log4j 2.0.x Multiple Vulnerabilities (UDP, Log4Shell) - Active Check

2021-12-13 00:00:00

checkpoint_advisories

Apache Log4j Remote Code Execution (CVE-2021-44228; CVE-2021-45046)

2021-12-10 00:00:00

amazon

Critical: java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk

2021-12-17 17:39:00

Critical: java-17-amazon-corretto, java-11-amazon-corretto, java-1.8.0-openjdk, java-1.7.0-openjdk

2021-12-17 18:12:00

Critical: aws-kinesis-agent

2021-12-16 00:11:00

thn

Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released

2021-12-15 05:26:00

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

2021-12-16 06:24:00

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

2022-12-09 11:25:00

cve

CVE-2021-45046

2021-12-14 19:15:07

CVE-2021-4125

2022-08-24 16:15:09

suse

Security update for log4j (important)

2021-12-20 00:00:00

Security update for log4j (important)

2021-12-17 00:00:00

veracode

Denial Of Service (DoS)

2021-12-15 00:30:50

prion

Default configuration

2021-12-14 19:15:00

nvd

CVE-2021-45046

2021-12-14 19:15:07

redhatcve

CVE-2021-45046

2022-05-07 14:27:31

packetstorm

Log4Shell HTTP Scanner

2024-09-01 00:00:00

threatpost

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

2021-12-30 16:16:23

intel

Intel® Product Advisory for Apache Log4j2 Vulnerabilities (CVE-2021-44228 & CVE-2021-45046)

2022-01-12 00:00:00

metasploit

Log4Shell HTTP Scanner

2021-12-15 13:45:24

mssecure

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

2022-08-25 16:00:00

osv

Incomplete fix for Apache Log4j vulnerability

2021-12-14 18:01:28

CVE-2021-45046

2021-12-14 19:15:07

apache-log4j2 vulnerability

2021-12-15 19:02:14

cvelist

CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

2021-12-14 16:55:09

debiancve

CVE-2021-45046

2021-12-14 19:15:07

ubuntu

Apache Log4j 2 vulnerability

2021-12-15 00:00:00

typo3

Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

2021-12-16 00:00:00

kitploit

Log4J-Detector - Detects Log4J versions on your file-system within any application that are vulnerable to CVE-2021-44228 and CVE-2021-45046

2021-12-20 04:38:00

log4j-scan - A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

2021-12-20 11:30:00

mageia

Updated log4j packages fix security vulnerability

2021-12-19 15:26:08

mmpc

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

2022-08-25 16:00:00

huawei

Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products

2021-12-15 00:00:00

github

Remote code injection in Log4j

2021-12-10 00:40:56

Incomplete fix for Apache Log4j vulnerability

2021-12-14 18:01:28

cisa_kev

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

2023-05-01 00:00:00

malwarebytes

[Update: CISA issues Log4j vulnerabilities scanner] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend

2021-12-10 18:03:28

rapid7blog

How to Protect Your Applications Against Log4Shell With tCell

2021-12-15 14:58:14

K32171392 : Apache Log4j2 vulnerability CVE-2021-45046

2021-12-16 00:00:00

impervablog

Log4Shell log4j Remote Code Execution – The COVID of the Internet

2022-01-06 16:41:56

freebsd

graylog -- remote code execution in log4j from user-controlled log input

2021-11-14 00:00:00

ubuntucve

CVE-2021-45046

2021-12-14 00:00:00

debian

[SECURITY] [DSA 5022-1] apache-log4j2 security update

2021-12-16 10:29:17

attackerkb

CVE-2021-45046

2021-12-14 00:00:00

CVE-2021-44228 (Log4Shell)

2022-02-08 00:00:00

avleonov

Log4j “Log4Shell” RCE explained (CVE-2021-44228)

2021-12-26 22:07:17

symantec

Symantec Security Advisory for Log4j Vulnerability

2021-12-11 01:06:47

qualysblog

How to Discover Log4Shell Vulnerabilities in Running Containers & Images

2021-12-27 19:39:34

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.973

Percentile

99.9%

JSON

Related for RHSA-2021:5108