Количество 19
Количество 19
GHSA-fp5r-v3w9-4333
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...
openSUSE-SU-2021:4112-1
Security update for log4j12
openSUSE-SU-2021:4111-1
Security update for log4j
openSUSE-SU-2021:1631-1
Security update for kafka
openSUSE-SU-2021:1612-1
Security update for log4j12
SUSE-SU-2021:4115-1
Security update for log4j
SUSE-SU-2021:4112-1
Security update for log4j12
SUSE-SU-2021:4111-1
Security update for log4j
SUSE-SU-2021:14866-1
Security update for log4j
ELSA-2022-9056
ELSA-2022-9056: log4j security update (IMPORTANT)
ELSA-2021-5206
ELSA-2021-5206: log4j security update (MODERATE)
BDU:2022-00031
Уязвимость реализации класса JMSAppender библиотеки журналирования Java-программ Log4j, позволяющая нарушителю выполнить произвольный код
openSUSE-SU-2022:0038-1
Security update for kafka
RLSA-2022:0290
Important: parfait:0.5 security update
ELSA-2022-0290
ELSA-2022-0290: parfait:0.5 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-fp5r-v3w9-4333 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data | CVSS3: 7.5 | 73% Высокий | больше 3 лет назад |
 | CVE-2021-4104 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | CVSS3: 7.5 | 73% Высокий | больше 3 лет назад |
 | CVE-2021-4104 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | CVSS3: 7.5 | 73% Высокий | больше 3 лет назад |
 | CVE-2021-4104 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | CVSS3: 7.5 | 73% Высокий | больше 3 лет назад |
| CVE-2021-4104 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ... | CVSS3: 7.5 | 73% Высокий | больше 3 лет назад |
 | openSUSE-SU-2021:4112-1 Security update for log4j12 | 73% Высокий | больше 3 лет назад | |
| openSUSE-SU-2021:4111-1 Security update for log4j | 73% Высокий | больше 3 лет назад | |
| openSUSE-SU-2021:1631-1 Security update for kafka | 73% Высокий | больше 3 лет назад | |
| openSUSE-SU-2021:1612-1 Security update for log4j12 | 73% Высокий | больше 3 лет назад | |
| SUSE-SU-2021:4115-1 Security update for log4j | 73% Высокий | больше 3 лет назад | |
| SUSE-SU-2021:4112-1 Security update for log4j12 | 73% Высокий | больше 3 лет назад | |
| SUSE-SU-2021:4111-1 Security update for log4j | 73% Высокий | больше 3 лет назад | |
| SUSE-SU-2021:14866-1 Security update for log4j | 73% Высокий | больше 3 лет назад | |
| ELSA-2022-9056 ELSA-2022-9056: log4j security update (IMPORTANT) | больше 3 лет назад | ||
| ELSA-2021-5206 ELSA-2021-5206: log4j security update (MODERATE) | больше 3 лет назад | ||
 | BDU:2022-00031 Уязвимость реализации класса JMSAppender библиотеки журналирования Java-программ Log4j, позволяющая нарушителю выполнить произвольный код | CVSS3: 6.6 | 73% Высокий | больше 3 лет назад |
| openSUSE-SU-2022:0038-1 Security update for kafka | больше 3 лет назад | ||
 | RLSA-2022:0290 Important: parfait:0.5 security update | больше 3 лет назад | ||
| ELSA-2022-0290 ELSA-2022-0290: parfait:0.5 security update (IMPORTANT) | больше 3 лет назад |
Уязвимостей на страницу