/

CVE-2021-4104 Report - Details, Severity, Advisories and More

CVE-2021-4104 Report - Details, Severity, Advisories and More

Twingate Team

Jan 18, 2024

CVE-2021-4104 is a high-severity vulnerability (7.5 on the CVSS scale) affecting Log4j 1.2 when specifically configured to use JMSAppender. This vulnerability allows attackers to execute remote code by exploiting the deserialization of untrusted data when they have write access to the Log4j configuration.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Log4j 1.2 with JMSAppender, which is not the default configuration. Affected software includes Apache Log4j 1.2, Fedora Project Fedora 35, various Red Hat products like CodeReady Studio, JBoss A-MQ, JBoss Data Grid, and JBoss Enterprise Application Platform, and Oracle products such as Advanced Supply Chain Planning, Business Intelligence, Communications Messaging Server, and WebLogic Server. If you're using any of these configurations, you may be vulnerable to this high-severity issue.

What should I do if I'm affected?

If you're affected by the vulnerability, it's important to take action to protect your system. Upgrade to Log4j 2, which addresses numerous issues from previous versions. If you can't upgrade, remove the usage of JMSAppender from your Log4j configuration or restrict access to the configuration to prevent unauthorized modifications. Stay updated with security advisories and apply necessary patches or updates.

Where can I go to learn more?

For more information on the CVE-2021-4104 vulnerability and related advisories, solutions, and tools, check out the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named JMSAppender in Log4j 1.2 Deserialization of Untrusted Data, was added on December 14, 2021. The required action to mitigate this vulnerability is to upgrade to Log4j 2. No specific due date is mentioned for taking this action.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, involves the deserialization of untrusted data in Log4j 1.2's JMSAppender, allowing attackers to execute remote code. Upgrading to Log4j 2 is recommended for mitigation.

For more details

CVE-2021-4104 is a high-severity vulnerability affecting Log4j 1.2 when configured to use JMSAppender, allowing attackers to execute remote code. Upgrading to Log4j 2 is the recommended mitigation. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2021-4104 Report - Details, Severity, Advisories and More

CVE-2021-4104 Report - Details, Severity, Advisories and More

Twingate Team

Jan 18, 2024

CVE-2021-4104 is a high-severity vulnerability (7.5 on the CVSS scale) affecting Log4j 1.2 when specifically configured to use JMSAppender. This vulnerability allows attackers to execute remote code by exploiting the deserialization of untrusted data when they have write access to the Log4j configuration.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Log4j 1.2 with JMSAppender, which is not the default configuration. Affected software includes Apache Log4j 1.2, Fedora Project Fedora 35, various Red Hat products like CodeReady Studio, JBoss A-MQ, JBoss Data Grid, and JBoss Enterprise Application Platform, and Oracle products such as Advanced Supply Chain Planning, Business Intelligence, Communications Messaging Server, and WebLogic Server. If you're using any of these configurations, you may be vulnerable to this high-severity issue.

What should I do if I'm affected?

If you're affected by the vulnerability, it's important to take action to protect your system. Upgrade to Log4j 2, which addresses numerous issues from previous versions. If you can't upgrade, remove the usage of JMSAppender from your Log4j configuration or restrict access to the configuration to prevent unauthorized modifications. Stay updated with security advisories and apply necessary patches or updates.

Where can I go to learn more?

For more information on the CVE-2021-4104 vulnerability and related advisories, solutions, and tools, check out the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named JMSAppender in Log4j 1.2 Deserialization of Untrusted Data, was added on December 14, 2021. The required action to mitigate this vulnerability is to upgrade to Log4j 2. No specific due date is mentioned for taking this action.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, involves the deserialization of untrusted data in Log4j 1.2's JMSAppender, allowing attackers to execute remote code. Upgrading to Log4j 2 is recommended for mitigation.

For more details

CVE-2021-4104 is a high-severity vulnerability affecting Log4j 1.2 when configured to use JMSAppender, allowing attackers to execute remote code. Upgrading to Log4j 2 is the recommended mitigation. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2021-4104 Report - Details, Severity, Advisories and More

Twingate Team

Jan 18, 2024

CVE-2021-4104 is a high-severity vulnerability (7.5 on the CVSS scale) affecting Log4j 1.2 when specifically configured to use JMSAppender. This vulnerability allows attackers to execute remote code by exploiting the deserialization of untrusted data when they have write access to the Log4j configuration.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Log4j 1.2 with JMSAppender, which is not the default configuration. Affected software includes Apache Log4j 1.2, Fedora Project Fedora 35, various Red Hat products like CodeReady Studio, JBoss A-MQ, JBoss Data Grid, and JBoss Enterprise Application Platform, and Oracle products such as Advanced Supply Chain Planning, Business Intelligence, Communications Messaging Server, and WebLogic Server. If you're using any of these configurations, you may be vulnerable to this high-severity issue.

What should I do if I'm affected?

If you're affected by the vulnerability, it's important to take action to protect your system. Upgrade to Log4j 2, which addresses numerous issues from previous versions. If you can't upgrade, remove the usage of JMSAppender from your Log4j configuration or restrict access to the configuration to prevent unauthorized modifications. Stay updated with security advisories and apply necessary patches or updates.

Where can I go to learn more?

For more information on the CVE-2021-4104 vulnerability and related advisories, solutions, and tools, check out the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named JMSAppender in Log4j 1.2 Deserialization of Untrusted Data, was added on December 14, 2021. The required action to mitigate this vulnerability is to upgrade to Log4j 2. No specific due date is mentioned for taking this action.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-502, involves the deserialization of untrusted data in Log4j 1.2's JMSAppender, allowing attackers to execute remote code. Upgrading to Log4j 2 is recommended for mitigation.

For more details

CVE-2021-4104 is a high-severity vulnerability affecting Log4j 1.2 when configured to use JMSAppender, allowing attackers to execute remote code. Upgrading to Log4j 2 is the recommended mitigation. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.