{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T22:09:44.590","vulnerabilities":[{"cve":{"id":"CVE-2021-4104","sourceIdentifier":"security@apache.org","published":"2021-12-14T12:15:12.200","lastModified":"2024-11-21T06:36:54.560","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."},{"lang":"es","value":"JMSAppender en Log4j versión 1.2 es vulnerable a una deserialización de datos no confiables cuando el atacante presenta acceso de escritura a la configuración de Log4j. El atacante puede proporcionar configuraciones TopicBindingName y TopicConnectionFactoryBindingName haciendo que JMSAppender realice peticiones JNDI que resulten en la ejecución de código remota de forma similar a CVE-2021-44228. Tenga en cuenta que este problema sólo afecta a Log4j versión 1.2 cuando es configurado específicamente para usar JMSAppender, que no es el predeterminado. Apache Log4j versión 1.2 llegó al final de su vida útil en agosto de 2015. Los usuarios deberían actualizar a Log4j 2 ya que aborda otros numerosos problemas de las versiones anteriores"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:log4j:1.2:*:*:*:*:*:*:*","matchCriteriaId":"2954BDA9-F03D-44AC-A9EA-3E89036EEFA8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*","matchCriteriaId":"1BAF877F-B8D5-4313-AC5C-26BB82006B30"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*","matchCriteriaId":"B87C8AD3-8878-4546-86C2-BF411876648C"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*","matchCriteriaId":"F039C746-2001-4EE5-835F-49607A94F12B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"33C4404A-CFB7-4B47-9487-F998825C31CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*","matchCriteriaId":"A58966CB-36AF-4E64-AB39-BE3A0753E155"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_a-mq_streaming:-:*:*:*:*:*:*:*","matchCriteriaId":"8C7257E5-B4A7-4299-8FE1-A94121E47528"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CD354E32-A8B0-484C-B4C6-9FBCD3430D2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5CDDAFDB-E67A-4795-B2C4-C2D31734ABC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*","matchCriteriaId":"88BF3B2C-B121-483A-AEF2-8082F6DA5310"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"A305F012-544E-4245-9D69-1C8CD37748B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B40CCE4F-EA2C-453D-BB76-6388767E5C6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*","matchCriteriaId":"3B78438D-1321-4BF4-AEB1-DAF60D589530"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*","matchCriteriaId":"C077D692-150C-4AE9-8C0B-7A3EA5EB1100"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*","matchCriteriaId":"54EB07A0-FB38-4F17-9C8D-DB629967F07B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*","matchCriteriaId":"A33441B3-B301-426C-A976-08CE5FE72EFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*","matchCriteriaId":"6B62E762-2878-455A-93C9-A5DB430D7BB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*","matchCriteriaId":"14CF53D2-B585-4EA5-8F18-21BC9ECBB4B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*","matchCriteriaId":"91B493F0-5542-49F7-AAAE-E6CA6E468D7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"20A6B40D-F991-4712-8E30-5FE008505CB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*","matchCriteriaId":"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*","matchCriteriaId":"749804DA-4B27-492A-9ABA-6BB562A6B3AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*","matchCriteriaId":"A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*","matchCriteriaId":"0331158C-BBE0-42DB-8180-EB1FCD290567"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"B602F9E8-1580-436C-A26D-6E6F8121A583"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"77C3DD16-1D81-40E1-B312-50FBD275507C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"81DAC8C0-D342-44B5-9432-6B88D389584F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"E869C417-C0E6-4FC3-B406-45598A1D1906"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*","matchCriteriaId":"C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*","matchCriteriaId":"E1214FDF-357A-4BB9-BADE-50FB2BD16D10"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*","matchCriteriaId":"B21E6EEF-2AB7-4E96-B092-1F49D11B4175"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*","versionEndExcluding":"12.0.0.4.0","matchCriteriaId":"28CDCE04-B074-4D7A-B6E4-48193458C9A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*","matchCriteriaId":"5933FEA2-B79E-4EE7-B821-54D676B45734"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*","matchCriteriaId":"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*","matchCriteriaId":"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*","matchCriteriaId":"A7637F8B-15F1-42E2-BE18-E1FF7C66587D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*","matchCriteriaId":"E43D793A-7756-4D58-A8ED-72DC4EC9CEA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6ED0EE39-C080-4E75-AE0F-3859B57EF851"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6E8758C8-87D3-450A-878B-86CE8C9FC140"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"054B56E0-F11B-4939-B7E1-E722C67A041A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"250A493C-E052-4978-ABBE-786DC8038448"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2E2B771B-230A-4811-94D7-065C2722E428"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"F17531CB-DE8A-4ACD-93A0-6A5A8481D51B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:goldengate:-:*:*:*:*:*:*:*","matchCriteriaId":"507E7AEE-C2FC-4EED-B0F7-5E41642C0BF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*","matchCriteriaId":"66C673C4-A825-46C0-816B-103E1C058D03"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*","versionEndExcluding":"11.2.8.0","matchCriteriaId":"E8E7FBA9-0FFF-4C86-B151-28C17A142E0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*","versionEndExcluding":"11.2.8.0","matchCriteriaId":"55BBCD48-BCC6-4E19-A4CE-970E524B9FF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"1489DDA7-EDBE-404C-B48D-F0B52B741708"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"535BC19C-21A1-48E3-8CC0-B276BA5D494E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"228DA523-4D6D-48C5-BDB0-DB1A60F23F8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.29","matchCriteriaId":"B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"51E83F05-B691-4450-BCA9-32209AEC4F6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*","matchCriteriaId":"288235F9-2F9E-469A-BE14-9089D0782875"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*","matchCriteriaId":"6672F9C1-DA04-47F1-B699-C171511ACE38"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*","matchCriteriaId":"11E57939-A543-44F7-942A-88690E39EABA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*","matchCriteriaId":"30501D23-5044-477A-8DC3-7610126AEFD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:stream_analytics:-:*:*:*:*:*:*:*","matchCriteriaId":"0B45A731-11D1-433B-B202-9C8D67C609F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:timesten_grid:-:*:*:*:*:*:*:*","matchCriteriaId":"900D9DBF-8071-4CE5-A67A-9E0C00D04B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB7D0A30-3986-49AB-B7F3-DAE0024504BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"A3ED272C-A545-4F8C-86C0-2736B3F2DCAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*","matchCriteriaId":"C5B4C338-11E1-4235-9D5A-960B2711AC39"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*","matchCriteriaId":"8C93F84E-9680-44EF-8656-D27440B51698"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"F14A818F-AA16-4438-A3E4-E64C9287AC66"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"04BCDC24-4A21-473C-8733-0D9CFB38A752"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2022/01/18/3","source":"security@apache.org"},{"url":"https://access.redhat.com/security/cve/CVE-2021-4104","source":"security@apache.org"},{"url":"https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126","source":"security@apache.org"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033","source":"security@apache.org"},{"url":"https://security.gentoo.org/glsa/202209-02","source":"security@apache.org"},{"url":"https://security.gentoo.org/glsa/202310-16","source":"security@apache.org"},{"url":"https://security.gentoo.org/glsa/202312-02","source":"security@apache.org"},{"url":"https://security.gentoo.org/glsa/202312-04","source":"security@apache.org"},{"url":"https://security.netapp.com/advisory/ntap-20211223-0007/","source":"security@apache.org"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-44228","source":"security@apache.org"},{"url":"https://www.kb.cert.org/vuls/id/930724","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2022/01/18/3","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2021-4104","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202209-02","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202310-16","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202312-02","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202312-04","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20211223-0007/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-44228","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/930724","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}