JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
JMSAppender en Log4j versión 1.2 es vulnerable a una deserialización de datos no confiables cuando el atacante presenta acceso de escritura a la configuración de Log4j. El atacante puede proporcionar configuraciones TopicBindingName y TopicConnectionFactoryBindingName haciendo que JMSAppender realice peticiones JNDI que resulten en la ejecución de código remota de forma similar a CVE-2021-44228. Tenga en cuenta que este problema sólo afecta a Log4j versión 1.2 cuando es configurado específicamente para usar JMSAppender, que no es el predeterminado. Apache Log4j versión 1.2 llegó al final de su vida útil en agosto de 2015. Los usuarios deberían actualizar a Log4j 2 ya que aborda otros numerosos problemas de las versiones anteriores
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:N/AC:M/Au:S/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | MEDIUM |
| Authentication | SINGLE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-502
|
| [email protected] | Primary |
en
CWE-502
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| apache | log4j | 1.2 | <built-in method update of dict object at 0x72a9b047a900> | Application |
| fedoraproject | fedora | 35 | <built-in method update of dict object at 0x72a9cd0909c0> | Operating System |
| redhat | codeready_studio | 12.0 | <built-in method update of dict object at 0x72a9ccf01980> | Application |
| redhat | integration_camel_k | - | <built-in method update of dict object at 0x72a963c691c0> | Application |
| redhat | integration_camel_quarkus | - | <built-in method update of dict object at 0x72a9b04791c0> | Application |
| redhat | jboss_a-mq | 6.0.0 | <built-in method update of dict object at 0x72a9994ab2c0> | Application |
| redhat | jboss_a-mq | 7 | <built-in method update of dict object at 0x72a99be55500> | Application |
| redhat | jboss_a-mq_streaming | - | <built-in method update of dict object at 0x72a99be572c0> | Application |
| redhat | jboss_data_grid | 7.0.0 | <built-in method update of dict object at 0x72a9b047bcc0> | Application |
| redhat | jboss_data_virtualization | 6.0.0 | <built-in method update of dict object at 0x72a9b0479000> | Application |
| redhat | jboss_enterprise_application_platform | 6.0.0 | <built-in method update of dict object at 0x72a961ec0200> | Application |
| redhat | jboss_enterprise_application_platform | 7.0 | <built-in method update of dict object at 0x72a9ccf01bc0> | Application |
| redhat | jboss_fuse | 6.0.0 | <built-in method update of dict object at 0x72a9b047b140> | Application |
| redhat | jboss_fuse | 7.0.0 | <built-in method update of dict object at 0x72a9cdc92e40> | Application |
| redhat | jboss_fuse_service_works | 6.0 | <built-in method update of dict object at 0x72a9994ab8c0> | Application |
| redhat | jboss_operations_network | 3.0 | <built-in method update of dict object at 0x72a9b0478b00> | Application |
| redhat | jboss_web_server | 3.0 | <built-in method update of dict object at 0x72a9994ab5c0> | Application |
| redhat | openshift_application_runtimes | - | <built-in method update of dict object at 0x72a9cdc93580> | Application |
| redhat | openshift_container_platform | 4.6 | <built-in method update of dict object at 0x72a963c6b200> | Application |
| redhat | openshift_container_platform | 4.7 | <built-in method update of dict object at 0x72a99be56380> | Application |
| redhat | openshift_container_platform | 4.8 | <built-in method update of dict object at 0x72a961ec0380> | Application |
| redhat | process_automation | 7.0 | <built-in method update of dict object at 0x72a9cd091200> | Application |
| redhat | single_sign-on | 7.0 | <built-in method update of dict object at 0x72a9cd0910c0> | Application |
| redhat | software_collections | - | <built-in method update of dict object at 0x72a9cc582ac0> | Application |
| redhat | enterprise_linux | 6.0 | <built-in method update of dict object at 0x72a961ec1480> | Operating System |
| redhat | enterprise_linux | 7.0 | <built-in method update of dict object at 0x72a963c68e40> | Operating System |
| redhat | enterprise_linux | 8.0 | <built-in method update of dict object at 0x72a9994a8280> | Operating System |
| oracle | advanced_supply_chain_planning | 12.1 | <built-in method update of dict object at 0x72a9994a9880> | Application |
| oracle | advanced_supply_chain_planning | 12.2 | <built-in method update of dict object at 0x72a9994a8cc0> | Application |
| oracle | business_intelligence | 5.9.0.0.0 | <built-in method update of dict object at 0x72a99be56f00> | Application |
| oracle | business_intelligence | 12.2.1.3.0 | <built-in method update of dict object at 0x72a9cd090840> | Application |
| oracle | business_intelligence | 12.2.1.4.0 | <built-in method update of dict object at 0x72a9cc721ec0> | Application |
| oracle | business_process_management_suite | 12.2.1.3.0 | <built-in method update of dict object at 0x72a9cd090640> | Application |
| oracle | business_process_management_suite | 12.2.1.4.0 | <built-in method update of dict object at 0x72a9e417db00> | Application |
| oracle | communications_eagle_ftp_table_base_retrieval | 4.5 | <built-in method update of dict object at 0x72a9cd091100> | Application |
| oracle | communications_messaging_server | 8.1 | <built-in method update of dict object at 0x72a9994aa480> | Application |
| oracle | communications_network_integrity | 7.3.6 | <built-in method update of dict object at 0x72a99be561c0> | Application |
| oracle | communications_offline_mediation_controller | * | <built-in method update of dict object at 0x72a9cd090800> | Application |
| oracle | communications_offline_mediation_controller | 12.0.0.5.0 | <built-in method update of dict object at 0x72a9cdc92780> | Application |
| oracle | communications_unified_inventory_management | 7.3.4 | <built-in method update of dict object at 0x72a9cd092980> | Application |
| oracle | communications_unified_inventory_management | 7.3.5 | <built-in method update of dict object at 0x72a9994a9040> | Application |
| oracle | communications_unified_inventory_management | 7.4.1 | <built-in method update of dict object at 0x72a9994a91c0> | Application |
| oracle | communications_unified_inventory_management | 7.4.2 | <built-in method update of dict object at 0x72a9cd090780> | Application |
| oracle | e-business_suite_cloud_manager_and_cloud_backup_module | 2.2.1.1.1 | <built-in method update of dict object at 0x72a9b0a6f080> | Application |
| oracle | enterprise_manager_base_platform | 13.4.0.0 | <built-in method update of dict object at 0x72a9cd0926c0> | Application |
| oracle | enterprise_manager_base_platform | 13.5.0.0 | <built-in method update of dict object at 0x72a9b0a6c1c0> | Application |
| oracle | financial_services_revenue_management_and_billing_analytics | 2.7.0.0 | <built-in method update of dict object at 0x72a963c69bc0> | Application |
| oracle | financial_services_revenue_management_and_billing_analytics | 2.7.0.1 | <built-in method update of dict object at 0x72a963c69e00> | Application |
| oracle | financial_services_revenue_management_and_billing_analytics | 2.8.0.0 | <built-in method update of dict object at 0x72a9cd092b40> | Application |
| oracle | fusion_middleware_common_libraries_and_tools | 12.2.1.4.0 | <built-in method update of dict object at 0x72a9cd0934c0> | Application |
| oracle | goldengate | - | <built-in method update of dict object at 0x72a9b0a6f180> | Application |
| oracle | healthcare_data_repository | 8.1.0 | <built-in method update of dict object at 0x72a9cce9f600> | Application |
| oracle | hyperion_data_relationship_management | * | <built-in method update of dict object at 0x72a9cce9d700> | Application |
| oracle | hyperion_infrastructure_technology | * | <built-in method update of dict object at 0x72a9cce9e1c0> | Application |
| oracle | identity_management_suite | 12.2.1.3.0 | <built-in method update of dict object at 0x72a961eca940> | Application |
| oracle | identity_management_suite | 12.2.1.4.0 | <built-in method update of dict object at 0x72a9cd09d480> | Application |
| oracle | jdeveloper | 12.2.1.3.0 | <built-in method update of dict object at 0x72a9cc70ef80> | Application |
| oracle | mysql_enterprise_monitor | * | <built-in method update of dict object at 0x72a9b0df4380> | Application |
| oracle | retail_allocation | 14.1.3.2 | <built-in method update of dict object at 0x72a9cc76d400> | Application |
| oracle | retail_allocation | 15.0.3.1 | <built-in method update of dict object at 0x72a9e5292a00> | Application |
| oracle | retail_allocation | 16.0.3 | <built-in method update of dict object at 0x72a961ec8640> | Application |
| oracle | retail_allocation | 19.0.1 | <built-in method update of dict object at 0x72a961eca700> | Application |
| oracle | retail_extract_transform_and_load | 13.2.5 | <built-in method update of dict object at 0x72a961ec9200> | Application |
| oracle | stream_analytics | - | <built-in method update of dict object at 0x72a961ec9c00> | Application |
| oracle | timesten_grid | - | <built-in method update of dict object at 0x72a961ec8740> | Application |
| oracle | tuxedo | 12.2.2.0.0 | <built-in method update of dict object at 0x72a961ecbc40> | Application |
| oracle | utilities_testing_accelerator | 6.0.0.1.1 | <built-in method update of dict object at 0x72a961ecaf40> | Application |
| oracle | utilities_testing_accelerator | 6.0.0.2.2 | <built-in method update of dict object at 0x72a961ec8600> | Application |
| oracle | utilities_testing_accelerator | 6.0.0.3.1 | <built-in method update of dict object at 0x72a9b0c66380> | Application |
| oracle | weblogic_server | 12.2.1.3.0 | <built-in method update of dict object at 0x72a9a3a75880> | Application |
| oracle | weblogic_server | 12.2.1.4.0 | <built-in method update of dict object at 0x72a949bef1c0> | Application |
| oracle | weblogic_server | 14.1.1.0.0 | <built-in method update of dict object at 0x72a949bef400> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:apache:log4j:1.2:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_a-mq_streaming:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:* |
| Yes | cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:* |
| Yes | cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:* |
| Yes | cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:goldengate:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:stream_analytics:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:timesten_grid:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* |