VYPR

rpm package

suse/log4j12&distro=SUSE Linux Enterprise Module for Basesystem 15 SP2

pkg:rpm/suse/log4j12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2

Vulnerabilities (1)

  • CVE-2021-4104HigDec 14, 2021
    affected < 1.2.17-4.3.1fixed 1.2.17-4.3.1

    JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests t