CVE-2021-4125

EPSS 1.14%
Published 24.08.2022 16:15:09
Last modified 21.11.2024 06:36:57
Source secalert@redhat.com
Teams watchlist Login
Open Login

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.

Affected products Warnungen 0 Metrics 2 CWE 2 References 10

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Openshift Version >= 4.6.0 < 4.6.52

Redhat ≫ Openshift Version >= 4.7.0 < 4.7.40

Redhat ≫ Openshift Version >= 4.8.0 < 4.8.24

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.14%	0.776

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://access.redhat.com/security/cve/CVE-2021-4125

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2021-44228

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2021-45046

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2033121

Patch

Third Party Advisory

Issue Tracking