CVE-2021-4125

CVSS v3.1 8.1 (High)

EPSS 0.74 % (81^th)

Affected Products 1

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.

Weaknesses

CWE-20: Improper Input Validation
CWE-502: Deserialization of Untrusted Data

Related CVEs

CVE-2021-44228
CVE-2021-45046

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2022-08-24 16:15:09
(2 years ago)
Updated Date: 2023-11-07 03:40:13
(10 months ago)

Affected Products

Redhat

Openshift

Configuration #1

	CPE23	From	Up To
Redhat Openshift from 4.6.0 version and prior 4.6.52 version	cpe:2.3:a:redhat:openshift	>= 4.6.0	< 4.6.52
Redhat Openshift from 4.7.0 version and prior 4.7.40 version	cpe:2.3:a:redhat:openshift	>= 4.7.0	< 4.7.40
Redhat Openshift from 4.8.0 version and prior 4.8.24 version	cpe:2.3:a:redhat:openshift	>= 4.8.0	< 4.8.24