CVE-2021-4104

Published: Dic 14, 2021 Last Modified: Nov 21, 2024
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM 6,0
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,7220
Percentile
1,0th
Updated

EPSS Score Trend (Last 90 Days)

502

Deserialization of Untrusted Data

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Other
Potential Impacts:
Modify Application Data Unexpected State Dos: Resource Consumption (Cpu) Varies By Context
Applicable Platforms
Languages: Java, JavaScript, PHP, Python, Ruby
Technologies: AI/ML, ICS/OT, Not Technology-Specific
Likelihood of Exploit: Medium
View CWE Details
Application

Advanced Supply Chain Planning by Oracle

Product Information
Vendor Oracle
Product Advanced Supply Chain Planning
Version 12.2
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Weblogic Server by Oracle

Product Information
Vendor Oracle
Product Weblogic Server
Version 14.1.1.0.0
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Financial Services Revenue Management And Billing Analytics by Oracle

Product Information
Vendor Oracle
Product Financial Services Revenue Management And Billing Analytics
Version 2.7.0.0
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Stream Analytics by Oracle

Product Information
Vendor Oracle
Product Stream Analytics
Version -
cpe:2.3:a:oracle:stream_analytics:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Unified Inventory Management by Oracle

Product Information
Vendor Oracle
Product Communications Unified Inventory Management
Version 7.3.4
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Allocation by Oracle

Product Information
Vendor Oracle
Product Retail Allocation
Version 19.0.1
cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Identity Management Suite by Oracle

Product Information
Vendor Oracle
Product Identity Management Suite
Version 12.2.1.3.0
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Openshift Container Platform by Redhat

Product Information
Vendor Redhat
Product Openshift Container Platform
Version 4.7
cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Unified Inventory Management by Oracle

Product Information
Vendor Oracle
Product Communications Unified Inventory Management
Version 7.3.5
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Codeready Studio by Redhat

Product Information
Vendor Redhat
Product Codeready Studio
Version 12.0
cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Process Automation by Redhat

Product Information
Vendor Redhat
Product Process Automation
Version 7.0
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jdeveloper by Oracle

Product Information
Vendor Oracle
Product Jdeveloper
Version 12.2.1.3.0
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Financial Services Revenue Management And Billing Analytics by Oracle

Product Information
Vendor Oracle
Product Financial Services Revenue Management And Billing Analytics
Version 2.7.0.1
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Allocation by Oracle

Product Information
Vendor Oracle
Product Retail Allocation
Version 15.0.3.1
cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Offline Mediation Controller by Oracle

Product Information
Vendor Oracle
Product Communications Offline Mediation Controller
Version Range Affected
To 12.0.0.4.0 (exclusive)
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Log4J by Apache

Product Information
Vendor Apache
Product Log4J
Version 1.2
cpe:2.3:a:apache:log4j:1.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Financial Services Revenue Management And Billing Analytics by Oracle

Product Information
Vendor Oracle
Product Financial Services Revenue Management And Billing Analytics
Version 2.8.0.0
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Extract Transform And Load by Oracle

Product Information
Vendor Oracle
Product Retail Extract Transform And Load
Version 13.2.5
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss A-Mq by Redhat

Product Information
Vendor Redhat
Product Jboss A-Mq
Version 6.0.0
cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss Fuse Service Works by Redhat

Product Information
Vendor Redhat
Product Jboss Fuse Service Works
Version 6.0
cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Weblogic Server by Oracle

Product Information
Vendor Oracle
Product Weblogic Server
Version 12.2.1.4.0
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Goldengate by Oracle

Product Information
Vendor Oracle
Product Goldengate
Version -
cpe:2.3:a:oracle:goldengate:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Allocation by Oracle

Product Information
Vendor Oracle
Product Retail Allocation
Version 14.1.3.2
cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Identity Management Suite by Oracle

Product Information
Vendor Oracle
Product Identity Management Suite
Version 12.2.1.4.0
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss Web Server by Redhat

Product Information
Vendor Redhat
Product Jboss Web Server
Version 3.0
cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Hyperion Infrastructure Technology by Oracle

Product Information
Vendor Oracle
Product Hyperion Infrastructure Technology
Version Range Affected
To 11.2.8.0 (exclusive)
cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Offline Mediation Controller by Oracle

Product Information
Vendor Oracle
Product Communications Offline Mediation Controller
Version 12.0.0.5.0
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss Data Virtualization by Redhat

Product Information
Vendor Redhat
Product Jboss Data Virtualization
Version 6.0.0
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Allocation by Oracle

Product Information
Vendor Oracle
Product Retail Allocation
Version 16.0.3
cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Healthcare Data Repository by Oracle

Product Information
Vendor Oracle
Product Healthcare Data Repository
Version 8.1.0
cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Openshift Container Platform by Redhat

Product Information
Vendor Redhat
Product Openshift Container Platform
Version 4.6
cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Manager Base Platform by Oracle

Product Information
Vendor Oracle
Product Enterprise Manager Base Platform
Version 13.5.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

E-Business Suite Cloud Manager And Cloud Backup Module by Oracle

Product Information
Vendor Oracle
Product E-Business Suite Cloud Manager And Cloud Backup Module
Version 2.2.1.1.1
cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Software Collections by Redhat

Product Information
Vendor Redhat
Product Software Collections
Version -
cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Business Intelligence by Oracle

Product Information
Vendor Oracle
Product Business Intelligence
Version 12.2.1.3.0
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Business Intelligence by Oracle

Product Information
Vendor Oracle
Product Business Intelligence
Version 12.2.1.4.0
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss Enterprise Application Platform by Redhat

Product Information
Vendor Redhat
Product Jboss Enterprise Application Platform
Version 7.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss A-Mq Streaming by Redhat

Product Information
Vendor Redhat
Product Jboss A-Mq Streaming
Version -
cpe:2.3:a:redhat:jboss_a-mq_streaming:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Utilities Testing Accelerator by Oracle

Product Information
Vendor Oracle
Product Utilities Testing Accelerator
Version 6.0.0.3.1
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Timesten Grid by Oracle

Product Information
Vendor Oracle
Product Timesten Grid
Version -
cpe:2.3:a:oracle:timesten_grid:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Openshift Container Platform by Redhat

Product Information
Vendor Redhat
Product Openshift Container Platform
Version 4.8
cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Single Sign-On by Redhat

Product Information
Vendor Redhat
Product Single Sign-On
Version 7.0
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss Fuse by Redhat

Product Information
Vendor Redhat
Product Jboss Fuse
Version 6.0.0
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Openshift Application Runtimes by Redhat

Product Information
Vendor Redhat
Product Openshift Application Runtimes
Version -
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Utilities Testing Accelerator by Oracle

Product Information
Vendor Oracle
Product Utilities Testing Accelerator
Version 6.0.0.1.1
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss A-Mq by Redhat

Product Information
Vendor Redhat
Product Jboss A-Mq
Version 7
cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Advanced Supply Chain Planning by Oracle

Product Information
Vendor Oracle
Product Advanced Supply Chain Planning
Version 12.1
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Unified Inventory Management by Oracle

Product Information
Vendor Oracle
Product Communications Unified Inventory Management
Version 7.4.1
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Mysql Enterprise Monitor by Oracle

Product Information
Vendor Oracle
Product Mysql Enterprise Monitor
Version Range Affected
To 8.0.29 (inclusive)
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss Enterprise Application Platform by Redhat

Product Information
Vendor Redhat
Product Jboss Enterprise Application Platform
Version 6.0.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Network Integrity by Oracle

Product Information
Vendor Oracle
Product Communications Network Integrity
Version 7.3.6
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss Fuse by Redhat

Product Information
Vendor Redhat
Product Jboss Fuse
Version 7.0.0
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Business Intelligence by Oracle

Product Information
Vendor Oracle
Product Business Intelligence
Version 5.9.0.0.0
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Integration Camel K by Redhat

Product Information
Vendor Redhat
Product Integration Camel K
Version -
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss Operations Network by Redhat

Product Information
Vendor Redhat
Product Jboss Operations Network
Version 3.0
cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Utilities Testing Accelerator by Oracle

Product Information
Vendor Oracle
Product Utilities Testing Accelerator
Version 6.0.0.2.2
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Eagle Ftp Table Base Retrieval by Oracle

Product Information
Vendor Oracle
Product Communications Eagle Ftp Table Base Retrieval
Version 4.5
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss Data Grid by Redhat

Product Information
Vendor Redhat
Product Jboss Data Grid
Version 7.0.0
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Manager Base Platform by Oracle

Product Information
Vendor Oracle
Product Enterprise Manager Base Platform
Version 13.4.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Business Process Management Suite by Oracle

Product Information
Vendor Oracle
Product Business Process Management Suite
Version 12.2.1.4.0
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Messaging Server by Oracle

Product Information
Vendor Oracle
Product Communications Messaging Server
Version 8.1
cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Unified Inventory Management by Oracle

Product Information
Vendor Oracle
Product Communications Unified Inventory Management
Version 7.4.2
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Business Process Management Suite by Oracle

Product Information
Vendor Oracle
Product Business Process Management Suite
Version 12.2.1.3.0
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Hyperion Data Relationship Management by Oracle

Product Information
Vendor Oracle
Product Hyperion Data Relationship Management
Version Range Affected
To 11.2.8.0 (exclusive)
cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tuxedo by Oracle

Product Information
Vendor Oracle
Product Tuxedo
Version 12.2.2.0.0
cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Integration Camel Quarkus by Redhat

Product Information
Vendor Redhat
Product Integration Camel Quarkus
Version -
cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Weblogic Server by Oracle

Product Information
Vendor Oracle
Product Weblogic Server
Version 12.2.1.3.0
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion Middleware Common Libraries And Tools by Oracle

Product Information
Vendor Oracle
Product Fusion Middleware Common Libraries And Tools
Version 12.2.1.4.0
cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://access.redhat.com/security/cve/CVE-2021-4104
https://access.redhat.com/security/cve/CVE-2021-4104
https://github.com/apache/logging-log4j2/pull/608#issuecomm…
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-…
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
https://security.gentoo.org/glsa/202209-02
https://security.gentoo.org/glsa/202209-02
https://security.gentoo.org/glsa/202310-16
https://security.gentoo.org/glsa/202310-16
https://security.gentoo.org/glsa/202312-02
https://security.gentoo.org/glsa/202312-02
https://security.gentoo.org/glsa/202312-04
https://security.gentoo.org/glsa/202312-04
https://security.netapp.com/advisory/ntap-20211223-0007/
https://security.netapp.com/advisory/ntap-20211223-0007/
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://www.kb.cert.org/vuls/id/930724
https://www.kb.cert.org/vuls/id/930724
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
http://www.openwall.com/lists/oss-security/2022/01/18/3
http://www.openwall.com/lists/oss-security/2022/01/18/3
https://access.redhat.com/security/cve/CVE-2021-4104
https://access.redhat.com/security/cve/CVE-2021-4104
https://github.com/apache/logging-log4j2/pull/608#issuecomm…
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-…
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
https://security.gentoo.org/glsa/202209-02
https://security.gentoo.org/glsa/202209-02
https://security.gentoo.org/glsa/202310-16
https://security.gentoo.org/glsa/202310-16
https://security.gentoo.org/glsa/202312-02
https://security.gentoo.org/glsa/202312-02
https://security.gentoo.org/glsa/202312-04
https://security.gentoo.org/glsa/202312-04
https://security.netapp.com/advisory/ntap-20211223-0007/
https://security.netapp.com/advisory/ntap-20211223-0007/
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://www.kb.cert.org/vuls/id/930724
https://www.kb.cert.org/vuls/id/930724
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
http://www.openwall.com/lists/oss-security/2022/01/18/3
http://www.openwall.com/lists/oss-security/2022/01/18/3