VIR Vulnerability Intelligence Relay

CVE-2021-4104

high
Published 2021-12-14 ยท Modified 2022-01-26
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
7.5

Description

RHSA-2022:0290: parfait:0.5 security update (Important)

Predictions

Exploit likelihood
83%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
fedora Fedora Affected 1 release
VersionStatusFixed in
35 Affected โ€”
suse SUSE Affected 1 release
VersionStatusFixed in
โ€” Affected โ€”
redhat Red Hat Mixed 4 releases
VersionStatusFixed in
8.0 Affected โ€”
8 Fixed โ€”
7.0 Affected โ€”
6.0 Affected โ€”
almalinux AlmaLinux Fixed 1 release
VersionStatusFixed in
8 Fixed uom-lib-1.0.1-6.module_el8.5.0+2610+de2b8c0b.noarch.rpm
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 1.2.17-11
sid Fixed 1.2.17-11
forky Fixed 1.2.17-11
bullseye Fixed 1.2.17-10+deb11u1
bookworm Fixed 1.2.17-11
rockylinux Rocky Linux Fixed 1 release
VersionStatusFixed in
8 Fixed โ€”

Package impact
EcosystemPackageVulnerableFixed
java Mavenlog4j:log4j>=1.2.0,<=1.2.17
java Mavenorg.zenframework.z8.dependencies.commons:log4j-1.2.17<=2.0

Application impact
VendorProductVersionsFixed
apache apachelog4j1.2
redhat redhatcodeready_studio12.0
redhat redhatintegration_camel_k-
redhat redhatintegration_camel_quarkus-
redhat redhatjboss_a-mq6.0.0
redhat redhatjboss_a-mq7
redhat redhatjboss_a-mq_streaming-
redhat redhatjboss_data_grid7.0.0
redhat redhatjboss_data_virtualization6.0.0
redhat redhatjboss_enterprise_application_platform6.0.0
redhat redhatjboss_enterprise_application_platform7.0
redhat redhatjboss_fuse6.0.0
redhat redhatjboss_fuse7.0.0
redhat redhatjboss_fuse_service_works6.0
redhat redhatjboss_operations_network3.0
redhat redhatjboss_web_server3.0
redhat redhatopenshift_application_runtimes-
redhat redhatopenshift_container_platform4.6
redhat redhatopenshift_container_platform4.7
redhat redhatopenshift_container_platform4.8
redhat redhatprocess_automation7.0
redhat redhatsingle_sign-on7.0
redhat redhatsoftware_collections-
oracle oracleadvanced_supply_chain_planning12.1
oracle oracleadvanced_supply_chain_planning12.2
oracle oraclebusiness_intelligence5.9.0.0.0
oracle oraclebusiness_intelligence12.2.1.3.0
oracle oraclebusiness_intelligence12.2.1.4.0
oracle oraclebusiness_process_management_suite12.2.1.3.0
oracle oraclebusiness_process_management_suite12.2.1.4.0
oracle oraclecommunications_eagle_ftp_table_base_retrieval4.5
oracle oraclecommunications_messaging_server8.1
oracle oraclecommunications_network_integrity7.3.6
oracle oraclecommunications_offline_mediation_controller{"endExcluding":"12.0.0.4.0"}12.0.0.4.0
oracle oraclecommunications_offline_mediation_controller12.0.0.5.0
oracle oraclecommunications_unified_inventory_management7.3.4
oracle oraclecommunications_unified_inventory_management7.3.5
oracle oraclecommunications_unified_inventory_management7.4.1
oracle oraclecommunications_unified_inventory_management7.4.2
oracle oraclee-business_suite_cloud_manager_and_cloud_backup_module2.2.1.1.1
oracle oracleenterprise_manager_base_platform13.4.0.0
oracle oracleenterprise_manager_base_platform13.5.0.0
oracle oraclefinancial_services_revenue_management_and_billing_analytics2.7.0.0
oracle oraclefinancial_services_revenue_management_and_billing_analytics2.7.0.1
oracle oraclefinancial_services_revenue_management_and_billing_analytics2.8.0.0
oracle oraclefusion_middleware_common_libraries_and_tools12.2.1.4.0
oracle oraclegoldengate-
oracle oraclehealthcare_data_repository8.1.0
oracle oraclehyperion_data_relationship_management{"endExcluding":"11.2.8.0"}11.2.8.0
oracle oraclehyperion_infrastructure_technology{"endExcluding":"11.2.8.0"}11.2.8.0
oracle oracleidentity_management_suite12.2.1.3.0
oracle oracleidentity_management_suite12.2.1.4.0
oracle oraclejdeveloper12.2.1.3.0
oracle oraclemysql_enterprise_monitor{"endIncluding":"8.0.29"}
oracle oracleretail_allocation14.1.3.2
oracle oracleretail_allocation15.0.3.1
oracle oracleretail_allocation16.0.3
oracle oracleretail_allocation19.0.1
oracle oracleretail_extract_transform_and_load13.2.5
oracle oraclestream_analytics-
oracle oracletimesten_grid-
oracle oracletuxedo12.2.2.0.0
oracle oracleutilities_testing_accelerator6.0.0.1.1
oracle oracleutilities_testing_accelerator6.0.0.2.2
oracle oracleutilities_testing_accelerator6.0.0.3.1
oracle oracleweblogic_server12.2.1.3.0
oracle oracleweblogic_server12.2.1.4.0
oracle oracleweblogic_server14.1.1.0.0

References

CWEs

CWE-502

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.