VDB

RHSA-2021%3A5140

RHSA-2021%3A5140 PUBLISHED CVSS 9.800000190734863 CRITICAL

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Enterprise Application Platform 7

Timeline

  • Dec 15, 2021 CVE Published
  • Apr 28, 2026 CVE Updated
  • Apr 28, 2026 Distribution Patch
  • Apr 28, 2026 Distribution Patch
  • Apr 28, 2026 Security Advisory
  • Apr 28, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›