CVE-2021-4104 vulnerability in Apache and Other Products
Published on December 14, 2021




Vulnerability Analysis
CVE-2021-4104 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2021-4104 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2021-4104
You can be notified by stack.watch whenever vulnerabilities like CVE-2021-4104 are published in these products:
What versions are vulnerable to CVE-2021-4104?
-
Apache Log4j Version 1.2
-
Fedora Project Fedora Version 35
-
Red Hat Jboss Operations Network Version 3.0
-
Red Hat Jboss A Mq Version 6.0.0
-
Red Hat Enterprise Linux (RHEL) Version 7.0
-
Red Hat Enterprise Linux (RHEL) Version 6.0
-
Red Hat Jboss Enterprise Application Platform Version 6.0.0
-
Red Hat Jboss Enterprise Application Platform Version 7.0
-
Red Hat Jboss Fuse Version 6.0.0
-
Red Hat Jboss Fuse Service Works Version 6.0
-
Red Hat Jboss Web Server Version 3.0
-
Red Hat Jboss Data Virtualization Version 6.0.0
-
Red Hat Enterprise Linux (RHEL) Version 8.0
-
Red Hat Single Sign On Version 7.0
-
Red Hat Software Collections Version -
-
Red Hat Jboss Fuse Version 7.0.0
-
Red Hat Process Automation Version 7.0
-
Red Hat Jboss Data Grid Version 7.0.0
-
Red Hat Openshift Application Runtimes Version -
-
Red Hat Codeready Studio Version 12.0
-
Red Hat Integration Camel K Version -
-
Red Hat Openshift Container Platform Version 4.6
-
Red Hat Jboss A Mq Version 7
-
Red Hat Openshift Container Platform Version 4.7
-
Red Hat Integration Camel Quarkus Version -
-
Red Hat Jboss A Mq Streaming Version -
-
Red Hat Openshift Container Platform Version 4.8
-
Oracle Weblogic Server Version 12.2.1.3.0
-
Oracle Business Intelligence Version 12.2.1.3.0
-
Oracle Business Process Management Suite Version 12.2.1.3.0
-
Oracle Jdeveloper Version 12.2.1.3.0
-
Oracle Identity Management Suite Version 12.2.1.3.0
-
Oracle Business Intelligence Version 12.2.1.4.0
-
Oracle Communications Unified Inventory Management Version 7.3.4
-
Oracle Communications Unified Inventory Management Version 7.3.5
-
Oracle Weblogic Server Version 12.2.1.4.0
-
Oracle Weblogic Server Version 14.1.1.0.0
-
Oracle Enterprise Manager Base Platform Version 13.4.0.0
-
Oracle Communications Network Integrity Version 7.3.6
-
Oracle Business Process Management Suite Version 12.2.1.4.0
-
Oracle Advanced Supply Chain Planning Version 12.2
-
Oracle Advanced Supply Chain Planning Version 12.1
-
Oracle Communications Unified Inventory Management Version 7.4.1
-
Oracle Enterprise Manager Base Platform Version 13.5.0.0
-
Oracle Healthcare Data Repository Version 8.1.0
-
Oracle Communications Messaging Server Version 8.1
-
Oracle Business Intelligence Version 5.9.0.0.0
-
Oracle Communications Eagle Ftp Table Base Retrieval Version 4.5
-
Oracle Retail Extract Transform Load Version 13.2.5
-
Oracle Utilities Testing Accelerator Version 6.0.0.2.2
-
Oracle Utilities Testing Accelerator Version 6.0.0.3.1
-
Oracle Utilities Testing Accelerator Version 6.0.0.1.1
-
Oracle Retail Allocation Version 14.1.3.2
-
Oracle Retail Allocation Version 15.0.3.1
-
Oracle Retail Allocation Version 16.0.3
-
Oracle Retail Allocation Version 19.0.1
-
Oracle Communications Unified Inventory Management Version 7.4.2
-
Oracle Identity Management Suite Version 12.2.1.4.0
-
Oracle Financial Services Revenue Management Billing Analytics Version 2.7.0.0
-
Oracle Hyperion Data Relationship Management Fixed in Version 11.2.8.0
-
Oracle Financial Services Revenue Management Billing Analytics Version 2.8.0.0
-
Oracle Mysql Enterprise Monitor Up to Version 8.0.29
-
Oracle Hyperion Infrastructure Technology Fixed in Version 11.2.8.0
-
Oracle Tuxedo Version 12.2.2.0.0
-
Oracle E Business Suite Cloud Manager Cloud Backup Module Version 2.2.1.1.1
-
Oracle Financial Services Revenue Management Billing Analytics Version 2.7.0.1
-
Oracle Fusion Middleware Common Libraries Tools Version 12.2.1.4.0
-
Oracle Communications Offline Mediation Controller Version 12.0.0.5.0
-
Oracle Timesten Grid Version -
-
Oracle Communications Offline Mediation Controller Fixed in Version 12.0.0.4.0
-
Oracle Stream Analytics Version -
-
Oracle Goldengate Version -
Vulnerable Packages
The following package name and versions may be associated with CVE-2021-4104
Package Manager | Vulnerable Package | Versions | Fixed In |
---|---|---|---|
maven | ru.yandex.clickhouse:clickhouse-jdbc-bridge | < 2.0.7 | 2.0.7 |