VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-698m-2hju-2qcv

Essentials
Severities (44)
References (63)
Severity details (35)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-698m-2hju-2qcv
Aliases	CVE-2021-4104 GHSA-fp5r-v3w9-4333
Summary	Deserialization of Untrusted Data JMSAppender in Log4j is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide `TopicBindingName` and `TopicConnectionFactoryBindingName` configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j when specifically configured to use JMSAppender, which is not the default. Apache Log4j reached end of life in August Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-502	Deserialization of Untrusted Data
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4104.json
cvssv3.1	7.5	https://access.redhat.com/security/cve/CVE-2021-4104
generic_textual	HIGH	https://access.redhat.com/security/cve/CVE-2021-4104
epss	0.69284	https://api.first.org/data/v1/epss?cve=CVE-2021-4104
epss	0.69284	https://api.first.org/data/v1/epss?cve=CVE-2021-4104
epss	0.69284	https://api.first.org/data/v1/epss?cve=CVE-2021-4104
epss	0.69284	https://api.first.org/data/v1/epss?cve=CVE-2021-4104
epss	0.69284	https://api.first.org/data/v1/epss?cve=CVE-2021-4104
epss	0.69284	https://api.first.org/data/v1/epss?cve=CVE-2021-4104
epss	0.69284	https://api.first.org/data/v1/epss?cve=CVE-2021-4104
epss	0.69284	https://api.first.org/data/v1/epss?cve=CVE-2021-4104
epss	0.69284	https://api.first.org/data/v1/epss?cve=CVE-2021-4104
cvssv3.1	6.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-fp5r-v3w9-4333
cvssv3.1	7.5	https://github.com/apache/logging-log4j2
generic_textual	HIGH	https://github.com/apache/logging-log4j2
cvssv3.1	7.5	https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
generic_textual	HIGH	https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-4104
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2021-4104
cvssv3.1	7.5	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
generic_textual	HIGH	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
cvssv3.1	7.5	https://security.gentoo.org/glsa/202209-02
generic_textual	HIGH	https://security.gentoo.org/glsa/202209-02
cvssv3.1	7.5	https://security.gentoo.org/glsa/202310-16
generic_textual	HIGH	https://security.gentoo.org/glsa/202310-16
cvssv3.1	7.5	https://security.gentoo.org/glsa/202312-02
generic_textual	HIGH	https://security.gentoo.org/glsa/202312-02
cvssv3.1	7.5	https://security.gentoo.org/glsa/202312-04
generic_textual	HIGH	https://security.gentoo.org/glsa/202312-04
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20211223-0007
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20211223-0007
cvssv3.1	7.5	https://www.cve.org/CVERecord?id=CVE-2021-44228
generic_textual	HIGH	https://www.cve.org/CVERecord?id=CVE-2021-44228
cvssv3.1	7.5	https://www.kb.cert.org/vuls/id/930724
generic_textual	HIGH	https://www.kb.cert.org/vuls/id/930724
cvssv3.1	7.5	https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpuapr2022.html
cvssv3.1	7.5	https://www.oracle.com/security-alerts/cpujan2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpujan2022.html
cvssv3.1	7.5	https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpujul2022.html
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2022/01/18/3
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2022/01/18/3

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4104.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-4104
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/logging-log4j2
		https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
		https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
		https://security.gentoo.org/glsa/202209-02
		https://security.gentoo.org/glsa/202310-16
		https://security.gentoo.org/glsa/202312-04
		https://security.netapp.com/advisory/ntap-20211223-0007
		https://security.netapp.com/advisory/ntap-20211223-0007/
		https://www.cve.org/CVERecord?id=CVE-2021-44228
		https://www.kb.cert.org/vuls/id/930724
		https://www.oracle.com/security-alerts/cpuapr2022.html
		https://www.oracle.com/security-alerts/cpujan2022.html
		https://www.oracle.com/security-alerts/cpujul2022.html
		http://www.openwall.com/lists/oss-security/2022/01/18/3
2031667		https://bugzilla.redhat.com/show_bug.cgi?id=2031667
CVE-2021-4104		https://access.redhat.com/security/cve/CVE-2021-4104
CVE-2021-4104		https://nvd.nist.gov/vuln/detail/CVE-2021-4104
GHSA-fp5r-v3w9-4333		https://github.com/advisories/GHSA-fp5r-v3w9-4333
GLSA-202312-02		https://security.gentoo.org/glsa/202312-02
RHSA-2021:5107		https://access.redhat.com/errata/RHSA-2021:5107
RHSA-2021:5141		https://access.redhat.com/errata/RHSA-2021:5141
RHSA-2021:5148		https://access.redhat.com/errata/RHSA-2021:5148
RHSA-2021:5183		https://access.redhat.com/errata/RHSA-2021:5183
RHSA-2021:5184		https://access.redhat.com/errata/RHSA-2021:5184
RHSA-2021:5186		https://access.redhat.com/errata/RHSA-2021:5186
RHSA-2021:5206		https://access.redhat.com/errata/RHSA-2021:5206
RHSA-2021:5269		https://access.redhat.com/errata/RHSA-2021:5269
RHSA-2022:0289		https://access.redhat.com/errata/RHSA-2022:0289
RHSA-2022:0290		https://access.redhat.com/errata/RHSA-2022:0290
RHSA-2022:0291		https://access.redhat.com/errata/RHSA-2022:0291
RHSA-2022:0294		https://access.redhat.com/errata/RHSA-2022:0294
RHSA-2022:0430		https://access.redhat.com/errata/RHSA-2022:0430
RHSA-2022:0435		https://access.redhat.com/errata/RHSA-2022:0435
RHSA-2022:0436		https://access.redhat.com/errata/RHSA-2022:0436
RHSA-2022:0437		https://access.redhat.com/errata/RHSA-2022:0437
RHSA-2022:0438		https://access.redhat.com/errata/RHSA-2022:0438
RHSA-2022:0444		https://access.redhat.com/errata/RHSA-2022:0444
RHSA-2022:0445		https://access.redhat.com/errata/RHSA-2022:0445
RHSA-2022:0446		https://access.redhat.com/errata/RHSA-2022:0446
RHSA-2022:0447		https://access.redhat.com/errata/RHSA-2022:0447
RHSA-2022:0448		https://access.redhat.com/errata/RHSA-2022:0448
RHSA-2022:0449		https://access.redhat.com/errata/RHSA-2022:0449
RHSA-2022:0450		https://access.redhat.com/errata/RHSA-2022:0450
RHSA-2022:0475		https://access.redhat.com/errata/RHSA-2022:0475
RHSA-2022:0497		https://access.redhat.com/errata/RHSA-2022:0497
RHSA-2022:0507		https://access.redhat.com/errata/RHSA-2022:0507
RHSA-2022:0524		https://access.redhat.com/errata/RHSA-2022:0524
RHSA-2022:0527		https://access.redhat.com/errata/RHSA-2022:0527
RHSA-2022:0553		https://access.redhat.com/errata/RHSA-2022:0553
RHSA-2022:0661		https://access.redhat.com/errata/RHSA-2022:0661
RHSA-2022:1296		https://access.redhat.com/errata/RHSA-2022:1296
RHSA-2022:1297		https://access.redhat.com/errata/RHSA-2022:1297
RHSA-2022:1299		https://access.redhat.com/errata/RHSA-2022:1299
RHSA-2022:5458		https://access.redhat.com/errata/RHSA-2022:5458
RHSA-2022:5459		https://access.redhat.com/errata/RHSA-2022:5459
RHSA-2022:5460		https://access.redhat.com/errata/RHSA-2022:5460
RHSA-2024:5856		https://access.redhat.com/errata/RHSA-2024:5856
USN-5223-1		https://usn.ubuntu.com/5223-1/
USN-USN-5223-2		https://usn.ubuntu.com/USN-5223-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4104.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2021-4104

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/logging-log4j2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4104

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202209-02

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202310-16

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202312-02

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202312-04

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20211223-0007

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.cve.org/CVERecord?id=CVE-2021-44228

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.kb.cert.org/vuls/id/930724

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuapr2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujan2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujul2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2022/01/18/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.98633
EPSS Score	0.69284
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:49:10.305529+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-4104.yml	38.0.0