CVE-2021-4125

moderate-risk
Published 2022-08-24

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.

Do I need to act?

~
2.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Redhat

References (14)

Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-4125
Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-44228
Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-45046
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2033121
Third Party Advisory https://github.com/kube-reporting/hive/pull/71
Third Party Advisory https://github.com/kube-reporting/hive/pull/72
Third Party Advisory https://github.com/kube-reporting/hive/pull/73
Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-4125
Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-44228
Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-45046
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2033121
Third Party Advisory https://github.com/kube-reporting/hive/pull/71
Third Party Advisory https://github.com/kube-reporting/hive/pull/72
Third Party Advisory https://github.com/kube-reporting/hive/pull/73
34
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 5/34 · Minimal
Exposure 5/34 · Minimal