CVE-2021-4104

What is CVE-2021-4104

In summary,

A flaw was found in the Java logging library Apache Log4j in version 1.x . This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender. This flaw has been filed for Log4j 1.x, the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228

RedHat Customer Portal

Is Cascade CMS affected by CVE-2021-4104?

CVE-2021-4104 does not impact Cascade Cloud or on-premise distributions of Cascade CMS by default.

If Cascade CMS on-premise logging has been customized in any way, ensure the affected JMSAppender is not being used.

This vulnerability is a less serious variation of the CVE-2021-44228 which is also mitigated in Cascade CMS.