Threat?: Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104) (156103)

I am using your TestProject and my security team has been reaching me out regarding of the old log4j whether it is a threat or not and asking of any recommendation to remediate this vulnerability. Please see below email attachment from my IT.

Path : C:\Program Files\TestProject Agent\app\lib\log4j-1.2.13.jar
Installed version : 1.2.13
Fixed version : 2.16.0

Risk Information
CVSS v2 Severity: Medium
STIG Severity: I
Vulnerability Priority Rating: 8.4
CVSS v2 Base Score: 6.0
CVSS v2 Temporal Score: 4.4
CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C
CVSS v3 Base Score: 7.5
CVSS v3 Temporal Score: 6.5
CVSS v3 Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

1 Like