Vulnerability Database

317,182

Total vulnerabilities in the database

CVE-2021-4125

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.

Published: Aug 24, 2022
Updated: Nov 16, 2025
CVE: CVE-2021-4125
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-502
CWE-20

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
redhat / openshift	4.8.0	4.8.24
redhat / openshift	4.7.0	4.7.40
redhat / openshift	4.6.0	4.6.52

https://access.redhat.com/security/cve/CVE-2021-4125
https://access.redhat.com/security/cve/CVE-2021-44228
https://access.redhat.com/security/cve/CVE-2021-45046
https://bugzilla.redhat.com/show_bug.cgi?id=2033121
https://github.com/kube-reporting/hive/pull/71
https://github.com/kube-reporting/hive/pull/72
https://github.com/kube-reporting/hive/pull/73

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo