KNOWLEDGE BASE

Security Vulnerability CVE-2021-4104


Published: 23 Dec 2021
Last Modified Date: 24 Dec 2021

Issue

JMSAppender in Log4j 1.2 is vulnerable to a deserialization of untrusted data when the attacker has write access to the Log4j configuration. This can result in remote code execution in a similar fashion to CVE-2021-44228.

Environment

Tableau Products

Resolution

Based on currently available information, we have determined that Tableau products are not affected by CVE-2021-4104 because Tableau does not make use of JMSAppender.
Did this article resolve the issue?