CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
Link Resource
http://www.openwall.com/lists/oss-security/2021/12/19/1 Mailing List Mitigation Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf Third Party Advisory
https://logging.apache.org/log4j/2.x/security.html Release Notes Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 Third Party Advisory
https://security.netapp.com/advisory/ntap-20211218-0001/ Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd Third Party Advisory
https://www.debian.org/security/2021/dsa-5024 Third Party Advisory
https://www.kb.cert.org/vuls/id/930724 Third Party Advisory US Government Resource
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2021/12/19/1 Mailing List Mitigation Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf Third Party Advisory
https://logging.apache.org/log4j/2.x/security.html Release Notes Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 Third Party Advisory
https://security.netapp.com/advisory/ntap-20211218-0001/ Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd Third Party Advisory
https://www.debian.org/security/2021/dsa-5024 Third Party Advisory
https://www.kb.cert.org/vuls/id/930724 Third Party Advisory US Government Resource
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*
cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*
cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*
cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*

Configuration 10 (hide)

OR cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_bi\+:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:31

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2021/12/19/1 - Mailing List, Mitigation, Third Party Advisory () http://www.openwall.com/lists/oss-security/2021/12/19/1 - Mailing List, Mitigation, Third Party Advisory
References () https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - Third Party Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - Third Party Advisory
References () https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - Third Party Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - Third Party Advisory
References () https://logging.apache.org/log4j/2.x/security.html - Release Notes, Vendor Advisory () https://logging.apache.org/log4j/2.x/security.html - Release Notes, Vendor Advisory
References () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - Third Party Advisory () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20211218-0001/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20211218-0001/ - Third Party Advisory
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory
References () https://www.debian.org/security/2021/dsa-5024 - Third Party Advisory () https://www.debian.org/security/2021/dsa-5024 - Third Party Advisory
References () https://www.kb.cert.org/vuls/id/930724 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/930724 - Third Party Advisory, US Government Resource
References () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory
References () https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ - Third Party Advisory, VDB Entry () https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ - Third Party Advisory, VDB Entry

25 Jul 2022, 18:18

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

20 Apr 2022, 00:16

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

19 Feb 2022, 04:42

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
CPE cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*

07 Feb 2022, 16:16

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

30 Dec 2021, 16:22

Type Values Removed Values Added
CPE cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.5:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.7:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta6:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta4:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.16.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.3:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:rc1-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta4-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta6-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta3-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta8-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.10.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.1:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta7-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.9.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.5:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta3-rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.3:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta7-rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.7:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta5:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.16.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.9.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.7:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*
cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*
cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*
CVSS v2 : 5.0
v3 : 7.5
v2 : 4.3
v3 : 5.9
References (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - Third Party Advisory
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - Third Party Advisory
References (CERT-VN) https://www.kb.cert.org/vuls/id/930724 - (CERT-VN) https://www.kb.cert.org/vuls/id/930724 - Third Party Advisory, US Government Resource
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - Third Party Advisory

28 Dec 2021, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/', 'name': 'FEDORA-2021-5c9d12a93e', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html', 'name': '[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/', 'name': 'FEDORA-2021-abbe24e41c', 'tags': [], 'refsource': 'FEDORA'}
Summary Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

27 Dec 2021, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/ -

27 Dec 2021, 00:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html -

22 Dec 2021, 01:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf -

21 Dec 2021, 11:15

Type Values Removed Values Added
References
  • (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 -

21 Dec 2021, 06:15

Type Values Removed Values Added
References
  • (CERT-VN) https://www.kb.cert.org/vuls/id/930724 -
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf -

20 Dec 2021, 18:48

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211218-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211218-0001/ - Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-5024 - (DEBIAN) https://www.debian.org/security/2021/dsa-5024 - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/12/19/1 - (MLIST) http://www.openwall.com/lists/oss-security/2021/12/19/1 - Mailing List, Mitigation, Third Party Advisory
References (MISC) https://logging.apache.org/log4j/2.x/security.html - (MISC) https://logging.apache.org/log4j/2.x/security.html - Release Notes, Vendor Advisory
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ - Third Party Advisory, VDB Entry
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE CWE-20
CWE-674
CPE cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.5:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.7:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta6:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta4:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.16.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.3:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:rc1-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta4-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta6-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.1:-:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta3-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta8-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.10.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.1:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta7-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.9.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.5:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta3-rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.3:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta7-rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.7:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta5:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.16.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.9.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.7:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:alpha1:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

20 Dec 2021, 00:15

Type Values Removed Values Added
References
  • (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd -

19 Dec 2021, 16:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2021/dsa-5024 -
  • (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ -

19 Dec 2021, 04:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/12/19/1 -

18 Dec 2021, 16:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211218-0001/ -

18 Dec 2021, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-18 12:15

Updated : 2024-11-21 06:31


NVD link : CVE-2021-45105

Mitre link : CVE-2021-45105

CVE.ORG link : CVE-2021-45105


JSON object : View

Products Affected

oracle

  • retail_order_broker
  • webcenter_sites
  • communications_convergence
  • hospitality_suite8
  • healthcare_foundation
  • communications_cloud_native_core_network_slice_selection_function
  • sql_developer
  • retail_store_inventory_management
  • banking_party_management
  • financial_services_model_management_and_governance
  • banking_platform
  • retail_financial_integration
  • communications_network_integrity
  • communications_billing_and_revenue_management
  • communications_convergent_charging_controller
  • insurance_data_gateway
  • primavera_p6_enterprise_project_portfolio_management
  • retail_integration_bus
  • communications_messaging_server
  • communications_network_charging_and_control
  • jdeveloper
  • autovue_for_agile_product_lifecycle_management
  • retail_order_management_system
  • banking_treasury_management
  • mysql_enterprise_monitor
  • healthcare_data_repository
  • hyperion_bi\+
  • agile_engineering_data_management
  • health_sciences_empirica_signal
  • banking_deposits_and_lines_of_credit_servicing
  • managed_file_transfer
  • webcenter_portal
  • retail_price_management
  • communications_interactive_session_recorder
  • healthcare_translational_research
  • financial_services_analytical_applications_infrastructure
  • enterprise_manager_for_peoplesoft
  • communications_cloud_native_core_network_function_cloud_native_environment
  • health_sciences_information_manager
  • communications_unified_inventory_management
  • communications_element_manager
  • management_cloud_engine
  • communications_eagle_ftp_table_base_retrieval
  • retail_returns_management
  • identity_management_suite
  • communications_cloud_native_core_unified_data_repository
  • payment_interface
  • siebel_ui_framework
  • banking_trade_finance
  • retail_back_office
  • communications_cloud_native_core_console
  • retail_central_office
  • communications_session_report_manager
  • communications_evolved_communications_application_server
  • primavera_unifier
  • insurance_insbridge_rating_and_underwriting
  • retail_data_extractor_for_merchandising
  • data_integrator
  • communications_service_broker
  • retail_merchandising_system
  • communications_ip_service_activator
  • banking_loans_servicing
  • communications_performance_intelligence_center
  • communications_session_route_manager
  • hyperion_data_relationship_management
  • retail_customer_insights
  • health_sciences_inform
  • retail_point-of-service
  • business_intelligence
  • hyperion_tax_provision
  • communications_cloud_native_core_service_communication_proxy
  • primavera_gateway
  • enterprise_manager_base_platform
  • communications_webrtc_session_controller
  • communications_cloud_native_core_security_edge_protection_proxy
  • healthcare_master_person_index
  • communications_user_data_repository
  • banking_enterprise_default_management
  • hospitality_token_proxy_service
  • communications_asap
  • agile_plm_mcad_connector
  • weblogic_server
  • agile_plm
  • hyperion_infrastructure_technology
  • communications_cloud_native_core_network_repository_function
  • communications_services_gatekeeper
  • banking_payments
  • flexcube_universal_banking
  • communications_diameter_signaling_router
  • enterprise_manager_ops_center
  • utilities_framework
  • communications_pricing_design_center
  • e-business_suite
  • retail_eftlink
  • peoplesoft_enterprise_peopletools
  • hyperion_planning
  • identity_manager_connector
  • hyperion_profitability_and_cost_management
  • retail_invoice_matching
  • retail_predictive_application_server
  • retail_service_backbone
  • communications_cloud_native_core_policy
  • communications_eagle_element_management_system
  • taleo_platform
  • instantis_enterprisetrack

debian

  • debian_linux

sonicwall

  • 6bk1602-0aa32-0tp0_firmware
  • 6bk1602-0aa42-0tp0
  • 6bk1602-0aa52-0tp0_firmware
  • 6bk1602-0aa12-0tp0_firmware
  • web_application_firewall
  • 6bk1602-0aa52-0tp0
  • 6bk1602-0aa42-0tp0_firmware
  • 6bk1602-0aa32-0tp0
  • network_security_manager
  • 6bk1602-0aa22-0tp0_firmware
  • email_security
  • 6bk1602-0aa22-0tp0
  • 6bk1602-0aa12-0tp0

netapp

  • cloud_manager

apache

  • log4j
CWE
CWE-20

Improper Input Validation

CWE-674

Uncontrolled Recursion