9.8
CVE-2017-5645
- EPSS 89.04%
- Veröffentlicht 17.04.2017 21:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netapp ≫ Oncommand Api Services Version-
Netapp ≫ Oncommand Insight Version-
Netapp ≫ Oncommand Workflow Automation Version-
Netapp ≫ Service Level Manager Version-
Netapp ≫ Snapcenter Version-
Netapp ≫ Storage Automation Store Version-
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version6.7
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version7.3
Redhat ≫ Enterprise Linux Version7.4
Redhat ≫ Enterprise Linux Version7.5
Redhat ≫ Enterprise Linux Version7.6
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.4
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Eus Version7.4
Redhat ≫ Enterprise Linux Server Eus Version7.5
Redhat ≫ Enterprise Linux Server Eus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.4
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Workstation Version7.0
Oracle ≫ Api Gateway Version11.1.2.4.0
Oracle ≫ Application Testing Suite Version13.3.0.1
Oracle ≫ Autovue Vuelink Integration Version21.0.0
Oracle ≫ Autovue Vuelink Integration Version21.0.1
Oracle ≫ Banking Platform Version2.6.0
Oracle ≫ Banking Platform Version2.6.1
Oracle ≫ Banking Platform Version2.6.2
Oracle ≫ Bi Publisher Version11.1.1.7.0
Oracle ≫ Bi Publisher Version11.1.1.9.0
Oracle ≫ Bi Publisher Version12.2.1.3.0
Oracle ≫ Bi Publisher Version12.2.1.4.0
Oracle ≫ Communications Instant Messaging Server Version10.0.1.3.0
Oracle ≫ Communications Interactive Session Recorder Version >= 6.0 <= 6.2
Oracle ≫ Communications Messaging Server Version < 8.0.2
Oracle ≫ Communications Network Integrity Version >= 7.3.2 <= 7.3.6
Oracle ≫ Communications Online Mediation Controller Version6.1
Oracle ≫ Communications Pricing Design Center Version11.1
Oracle ≫ Communications Pricing Design Center Version12.0
Oracle ≫ Communications Service Broker Version6.0
Oracle ≫ Communications Webrtc Session Controller Version < 7.2
Oracle ≫ Configuration Manager Version12.1.2.0.2
Oracle ≫ Configuration Manager Version12.1.2.0.5
Oracle ≫ Endeca Information Discovery Studio Version3.2.0
Oracle ≫ Enterprise Data Quality Version12.2.1.3.0
Oracle ≫ Enterprise Manager Base Platform Version12.1.0.5
Oracle ≫ Enterprise Manager Base Platform Version13.2.0.0
Oracle ≫ Enterprise Manager For Fusion Middleware Version12.1.0.5
Oracle ≫ Enterprise Manager For Fusion Middleware Version13.2.0.0
Oracle ≫ Enterprise Manager For Mysql Database Version <= 13.2.2.0.0
Oracle ≫ Enterprise Manager For Oracle Database Version12.1.0.8
Oracle ≫ Enterprise Manager For Oracle Database Version13.2.2
Oracle ≫ Enterprise Manager For Peoplesoft Version13.1.1.1
Oracle ≫ Enterprise Manager For Peoplesoft Version13.2.1.1
Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 7.3.3.0.0 <= 7.3.3.0.2
Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.0.0.0 <= 8.0.7.0.0
Oracle ≫ Financial Services Behavior Detection Platform Version >= 8.0.0.0.0 <= 8.0.4.0.0
Oracle ≫ Financial Services Behavior Detection Platform Version6.1.1
Oracle ≫ Financial Services Hedge Management And Ifrs Valuations Version8.0.4
Oracle ≫ Financial Services Hedge Management And Ifrs Valuations Version8.0.5
Oracle ≫ Financial Services Lending And Leasing Version >= 14.1.0 <= 14.8.0
Oracle ≫ Financial Services Lending And Leasing Version12.5.0
Oracle ≫ Financial Services Loan Loss Forecasting And Provisioning Version8.0.4
Oracle ≫ Financial Services Loan Loss Forecasting And Provisioning Version8.0.5
Oracle ≫ Financial Services Profitability Management Version >= 8.0.0.0.0 <= 8.0.7.0.0
Oracle ≫ Financial Services Profitability Management Version6.1.1
Oracle ≫ Financial Services Regulatory Reporting With Agilereporter Version8.0.9.2.0
Oracle ≫ Flexcube Investor Servicing Version12.0.4
Oracle ≫ Flexcube Investor Servicing Version12.1.0
Oracle ≫ Flexcube Investor Servicing Version12.3.0
Oracle ≫ Flexcube Investor Servicing Version12.4.0
Oracle ≫ Flexcube Investor Servicing Version14.0.0
Oracle ≫ Fusion Middleware Mapviewer Version12.2.1.2
Oracle ≫ Fusion Middleware Mapviewer Version12.2.1.3
Oracle ≫ Goldengate Version12.3.2.1.1
Oracle ≫ Goldengate Application Adapters Version12.3.2.1.1
Oracle ≫ Identity Analytics Version11.1.1.5.8
Oracle ≫ Identity Management Suite Version11.1.2.3.0
Oracle ≫ Identity Management Suite Version12.2.1.3.0
Oracle ≫ Identity Manager Connector Version9.0
Oracle ≫ In-memory Performance-driven Planning Version12.1
Oracle ≫ In-memory Performance-driven Planning Version12.2
Oracle ≫ Instantis Enterprisetrack Version >= 17.1 <= 17.3
Oracle ≫ Insurance Calculation Engine Version10.1.1
Oracle ≫ Insurance Calculation Engine Version10.2.1
Oracle ≫ Insurance Policy Administration Version10.0
Oracle ≫ Insurance Policy Administration Version10.1
Oracle ≫ Insurance Policy Administration Version10.2
Oracle ≫ Insurance Policy Administration Version11.0
Oracle ≫ Insurance Rules Palette Version10.0
Oracle ≫ Insurance Rules Palette Version10.1
Oracle ≫ Insurance Rules Palette Version10.2
Oracle ≫ Insurance Rules Palette Version11.0
Oracle ≫ Insurance Rules Palette Version11.1
Oracle ≫ Jd Edwards Enterpriseone Tools Version4.0.1.0
Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2
Oracle ≫ Jdeveloper Version11.1.1.9.0
Oracle ≫ Jdeveloper Version12.1.3.0.0
Oracle ≫ Jdeveloper Version12.2.1.3.0
Oracle ≫ Mysql Enterprise Monitor Version >= 3.4.0.0 <= 3.4.7.4297
Oracle ≫ Mysql Enterprise Monitor Version >= 4.0.0.0 <= 4.0.4.5235
Oracle ≫ Mysql Enterprise Monitor Version >= 8.0.0.0.0 <= 8.0.0.8131
Oracle ≫ Peoplesoft Enterprise Fin Install Version9.2
Oracle ≫ Policy Automation Version10.4.7
Oracle ≫ Policy Automation Version12.1.0
Oracle ≫ Policy Automation Version12.1.1
Oracle ≫ Policy Automation Version12.2.0
Oracle ≫ Policy Automation Version12.2.1
Oracle ≫ Policy Automation Version12.2.2
Oracle ≫ Policy Automation Version12.2.3
Oracle ≫ Policy Automation Version12.2.4
Oracle ≫ Policy Automation Version12.2.5
Oracle ≫ Policy Automation Version12.2.6
Oracle ≫ Policy Automation Version12.2.7
Oracle ≫ Policy Automation Version12.2.8
Oracle ≫ Policy Automation Version12.2.9
Oracle ≫ Policy Automation Version12.2.10
Oracle ≫ Policy Automation Connector For Siebel Version10.4.6
Oracle ≫ Policy Automation For Mobile Devices Version10.4.7
Oracle ≫ Policy Automation For Mobile Devices Version12.1.0
Oracle ≫ Policy Automation For Mobile Devices Version12.1.1
Oracle ≫ Policy Automation For Mobile Devices Version12.2.0
Oracle ≫ Policy Automation For Mobile Devices Version12.2.1
Oracle ≫ Policy Automation For Mobile Devices Version12.2.2
Oracle ≫ Policy Automation For Mobile Devices Version12.2.3
Oracle ≫ Policy Automation For Mobile Devices Version12.2.4
Oracle ≫ Policy Automation For Mobile Devices Version12.2.5
Oracle ≫ Policy Automation For Mobile Devices Version12.2.6
Oracle ≫ Policy Automation For Mobile Devices Version12.2.7
Oracle ≫ Policy Automation For Mobile Devices Version12.2.8
Oracle ≫ Policy Automation For Mobile Devices Version12.2.9
Oracle ≫ Policy Automation For Mobile Devices Version12.2.10
Oracle ≫ Primavera Gateway Version >= 16.2.0 <= 16.2.11
Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.7
Oracle ≫ Rapid Planning Version12.1
Oracle ≫ Rapid Planning Version12.2
Oracle ≫ Retail Advanced Inventory Planning Version14.0
Oracle ≫ Retail Advanced Inventory Planning Version15.0
Oracle ≫ Retail Clearance Optimization Engine Version14.0.5
Oracle ≫ Retail Extract Transform And Load Version13.0
Oracle ≫ Retail Extract Transform And Load Version13.1
Oracle ≫ Retail Extract Transform And Load Version13.2
Oracle ≫ Retail Extract Transform And Load Version19.0
Oracle ≫ Retail Integration Bus Version14.0.0
Oracle ≫ Retail Integration Bus Version14.1.0
Oracle ≫ Retail Integration Bus Version15.0
Oracle ≫ Retail Integration Bus Version16.0
Oracle ≫ Retail Open Commerce Platform Version5.3.0
Oracle ≫ Retail Open Commerce Platform Version6.0.0
Oracle ≫ Retail Open Commerce Platform Version6.0.1
Oracle ≫ Retail Predictive Application Server Version15.0.3
Oracle ≫ Retail Service Backbone Version14.1
Oracle ≫ Retail Service Backbone Version15.0
Oracle ≫ Retail Service Backbone Version16.0
Oracle ≫ Siebel Ui Framework Version18.7
Oracle ≫ Siebel Ui Framework Version18.8
Oracle ≫ Siebel Ui Framework Version18.9
Oracle ≫ Tape Library Acsls Version8.4
Oracle ≫ Timesten In-memory Database Version11.2.2.8.49
Oracle ≫ Utilities Advanced Spatial And Operational Analytics Version2.7.0.1
Oracle ≫ Utilities Work And Asset Management Version1.9.1.2.12
Oracle ≫ Weblogic Server Version10.3.6.0.0
Oracle ≫ Weblogic Server Version12.1.3.0.0
Oracle ≫ Weblogic Server Version12.2.1.3.0
Oracle ≫ Weblogic Server Version12.2.1.4.0
Oracle ≫ Weblogic Server Version14.1.1.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 89.04% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://access.redhat.com/errata/RHSA-2017:2808
https://access.redhat.com/errata/RHSA-2017:2809
https://access.redhat.com/errata/RHSA-2017:2810
https://access.redhat.com/errata/RHSA-2017:2811
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://access.redhat.com/errata/RHSA-2019:1545
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://access.redhat.com/errata/RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1802
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/12/19/2
http://www.securityfocus.com/bid/97702
http://www.securitytracker.com/id/1040200
http://www.securitytracker.com/id/1041294
https://access.redhat.com/errata/RHSA-2017:1417
https://access.redhat.com/errata/RHSA-2017:2423
https://access.redhat.com/errata/RHSA-2017:2633
https://access.redhat.com/errata/RHSA-2017:2635
https://access.redhat.com/errata/RHSA-2017:2636
https://access.redhat.com/errata/RHSA-2017:2637
https://access.redhat.com/errata/RHSA-2017:2638
https://access.redhat.com/errata/RHSA-2017:2888
https://access.redhat.com/errata/RHSA-2017:2889
https://access.redhat.com/errata/RHSA-2017:3244
https://access.redhat.com/errata/RHSA-2017:3399
https://access.redhat.com/errata/RHSA-2017:3400
https://issues.apache.org/jira/browse/LOG4J2-1863
https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3Cdev.logging.apache.org%3E
https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3Cdev.logging.apache.org%3E
https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E
https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3Cissues.beam.apache.org%3E
https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3Cgithub.beam.apache.org%3E
https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3Cgithub.beam.apache.org%3E
https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3Cgithub.beam.apache.org%3E
https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3Ccommits.logging.apache.org%3E
https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3Cgithub.beam.apache.org%3E
https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3Ccommits.doris.apache.org%3E
https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3Cgithub.beam.apache.org%3E
https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E
https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E
https://security.netapp.com/advisory/ntap-20180726-0002/
https://security.netapp.com/advisory/ntap-20181107-0002/