9.8
CVE-2017-5645
- EPSS 94.01%
- Published 17.04.2017 21:59:00
- Last modified 20.04.2025 01:37:25
- Source security@apache.org
- Teams watchlist Login
- Open Login
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Data is provided by the National Vulnerability Database (NVD)
Netapp ≫ Oncommand Api Services Version-
Netapp ≫ Oncommand Insight Version-
Netapp ≫ Oncommand Workflow Automation Version-
Netapp ≫ Service Level Manager Version-
Netapp ≫ Snapcenter Version-
Netapp ≫ Storage Automation Store Version-
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version6.7
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version7.3
Redhat ≫ Enterprise Linux Version7.4
Redhat ≫ Enterprise Linux Version7.5
Redhat ≫ Enterprise Linux Version7.6
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.4
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Eus Version7.4
Redhat ≫ Enterprise Linux Server Eus Version7.5
Redhat ≫ Enterprise Linux Server Eus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.4
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Workstation Version7.0
Oracle ≫ Api Gateway Version11.1.2.4.0
Oracle ≫ Application Testing Suite Version13.3.0.1
Oracle ≫ Autovue Vuelink Integration Version21.0.0
Oracle ≫ Autovue Vuelink Integration Version21.0.1
Oracle ≫ Banking Platform Version2.6.0
Oracle ≫ Banking Platform Version2.6.1
Oracle ≫ Banking Platform Version2.6.2
Oracle ≫ Bi Publisher Version11.1.1.7.0
Oracle ≫ Bi Publisher Version11.1.1.9.0
Oracle ≫ Bi Publisher Version12.2.1.3.0
Oracle ≫ Bi Publisher Version12.2.1.4.0
Oracle ≫ Communications Instant Messaging Server Version10.0.1.3.0
Oracle ≫ Communications Interactive Session Recorder Version >= 6.0 <= 6.2
Oracle ≫ Communications Messaging Server Version < 8.0.2
Oracle ≫ Communications Network Integrity Version >= 7.3.2 <= 7.3.6
Oracle ≫ Communications Online Mediation Controller Version6.1
Oracle ≫ Communications Pricing Design Center Version11.1
Oracle ≫ Communications Pricing Design Center Version12.0
Oracle ≫ Communications Service Broker Version6.0
Oracle ≫ Communications Webrtc Session Controller Version < 7.2
Oracle ≫ Configuration Manager Version12.1.2.0.2
Oracle ≫ Configuration Manager Version12.1.2.0.5
Oracle ≫ Endeca Information Discovery Studio Version3.2.0
Oracle ≫ Enterprise Data Quality Version12.2.1.3.0
Oracle ≫ Enterprise Manager Base Platform Version12.1.0.5
Oracle ≫ Enterprise Manager Base Platform Version13.2.0.0
Oracle ≫ Enterprise Manager For Fusion Middleware Version12.1.0.5
Oracle ≫ Enterprise Manager For Fusion Middleware Version13.2.0.0
Oracle ≫ Enterprise Manager For Mysql Database Version <= 13.2.2.0.0
Oracle ≫ Enterprise Manager For Oracle Database Version12.1.0.8
Oracle ≫ Enterprise Manager For Oracle Database Version13.2.2
Oracle ≫ Enterprise Manager For Peoplesoft Version13.1.1.1
Oracle ≫ Enterprise Manager For Peoplesoft Version13.2.1.1
Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 7.3.3.0.0 <= 7.3.3.0.2
Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.0.0.0 <= 8.0.7.0.0
Oracle ≫ Financial Services Behavior Detection Platform Version >= 8.0.0.0.0 <= 8.0.4.0.0
Oracle ≫ Financial Services Behavior Detection Platform Version6.1.1
Oracle ≫ Financial Services Hedge Management And Ifrs Valuations Version8.0.4
Oracle ≫ Financial Services Hedge Management And Ifrs Valuations Version8.0.5
Oracle ≫ Financial Services Lending And Leasing Version >= 14.1.0 <= 14.8.0
Oracle ≫ Financial Services Lending And Leasing Version12.5.0
Oracle ≫ Financial Services Loan Loss Forecasting And Provisioning Version8.0.4
Oracle ≫ Financial Services Loan Loss Forecasting And Provisioning Version8.0.5
Oracle ≫ Financial Services Profitability Management Version >= 8.0.0.0.0 <= 8.0.7.0.0
Oracle ≫ Financial Services Profitability Management Version6.1.1
Oracle ≫ Financial Services Regulatory Reporting With Agilereporter Version8.0.9.2.0
Oracle ≫ Flexcube Investor Servicing Version12.0.4
Oracle ≫ Flexcube Investor Servicing Version12.1.0
Oracle ≫ Flexcube Investor Servicing Version12.3.0
Oracle ≫ Flexcube Investor Servicing Version12.4.0
Oracle ≫ Flexcube Investor Servicing Version14.0.0
Oracle ≫ Fusion Middleware Mapviewer Version12.2.1.2
Oracle ≫ Fusion Middleware Mapviewer Version12.2.1.3
Oracle ≫ Goldengate Version12.3.2.1.1
Oracle ≫ Goldengate Application Adapters Version12.3.2.1.1
Oracle ≫ Identity Analytics Version11.1.1.5.8
Oracle ≫ Identity Management Suite Version11.1.2.3.0
Oracle ≫ Identity Management Suite Version12.2.1.3.0
Oracle ≫ Identity Manager Connector Version9.0
Oracle ≫ In-memory Performance-driven Planning Version12.1
Oracle ≫ In-memory Performance-driven Planning Version12.2
Oracle ≫ Instantis Enterprisetrack Version >= 17.1 <= 17.3
Oracle ≫ Insurance Calculation Engine Version10.1.1
Oracle ≫ Insurance Calculation Engine Version10.2.1
Oracle ≫ Insurance Policy Administration Version10.0
Oracle ≫ Insurance Policy Administration Version10.1
Oracle ≫ Insurance Policy Administration Version10.2
Oracle ≫ Insurance Policy Administration Version11.0
Oracle ≫ Insurance Rules Palette Version10.0
Oracle ≫ Insurance Rules Palette Version10.1
Oracle ≫ Insurance Rules Palette Version10.2
Oracle ≫ Insurance Rules Palette Version11.0
Oracle ≫ Insurance Rules Palette Version11.1
Oracle ≫ Jd Edwards Enterpriseone Tools Version4.0.1.0
Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2
Oracle ≫ Jdeveloper Version11.1.1.9.0
Oracle ≫ Jdeveloper Version12.1.3.0.0
Oracle ≫ Jdeveloper Version12.2.1.3.0
Oracle ≫ Mysql Enterprise Monitor Version >= 3.4.0.0 <= 3.4.7.4297
Oracle ≫ Mysql Enterprise Monitor Version >= 4.0.0.0 <= 4.0.4.5235
Oracle ≫ Mysql Enterprise Monitor Version >= 8.0.0.0.0 <= 8.0.0.8131
Oracle ≫ Peoplesoft Enterprise Fin Install Version9.2
Oracle ≫ Policy Automation Version10.4.7
Oracle ≫ Policy Automation Version12.1.0
Oracle ≫ Policy Automation Version12.1.1
Oracle ≫ Policy Automation Version12.2.0
Oracle ≫ Policy Automation Version12.2.1
Oracle ≫ Policy Automation Version12.2.2
Oracle ≫ Policy Automation Version12.2.3
Oracle ≫ Policy Automation Version12.2.4
Oracle ≫ Policy Automation Version12.2.5
Oracle ≫ Policy Automation Version12.2.6
Oracle ≫ Policy Automation Version12.2.7
Oracle ≫ Policy Automation Version12.2.8
Oracle ≫ Policy Automation Version12.2.9
Oracle ≫ Policy Automation Version12.2.10
Oracle ≫ Policy Automation Connector For Siebel Version10.4.6
Oracle ≫ Policy Automation For Mobile Devices Version10.4.7
Oracle ≫ Policy Automation For Mobile Devices Version12.1.0
Oracle ≫ Policy Automation For Mobile Devices Version12.1.1
Oracle ≫ Policy Automation For Mobile Devices Version12.2.0
Oracle ≫ Policy Automation For Mobile Devices Version12.2.1
Oracle ≫ Policy Automation For Mobile Devices Version12.2.2
Oracle ≫ Policy Automation For Mobile Devices Version12.2.3
Oracle ≫ Policy Automation For Mobile Devices Version12.2.4
Oracle ≫ Policy Automation For Mobile Devices Version12.2.5
Oracle ≫ Policy Automation For Mobile Devices Version12.2.6
Oracle ≫ Policy Automation For Mobile Devices Version12.2.7
Oracle ≫ Policy Automation For Mobile Devices Version12.2.8
Oracle ≫ Policy Automation For Mobile Devices Version12.2.9
Oracle ≫ Policy Automation For Mobile Devices Version12.2.10
Oracle ≫ Primavera Gateway Version >= 16.2.0 <= 16.2.11
Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.7
Oracle ≫ Rapid Planning Version12.1
Oracle ≫ Rapid Planning Version12.2
Oracle ≫ Retail Advanced Inventory Planning Version14.0
Oracle ≫ Retail Advanced Inventory Planning Version15.0
Oracle ≫ Retail Clearance Optimization Engine Version14.0.5
Oracle ≫ Retail Extract Transform And Load Version13.0
Oracle ≫ Retail Extract Transform And Load Version13.1
Oracle ≫ Retail Extract Transform And Load Version13.2
Oracle ≫ Retail Extract Transform And Load Version19.0
Oracle ≫ Retail Integration Bus Version14.0.0
Oracle ≫ Retail Integration Bus Version14.1.0
Oracle ≫ Retail Integration Bus Version15.0
Oracle ≫ Retail Integration Bus Version16.0
Oracle ≫ Retail Open Commerce Platform Version5.3.0
Oracle ≫ Retail Open Commerce Platform Version6.0.0
Oracle ≫ Retail Open Commerce Platform Version6.0.1
Oracle ≫ Retail Predictive Application Server Version15.0.3
Oracle ≫ Retail Service Backbone Version14.1
Oracle ≫ Retail Service Backbone Version15.0
Oracle ≫ Retail Service Backbone Version16.0
Oracle ≫ Siebel Ui Framework Version18.7
Oracle ≫ Siebel Ui Framework Version18.8
Oracle ≫ Siebel Ui Framework Version18.9
Oracle ≫ Tape Library Acsls Version8.4
Oracle ≫ Timesten In-memory Database Version11.2.2.8.49
Oracle ≫ Utilities Advanced Spatial And Operational Analytics Version2.7.0.1
Oracle ≫ Utilities Work And Asset Management Version1.9.1.2.12
Oracle ≫ Weblogic Server Version10.3.6.0.0
Oracle ≫ Weblogic Server Version12.1.3.0.0
Oracle ≫ Weblogic Server Version12.2.1.3.0
Oracle ≫ Weblogic Server Version12.2.1.4.0
Oracle ≫ Weblogic Server Version14.1.1.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.01% | 0.999 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.