CVE-2021-45105

Warning

EPSS 65.66%
Published 18.12.2021 12:15:07
Last modified 21.11.2024 06:31:58
Source security@apache.org
Teams watchlist Login
Open Login

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Affected products Warnungen 1 Metrics 3 CWE 2 References 16

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Log4j Version >= 2.0 < 2.3.1

Apache ≫ Log4j Version >= 2.4 < 2.12.3

Apache ≫ Log4j Version >= 2.13.0 <= 2.16.0

Netapp ≫ Cloud Manager Version-

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Sonicwall ≫ Email Security Version <= 10.0.12

Sonicwall ≫ Network Security Manager SwEditionon-premises Version >= 2.0 < 3.0

Sonicwall ≫ Network Security Manager SwEditionsaas Version >= 2.0 < 3.0

Sonicwall ≫ Web Application Firewall Version >= 3.0.0 < 3.1.0

Sonicwall ≫ 6bk1602-0aa12-0tp0 Firmware Version < 2.7.0

Sonicwall ≫ 6bk1602-0aa12-0tp0 Version-

Sonicwall ≫ 6bk1602-0aa22-0tp0 Firmware Version < 2.7.0

Sonicwall ≫ 6bk1602-0aa22-0tp0 Version-

Sonicwall ≫ 6bk1602-0aa32-0tp0 Firmware Version < 2.7.0

Sonicwall ≫ 6bk1602-0aa32-0tp0 Version-

Sonicwall ≫ 6bk1602-0aa42-0tp0 Firmware Version < 2.7.0

Sonicwall ≫ 6bk1602-0aa42-0tp0 Version-

Sonicwall ≫ 6bk1602-0aa52-0tp0 Firmware Version < 2.7.0

Sonicwall ≫ 6bk1602-0aa52-0tp0 Version-

Oracle ≫ Agile Engineering Data Management Version6.2.1.0

Oracle ≫ Agile Plm Version9.3.6

Oracle ≫ Agile Plm Mcad Connector Version3.6

Oracle ≫ Autovue For Agile Product Lifecycle Management Version21.0.2

Oracle ≫ Banking Deposits And Lines Of Credit Servicing Version2.12.0

Oracle ≫ Banking Enterprise Default Management Version2.7.1

Oracle ≫ Banking Enterprise Default Management Version2.12.0

Oracle ≫ Banking Loans Servicing Version2.12.0

Oracle ≫ Banking Party Management Version2.7.0

Oracle ≫ Banking Payments Version14.5

Oracle ≫ Banking Platform Version2.6.2

Oracle ≫ Banking Platform Version2.7.1

Oracle ≫ Banking Platform Version2.12.0

Oracle ≫ Banking Trade Finance Version14.5

Oracle ≫ Banking Treasury Management Version14.5

Oracle ≫ Business Intelligence Version5.5.0.0.0 SwEditionenterprise

Oracle ≫ Communications Asap Version7.3

Oracle ≫ Communications Billing And Revenue Management Version12.0.0.4

Oracle ≫ Communications Billing And Revenue Management Version12.0.0.5

Oracle ≫ Communications Cloud Native Core Console Version1.9.0

Oracle ≫ Communications Cloud Native Core Network Function Cloud Native Environment Version1.10.0

Oracle ≫ Communications Cloud Native Core Network Repository Function Version1.15.0

Oracle ≫ Communications Cloud Native Core Network Repository Function Version1.15.1

Oracle ≫ Communications Cloud Native Core Network Slice Selection Function Version1.8.0

Oracle ≫ Communications Cloud Native Core Policy Version1.15.0

Oracle ≫ Communications Cloud Native Core Security Edge Protection Proxy Version1.7.0

Oracle ≫ Communications Cloud Native Core Service Communication Proxy Version1.15.0

Oracle ≫ Communications Cloud Native Core Unified Data Repository Version1.15.0

Oracle ≫ Communications Convergence Version3.0.2.2.0

Oracle ≫ Communications Convergence Version3.0.3.0

Oracle ≫ Communications Convergent Charging Controller Version >= 12.0.1.0.0 <= 12.0.4.0.0

Oracle ≫ Communications Convergent Charging Controller Version6.0.1.0.0

Oracle ≫ Communications Diameter Signaling Router Version >= 8.3.0.0 <= 8.5.1.0

Oracle ≫ Communications Eagle Element Management System Version46.6

Oracle ≫ Communications Eagle Ftp Table Base Retrieval Version4.5

Oracle ≫ Communications Element Manager Version < 9.0

Oracle ≫ Communications Evolved Communications Application Server Version7.1

Oracle ≫ Communications Interactive Session Recorder Version6.3

Oracle ≫ Communications Interactive Session Recorder Version6.4

Oracle ≫ Communications Ip Service Activator Version7.4.0

Oracle ≫ Communications Messaging Server Version8.1

Oracle ≫ Communications Network Charging And Control Version >= 12.0.1.0.0 <= 12.0.4.0.0

Oracle ≫ Communications Network Charging And Control Version6.0.1.0.0

Oracle ≫ Communications Network Integrity Version7.3.6

Oracle ≫ Communications Performance Intelligence Center Version10.4.0.3

Oracle ≫ Communications Pricing Design Center Version12.0.0.4

Oracle ≫ Communications Pricing Design Center Version12.0.0.5

Oracle ≫ Communications Service Broker Version6.2

Oracle ≫ Communications Services Gatekeeper Version7.0

Oracle ≫ Communications Session Report Manager Version < 9.0

Oracle ≫ Communications Session Route Manager Version < 9.0

Oracle ≫ Communications Unified Inventory Management Version7.3.5

Oracle ≫ Communications Unified Inventory Management Version7.4.1

Oracle ≫ Communications Unified Inventory Management Version7.4.2

Oracle ≫ Communications User Data Repository Version12.4

Oracle ≫ Communications Webrtc Session Controller Version7.2.0.0

Oracle ≫ Communications Webrtc Session Controller Version7.2.1

Oracle ≫ Data Integrator Version12.2.1.3.0

Oracle ≫ Data Integrator Version12.2.1.4.0

Oracle ≫ E-business Suite Version12.2

Oracle ≫ Enterprise Manager Base Platform Version13.4.0.0

Oracle ≫ Enterprise Manager Base Platform Version13.5.0.0

Oracle ≫ Enterprise Manager For Peoplesoft Version13.4.1.1

Oracle ≫ Enterprise Manager For Peoplesoft Version13.5.1.1

Oracle ≫ Enterprise Manager Ops Center Version12.4.0.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.7 <= 8.1.1

Oracle ≫ Financial Services Model Management And Governance Version8.0.8.0.0

Oracle ≫ Financial Services Model Management And Governance Version8.1.0.0.0

Oracle ≫ Financial Services Model Management And Governance Version8.1.1.0.0

Oracle ≫ Flexcube Universal Banking Version >= 12.1.0 <= 12.4

Oracle ≫ Flexcube Universal Banking Version >= 14.0.0 <= 14.3.0

Oracle ≫ Flexcube Universal Banking Version11.83.3

Oracle ≫ Flexcube Universal Banking Version14.5

Oracle ≫ Health Sciences Empirica Signal Version9.1.0.6

Oracle ≫ Health Sciences Empirica Signal Version9.2.0.0

Oracle ≫ Health Sciences Inform Version6.2.1.1

Oracle ≫ Health Sciences Inform Version6.3.2.1

Oracle ≫ Health Sciences Inform Version7.0.0.0

Oracle ≫ Health Sciences Information Manager Version >= 3.0.1 <= 3.0.4

Oracle ≫ Healthcare Data Repository Version8.1.1

Oracle ≫ Healthcare Foundation Version >= 7.3.0.1 <= 7.3.0.4

Oracle ≫ Healthcare Master Person Index Version5.0.1

Oracle ≫ Healthcare Translational Research Version4.1.0

Oracle ≫ Healthcare Translational Research Version4.1.1

Oracle ≫ Hospitality Suite8 Version8.13.0

Oracle ≫ Hospitality Suite8 Version8.14.0

Oracle ≫ Hospitality Token Proxy Service Version19.2

Oracle ≫ Hyperion Bi+ Version < 11.2.8.0

Oracle ≫ Hyperion Data Relationship Management Version < 11.2.8.0

Oracle ≫ Hyperion Infrastructure Technology Version < 11.2.8.0

Oracle ≫ Hyperion Planning Version < 11.2.8.0

Oracle ≫ Hyperion Profitability And Cost Management Version < 11.2.8.0

Oracle ≫ Hyperion Tax Provision Version < 11.2.8.0

Oracle ≫ Identity Management Suite Version12.2.1.3.0

Oracle ≫ Identity Management Suite Version12.2.1.4.0

Oracle ≫ Identity Manager Connector Version9.1.0

Oracle ≫ Instantis Enterprisetrack Version17.1

Oracle ≫ Instantis Enterprisetrack Version17.2

Oracle ≫ Instantis Enterprisetrack Version17.3

Oracle ≫ Insurance Data Gateway Version1.0.1

Oracle ≫ Insurance Insbridge Rating And Underwriting Version >= 5.4 <= 5.6.0.0

Oracle ≫ Insurance Insbridge Rating And Underwriting Version5.2.0

Oracle ≫ Insurance Insbridge Rating And Underwriting Version5.6.1.0

Oracle ≫ Jdeveloper Version12.2.1.4.0

Oracle ≫ Managed File Transfer Version12.2.1.3.0

Oracle ≫ Managed File Transfer Version12.2.1.4.0

Oracle ≫ Management Cloud Engine Version1.5.0

Oracle ≫ Mysql Enterprise Monitor Version <= 8.0.29

Oracle ≫ Payment Interface Version19.1

Oracle ≫ Payment Interface Version20.3

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59

Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.11

Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.13

Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.12

Oracle ≫ Primavera Gateway Version >= 20.12.0 <= 20.12.7

Oracle ≫ Primavera Gateway Version21.12.0

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 19.12.0.0 <= 19.12.18.0

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 20.12.0.0 <= 20.12.12.0

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version21.12.0.0

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Primavera Unifier Version21.12

Oracle ≫ Retail Back Office Version14.1

Oracle ≫ Retail Central Office Version14.1

Oracle ≫ Retail Customer Insights Version15.0.2

Oracle ≫ Retail Customer Insights Version16.0.2

Oracle ≫ Retail Data Extractor For Merchandising Version15.0.2

Oracle ≫ Retail Data Extractor For Merchandising Version16.0.2

Oracle ≫ Retail Eftlink Version16.0.3

Oracle ≫ Retail Eftlink Version17.0.2

Oracle ≫ Retail Eftlink Version18.0.1

Oracle ≫ Retail Eftlink Version19.0.1

Oracle ≫ Retail Eftlink Version20.0.1

Oracle ≫ Retail Eftlink Version21.0.0

Oracle ≫ Retail Financial Integration Version >= 16.0.1 <= 16.0.3

Oracle ≫ Retail Financial Integration Version14.1.3.2

Oracle ≫ Retail Financial Integration Version15.0.3.1

Oracle ≫ Retail Financial Integration Version19.0.0

Oracle ≫ Retail Financial Integration Version19.0.1

Oracle ≫ Retail Integration Bus Version >= 16.0.1 <= 16.0.3

Oracle ≫ Retail Integration Bus Version >= 19.0.0 <= 19.0.1.0

Oracle ≫ Retail Integration Bus Version14.1.3

Oracle ≫ Retail Integration Bus Version14.1.3.2

Oracle ≫ Retail Integration Bus Version15.0.3.1

Oracle ≫ Retail Integration Bus Version19.0.0

Oracle ≫ Retail Integration Bus Version19.0.1

Oracle ≫ Retail Invoice Matching Version15.0.3

Oracle ≫ Retail Invoice Matching Version16.0.3

Oracle ≫ Retail Merchandising System Version16.0.3

Oracle ≫ Retail Merchandising System Version19.0.1

Oracle ≫ Retail Order Broker Version16.0

Oracle ≫ Retail Order Broker Version18.0

Oracle ≫ Retail Order Broker Version19.1

Oracle ≫ Retail Order Management System Version19.5

Oracle ≫ Retail Point-of-service Version14.1

Oracle ≫ Retail Predictive Application Server Version14.1.3.46

Oracle ≫ Retail Predictive Application Server Version15.0.3.115

Oracle ≫ Retail Predictive Application Server Version16.0.3.240

Oracle ≫ Retail Price Management Version13.2

Oracle ≫ Retail Price Management Version14.0.4

Oracle ≫ Retail Price Management Version14.1.3.0

Oracle ≫ Retail Price Management Version15.0.3.0

Oracle ≫ Retail Price Management Version16.0.3.0

Oracle ≫ Retail Returns Management Version14.1

Oracle ≫ Retail Service Backbone Version >= 16.0.1 <= 16.0.3

Oracle ≫ Retail Service Backbone Version14.1.3

Oracle ≫ Retail Service Backbone Version14.1.3.2

Oracle ≫ Retail Service Backbone Version15.0.3.1

Oracle ≫ Retail Service Backbone Version19.0.0

Oracle ≫ Retail Service Backbone Version19.0.1

Oracle ≫ Retail Service Backbone Version19.0.1.0

Oracle ≫ Retail Store Inventory Management Version14.0.4.13

Oracle ≫ Retail Store Inventory Management Version14.1.3.5

Oracle ≫ Retail Store Inventory Management Version14.1.3.14

Oracle ≫ Retail Store Inventory Management Version15.0.3.3

Oracle ≫ Retail Store Inventory Management Version15.0.3.8

Oracle ≫ Retail Store Inventory Management Version16.0.3.7

Oracle ≫ Siebel Ui Framework Version <= 21.12

Oracle ≫ Sql Developer Version < 21.4.2

Oracle ≫ Taleo Platform Version < 22.1

Oracle ≫ Utilities Framework Version >= 4.3.0.1.0 <= 4.3.0.6.0

Oracle ≫ Utilities Framework Version4.4.0.0.0

Oracle ≫ Utilities Framework Version4.4.0.2.0

Oracle ≫ Utilities Framework Version4.4.0.3.0

Oracle ≫ Webcenter Portal Version12.2.1.3.0

Oracle ≫ Webcenter Portal Version12.2.1.4.0

Oracle ≫ Webcenter Sites Version12.2.1.3.0

Oracle ≫ Webcenter Sites Version12.2.1.4.0

Oracle ≫ Weblogic Server Version12.2.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.4.0

Oracle ≫ Weblogic Server Version14.1.1.0.0

10.12.2021: CERT.at Warnung

https://www.cert.at/de/warnungen/2021/12/kritische-0-day-sicherheitslucke-in-apache-log4j-bibliothek

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	65.66%	0.984

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf

Third Party Advisory

https://logging.apache.org/log4j/2.x/security.html

Vendor Advisory