CVE-2021-45105
Summary
| CVE | CVE-2021-45105 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-18 12:15:00 UTC |
| Updated | 2022-10-06 17:31:00 UTC |
| Description | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. |
Risk And Classification
Problem Types: CWE-20 | CWE-674
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Log4j | All | All | All | All |
| Application | Apache | Log4j | 2.0 | - | All | All |
| Application | Apache | Log4j | 2.0 | alpha1 | All | All |
| Application | Apache | Log4j | 2.0 | alpha2 | All | All |
| Application | Apache | Log4j | 2.0 | beta1 | All | All |
| Application | Apache | Log4j | 2.0 | beta2 | All | All |
| Application | Apache | Log4j | 2.0 | beta3 | All | All |
| Application | Apache | Log4j | 2.0 | beta3-rc1 | All | All |
| Application | Apache | Log4j | 2.0 | beta3-rc2 | All | All |
| Application | Apache | Log4j | 2.0 | beta4 | All | All |
| Application | Apache | Log4j | 2.0 | beta4-rc1 | All | All |
| Application | Apache | Log4j | 2.0 | beta5 | All | All |
| Application | Apache | Log4j | 2.0 | beta6 | All | All |
| Application | Apache | Log4j | 2.0 | beta6-rc1 | All | All |
| Application | Apache | Log4j | 2.0 | beta7 | All | All |
| Application | Apache | Log4j | 2.0 | beta7-rc1 | All | All |
| Application | Apache | Log4j | 2.0 | beta7-rc2 | All | All |
| Application | Apache | Log4j | 2.0 | beta8 | All | All |
| Application | Apache | Log4j | 2.0 | beta8-rc1 | All | All |
| Application | Apache | Log4j | 2.0 | beta9 | All | All |
| Application | Apache | Log4j | 2.0 | rc1 | All | All |
| Application | Apache | Log4j | 2.0 | rc1-rc1 | All | All |
| Application | Apache | Log4j | 2.0 | rc2 | All | All |
| Application | Apache | Log4j | 2.0.1 | All | All | All |
| Application | Apache | Log4j | 2.0.2 | All | All | All |
| Application | Apache | Log4j | 2.1 | - | All | All |
| Application | Apache | Log4j | 2.1 | rc2 | All | All |
| Application | Apache | Log4j | 2.1 | rc3 | All | All |
| Application | Apache | Log4j | 2.10.0 | - | All | All |
| Application | Apache | Log4j | 2.10.0 | rc1 | All | All |
| Application | Apache | Log4j | 2.11.0 | - | All | All |
| Application | Apache | Log4j | 2.11.0 | rc1 | All | All |
| Application | Apache | Log4j | 2.11.1 | - | All | All |
| Application | Apache | Log4j | 2.11.1 | rc1 | All | All |
| Application | Apache | Log4j | 2.11.2 | - | All | All |
| Application | Apache | Log4j | 2.11.2 | rc1 | All | All |
| Application | Apache | Log4j | 2.11.2 | rc2 | All | All |
| Application | Apache | Log4j | 2.11.2 | rc3 | All | All |
| Application | Apache | Log4j | 2.12.0 | - | All | All |
| Application | Apache | Log4j | 2.12.0 | rc1 | All | All |
| Application | Apache | Log4j | 2.12.0 | rc2 | All | All |
| Application | Apache | Log4j | 2.12.1 | - | All | All |
| Application | Apache | Log4j | 2.12.1 | rc1 | All | All |
| Application | Apache | Log4j | 2.12.2 | - | All | All |
| Application | Apache | Log4j | 2.12.2 | rc1 | All | All |
| Application | Apache | Log4j | 2.13.0 | - | All | All |
| Application | Apache | Log4j | 2.13.0 | rc1 | All | All |
| Application | Apache | Log4j | 2.13.0 | rc2 | All | All |
| Application | Apache | Log4j | 2.13.1 | - | All | All |
| Application | Apache | Log4j | 2.13.1 | rc1 | All | All |
| Application | Apache | Log4j | 2.13.1 | rc2 | All | All |
| Application | Apache | Log4j | 2.13.2 | - | All | All |
| Application | Apache | Log4j | 2.13.2 | rc1 | All | All |
| Application | Apache | Log4j | 2.13.3 | - | All | All |
| Application | Apache | Log4j | 2.13.3 | rc1 | All | All |
| Application | Apache | Log4j | 2.14.0 | - | All | All |
| Application | Apache | Log4j | 2.14.0 | rc1 | All | All |
| Application | Apache | Log4j | 2.14.1 | - | All | All |
| Application | Apache | Log4j | 2.14.1 | rc1 | All | All |
| Application | Apache | Log4j | 2.15.0 | - | All | All |
| Application | Apache | Log4j | 2.15.0 | rc1 | All | All |
| Application | Apache | Log4j | 2.15.0 | rc2 | All | All |
| Application | Apache | Log4j | 2.15.1 | rc1 | All | All |
| Application | Apache | Log4j | 2.16.0 | - | All | All |
| Application | Apache | Log4j | 2.16.0 | rc1 | All | All |
| Application | Apache | Log4j | 2.2 | All | All | All |
| Application | Apache | Log4j | 2.3 | All | All | All |
| Application | Apache | Log4j | 2.4 | All | All | All |
| Application | Apache | Log4j | 2.4.1 | All | All | All |
| Application | Apache | Log4j | 2.5 | - | All | All |
| Application | Apache | Log4j | 2.5 | rc1 | All | All |
| Application | Apache | Log4j | 2.6 | - | All | All |
| Application | Apache | Log4j | 2.6 | rc1 | All | All |
| Application | Apache | Log4j | 2.6.1 | - | All | All |
| Application | Apache | Log4j | 2.6.1 | rc1 | All | All |
| Application | Apache | Log4j | 2.6.2 | - | All | All |
| Application | Apache | Log4j | 2.6.2 | rc1 | All | All |
| Application | Apache | Log4j | 2.7 | - | All | All |
| Application | Apache | Log4j | 2.7 | rc1 | All | All |
| Application | Apache | Log4j | 2.7 | rc2 | All | All |
| Application | Apache | Log4j | 2.8 | - | All | All |
| Application | Apache | Log4j | 2.8 | rc1 | All | All |
| Application | Apache | Log4j | 2.8.1 | - | All | All |
| Application | Apache | Log4j | 2.8.1 | rc1 | All | All |
| Application | Apache | Log4j | 2.8.2 | - | All | All |
| Application | Apache | Log4j | 2.8.2 | rc1 | All | All |
| Application | Apache | Log4j | 2.9.0 | - | All | All |
| Application | Apache | Log4j | 2.9.0 | rc1 | All | All |
| Application | Apache | Log4j | 2.9.1 | rc1 | All | All |
| Application | Apache | Log4j | All | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Application | Netapp | Cloud Manager | - | All | All | All |
| Application | Oracle | Agile Engineering Data Management | 6.2.1.0 | All | All | All |
| Application | Oracle | Agile Plm | 9.3.6 | All | All | All |
| Application | Oracle | Agile Plm Mcad Connector | 3.6 | All | All | All |
| Application | Oracle | Autovue For Agile Product Lifecycle Management | 21.0.2 | All | All | All |
| Application | Oracle | Banking Deposits And Lines Of Credit Servicing | 2.12.0 | All | All | All |
| Application | Oracle | Banking Enterprise Default Management | 2.12.0 | All | All | All |
| Application | Oracle | Banking Enterprise Default Management | 2.7.1 | All | All | All |
| Application | Oracle | Banking Loans Servicing | 2.12.0 | All | All | All |
| Application | Oracle | Banking Party Management | 2.7.0 | All | All | All |
| Application | Oracle | Banking Payments | 14.5 | All | All | All |
| Application | Oracle | Banking Platform | 2.12.0 | All | All | All |
| Application | Oracle | Banking Platform | 2.6.2 | All | All | All |
| Application | Oracle | Banking Platform | 2.7.1 | All | All | All |
| Application | Oracle | Banking Trade Finance | 14.5 | All | All | All |
| Application | Oracle | Banking Treasury Management | 14.5 | All | All | All |
| Application | Oracle | Business Intelligence | 5.5.0.0.0 | All | All | All |
| Application | Oracle | Communications Asap | 7.3 | All | All | All |
| Application | Oracle | Communications Billing And Revenue Management | 12.0.0.4 | All | All | All |
| Application | Oracle | Communications Billing And Revenue Management | 12.0.0.5 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Console | 1.9.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Function Cloud Native Environment | 1.10.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Repository Function | 1.15.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Repository Function | 1.15.1 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Slice Selection Function | 1.8.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Policy | 1.15.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Security Edge Protection Proxy | 1.7.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Service Communication Proxy | 1.15.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Unified Data Repository | 1.15.0 | All | All | All |
| Application | Oracle | Communications Convergence | 3.0.2.2.0 | All | All | All |
| Application | Oracle | Communications Convergence | 3.0.3.0 | All | All | All |
| Application | Oracle | Communications Convergent Charging Controller | 6.0.1.0.0 | All | All | All |
| Application | Oracle | Communications Convergent Charging Controller | All | All | All | All |
| Application | Oracle | Communications Diameter Signaling Router | All | All | All | All |
| Application | Oracle | Communications Eagle Element Management System | 46.6 | All | All | All |
| Application | Oracle | Communications Eagle Ftp Table Base Retrieval | 4.5 | All | All | All |
| Application | Oracle | Communications Element Manager | All | All | All | All |
| Application | Oracle | Communications Evolved Communications Application Server | 7.1 | All | All | All |
| Application | Oracle | Communications Interactive Session Recorder | 6.3 | All | All | All |
| Application | Oracle | Communications Interactive Session Recorder | 6.4 | All | All | All |
| Application | Oracle | Communications Ip Service Activator | 7.4.0 | All | All | All |
| Application | Oracle | Communications Messaging Server | 8.1 | All | All | All |
| Application | Oracle | Communications Network Charging And Control | 6.0.1.0.0 | All | All | All |
| Application | Oracle | Communications Network Charging And Control | All | All | All | All |
| Application | Oracle | Communications Network Integrity | 7.3.6 | All | All | All |
| Application | Oracle | Communications Performance Intelligence Center | 10.4.0.3 | All | All | All |
| Application | Oracle | Communications Pricing Design Center | 12.0.0.4 | All | All | All |
| Application | Oracle | Communications Pricing Design Center | 12.0.0.5 | All | All | All |
| Application | Oracle | Communications Services Gatekeeper | 7.0 | All | All | All |
| Application | Oracle | Communications Service Broker | 6.2 | All | All | All |
| Application | Oracle | Communications Session Report Manager | All | All | All | All |
| Application | Oracle | Communications Session Route Manager | All | All | All | All |
| Application | Oracle | Communications Unified Inventory Management | 7.3.5 | All | All | All |
| Application | Oracle | Communications Unified Inventory Management | 7.4.1 | All | All | All |
| Application | Oracle | Communications Unified Inventory Management | 7.4.2 | All | All | All |
| Application | Oracle | Communications User Data Repository | 12.4 | All | All | All |
| Application | Oracle | Communications Webrtc Session Controller | 7.2.0.0 | All | All | All |
| Application | Oracle | Communications Webrtc Session Controller | 7.2.1 | All | All | All |
| Application | Oracle | Data Integrator | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Data Integrator | 12.2.1.4.0 | All | All | All |
| Application | Oracle | E-business Suite | 12.2 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.4.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.5.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager For Peoplesoft | 13.4.1.1 | All | All | All |
| Application | Oracle | Enterprise Manager For Peoplesoft | 13.5.1.1 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.4.0.0 | All | All | All |
| Application | Oracle | Financial Services Analytical Applications Infrastructure | All | All | All | All |
| Application | Oracle | Financial Services Model Management And Governance | 8.0.8.0.0 | All | All | All |
| Application | Oracle | Financial Services Model Management And Governance | 8.1.0.0.0 | All | All | All |
| Application | Oracle | Financial Services Model Management And Governance | 8.1.1.0.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 11.83.3 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 14.5 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | All | All | All | All |
| Application | Oracle | Flexcube Universal Banking | All | All | All | All |
| Application | Oracle | Healthcare Data Repository | 8.1.1 | All | All | All |
| Application | Oracle | Healthcare Foundation | All | All | All | All |
| Application | Oracle | Healthcare Master Person Index | 5.0.1 | All | All | All |
| Application | Oracle | Healthcare Translational Research | 4.1.0 | All | All | All |
| Application | Oracle | Healthcare Translational Research | 4.1.1 | All | All | All |
| Application | Oracle | Health Sciences Empirica Signal | 9.1.0.6 | All | All | All |
| Application | Oracle | Health Sciences Empirica Signal | 9.2.0.0 | All | All | All |
| Application | Oracle | Health Sciences Inform | 6.2.1.1 | All | All | All |
| Application | Oracle | Health Sciences Inform | 6.3.2.1 | All | All | All |
| Application | Oracle | Health Sciences Inform | 7.0.0.0 | All | All | All |
| Application | Oracle | Health Sciences Information Manager | All | All | All | All |
| Application | Oracle | Hospitality Suite8 | 8.13.0 | All | All | All |
| Application | Oracle | Hospitality Suite8 | 8.14.0 | All | All | All |
| Application | Oracle | Hospitality Token Proxy Service | 19.2 | All | All | All |
| Application | Oracle | Hyperion Bi | All | All | All | All |
| Application | Oracle | Hyperion Data Relationship Management | All | All | All | All |
| Application | Oracle | Hyperion Infrastructure Technology | All | All | All | All |
| Application | Oracle | Hyperion Planning | All | All | All | All |
| Application | Oracle | Hyperion Profitability And Cost Management | All | All | All | All |
| Application | Oracle | Hyperion Tax Provision | All | All | All | All |
| Application | Oracle | Identity Management Suite | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Identity Management Suite | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Identity Manager Connector | 9.1.0 | All | All | All |
| Application | Oracle | Instantis Enterprisetrack | 17.1 | All | All | All |
| Application | Oracle | Instantis Enterprisetrack | 17.2 | All | All | All |
| Application | Oracle | Instantis Enterprisetrack | 17.3 | All | All | All |
| Application | Oracle | Insurance Data Gateway | 1.0.1 | All | All | All |
| Application | Oracle | Insurance Insbridge Rating And Underwriting | 5.2.0 | All | All | All |
| Application | Oracle | Insurance Insbridge Rating And Underwriting | 5.6.1.0 | All | All | All |
| Application | Oracle | Insurance Insbridge Rating And Underwriting | All | All | All | All |
| Application | Oracle | Jdeveloper | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Managed File Transfer | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Managed File Transfer | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Management Cloud Engine | 1.5.0 | All | All | All |
| Application | Oracle | Mysql Enterprise Monitor | All | All | All | All |
| Application | Oracle | Payment Interface | 19.1 | All | All | All |
| Application | Oracle | Payment Interface | 20.3 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.58 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.59 | All | All | All |
| Application | Oracle | Primavera Gateway | 21.12.0 | All | All | All |
| Application | Oracle | Primavera Gateway | All | All | All | All |
| Application | Oracle | Primavera Gateway | All | All | All | All |
| Application | Oracle | Primavera Gateway | All | All | All | All |
| Application | Oracle | Primavera Gateway | All | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 21.12.0.0 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | All | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | All | All | All | All |
| Application | Oracle | Primavera Unifier | 18.8 | All | All | All |
| Application | Oracle | Primavera Unifier | 19.12 | All | All | All |
| Application | Oracle | Primavera Unifier | 20.12 | All | All | All |
| Application | Oracle | Primavera Unifier | 21.12 | All | All | All |
| Application | Oracle | Retail Back Office | 14.1 | All | All | All |
| Application | Oracle | Retail Central Office | 14.1 | All | All | All |
| Application | Oracle | Retail Customer Insights | 15.0.2 | All | All | All |
| Application | Oracle | Retail Customer Insights | 16.0.2 | All | All | All |
| Application | Oracle | Retail Data Extractor For Merchandising | 15.0.2 | All | All | All |
| Application | Oracle | Retail Data Extractor For Merchandising | 16.0.2 | All | All | All |
| Application | Oracle | Retail Eftlink | 16.0.3 | All | All | All |
| Application | Oracle | Retail Eftlink | 17.0.2 | All | All | All |
| Application | Oracle | Retail Eftlink | 18.0.1 | All | All | All |
| Application | Oracle | Retail Eftlink | 19.0.1 | All | All | All |
| Application | Oracle | Retail Eftlink | 20.0.1 | All | All | All |
| Application | Oracle | Retail Eftlink | 21.0.0 | All | All | All |
| Application | Oracle | Retail Financial Integration | 14.1.3.2 | All | All | All |
| Application | Oracle | Retail Financial Integration | 15.0.3.1 | All | All | All |
| Application | Oracle | Retail Financial Integration | 19.0.0 | All | All | All |
| Application | Oracle | Retail Financial Integration | 19.0.1 | All | All | All |
| Application | Oracle | Retail Financial Integration | All | All | All | All |
| Application | Oracle | Retail Integration Bus | 14.1.3 | All | All | All |
| Application | Oracle | Retail Integration Bus | 14.1.3.2 | All | All | All |
| Application | Oracle | Retail Integration Bus | 15.0.3.1 | All | All | All |
| Application | Oracle | Retail Integration Bus | 19.0.0 | All | All | All |
| Application | Oracle | Retail Integration Bus | 19.0.1 | All | All | All |
| Application | Oracle | Retail Integration Bus | All | All | All | All |
| Application | Oracle | Retail Integration Bus | All | All | All | All |
| Application | Oracle | Retail Invoice Matching | 15.0.3 | All | All | All |
| Application | Oracle | Retail Invoice Matching | 16.0.3 | All | All | All |
| Application | Oracle | Retail Merchandising System | 16.0.3 | All | All | All |
| Application | Oracle | Retail Merchandising System | 19.0.1 | All | All | All |
| Application | Oracle | Retail Order Broker | 16.0 | All | All | All |
| Application | Oracle | Retail Order Broker | 18.0 | All | All | All |
| Application | Oracle | Retail Order Broker | 19.1 | All | All | All |
| Application | Oracle | Retail Order Management System | 19.5 | All | All | All |
| Application | Oracle | Retail Point-of-service | 14.1 | All | All | All |
| Application | Oracle | Retail Predictive Application Server | 14.1.3.46 | All | All | All |
| Application | Oracle | Retail Predictive Application Server | 15.0.3.115 | All | All | All |
| Application | Oracle | Retail Predictive Application Server | 16.0.3.240 | All | All | All |
| Application | Oracle | Retail Price Management | 13.2 | All | All | All |
| Application | Oracle | Retail Price Management | 14.0.4 | All | All | All |
| Application | Oracle | Retail Price Management | 14.1.3.0 | All | All | All |
| Application | Oracle | Retail Price Management | 15.0.3.0 | All | All | All |
| Application | Oracle | Retail Price Management | 16.0.3.0 | All | All | All |
| Application | Oracle | Retail Returns Management | 14.1 | All | All | All |
| Application | Oracle | Retail Service Backbone | 14.1.3 | All | All | All |
| Application | Oracle | Retail Service Backbone | 14.1.3.2 | All | All | All |
| Application | Oracle | Retail Service Backbone | 15.0.3.1 | All | All | All |
| Application | Oracle | Retail Service Backbone | 19.0.0 | All | All | All |
| Application | Oracle | Retail Service Backbone | 19.0.1 | All | All | All |
| Application | Oracle | Retail Service Backbone | 19.0.1.0 | All | All | All |
| Application | Oracle | Retail Service Backbone | All | All | All | All |
| Application | Oracle | Retail Store Inventory Management | 14.0.4.13 | All | All | All |
| Application | Oracle | Retail Store Inventory Management | 14.1.3.14 | All | All | All |
| Application | Oracle | Retail Store Inventory Management | 14.1.3.5 | All | All | All |
| Application | Oracle | Retail Store Inventory Management | 15.0.3.3 | All | All | All |
| Application | Oracle | Retail Store Inventory Management | 15.0.3.8 | All | All | All |
| Application | Oracle | Retail Store Inventory Management | 16.0.3.7 | All | All | All |
| Application | Oracle | Siebel Ui Framework | All | All | All | All |
| Application | Oracle | Sql Developer | All | All | All | All |
| Application | Oracle | Taleo Platform | All | All | All | All |
| Application | Oracle | Utilities Framework | 4.4.0.0.0 | All | All | All |
| Application | Oracle | Utilities Framework | 4.4.0.2.0 | All | All | All |
| Application | Oracle | Utilities Framework | 4.4.0.3.0 | All | All | All |
| Application | Oracle | Utilities Framework | All | All | All | All |
| Application | Oracle | Webcenter Portal | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Webcenter Portal | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Webcenter Sites | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Webcenter Sites | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Weblogic Server | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Weblogic Server | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Weblogic Server | 14.1.1.0.0 | All | All | All |
| Hardware | Sonicwall | 6bk1602-0aa12-0tp0 | - | All | All | All |
| Operating System | Sonicwall | 6bk1602-0aa12-0tp0 Firmware | All | All | All | All |
| Hardware | Sonicwall | 6bk1602-0aa22-0tp0 | - | All | All | All |
| Operating System | Sonicwall | 6bk1602-0aa22-0tp0 Firmware | All | All | All | All |
| Hardware | Sonicwall | 6bk1602-0aa32-0tp0 | - | All | All | All |
| Operating System | Sonicwall | 6bk1602-0aa32-0tp0 Firmware | All | All | All | All |
| Hardware | Sonicwall | 6bk1602-0aa42-0tp0 | - | All | All | All |
| Operating System | Sonicwall | 6bk1602-0aa42-0tp0 Firmware | All | All | All | All |
| Hardware | Sonicwall | 6bk1602-0aa52-0tp0 | - | All | All | All |
| Operating System | Sonicwall | 6bk1602-0aa52-0tp0 Firmware | All | All | All | All |
| Application | Sonicwall | Email Security | All | All | All | All |
| Application | Sonicwall | Network Security Manager | All | All | All | All |
| Application | Sonicwall | Network Security Manager | All | All | All | All |
| Application | Sonicwall | Web Application Firewall | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] [DLA 2852-1] apache-log4j2 security update | MLIST | lists.debian.org | |
| Security Advisory | CONFIRM | psirt.global.sonicwall.com | |
| Debian -- Security Information -- DSA-5024-1 apache-log4j2 | DEBIAN | www.debian.org | |
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| [SECURITY] Fedora 35 Update: log4j-2.17.0-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf | CONFIRM | cert-portal.siemens.com | |
| CVE-2021-45105 Apache Log4j Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| Oracle Critical Patch Update Advisory - January 2022 | MISC | www.oracle.com | |
| ZDI-21-1541 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021 | CISCO | tools.cisco.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf | CONFIRM | cert-portal.siemens.com | |
| oss-security - CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation | MLIST | www.openwall.com | |
| Log4j – Apache Log4j Security Vulnerabilities | MISC | logging.apache.org | |
| [SECURITY] Fedora 34 Update: log4j-2.17.0-1.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| VU#930724 - Apache Log4j allows insecure JNDI lookups | CERT-VN | www.kb.cert.org | |
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro’s Zero Day Initiative, and another anonymous vulnerability researcher
Legacy QID Mappings
- 178945 Debian Security Update for apache-log4j2 (DSA 5024-1)
- 178956 Debian Security Update for apache-log4j2 (DLA 2852-1)
- 182425 Debian Security Update for apache-log4j2 (CVE-2021-45105)
- 198613 Ubuntu Security Notification for Apache Log4j 2 Vulnerability (USN-5203-1)
- 198626 Ubuntu Security Notification for Apache Log4j 2 Vulnerabilities (USN-5222-1)
- 20240 Oracle Database 19c Critical Patch Update - January 2022
- 20241 Oracle Database 12.2.0.1 Critical Patch Update - January 2022
- 20242 Oracle Database 12.2.0.1 Critical Patch Update - January 2022 (Unauthenticated)
- 20252 IBM DB2 Security Update for Log4j (6528672,6549888)
- 20289 Oracle Database 19c Critical OJVM Patch Update - January 2022
- 20314 Oracle Database 12.2.0.1 Critical OJVM Patch Update - January 2022
- 240209 Red Hat Update for JBoss Enterprise Application Platform 7.4.4 (RHSA-2022:1296)
- 240210 Red Hat Update for JBoss Enterprise Application Platform 7.4.4 (RHSA-2022:1297)
- 282198 Fedora Security Update for log4j (FEDORA-2021-5c9d12a93e) (Log4Shell)
- 282200 Fedora Security Update for log4j (FEDORA-2021-abbe24e41c) (Log4Shell)
- 317120 Cisco Unified Communications Manager (CUCM) Apache Log4j Vulnerability (cisco-sa-apache-log4j-qRuKNEbd)
- 317121 Cisco Unified Communications Manager IM and Presence Service (formerly CUPS) Apache Log4j Vulnerability (cisco-sa-apache-log4j-qRuKNEbd)
- 317123 Cisco UCS Central Software Apache Log4j Vulnerability (cisco-sa-apache-log4j-qRuKNEbd)
- 353090 Amazon Linux Security Advisory for aws-kinesis-agent : ALAS2-2021-1733
- 354369 Amazon Linux Security Advisory for log4j : ALAS2022-2022-225
- 354516 Amazon Linux Security Advisory for log4j : ALAS2022-2021-008
- 354538 Amazon Linux Security Advisory for log4j : ALAS-2022-225
- 376192 Elasticsearch Logstash Log4j Remote Code Execution (RCE) Vulnerability
- 376194 Apache Log4j Denial of Service (DOS) Vulnerability (Log4Shell)
- 376195 Apache Log4j Denial of Service (DOS) Vulnerability (Log4Shell) Detected Based on Qualys Log4j scan Utility
- 376230 Dell EMC NetWorker Apache Log4j multiple Remote Code Execution (RCE) Vulnerabilities (DSA-2021-280)
- 376231 Dell EMC NetWorker Server Apache Log4j multiple Remote Code Execution (RCE) Vulnerabilities (DSA-2021-280)
- 376425 Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (Log4Shell) (Doc_ID_2817011.1)
- 376477 Autonomous Health Framework (AHF) Multiple Vulnerabilities (Log4Shell) (Doc ID 2828415.1)
- 690756 Free Berkeley Software Distribution (FreeBSD) Security Update for opensearch (d1be3d73-6737-11ec-9eea-589cfc007716)
- 730318 Palo Alto Networks (PAN-OS) Log4j Multiple Vulnerabilities (PAN-184592) (Log4Shell)
- 730329 Dell EMC NetWorker Virtual Edition Multiple Apache Log4j Remote Code Execution (RCE) Vulnerabilities (DSA-2021-280)
- 730331 Dell EMC NetWorker Virtual Edition multiple Apache Log4j Remote Code Execution (RCE) Vulnerabilities (DSA-2021-280)
- 730362 Neo4j Database Server Affected by Apache Log4j Security Vulnerability
- 730367 Dell EMC SRM Remote Code Execution (RCE) Vulnerability (DSA-2021-301)
- 730371 McAfee Web Gateway Multiple Vulnerabilities (WP-3335,WP-4131,WP-4159,WP-4237,WP-4259,WP-4329,WP-4348,WP-4355,WP-4376,WP-4407,WP-4421)
- 751534 OpenSUSE Security Update for log4j (openSUSE-SU-2021:4118-1)
- 751546 OpenSUSE Security Update for log4j (openSUSE-SU-2021:1605-1)
- 87473 Cisco Nexus Dashboard Fabric Controller (Formerly DCNM) Apache Log4j Vulnerability (cisco-sa-apache-log4j-qRuKNEbd)
- 87482 Oracle WebLogic Server Multiple Vulnerabilities (Log4Shell) (Doc_ID_2828556.1)
- 87483 Oracle WebLogic Server Multiple Vulnerabilities (Log4Shell) (Doc_ID_2817011.1)