Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Apache
  • Log4j
Debian
  • Debian Linux
Netapp
  • Cloud Manager
Oracle
  • Agile Engineering Data Management
  • Agile Plm
  • Agile Plm Mcad Connector
  • Autovue For Agile Product Lifecycle Management
  • Banking Deposits And Lines Of Credit Servicing
  • Banking Enterprise Default Management
  • Banking Loans Servicing
  • Banking Party Management
  • Banking Payments
  • Banking Platform
  • Banking Trade Finance
  • Banking Treasury Management
  • Business Intelligence
  • Communications Asap
  • Communications Billing And Revenue Management
  • Communications Cloud Native Core Console
  • Communications Cloud Native Core Network Function Cloud Native Environment
  • Communications Cloud Native Core Network Repository Function
  • Communications Cloud Native Core Network Slice Selection Function
  • Communications Cloud Native Core Policy
  • Communications Cloud Native Core Security Edge Protection Proxy
  • Communications Cloud Native Core Service Communication Proxy
  • Communications Cloud Native Core Unified Data Repository
  • Communications Convergence
  • Communications Convergent Charging Controller
  • Communications Diameter Signaling Router
  • Communications Eagle Element Management System
  • Communications Eagle Ftp Table Base Retrieval
  • Communications Element Manager
  • Communications Evolved Communications Application Server
  • Communications Interactive Session Recorder
  • Communications Ip Service Activator
  • Communications Messaging Server
  • Communications Network Charging And Control
  • Communications Network Integrity
  • Communications Performance Intelligence Center
  • Communications Pricing Design Center
  • Communications Service Broker
  • Communications Services Gatekeeper
  • Communications Session Report Manager
  • Communications Session Route Manager
  • Communications Unified Inventory Management
  • Communications User Data Repository
  • Communications Webrtc Session Controller
  • Data Integrator
  • E-business Suite
  • Enterprise Manager Base Platform
  • Enterprise Manager For Peoplesoft
  • Enterprise Manager Ops Center
  • Financial Services Analytical Applications Infrastructure
  • Financial Services Model Management And Governance
  • Flexcube Universal Banking
  • Health Sciences Empirica Signal
  • Health Sciences Inform
  • Health Sciences Information Manager
  • Healthcare Data Repository
  • Healthcare Foundation
  • Healthcare Master Person Index
  • Healthcare Translational Research
  • Hospitality Suite8
  • Hospitality Token Proxy Service
  • Hyperion Bi\+
  • Hyperion Data Relationship Management
  • Hyperion Infrastructure Technology
  • Hyperion Planning
  • Hyperion Profitability And Cost Management
  • Hyperion Tax Provision
  • Identity Management Suite
  • Identity Manager Connector
  • Instantis Enterprisetrack
  • Insurance Data Gateway
  • Insurance Insbridge Rating And Underwriting
  • Jdeveloper
  • Managed File Transfer
  • Management Cloud Engine
  • Mysql Enterprise Monitor
  • Payment Interface
  • Peoplesoft Enterprise Peopletools
  • Primavera Gateway
  • Primavera P6 Enterprise Project Portfolio Management
  • Primavera Unifier
  • Retail Back Office
  • Retail Central Office
  • Retail Customer Insights
  • Retail Data Extractor For Merchandising
  • Retail Eftlink
  • Retail Financial Integration
  • Retail Integration Bus
  • Retail Invoice Matching
  • Retail Merchandising System
  • Retail Order Broker
  • Retail Order Management System
  • Retail Point-of-service
  • Retail Predictive Application Server
  • Retail Price Management
  • Retail Returns Management
  • Retail Service Backbone
  • Retail Store Inventory Management
  • Siebel Ui Framework
  • Sql Developer
  • Taleo Platform
  • Utilities Framework
  • Webcenter Portal
  • Webcenter Sites
  • Weblogic Server
Redhat
  • Amq Streams
  • Camel Quarkus
  • Integration
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jboss Fuse
  • Logging
  • Openshift
  • Openshift Application Runtimes
  • Red Hat Single Sign On
Sonicwall
  • 6bk1602-0aa12-0tp0
  • 6bk1602-0aa12-0tp0 Firmware
  • 6bk1602-0aa22-0tp0
  • 6bk1602-0aa22-0tp0 Firmware
  • 6bk1602-0aa32-0tp0
  • 6bk1602-0aa32-0tp0 Firmware
  • 6bk1602-0aa42-0tp0
  • 6bk1602-0aa42-0tp0 Firmware
  • 6bk1602-0aa52-0tp0
  • 6bk1602-0aa52-0tp0 Firmware
  • Email Security
  • Network Security Manager
  • Web Application Firewall

Configuration 1 [-]

OR cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*
cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*
cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*
cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*

Configuration 10 [-]

OR cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_bi\+:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
EAP 7.4.4 release
log4j-core cpe:/a:redhat:jboss_enterprise_application_platform:7.4 RHSA-2022:1299 2022-04-11T00:00:00Z
EAP 7.4 log4j async
log4j-core cpe:/a:redhat:jboss_enterprise_application_platform:7.4 RHSA-2022:0216 2022-01-20T00:00:00Z
OpenShift Logging 5.0
openshift-logging/elasticsearch6-rhel8:v5.0.11-2 cpe:/a:redhat:logging:5.0::el8 RHSA-2022:0047 2022-01-10T00:00:00Z
OpenShift Logging 5.1
openshift-logging/elasticsearch6-rhel8:v6.8.1-82 cpe:/a:redhat:logging:5.1::el8 RHSA-2022:0042 2022-01-10T00:00:00Z
OpenShift Logging 5.2
openshift-logging/elasticsearch6-rhel8:v6.8.1-83 cpe:/a:redhat:logging:5.2::el8 RHSA-2022:0043 2022-01-10T00:00:00Z
OpenShift Logging 5.3
openshift-logging/elasticsearch6-rhel8:v6.8.1-84 cpe:/a:redhat:logging:5.3::el8 RHSA-2022:0044 2022-01-10T00:00:00Z
Red Hat AMQ Streams 1.6.6
log4j-core cpe:/a:redhat:amq_streams:1 RHSA-2022:0219 2022-01-20T00:00:00Z
Red Hat Data Grid 8.2.3
log4j-core cpe:/a:redhat:jboss_data_grid:8.2 RHSA-2022:0205 2022-01-20T00:00:00Z
Red Hat Fuse 7.8.2, 7.9.1, 7.10.1
log4j-core cpe:/a:redhat:jboss_fuse:7 RHSA-2022:0203 2022-01-20T00:00:00Z
Red Hat Integration Camel Extensions for Quarkus 2.2
log4j-core cpe:/a:redhat:camel_quarkus:2.2 RHSA-2022:0222 2022-01-20T00:00:00Z
Red Hat Integration Camel-K 1.6.3
log4j-core cpe:/a:redhat:integration:1 RHSA-2022:0223 2022-01-20T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2022:1297 2022-04-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2022:1296 2022-04-11T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-logging-elasticsearch6:v4.6.0-202112201736.p0.gce7f68c.assembly.stream cpe:/a:redhat:openshift:4.6::el8 RHSA-2022:0026 2022-01-12T00:00:00Z
Red Hat Single Sign-On 7
log4j-api cpe:/a:redhat:red_hat_single_sign_on:7 RHSA-2022:1469 2022-04-20T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 7
rh-sso7-keycloak-0:15.0.6-1.redhat_00001.1.el7sso cpe:/a:redhat:red_hat_single_sign_on:7.5::el7 RHSA-2022:1462 2022-04-20T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 8
rh-sso7-keycloak-0:15.0.6-1.redhat_00001.1.el8sso cpe:/a:redhat:red_hat_single_sign_on:7.5::el8 RHSA-2022:1463 2022-04-20T00:00:00Z
Vert.x 4.1.8
log4j-core cpe:/a:redhat:openshift_application_runtimes:1.0 RHSA-2022:0083 2022-01-20T00:00:00Z
References
Link Providers
http://www.openwall.com/lists/oss-security/2021/12/19/1 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf cve-icon cve-icon
https://issues.apache.org/jira/browse/LOG4J2-3230 cve-icon
https://logging.apache.org/log4j/2.x/security.html cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-45105 cve-icon
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20211218-0001/ cve-icon cve-icon
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-45105 cve-icon
https://www.debian.org/security/2021/dsa-5024 cve-icon cve-icon
https://www.kb.cert.org/vuls/id/930724 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2021/12/19/1 cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ cve-icon cve-icon
History

Fri, 29 May 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.65452}

 epss

{'score': 0.66522}
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-12-18T11:55:08.000Z

Updated: 2026-05-29T11:45:26.064Z

Reserved: 2021-12-16T00:00:00.000Z

Link: CVE-2021-45105

cve-icon Vulnrichment

Updated: 2024-08-04T04:39:20.295Z

cve-icon NVD

Status : Modified

Published: 2021-12-18T12:15:07.433

Modified: 2026-05-29T13:16:19.967

Link: CVE-2021-45105

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-12-18T00:00:00Z

Links: CVE-2021-45105 - Bugzilla