CVE-2021-45105 - Vulnerability Details

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.70431.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Log4j
Debian	Debian Linux
Netapp	Cloud Manager
Oracle	Agile Engineering Data Management Agile Plm Agile Plm Mcad Connector Autovue For Agile Product Lifecycle Management Banking Deposits And Lines Of Credit Servicing Banking Enterprise Default Management Banking Loans Servicing Banking Party Management Banking Payments Banking Platform Banking Trade Finance Banking Treasury Management Business Intelligence Communications Asap Communications Billing And Revenue Management Communications Cloud Native Core Console Communications Cloud Native Core Network Function Cloud Native Environment Communications Cloud Native Core Network Repository Function Communications Cloud Native Core Network Slice Selection Function Communications Cloud Native Core Policy Communications Cloud Native Core Security Edge Protection Proxy Communications Cloud Native Core Service Communication Proxy Communications Cloud Native Core Unified Data Repository Communications Convergence Communications Convergent Charging Controller Communications Diameter Signaling Router Communications Eagle Element Management System Communications Eagle Ftp Table Base Retrieval Communications Element Manager Communications Evolved Communications Application Server Communications Interactive Session Recorder Communications Ip Service Activator Communications Messaging Server Communications Network Charging And Control Communications Network Integrity Communications Performance Intelligence Center Communications Pricing Design Center Communications Service Broker Communications Services Gatekeeper Communications Session Report Manager Communications Session Route Manager Communications Unified Inventory Management Communications User Data Repository Communications Webrtc Session Controller Data Integrator E-business Suite Enterprise Manager Base Platform Enterprise Manager For Peoplesoft Enterprise Manager Ops Center Financial Services Analytical Applications Infrastructure Financial Services Model Management And Governance Flexcube Universal Banking Health Sciences Empirica Signal Health Sciences Inform Health Sciences Information Manager Healthcare Data Repository Healthcare Foundation Healthcare Master Person Index Healthcare Translational Research Hospitality Suite8 Hospitality Token Proxy Service Hyperion Bi\+ Hyperion Data Relationship Management Hyperion Infrastructure Technology Hyperion Planning Hyperion Profitability And Cost Management Hyperion Tax Provision Identity Management Suite Identity Manager Connector Instantis Enterprisetrack Insurance Data Gateway Insurance Insbridge Rating And Underwriting Jdeveloper Managed File Transfer Management Cloud Engine Mysql Enterprise Monitor Payment Interface Peoplesoft Enterprise Peopletools Primavera Gateway Primavera P6 Enterprise Project Portfolio Management Primavera Unifier Retail Back Office Retail Central Office Retail Customer Insights Retail Data Extractor For Merchandising Retail Eftlink Retail Financial Integration Retail Integration Bus Retail Invoice Matching Retail Merchandising System Retail Order Broker Retail Order Management System Retail Point-of-service Retail Predictive Application Server Retail Price Management Retail Returns Management Retail Service Backbone Retail Store Inventory Management Siebel Ui Framework Sql Developer Taleo Platform Utilities Framework Webcenter Portal Webcenter Sites Weblogic Server
Redhat	Amq Streams Camel Quarkus Integration Jboss Data Grid Jboss Enterprise Application Platform Jboss Fuse Logging Openshift Openshift Application Runtimes Red Hat Single Sign On
Sonicwall	6bk1602-0aa12-0tp0 6bk1602-0aa12-0tp0 Firmware 6bk1602-0aa22-0tp0 6bk1602-0aa22-0tp0 Firmware 6bk1602-0aa32-0tp0 6bk1602-0aa32-0tp0 Firmware 6bk1602-0aa42-0tp0 6bk1602-0aa42-0tp0 Firmware 6bk1602-0aa52-0tp0 6bk1602-0aa52-0tp0 Firmware Email Security Network Security Manager Web Application Firewall

Configuration 1 [-]

OR	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::

Configuration 2 [-]

cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:sonicwall:email_security::::::::
	cpe:2.3:a:sonicwall:network_security_manager:::::on-premises:::*
	cpe:2.3:a:sonicwall:network_security_manager:::::saas:::*
	cpe:2.3:a:sonicwall:web_application_firewall::::::::

Configuration 5 [-]

AND

cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*

Configuration 10 [-]

OR	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
	cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:::::::*
	cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:::::::*
	cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:::::::*
	cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:::::::*
	cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:::::::*
	cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:::::::*
	cpe:2.3:a:oracle:banking_party_management:2.7.0:::::::*
	cpe:2.3:a:oracle:banking_payments:14.5:::::::*
	cpe:2.3:a:oracle:banking_platform:2.6.2:::::::*
	cpe:2.3:a:oracle:banking_platform:2.7.1:::::::*
	cpe:2.3:a:oracle:banking_platform:2.12.0:::::::*
	cpe:2.3:a:oracle:banking_trade_finance:14.5:::::::*
	cpe:2.3:a:oracle:banking_treasury_management:14.5:::::::*
	cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0::::enterprise:::
	cpe:2.3:a:oracle:communications_asap:7.3:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:::::::*
	cpe:2.3:a:oracle:communications_convergence:3.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::
	cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::
	cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:::::::*
	cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:::::::*
	cpe:2.3:a:oracle:communications_element_manager::::::::
	cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*
	cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*
	cpe:2.3:a:oracle:communications_messaging_server:8.1:::::::*
	cpe:2.3:a:oracle:communications_network_charging_and_control::::::::
	cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*
	cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
	cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:::::::*
	cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:::::::*
	cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:::::::*
	cpe:2.3:a:oracle:communications_service_broker:6.2:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager::::::::
	cpe:2.3:a:oracle:communications_session_route_manager::::::::
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*
	cpe:2.3:a:oracle:communications_user_data_repository:12.4:::::::*
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:::::::*
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:::::::*
	cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:e-business_suite:12.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:::::::*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:::::::*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:::::::*
cpe:2.3:a:oracle:flexcube_universal_banking::::::::
cpe:2.3:a:oracle:flexcube_universal_banking::::::::
cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:::::::*
cpe:2.3:a:oracle:flexcube_universal_banking:14.5:::::::*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:::::::*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:::::::*
cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:::::::*
cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:::::::*
cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:::::::*
cpe:2.3:a:oracle:health_sciences_information_manager::::::::
cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:::::::*
cpe:2.3:a:oracle:healthcare_foundation::::::::
cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:::::::*
cpe:2.3:a:oracle:hospitality_suite8:8.13.0:::::::*
cpe:2.3:a:oracle:hospitality_suite8:8.14.0:::::::*
cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:::::::*
cpe:2.3:a:oracle:hyperion_bi\+::::::::
cpe:2.3:a:oracle:hyperion_data_relationship_management::::::::
cpe:2.3:a:oracle:hyperion_infrastructure_technology::::::::
cpe:2.3:a:oracle:hyperion_planning::::::::
cpe:2.3:a:oracle:hyperion_profitability_and_cost_management::::::::
cpe:2.3:a:oracle:hyperion_tax_provision::::::::
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:identity_manager_connector:9.1.0:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:::::::*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:::::::*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:management_cloud_engine:1.5.0:::::::*
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
cpe:2.3:a:oracle:payment_interface:19.1:::::::*
cpe:2.3:a:oracle:payment_interface:20.3:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway:21.12.0:::::::*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_central_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_insights:15.0.2:::::::*
cpe:2.3:a:oracle:retail_customer_insights:16.0.2:::::::*
cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:::::::*
cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:::::::*
cpe:2.3:a:oracle:retail_eftlink:16.0.3:::::::*
cpe:2.3:a:oracle:retail_eftlink:17.0.2:::::::*
cpe:2.3:a:oracle:retail_eftlink:18.0.1:::::::*
cpe:2.3:a:oracle:retail_eftlink:19.0.1:::::::*
cpe:2.3:a:oracle:retail_eftlink:20.0.1:::::::*
cpe:2.3:a:oracle:retail_eftlink:21.0.0:::::::*
cpe:2.3:a:oracle:retail_financial_integration::::::::
cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:::::::*
cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:::::::*
cpe:2.3:a:oracle:retail_financial_integration:19.0.0:::::::*
cpe:2.3:a:oracle:retail_financial_integration:19.0.1:::::::*
cpe:2.3:a:oracle:retail_integration_bus::::::::
cpe:2.3:a:oracle:retail_integration_bus::::::::
cpe:2.3:a:oracle:retail_integration_bus:14.1.3:::::::*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:::::::*
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:::::::*
cpe:2.3:a:oracle:retail_integration_bus:19.0.0:::::::*
cpe:2.3:a:oracle:retail_integration_bus:19.0.1:::::::*
cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:::::::*
cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:::::::*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:::::::*
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:::::::*
cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:19.1:::::::*
cpe:2.3:a:oracle:retail_order_management_system:19.5:::::::*
cpe:2.3:a:oracle:retail_point-of-service:14.1:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:::::::*
cpe:2.3:a:oracle:retail_price_management:13.2:::::::*
cpe:2.3:a:oracle:retail_price_management:14.0.4:::::::*
cpe:2.3:a:oracle:retail_price_management:14.1.3.0:::::::*
cpe:2.3:a:oracle:retail_price_management:15.0.3.0:::::::*
cpe:2.3:a:oracle:retail_price_management:16.0.3.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:retail_service_backbone::::::::
cpe:2.3:a:oracle:retail_service_backbone:14.1.3:::::::*
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:::::::*
cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:::::::*
cpe:2.3:a:oracle:retail_service_backbone:19.0.0:::::::*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1:::::::*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:::::::*
cpe:2.3:a:oracle:siebel_ui_framework::::::::
cpe:2.3:a:oracle:sql_developer::::::::
cpe:2.3:a:oracle:taleo_platform::::::::
cpe:2.3:a:oracle:utilities_framework::::::::
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:::::::*
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:::::::*
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Package	CPE	Advisory	Released Date
EAP 7.4.4 release
log4j-core	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:1299	2022-04-11T00:00:00Z
EAP 7.4 log4j async
log4j-core	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:0216	2022-01-20T00:00:00Z
OpenShift Logging 5.0
openshift-logging/elasticsearch6-rhel8:v5.0.11-2	cpe:/a:redhat:logging:5.0::el8	RHSA-2022:0047	2022-01-10T00:00:00Z
OpenShift Logging 5.1
openshift-logging/elasticsearch6-rhel8:v6.8.1-82	cpe:/a:redhat:logging:5.1::el8	RHSA-2022:0042	2022-01-10T00:00:00Z
OpenShift Logging 5.2
openshift-logging/elasticsearch6-rhel8:v6.8.1-83	cpe:/a:redhat:logging:5.2::el8	RHSA-2022:0043	2022-01-10T00:00:00Z
OpenShift Logging 5.3
openshift-logging/elasticsearch6-rhel8:v6.8.1-84	cpe:/a:redhat:logging:5.3::el8	RHSA-2022:0044	2022-01-10T00:00:00Z
Red Hat AMQ Streams 1.6.6
log4j-core	cpe:/a:redhat:amq_streams:1	RHSA-2022:0219	2022-01-20T00:00:00Z
Red Hat Data Grid 8.2.3
log4j-core	cpe:/a:redhat:jboss_data_grid:8.2	RHSA-2022:0205	2022-01-20T00:00:00Z
Red Hat Fuse 7.8.2, 7.9.1, 7.10.1
log4j-core	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:0203	2022-01-20T00:00:00Z
Red Hat Integration Camel Extensions for Quarkus 2.2
log4j-core	cpe:/a:redhat:camel_quarkus:2.2	RHSA-2022:0222	2022-01-20T00:00:00Z
Red Hat Integration Camel-K 1.6.3
log4j-core	cpe:/a:redhat:integration:1	RHSA-2022:0223	2022-01-20T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2022:1297	2022-04-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2022:1296	2022-04-11T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-logging-elasticsearch6:v4.6.0-202112201736.p0.gce7f68c.assembly.stream	cpe:/a:redhat:openshift:4.6::el8	RHSA-2022:0026	2022-01-12T00:00:00Z
Red Hat Single Sign-On 7
log4j-api	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2022:1469	2022-04-20T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 7
rh-sso7-keycloak-0:15.0.6-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el7	RHSA-2022:1462	2022-04-20T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 8
rh-sso7-keycloak-0:15.0.6-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el8	RHSA-2022:1463	2022-04-20T00:00:00Z
Vert.x 4.1.8
log4j-core	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2022:0083	2022-01-20T00:00:00Z

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

Implement one of the following mitigation techniques: * Java 8 (or later) users should upgrade to release 2.17.0. Alternatively, this can be mitigated in configuration: * In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC). * Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate from sources external to the application such as HTTP headers or user input.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2021/12/19/1
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
https://issues.apache.org/jira/browse/LOG4J2-3230
https://logging.apache.org/log4j/2.x/security.html
https://nvd.nist.gov/vuln/detail/CVE-2021-45105
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://security.netapp.com/advisory/ntap-20211218-0001/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
https://www.cve.org/CVERecord?id=CVE-2021-45105
https://www.debian.org/security/2021/dsa-5024
https://www.kb.cert.org/vuls/id/930724
https://www.openwall.com/lists/oss-security/2021/12/19/1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1541/

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.65452}`	epss `{'score': 0.66522}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-12-18T11:55:08

Updated: 2024-08-04T04:39:20.295Z

Reserved: 2021-12-16T00:00:00

Link: CVE-2021-45105

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-18T12:15:07.433

Modified: 2024-11-21T06:31:58.170

Link: CVE-2021-45105

Redhat

Severity : Moderate

Publid Date: 2021-12-18T00:00:00Z

Links: CVE-2021-45105 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object