{"containers": {"cna": {"affected": [{"product": "Apache Log4j2", "vendor": "Apache Software Foundation", "versions": [{"changes": [{"at": "2.13.0", "status": "affected"}, {"at": "2.12.3", "status": "unaffected"}, {"at": "2.4", "status": "affected"}, {"at": "2.3.1", "status": "unaffected"}, {"at": "2.0-alpha1", "status": "affected"}], "lessThan": "2.17.0", "status": "affected", "version": "log4j-core", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher"}], "descriptions": [{"lang": "en", "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."}], "metrics": [{"other": {"content": {"other": "high"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-674", "description": "CWE-674: Uncontrolled Recursion", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-25T16:41:57.000Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://logging.apache.org/log4j/2.x/security.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"}, {"name": "VU#930724", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/930724"}, {"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"}, {"name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"}, {"name": "DSA-5024", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-5024"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "source": {"defect": ["LOG4J2-3230"], "discovery": "UNKNOWN"}, "title": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", "workarounds": [{"lang": "en", "value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-45105", "STATE": "PUBLIC", "TITLE": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Log4j2", "version": {"version_data": [{"version_affected": "<", "version_name": "log4j-core", "version_value": "2.17.0"}, {"version_affected": ">=", "version_name": "log4j-core", "version_value": "2.13.0"}, {"version_affected": "<", "version_name": "log4j-core", "version_value": "2.12.3"}, {"version_affected": ">=", "version_name": "log4j-core", "version_value": "2.4"}, {"version_affected": "<", "version_name": "log4j-core", "version_value": "2.3.1"}, {"version_affected": ">=", "version_name": "log4j-core", "version_value": "2.0-alpha1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "high"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}, {"description": [{"lang": "eng", "value": "CWE-674: Uncontrolled Recursion"}]}]}, "references": {"reference_data": [{"name": "https://logging.apache.org/log4j/2.x/security.html", "refsource": "MISC", "url": "https://logging.apache.org/log4j/2.x/security.html"}, {"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"}, {"name": "VU#930724", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/930724"}, {"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"}, {"name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"}, {"name": "DSA-5024", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5024"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"}, {"name": "https://security.netapp.com/advisory/ntap-20211218-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"}, {"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}, "source": {"defect": ["LOG4J2-3230"], "discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:39:20.295Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://logging.apache.org/log4j/2.x/security.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"}, {"name": "VU#930724", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/930724"}, {"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"}, {"name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"}, {"name": "DSA-5024", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-5024"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-45105", "datePublished": "2021-12-18T11:55:08.000Z", "dateReserved": "2021-12-16T00:00:00.000Z", "dateUpdated": "2024-08-04T04:39:20.295Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "42BCB94E-86D2-4B98-B9E6-5789F2272692", "versionEndExcluding": "2.3.1", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "19DA22A8-0B29-4181-B44E-57D28D9DB331", "versionEndExcluding": "2.12.3", "versionStartIncluding": "2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E2AC03-D49B-4A15-BDA4-61DAF142CEED", "versionEndIncluding": "2.16.0", "versionStartIncluding": "2.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "421BCD43-8ECC-4B1E-9F3E-C20BB2BC672A", "versionEndIncluding": "10.0.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*", "matchCriteriaId": "1EA49667-8F94-4091-B9A9-A94318D83C24", "versionEndExcluding": "3.0", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*", "matchCriteriaId": "7C1B257C-9442-4C73-91CB-67893A78F0DF", "versionEndExcluding": "3.0", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD1E667A-9CAA-4382-957A-E4F1A4960E0C", "versionEndExcluding": "3.1.0", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B407FBDB-7900-4F69-B745-809277F26050", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*", "matchCriteriaId": "05AF56AD-FBAF-4AB8-B04D-1E28BF10B767", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3103225-6440-43F4-9493-131878735B2A", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B3A0115-86AB-4677-A026-D99B971D9EF5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "914A44DE-C4AA-45A0-AC26-5FAAF576130E", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D1C62CF-414A-4670-9F19-C11A381DB830", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "75359CC5-58A7-4B5A-B9BF-BDE59552EF1C", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*", "matchCriteriaId": "706A3F00-8489-4735-B09B-34528F7C556A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C23D02B7-C9A7-4ED9-AE71-765F01ACA55C", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9DCB171-E4C8-4472-8023-20992ABB9348", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "B0C0714E-4255-4095-B26C-70EB193B8F98", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F834ACC-D65B-4CA3-91F1-415CBC6077E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "473749BD-267E-480F-8E7F-C762702DB66E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E502A46-BAF4-4558-BC8F-9F014A2FB26A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "633E5B20-A7A7-4346-A71D-58121B006D00", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDC6D658-09EA-4C41-869F-1C2EA163F751", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "64750C01-21AC-4947-B674-6690EAAAC5DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "3C3D0063-9458-4018-9B92-79A219716C10", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "3141B86F-838D-491A-A8ED-3B7C54EA89C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B465F237-0271-4389-8035-89C07A52350D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "123CB9B5-C800-47FD-BD0C-BE44198E97E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF616620-88CE-4A77-B904-C1728A2E6F9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EEC452FA-D1D5-4175-9371-F6055818192E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "0172500D-DE51-44E0-91E8-C8F36617C1F8", "versionEndIncluding": "12.0.4.0.0", "versionStartIncluding": "12.0.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E99E7D49-AE53-4D16-AB24-EBEAAD084289", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9550113-7423-48D8-A1C7-95D6AEE9B33C", "versionEndIncluding": "8.5.1.0", "versionStartIncluding": "8.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*", "matchCriteriaId": "7FDD479D-9070-42E2-A8B1-9497BC4C0CF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "02712DD6-D944-4452-8015-000B9851D257", "versionEndExcluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "26940103-F37C-4FBD-BDFD-528A497209D6", "versionEndIncluding": "12.0.4.0.0", "versionStartIncluding": "12.0.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "00E9A2B1-7562-4E6B-AE25-1B647F24EFDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "D6BDB265-293F-4F27-8CE0-576DF3ECD3BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "53600579-4542-4D80-A93C-3E45938C749D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E6235EAE-47DD-4292-9941-6FF8D0A83843", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "274BCA96-2E6A-4B77-B69E-E2093A668D28", "versionEndExcluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D4B738B-08CF-44F6-A939-39F5BEAF03B2", "versionEndExcluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*", "matchCriteriaId": "0FAF2403-99A1-4DBC-BAC4-35D883D8E5D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4AA6214-A85D-4BF4-ABBF-0E4F8B7DA817", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F05AF4B-A747-4314-95AE-F8495479AB3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B3C968F-4038-4A8D-A345-8CD3F73A653B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "615C7D0D-A9D5-43BA-AF61-373EC1095354", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F772DC1-F93E-43A4-81DA-A2A1E204C5D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C", "versionEndIncluding": "8.1.1", "versionStartIncluding": "8.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F033C6C8-61D9-41ED-94E6-63BE7BA22EFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B829B72-7DE0-415F-A1AF-51637F134B76", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF8DC5FD-09DE-446F-879B-DB86C0CC95B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0148D20-089E-4C19-8CA3-07598D8AFBF1", "versionEndIncluding": "12.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*", "matchCriteriaId": "54BE0CCE-8216-4CCF-96E1-38EF76124368", "versionEndIncluding": "14.3.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*", "matchCriteriaId": "0017AE8C-DBCA-46B4-A036-DF0E289199D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "609645BF-B34F-40AC-B9C9-C3FB870F4ED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "67013CB6-5FA6-438B-A131-5AEDEBC66723", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8FC5F6E6-3515-439B-9665-3B6151CEF577", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4CB4F0E6-3B36-4736-B2F2-CB2A16309F8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0E72CF27-6E5F-404E-B5DF-B470C99AF5E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "51BCEC65-25B7-480C-860C-9D97F78CCE3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "16AEA21E-0B11-44A5-8BFB-550521D8E0D5", "versionEndIncluding": "3.0.4", "versionStartIncluding": "3.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BA92E70A-2249-4144-B0B8-35501159ADB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F69F8F6-BA2D-4DC6-BAB2-B9155F8B45CD", "versionEndIncluding": "7.3.0.4", "versionStartIncluding": "7.3.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "10774601-93C3-4938-A3E7-3C3D97A6F73C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "523391D8-CB84-4EBD-B337-6A99F52E537F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B0A3C700-710A-4A0A-A2D4-ABB7AAC9B128", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD7E9060-BA5B-4682-AC0D-EE5105AD0332", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7D45E2D-241B-4839-B255-A81107BF94BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_bi\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C083F1E-8BF2-48C7-92FB-BD105905258E", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", "matchCriteriaId": "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3E11E28-78AA-42BB-927D-D22CBDDD62B9", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "30927787-2815-4BEF-A7C2-960F92238303", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0ABD2DC-9357-4097-BE62-BB7A4988A01F", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1489DDA7-EDBE-404C-B48D-F0B52B741708", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "535BC19C-21A1-48E3-8CC0-B276BA5D494E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8508EF23-43DC-431F-B410-FD0BA897C371", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1B85A426-5714-4CEA-8A97-720F882B2D58", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", "matchCriteriaId": "604FBBC9-04DC-49D2-AB7A-6124256431AF", "versionEndIncluding": "5.6.0.0", "versionStartIncluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "428D2B1D-CFFD-49D1-BC05-2D85D22004DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F66C747-733F-46A1-9A6B-EEB1A1AEC45D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", "versionEndIncluding": "8.0.29", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D01A0EC-3846-4A74-A174-3797078DC699", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*", "matchCriteriaId": "03E5FCFB-093A-48E9-8A4E-34C993D2764E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5", "versionEndIncluding": "18.8.13", "versionStartIncluding": "18.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A", "versionEndIncluding": "19.12.12", "versionStartIncluding": "19.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", "versionEndIncluding": "20.12.7", "versionStartIncluding": "20.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981", "versionEndIncluding": "19.12.18.0", "versionStartIncluding": "19.12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD", "versionEndIncluding": "20.12.12.0", "versionStartIncluding": "20.12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D1C35DF-D30D-42C8-B56D-C809609AB2A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "834B4CE7-042E-489F-AE19-0EEA2C37E7A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "82653579-FF7D-4492-9CA2-B3DF6A708831", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "32D2EB48-F9A2-4D23-81C5-4B30F2D785DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F3796186-D3A7-4259-846B-165AD9CEB7F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "CEDA5540-692D-47DA-9F68-83158D9AE628", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C5435583-C454-4AC9-8A35-D2D30EB252EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2140357-503A-4D2A-A099-CFA4DC649E41", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4B95628-F108-424A-8C19-40A5F5B7D37B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E03B340-8C77-4DFA-8536-C57656E237D0", "versionEndIncluding": "16.0.3", "versionStartIncluding": "16.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B7B0B33-2361-4CF5-8075-F609858A582E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", "matchCriteriaId": "A921C710-1C59-429F-B985-67C0DBFD695E", "versionEndIncluding": "16.0.3", "versionStartIncluding": "16.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9E458AF-0EEC-453E-AA9D-6C79211000AC", "versionEndIncluding": "19.0.1.0", "versionStartIncluding": "19.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F1AFAE16-B69F-410A-8CE3-1CDD998A8433", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFDF4CB0-4680-449A-8576-915721D59500", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "A0472632-4104-4397-B619-C4E86A748465", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "48E25E7C-F7E8-4739-8251-00ACD11C12FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*", "matchCriteriaId": "99B5DC78-1C24-4F2B-A254-D833FAF47013", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*", "matchCriteriaId": "9002379B-4FDA-44F3-98EB-0C9B6083E429", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*", "matchCriteriaId": "476B038D-7F60-482D-87AD-B58BEA35558E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*", "matchCriteriaId": "AB86C644-7B79-4F87-A06D-C178E8C2B8B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "C19C5CC9-544A-4E4D-8F0A-579BB5270F07", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3E1A9B0C-735A-40B4-901C-663CF5162E96", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "0791694C-9B4E-42EA-8F6C-899B43B6D769", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "312992F0-E65A-4E38-A44C-363A7E157CE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1940FD6-39FA-4F92-9625-F215D8051E80", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CE45891-A6A5-4699-90A6-6F49E60A7987", "versionEndIncluding": "16.0.3", "versionStartIncluding": "16.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "D7FCC976-615C-4DE5-9F50-1B25E9553962", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D14A54A-4B04-41DE-B731-844D8AC3BE23", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D57F5CB-E566-450F-B7D7-DD771F7C746C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "88458537-6DE8-4D79-BC71-9D08883AD0C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "2E310654-0793-41CC-B049-C754AC31D016", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "4C5B22C6-97AF-4D1B-84C9-987C6F62C401", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "FFD9AAE5-9472-49C6-B054-DB76BEB86D35", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "A104FDBD-0B28-44EE-91A0-A0C8939865A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "889916ED-5EB2-49D6-8400-E6DBBD6C287F", "versionEndIncluding": "21.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C470BAD-F7E2-4802-B1BE-E71EBB073DA1", "versionEndExcluding": "21.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E1A18FB-85E6-4C5D-8F8A-12F86EDC6A2D", "versionEndExcluding": "22.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB", "versionEndIncluding": "4.3.0.6.0", "versionStartIncluding": "4.3.0.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "174A6D2E-E42E-4C92-A194-C6A820CD7EF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."}, {"lang": "es", "value": "Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no proteg\u00edan de la recursi\u00f3n no controlada de las b\u00fasquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegaci\u00f3n de servicio cuando es interpretada una cadena dise\u00f1ada. Este problema se ha corregido en Log4j versiones 2.17.0, 2.12.3 y 2.3.1"}], "id": "CVE-2021-45105", "lastModified": "2024-11-21T06:31:58.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-18T12:15:07.433", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"}, {"source": "security@apache.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://logging.apache.org/log4j/2.x/security.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-5024"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/930724"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://logging.apache.org/log4j/2.x/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-5024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/930724"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-674"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:1299", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "log4j-core", "product_name": "EAP 7.4.4 release", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:0216", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "log4j-core", "product_name": "EAP 7.4 log4j async", "release_date": "2022-01-20T00:00:00Z"}, {"advisory": "RHSA-2022:0047", "cpe": "cpe:/a:redhat:logging:5.0::el8", "impact": "low", "package": "openshift-logging/elasticsearch6-rhel8:v5.0.11-2", "product_name": "OpenShift Logging 5.0", "release_date": "2022-01-10T00:00:00Z"}, {"advisory": "RHSA-2022:0042", "cpe": "cpe:/a:redhat:logging:5.1::el8", "impact": "low", "package": "openshift-logging/elasticsearch6-rhel8:v6.8.1-82", "product_name": "OpenShift Logging 5.1", "release_date": "2022-01-10T00:00:00Z"}, {"advisory": "RHSA-2022:0043", "cpe": "cpe:/a:redhat:logging:5.2::el8", "impact": "low", "package": "openshift-logging/elasticsearch6-rhel8:v6.8.1-83", "product_name": "OpenShift Logging 5.2", "release_date": "2022-01-10T00:00:00Z"}, {"advisory": "RHSA-2022:0044", "cpe": "cpe:/a:redhat:logging:5.3::el8", "impact": "low", "package": "openshift-logging/elasticsearch6-rhel8:v6.8.1-84", "product_name": "OpenShift Logging 5.3", "release_date": "2022-01-10T00:00:00Z"}, {"advisory": "RHSA-2022:0219", "cpe": "cpe:/a:redhat:amq_streams:1", "package": "log4j-core", "product_name": "Red Hat AMQ Streams 1.6.6", "release_date": "2022-01-20T00:00:00Z"}, {"advisory": "RHSA-2022:0205", "cpe": "cpe:/a:redhat:jboss_data_grid:8.2", "package": "log4j-core", "product_name": "Red Hat Data Grid 8.2.3", "release_date": "2022-01-20T00:00:00Z"}, {"advisory": "RHSA-2022:0203", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "log4j-core", "product_name": "Red Hat Fuse 7.8.2, 7.9.1, 7.10.1", "release_date": "2022-01-20T00:00:00Z"}, {"advisory": "RHSA-2022:0222", "cpe": "cpe:/a:redhat:camel_quarkus:2.2", "package": "log4j-core", "product_name": "Red Hat Integration Camel Extensions for Quarkus 2.2", "release_date": "2022-01-20T00:00:00Z"}, {"advisory": "RHSA-2022:0223", "cpe": "cpe:/a:redhat:integration:1", "package": "log4j-core", "product_name": "Red Hat Integration Camel-K 1.6.3", "release_date": "2022-01-20T00:00:00Z"}, {"advisory": "RHSA-2022:1297", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:1296", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:0026", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "impact": "low", "package": "openshift4/ose-logging-elasticsearch6:v4.6.0-202112201736.p0.gce7f68c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2022-01-12T00:00:00Z"}, {"advisory": "RHSA-2022:1469", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "impact": "low", "package": "log4j-api", "product_name": "Red Hat Single Sign-On 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1462", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7", "impact": "low", "package": "rh-sso7-keycloak-0:15.0.6-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 7", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:1463", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8", "impact": "low", "package": "rh-sso7-keycloak-0:15.0.6-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 8", "release_date": "2022-04-20T00:00:00Z"}, {"advisory": "RHSA-2022:0083", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "log4j-core", "product_name": "Vert.x 4.1.8", "release_date": "2022-01-20T00:00:00Z"}], "bugzilla": {"description": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern", "id": "2034067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20->CWE-674", "details": ["Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service."], "mitigation": {"lang": "en:us", "value": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input."}, "name": "CVE-2021-45105", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "log4j-core", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "package_name": "log4j-core", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "log4j-core", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_developer_studio:12.", "fix_state": "Affected", "package_name": "log4j-core", "product_name": "Red Hat CodeReady Studio 12"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Affected", "impact": "low", "package_name": "log4j-api", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "parfait:0.5/log4j12", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "log4j-core", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Affected", "impact": "low", "package_name": "openshift3/ose-logging-elasticsearch5", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-metering-hadoop", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-metering-hive", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-metering-presto", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "log4j-core", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "log4j-over-slf4j", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-java-common-log4j", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-maven35-log4j12", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-maven36-log4j12", "product_name": "Red Hat Software Collections"}], "public_date": "2021-12-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-45105\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45105\nhttps://issues.apache.org/jira/browse/LOG4J2-3230\nhttps://logging.apache.org/log4j/2.x/security.html\nhttps://www.openwall.com/lists/oss-security/2021/12/19/1"], "statement": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker's control:\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4", "threat_severity": "Moderate"}

{}