CVE-2021-45105 - Vulnerability Details

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.71364.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apache Software Foundation

Apache Log4j2

affected

Version	Status	Constraints
`log4j-core`	affected	< 2.17.0

Configuration 1 [-]

OR	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::

Configuration 2 [-]

cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:sonicwall:email_security::::::::
	cpe:2.3:a:sonicwall:network_security_manager:::::on-premises:::*
	cpe:2.3:a:sonicwall:network_security_manager:::::saas:::*
	cpe:2.3:a:sonicwall:web_application_firewall::::::::

Configuration 5 [-]

AND

cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*

Configuration 10 [-]

OR	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
	cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:::::::*
	cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:::::::*
	cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:::::::*
	cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:::::::*
	cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:::::::*
	cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:::::::*
	cpe:2.3:a:oracle:banking_party_management:2.7.0:::::::*
	cpe:2.3:a:oracle:banking_payments:14.5:::::::*
	cpe:2.3:a:oracle:banking_platform:2.6.2:::::::*
	cpe:2.3:a:oracle:banking_platform:2.7.1:::::::*
	cpe:2.3:a:oracle:banking_platform:2.12.0:::::::*
	cpe:2.3:a:oracle:banking_trade_finance:14.5:::::::*
	cpe:2.3:a:oracle:banking_treasury_management:14.5:::::::*
	cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0::::enterprise:::
	cpe:2.3:a:oracle:communications_asap:7.3:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:::::::*
	cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:::::::*
	cpe:2.3:a:oracle:communications_convergence:3.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::
	cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::
	cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:::::::*
	cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:::::::*
	cpe:2.3:a:oracle:communications_element_manager::::::::
	cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*
	cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*
	cpe:2.3:a:oracle:communications_messaging_server:8.1:::::::*
	cpe:2.3:a:oracle:communications_network_charging_and_control::::::::
	cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*
	cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
	cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:::::::*
	cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:::::::*
	cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:::::::*
	cpe:2.3:a:oracle:communications_service_broker:6.2:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager::::::::
	cpe:2.3:a:oracle:communications_session_route_manager::::::::
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*
	cpe:2.3:a:oracle:communications_user_data_repository:12.4:::::::*
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:::::::*
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:::::::*
	cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:e-business_suite:12.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:::::::*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:::::::*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:::::::*
cpe:2.3:a:oracle:flexcube_universal_banking::::::::
cpe:2.3:a:oracle:flexcube_universal_banking::::::::
cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:::::::*
cpe:2.3:a:oracle:flexcube_universal_banking:14.5:::::::*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:::::::*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:::::::*
cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:::::::*
cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:::::::*
cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:::::::*
cpe:2.3:a:oracle:health_sciences_information_manager::::::::
cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:::::::*
cpe:2.3:a:oracle:healthcare_foundation::::::::
cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:::::::*
cpe:2.3:a:oracle:hospitality_suite8:8.13.0:::::::*
cpe:2.3:a:oracle:hospitality_suite8:8.14.0:::::::*
cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:::::::*
cpe:2.3:a:oracle:hyperion_bi\+::::::::
cpe:2.3:a:oracle:hyperion_data_relationship_management::::::::
cpe:2.3:a:oracle:hyperion_infrastructure_technology::::::::
cpe:2.3:a:oracle:hyperion_planning::::::::
cpe:2.3:a:oracle:hyperion_profitability_and_cost_management::::::::
cpe:2.3:a:oracle:hyperion_tax_provision::::::::
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:identity_manager_connector:9.1.0:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:::::::*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:::::::*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:management_cloud_engine:1.5.0:::::::*
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
cpe:2.3:a:oracle:payment_interface:19.1:::::::*
cpe:2.3:a:oracle:payment_interface:20.3:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway:21.12.0:::::::*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_central_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_insights:15.0.2:::::::*
cpe:2.3:a:oracle:retail_customer_insights:16.0.2:::::::*
cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:::::::*
cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:::::::*
cpe:2.3:a:oracle:retail_eftlink:16.0.3:::::::*
cpe:2.3:a:oracle:retail_eftlink:17.0.2:::::::*
cpe:2.3:a:oracle:retail_eftlink:18.0.1:::::::*
cpe:2.3:a:oracle:retail_eftlink:19.0.1:::::::*
cpe:2.3:a:oracle:retail_eftlink:20.0.1:::::::*
cpe:2.3:a:oracle:retail_eftlink:21.0.0:::::::*
cpe:2.3:a:oracle:retail_financial_integration::::::::
cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:::::::*
cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:::::::*
cpe:2.3:a:oracle:retail_financial_integration:19.0.0:::::::*
cpe:2.3:a:oracle:retail_financial_integration:19.0.1:::::::*
cpe:2.3:a:oracle:retail_integration_bus::::::::
cpe:2.3:a:oracle:retail_integration_bus::::::::
cpe:2.3:a:oracle:retail_integration_bus:14.1.3:::::::*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:::::::*
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:::::::*
cpe:2.3:a:oracle:retail_integration_bus:19.0.0:::::::*
cpe:2.3:a:oracle:retail_integration_bus:19.0.1:::::::*
cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:::::::*
cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:::::::*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:::::::*
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:::::::*
cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:19.1:::::::*
cpe:2.3:a:oracle:retail_order_management_system:19.5:::::::*
cpe:2.3:a:oracle:retail_point-of-service:14.1:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:::::::*
cpe:2.3:a:oracle:retail_price_management:13.2:::::::*
cpe:2.3:a:oracle:retail_price_management:14.0.4:::::::*
cpe:2.3:a:oracle:retail_price_management:14.1.3.0:::::::*
cpe:2.3:a:oracle:retail_price_management:15.0.3.0:::::::*
cpe:2.3:a:oracle:retail_price_management:16.0.3.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:retail_service_backbone::::::::
cpe:2.3:a:oracle:retail_service_backbone:14.1.3:::::::*
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:::::::*
cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:::::::*
cpe:2.3:a:oracle:retail_service_backbone:19.0.0:::::::*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1:::::::*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:::::::*
cpe:2.3:a:oracle:siebel_ui_framework::::::::
cpe:2.3:a:oracle:sql_developer::::::::
cpe:2.3:a:oracle:taleo_platform::::::::
cpe:2.3:a:oracle:utilities_framework::::::::
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:::::::*
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:::::::*
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Package	CPE	Advisory	Released Date
EAP 7.4.4 release
log4j-core	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:1299	2022-04-11T00:00:00Z
EAP 7.4 log4j async
log4j-core	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:0216	2022-01-20T00:00:00Z
OpenShift Logging 5.0
openshift-logging/elasticsearch6-rhel8:v5.0.11-2	cpe:/a:redhat:logging:5.0::el8	RHSA-2022:0047	2022-01-10T00:00:00Z
OpenShift Logging 5.1
openshift-logging/elasticsearch6-rhel8:v6.8.1-82	cpe:/a:redhat:logging:5.1::el8	RHSA-2022:0042	2022-01-10T00:00:00Z
OpenShift Logging 5.2
openshift-logging/elasticsearch6-rhel8:v6.8.1-83	cpe:/a:redhat:logging:5.2::el8	RHSA-2022:0043	2022-01-10T00:00:00Z
OpenShift Logging 5.3
openshift-logging/elasticsearch6-rhel8:v6.8.1-84	cpe:/a:redhat:logging:5.3::el8	RHSA-2022:0044	2022-01-10T00:00:00Z
Red Hat AMQ Streams 1.6.6
log4j-core	cpe:/a:redhat:amq_streams:1	RHSA-2022:0219	2022-01-20T00:00:00Z
Red Hat Data Grid 8.2.3
log4j-core	cpe:/a:redhat:jboss_data_grid:8.2	RHSA-2022:0205	2022-01-20T00:00:00Z
Red Hat Fuse 7.8.2, 7.9.1, 7.10.1
log4j-core	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:0203	2022-01-20T00:00:00Z
Red Hat Integration Camel Extensions for Quarkus 2.2
log4j-core	cpe:/a:redhat:camel_quarkus:2.2	RHSA-2022:0222	2022-01-20T00:00:00Z
Red Hat Integration Camel-K 1.6.3
log4j-core	cpe:/a:redhat:integration:1	RHSA-2022:0223	2022-01-20T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2022:1297	2022-04-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2022:1296	2022-04-11T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-logging-elasticsearch6:v4.6.0-202112201736.p0.gce7f68c.assembly.stream	cpe:/a:redhat:openshift:4.6::el8	RHSA-2022:0026	2022-01-12T00:00:00Z
Red Hat Single Sign-On 7
log4j-api	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2022:1469	2022-04-20T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 7
rh-sso7-keycloak-0:15.0.6-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el7	RHSA-2022:1462	2022-04-20T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 8
rh-sso7-keycloak-0:15.0.6-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el8	RHSA-2022:1463	2022-04-20T00:00:00Z
Vert.x 4.1.8
log4j-core	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2022:0083	2022-01-20T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Apache Subscribe	Log4j Subscribe
Debian Subscribe	Debian Linux Subscribe
Netapp Subscribe	Cloud Manager Subscribe
Oracle Subscribe	Agile Engineering Data Management Subscribe Agile Plm Subscribe Agile Plm Mcad Connector Subscribe Autovue For Agile Product Lifecycle Management Subscribe Banking Deposits And Lines Of Credit Servicing Subscribe Banking Enterprise Default Management Subscribe Banking Loans Servicing Subscribe Banking Party Management Subscribe Banking Payments Subscribe Banking Platform Subscribe Banking Trade Finance Subscribe Banking Treasury Management Subscribe Business Intelligence Subscribe Communications Asap Subscribe Communications Billing And Revenue Management Subscribe Communications Cloud Native Core Console Subscribe Communications Cloud Native Core Network Function Cloud Native Environment Subscribe Communications Cloud Native Core Network Repository Function Subscribe Communications Cloud Native Core Network Slice Selection Function Subscribe Communications Cloud Native Core Policy Subscribe Communications Cloud Native Core Security Edge Protection Proxy Subscribe Communications Cloud Native Core Service Communication Proxy Subscribe Communications Cloud Native Core Unified Data Repository Subscribe Communications Convergence Subscribe Communications Convergent Charging Controller Subscribe Communications Diameter Signaling Router Subscribe Communications Eagle Element Management System Subscribe Communications Eagle Ftp Table Base Retrieval Subscribe Communications Element Manager Subscribe Communications Evolved Communications Application Server Subscribe Communications Interactive Session Recorder Subscribe Communications Ip Service Activator Subscribe Communications Messaging Server Subscribe Communications Network Charging And Control Subscribe Communications Network Integrity Subscribe Communications Performance Intelligence Center Subscribe Communications Pricing Design Center Subscribe Communications Service Broker Subscribe Communications Services Gatekeeper Subscribe Communications Session Report Manager Subscribe Communications Session Route Manager Subscribe Communications Unified Inventory Management Subscribe Communications User Data Repository Subscribe Communications Webrtc Session Controller Subscribe Data Integrator Subscribe E-business Suite Subscribe Enterprise Manager Base Platform Subscribe Enterprise Manager For Peoplesoft Subscribe Enterprise Manager Ops Center Subscribe Financial Services Analytical Applications Infrastructure Subscribe Financial Services Model Management And Governance Subscribe Flexcube Universal Banking Subscribe Health Sciences Empirica Signal Subscribe Health Sciences Inform Subscribe Health Sciences Information Manager Subscribe Healthcare Data Repository Subscribe Healthcare Foundation Subscribe Healthcare Master Person Index Subscribe Healthcare Translational Research Subscribe Hospitality Suite8 Subscribe Hospitality Token Proxy Service Subscribe Hyperion Bi\+ Subscribe Hyperion Data Relationship Management Subscribe Hyperion Infrastructure Technology Subscribe Hyperion Planning Subscribe Hyperion Profitability And Cost Management Subscribe Hyperion Tax Provision Subscribe Identity Management Suite Subscribe Identity Manager Connector Subscribe Instantis Enterprisetrack Subscribe Insurance Data Gateway Subscribe Insurance Insbridge Rating And Underwriting Subscribe Jdeveloper Subscribe Managed File Transfer Subscribe Management Cloud Engine Subscribe Mysql Enterprise Monitor Subscribe Payment Interface Subscribe Peoplesoft Enterprise Peopletools Subscribe Primavera Gateway Subscribe Primavera P6 Enterprise Project Portfolio Management Subscribe Primavera Unifier Subscribe Retail Back Office Subscribe Retail Central Office Subscribe Retail Customer Insights Subscribe Retail Data Extractor For Merchandising Subscribe Retail Eftlink Subscribe Retail Financial Integration Subscribe Retail Integration Bus Subscribe Retail Invoice Matching Subscribe Retail Merchandising System Subscribe Retail Order Broker Subscribe Retail Order Management System Subscribe Retail Point-of-service Subscribe Retail Predictive Application Server Subscribe Retail Price Management Subscribe Retail Returns Management Subscribe Retail Service Backbone Subscribe Retail Store Inventory Management Subscribe Siebel Ui Framework Subscribe Sql Developer Subscribe Taleo Platform Subscribe Utilities Framework Subscribe Webcenter Portal Subscribe Webcenter Sites Subscribe Weblogic Server Subscribe
Redhat Subscribe	Amq Streams Subscribe Camel Quarkus Subscribe Integration Subscribe Jboss Data Grid Subscribe Jboss Enterprise Application Platform Subscribe Jboss Fuse Subscribe Logging Subscribe Openshift Subscribe Openshift Application Runtimes Subscribe Red Hat Single Sign On Subscribe
Sonicwall Subscribe	6bk1602-0aa12-0tp0 Subscribe 6bk1602-0aa12-0tp0 Firmware Subscribe 6bk1602-0aa22-0tp0 Subscribe 6bk1602-0aa22-0tp0 Firmware Subscribe 6bk1602-0aa32-0tp0 Subscribe 6bk1602-0aa32-0tp0 Firmware Subscribe 6bk1602-0aa42-0tp0 Subscribe 6bk1602-0aa42-0tp0 Firmware Subscribe 6bk1602-0aa52-0tp0 Subscribe 6bk1602-0aa52-0tp0 Firmware Subscribe Email Security Subscribe Network Security Manager Subscribe Web Application Firewall Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-2852-1	apache-log4j2 security update
Debian DSA	DSA-5024-1	apache-log4j2 security update
Github GHSA	GHSA-p6xc-xr62-6r2g	Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
Ubuntu USN	USN-5203-1	Apache Log4j 2 vulnerability
Ubuntu USN	USN-5222-1	Apache Log4j 2 vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

Implement one of the following mitigation techniques: * Java 8 (or later) users should upgrade to release 2.17.0. Alternatively, this can be mitigated in configuration: * In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC). * Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate from sources external to the application such as HTTP headers or user input.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2021/12/19/1
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
https://issues.apache.org/jira/browse/LOG4J2-3230
https://logging.apache.org/log4j/2.x/security.html
https://nvd.nist.gov/vuln/detail/CVE-2021-45105
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://security.netapp.com/advisory/ntap-20211218-0001/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
https://www.cve.org/CVERecord?id=CVE-2021-45105
https://www.debian.org/security/2021/dsa-5024
https://www.kb.cert.org/vuls/id/930724
https://www.openwall.com/lists/oss-security/2021/12/19/1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1541/

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.65452}`	epss `{'score': 0.66522}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-12-18T11:55:08

Updated: 2024-08-04T04:39:20.295Z

Reserved: 2021-12-16T00:00:00

Link: CVE-2021-45105

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-18T12:15:07.433

Modified: 2024-11-21T06:31:58.170

Link: CVE-2021-45105

Redhat

Severity : Moderate

Publid Date: 2021-12-18T00:00:00Z

Links: CVE-2021-45105 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object