Sign-up

ID

VAR-202112-1782


CVE

CVE-2021-45105


TITLE

Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-1541

DESCRIPTION

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability.The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validation of user-supplied data, which can result in a resource exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the process. Log4j is an open source project of Apache. By using Log4j, the destination of log information transmission can be controlled to be console, file, GUI component, even socket server, NT event recorder, etc. Apache Log4j2 has a denial of service vulnerability. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse product documentation pages: Fuse 7.8: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications Fuse 7.9: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications Fuse 7.10: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat build of Eclipse Vert.x 4.1.8 security update Advisory ID: RHSA-2022:0083-01 Product: Red Hat OpenShift Application Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2022:0083 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 ==================================================================== 1. Summary: An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section. 2. Description: This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section. Security Fix(es): * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) * log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046) * log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 5. References: https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product\xcatRhoar.eclipse.vertx&version=4.1.8 https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYemZRNzjgjWX9erEAQg3kg//TMRnMbFneaojfw2Cav3ewH7CQEqai/UQ 4nb5leVBZUlkoGk302d1Xlmjc8oYeyRHP2w95PuWfSqxpU5GhOabUjlJzul1Um34 Y0QaFhBI7xuAk28szn7JKoB6yZ6UAgB/vmYYo0YdlphtInAwnp3Vipb/3vgzXJUH eaFAkTvEMc4h0gcyLO98Krr/4u87+YJyY2wbWSpRDoQpQUcnDzGNqessOp6NMSsS mo0SHcFVYLXqsM9/cHaQyhIfTlF5JDApe0DO5y1zE60B1tYJyU34fgoRprFs5ybv f4Enn/qVWfmx2PCdEwOdKvjf2jQzVplqbPQwxILMRN2f3+y7OBNNWPB16kTskP3u jYUXZd6AN+YdJBzpBw23TFDmtSbGn9A3jTOWz1uACu3vYxNPSzDYIkOgD0hYfNIb dZntht5p3WgkBQ0Xkgd0At2UXwc70eJ2uH51Ck/bosH46MuKzVSeCoAsCCEXRMTm vGsfK5EV8Es5ltzsw1Im+3DZ8QcBNN7SUWidrJa9d6U9F0pzZVe1co4D12Xchapv bxQp0QeWHIgFNBQA8vQk6SZsdJH3THzHi0GUzLvSMED02MsfAd7HQhyndu/b9vs6 s2OIgauHd09+Siw1twydZUg1eEbeNctFUW2pi2LRggCY4cqLA0j4l0q0zQnKCdw3 73/w3ORRBdI=mx2F -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Description: Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html 4. JIRA issues fixed (https://issues.jboss.org/): LOG-1868 - The elasticsearch-im-xxx job failed when trying to start index management process for a non-existent(empty-named) index [openshift-logging-5.1] LOG-2022 - resourceVersion is overflowing type Integer causing ES rejection 6. ========================================================================= Ubuntu Security Notice USN-5222-1 January 11, 2022 apache-log4j2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache Log4j 2. Software Description: - apache-log4j2: Apache Log4j - Logging Framework for Java Details: It was discovered that Apache Log4j 2 was vulnerable to remote code execution (RCE) attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-45105) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: liblog4j2-java 2.17.1-0.21.10.1 Ubuntu 21.04: liblog4j2-java 2.17.1-0.21.04.1 Ubuntu 20.04 LTS: liblog4j2-java 2.17.1-0.20.04.1 Ubuntu 18.04 LTS: liblog4j2-java 2.12.4-0ubuntu0.1 In general, a standard system update will make all the necessary changes. For the oldstable distribution (buster), this problem has been fixed in version 2.17.0-1~deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 2.17.0-1~deb11u1. We recommend that you upgrade your apache-log4j2 packages. For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+Ro1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQVuBAArOperYABsLeaPcs3DgNxHcDDUNGCcvo5fsBtkh+MDvHMspqOb8VqLShx BtzPJGE0UTdBrfAqWeuMCbV1LdBYfwRUlrUyZiQXBiEx5BI5vDB4vaDUtAomwC6o vnbJwDlvlpoSwbURcls/Z0Hs15gwHX2D/lSa+j+NSxaNCkEOqvjr8dbpnHMSIbwz f0hSWQm4jydadUHP/zXSwN+LeZrJs+uP1tIdajtZjr6VoPkV48EDxCctaVttn27q 9DrGM9RjKGyCCKB/WrWToRbv/Mke20AJ4SOWoDdy1u/m2wcgW3pv1cap7J3RRjYO K5V5qacdJDo9FWoRkb1ftXlanyVe5DyI+j/9un+uZLSlOkeTha+hP+Tj2P/sx/Z4 xbpmPRGJ+O/BuxoPXUJNSTkh7vLu0CJkCfzi3Gj24c22jkBV3POJ7iZsFvNbJHAi 3i6VBc7e6tcqdiIhZqj/+odu2rCqeYqMbvhLL/slnQQVU4YMn3F1FtPWEpfAmQzP YCg2vLei5rTt3dYjA5aBluJPEPXO5rA5nZa3xq5hbzAJMl/m1yU9K6v73mCk9gnK yFHoaD+Ls97tPCMiO/56kIQecLv5s7GuuwLQlC8rm9TgXzl/m6rqst7a93IcsnV9 P+f2RZsciOyXo1N4zhakNkZ4dkmRZCfm9xCfeqAKUQgqVPXhBtE= =Wkr6 -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2021-45105 // ZDI: ZDI-21-1541 // VULHUB: VHN-408743 // VULMON: CVE-2021-45105 // PACKETSTORM: 165632 // PACKETSTORM: 165637 // PACKETSTORM: 165648 // PACKETSTORM: 166793 // PACKETSTORM: 165650 // PACKETSTORM: 165503 // PACKETSTORM: 165497 // PACKETSTORM: 165494 // PACKETSTORM: 165516 // PACKETSTORM: 169176

AFFECTED PRODUCTS

vendor:sonicwallmodel:6bk1602-0aa52-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:oraclemodel:banking treasury managementscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.4

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:gteversion:16.0.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.13

Trust: 1.0

vendor:oraclemodel:retail order management systemscope:eqversion:19.5

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.12.0

Trust: 1.0

vendor:sonicwallmodel:6bk1602-0aa22-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:communications service brokerscope:eqversion:6.2

Trust: 1.0

vendor:oraclemodel:communications network charging and controlscope:gteversion:12.0.1.0.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.1

Trust: 1.0

vendor:apachemodel:log4jscope:gteversion:2.0

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:20.0.1

Trust: 1.0

vendor:oraclemodel:retail invoice matchingscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:15.0.3.1

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:autovue for agile product lifecycle managementscope:eqversion:21.0.2

Trust: 1.0

vendor:oraclemodel:hyperion bi\+scope:ltversion:11.2.8.0

Trust: 1.0

vendor:oraclemodel:retail data extractor for merchandisingscope:eqversion:15.0.2

Trust: 1.0

vendor:oraclemodel:healthcare translational researchscope:eqversion:4.1.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:1.8.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:21.12

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:lteversion:3.0.4

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:14.0.4

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:gteversion:3.0.1

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0.3.7

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:ltversion:9.0

Trust: 1.0

vendor:oraclemodel:enterprise manager for peoplesoftscope:eqversion:13.5.1.1

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:5.5.0.0.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.5

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:1.15.1

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.12

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0.0

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.6

Trust: 1.0

vendor:oraclemodel:management cloud enginescope:eqversion:1.5.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core consolescope:eqversion:1.9.0

Trust: 1.0

vendor:sonicwallmodel:network security managerscope:ltversion:3.0

Trust: 1.0

vendor:oraclemodel:sql developerscope:ltversion:21.4.2

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:14.1.3.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:20.12.0.0

Trust: 1.0

vendor:oraclemodel:financial services model management and governancescope:eqversion:8.0.8.0.0

Trust: 1.0

vendor:oraclemodel:identity management suitescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:19.0.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:lteversion:16.0.3

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.3.0

Trust: 1.0

vendor:sonicwallmodel:network security managerscope:gteversion:2.0

Trust: 1.0

vendor:oraclemodel:banking enterprise default managementscope:eqversion:2.12.0

Trust: 1.0

vendor:oraclemodel:insurance insbridge rating and underwritingscope:lteversion:5.6.0.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.1

Trust: 1.0

vendor:oraclemodel:health sciences informscope:eqversion:6.2.1.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:gteversion:4.3.0.1.0

Trust: 1.0

vendor:oraclemodel:insurance data gatewayscope:eqversion:1.0.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.240

Trust: 1.0

vendor:sonicwallmodel:web application firewallscope:ltversion:3.1.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3.3

Trust: 1.0

vendor:sonicwallmodel:6bk1602-0aa12-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:ltversion:9.0

Trust: 1.0

vendor:oraclemodel:communications user data repositoryscope:eqversion:12.4

Trust: 1.0

vendor:apachemodel:log4jscope:ltversion:2.3.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.1.0

Trust: 1.0

vendor:oraclemodel:identity management suitescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:hospitality suite8scope:eqversion:8.14.0

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:gteversion:16.0.1

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:banking paymentsscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:lteversion:12.4

Trust: 1.0

vendor:netappmodel:cloud managerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:identity manager connectorscope:eqversion:9.1.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:13.2

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:communications convergent charging controllerscope:gteversion:12.0.1.0.0

Trust: 1.0

vendor:oraclemodel:hyperion data relationship managementscope:ltversion:11.2.8.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:gteversion:19.0.0

Trust: 1.0

vendor:oraclemodel:communications convergencescope:eqversion:3.0.3.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:lteversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:eqversion:11.83.3

Trust: 1.0

vendor:oraclemodel:communications evolved communications application serverscope:eqversion:7.1

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.0

vendor:oraclemodel:retail integration busscope:gteversion:16.0.1

Trust: 1.0

vendor:oraclemodel:communications messaging serverscope:eqversion:8.1

Trust: 1.0

vendor:oraclemodel:communications network charging and controlscope:lteversion:12.0.4.0.0

Trust: 1.0

vendor:oraclemodel:communications asapscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:communications cloud native core network function cloud native environmentscope:eqversion:1.10.0

Trust: 1.0

vendor:oraclemodel:retail data extractor for merchandisingscope:eqversion:16.0.2

Trust: 1.0

vendor:oraclemodel:hyperion infrastructure technologyscope:ltversion:11.2.8.0

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:jdeveloperscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:apachemodel:log4jscope:ltversion:2.12.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:20.12.7

Trust: 1.0

vendor:oraclemodel:banking trade financescope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:20.12.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:lteversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.2.1

Trust: 1.0

vendor:oraclemodel:taleo platformscope:ltversion:22.1

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:healthcare data repositoryscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:communications ip service activatorscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:19.12.18.0

Trust: 1.0

vendor:apachemodel:log4jscope:gteversion:2.4

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:18.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:17.0.2

Trust: 1.0

vendor:apachemodel:log4jscope:lteversion:2.16.0

Trust: 1.0

vendor:oraclemodel:communications eagle ftp table base retrievalscope:eqversion:4.5

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:15.0.2

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:lteversion:16.0.3

Trust: 1.0

vendor:sonicwallmodel:web application firewallscope:gteversion:3.0.0

Trust: 1.0

vendor:oraclemodel:webcenter sitesscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:banking loans servicingscope:eqversion:2.12.0

Trust: 1.0

vendor:oraclemodel:healthcare foundationscope:gteversion:7.3.0.1

Trust: 1.0

vendor:oraclemodel:communications cloud native core service communication proxyscope:eqversion:1.15.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:gteversion:12.1.0

Trust: 1.0

vendor:oraclemodel:hospitality token proxy servicescope:eqversion:19.2

Trust: 1.0

vendor:oraclemodel:payment interfacescope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:payment interfacescope:eqversion:20.3

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:financial services model management and governancescope:eqversion:8.1.0.0.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:16.0.2

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:21.0.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.3

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0.3.1

Trust: 1.0

vendor:oraclemodel:communications cloud native core security edge protection proxyscope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:banking deposits and lines of credit servicingscope:eqversion:2.12.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:retail returns managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:webcenter sitesscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.2

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:communications cloud native core unified data repositoryscope:eqversion:1.15.0

Trust: 1.0

vendor:oraclemodel:communications network charging and controlscope:eqversion:6.0.1.0.0

Trust: 1.0

vendor:oraclemodel:insurance insbridge rating and underwritingscope:eqversion:5.6.1.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:lteversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:21.12.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.5

Trust: 1.0

vendor:oraclemodel:health sciences empirica signalscope:eqversion:9.1.0.6

Trust: 1.0

vendor:apachemodel:log4jscope:gteversion:2.13.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.2

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.3.1

Trust: 1.0

vendor:oraclemodel:healthcare foundationscope:lteversion:7.3.0.4

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:financial services model management and governancescope:eqversion:8.1.1.0.0

Trust: 1.0

vendor:oraclemodel:healthcare translational researchscope:eqversion:4.1.1

Trust: 1.0

vendor:oraclemodel:hyperion profitability and cost managementscope:ltversion:11.2.8.0

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:18.0.1

Trust: 1.0

vendor:oraclemodel:insurance insbridge rating and underwritingscope:eqversion:5.2.0

Trust: 1.0

vendor:oraclemodel:communications pricing design centerscope:eqversion:12.0.0.5

Trust: 1.0

vendor:oraclemodel:agile plm mcad connectorscope:eqversion:3.6

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:8.0.29

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.15.0

Trust: 1.0

vendor:oraclemodel:banking party managementscope:eqversion:2.7.0

Trust: 1.0

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.2.0.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:20.12.12.0

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:gteversion:14.0.0

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.6

Trust: 1.0

vendor:oraclemodel:e-business suitescope:eqversion:12.2

Trust: 1.0

vendor:oraclemodel:health sciences informscope:eqversion:7.0.0.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3.8

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:lteversion:21.12

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3.46

Trust: 1.0

vendor:sonicwallmodel:6bk1602-0aa32-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:communications pricing design centerscope:eqversion:12.0.0.4

Trust: 1.0

vendor:oraclemodel:banking enterprise default managementscope:eqversion:2.7.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:19.0.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.5.0.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.3.0.0

Trust: 1.0

vendor:sonicwallmodel:email securityscope:lteversion:10.0.12

Trust: 1.0

vendor:oraclemodel:health sciences empirica signalscope:eqversion:9.2.0.0

Trust: 1.0

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.4

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:19.12.0.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3.14

Trust: 1.0

vendor:oraclemodel:insurance insbridge rating and underwritingscope:gteversion:5.4

Trust: 1.0

vendor:oraclemodel:health sciences informscope:eqversion:6.3.2.1

Trust: 1.0

vendor:oraclemodel:hyperion planningscope:ltversion:11.2.8.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:21.12.0.0

Trust: 1.0

vendor:oraclemodel:retail invoice matchingscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:communications eagle element management systemscope:eqversion:46.6

Trust: 1.0

vendor:oraclemodel:communications convergent charging controllerscope:lteversion:12.0.4.0.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.7.1

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:5.0.1

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.1

Trust: 1.0

vendor:sonicwallmodel:6bk1602-0aa42-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3.115

Trust: 1.0

vendor:oraclemodel:communications convergencescope:eqversion:3.0.2.2.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:ltversion:9.0

Trust: 1.0

vendor:oraclemodel:communications convergent charging controllerscope:eqversion:6.0.1.0.0

Trust: 1.0

vendor:oraclemodel:hospitality suite8scope:eqversion:8.13.0

Trust: 1.0

vendor:oraclemodel:enterprise manager for peoplesoftscope:eqversion:13.4.1.1

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.0.4.13

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:lteversion:14.3.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3.5

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:1.15.0

Trust: 1.0

vendor:oraclemodel:hyperion tax provisionscope:ltversion:11.2.8.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:19.0.0

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:eqversion:10.4.0.3

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:19.0.1

Trust: 1.0

vendor:apachemodel:log4jscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-1541 // NVD: CVE-2021-45105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-45105
value: MEDIUM

Trust: 1.0

ZDI: CVE-2021-45105
value: MEDIUM

Trust: 0.7

VULHUB: VHN-408743
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-45105
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-45105
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-408743
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-45105
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

ZDI: CVE-2021-45105
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-1541 // VULHUB: VHN-408743 // VULMON: CVE-2021-45105 // NVD: CVE-2021-45105

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-674

Trust: 1.1

sources: VULHUB: VHN-408743 // NVD: CVE-2021-45105

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 165516

TYPE

code execution

Trust: 0.4

sources: PACKETSTORM: 165632 // PACKETSTORM: 165637 // PACKETSTORM: 165650 // PACKETSTORM: 165516

PATCH

title:Apache has issued an update to correct this vulnerability.url:https://logging.apache.org/log4j/2.x/security.html

Trust: 0.7

title:Red Hat: Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221462 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45105: Certain strings can cause infinite recursionurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=9cdbf0a2dc2003562c697ebd1bd08570

Trust: 0.1

title:Red Hat: Low: Red Hat Single Sign-On 7.5.2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221469 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 8url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221463 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-5024-1 apache-log4j2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=affead52a755f931c66032144a27568d

Trust: 0.1

title:Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221299 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221296 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221297 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1733url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1733

Trust: 0.1

title:IBM: Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization – Apache Log4j – [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1239b8de81ba381055ce95c571a45bea

Trust: 0.1

title:IBM: Security Bulletin: Hortonworks DataFlow product has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities [CVE-2021-44228], [CVE-2021-45105], and [CVE-2021-45046]url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7803153fe3afe7b4246685257610b110

Trust: 0.1

title:IBM: An update on the Apache Log4j 2.x vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0648a3f00f067d373b069c4f2acd5db4

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=1b15bf8c16ace8f01272aa507f950804

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2021-008url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2021-008

Trust: 0.1

title:Cisco: Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-apache-log4j-qRuKNEbd

Trust: 0.1

title:Citrix Security Bulletins: Citrix Security Advisory for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.url:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=f1a2b6f4f4568786daf1fc5e893e9283

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=6aac0ed5554d7c299f07f7ce8ad8be79

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=42e3d15623cd7650d7ccb17534ee39a8

Trust: 0.1

title:CVE-2021-45105url:https://github.com/tejas-nagchandi/CVE-2021-45105

Trust: 0.1

title:log4j2_dos_exploiturl:https://github.com/iAmSOScArEd/log4j2_dos_exploit

Trust: 0.1

sources: ZDI: ZDI-21-1541 // VULMON: CVE-2021-45105

EXTERNAL IDS

db:NVDid:CVE-2021-45105

Trust: 2.9

db:ZDIid:ZDI-21-1541

Trust: 1.8

db:CERT/CCid:VU#930724

Trust: 1.1

db:SIEMENSid:SSA-501673

Trust: 1.1

db:SIEMENSid:SSA-479842

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2021/12/19/1

Trust: 1.1

db:ZDI_CANid:ZDI-CAN-16160

Trust: 0.7

db:PACKETSTORMid:165516

Trust: 0.2

db:PACKETSTORMid:165637

Trust: 0.2

db:PACKETSTORMid:165503

Trust: 0.2

db:PACKETSTORMid:165497

Trust: 0.2

db:PACKETSTORMid:165494

Trust: 0.2

db:PACKETSTORMid:165650

Trust: 0.2

db:PACKETSTORMid:165648

Trust: 0.2

db:PACKETSTORMid:165632

Trust: 0.2

db:PACKETSTORMid:165373

Trust: 0.1

db:PACKETSTORMid:165499

Trust: 0.1

db:PACKETSTORMid:165552

Trust: 0.1

db:PACKETSTORMid:165649

Trust: 0.1

db:PACKETSTORMid:165636

Trust: 0.1

db:PACKETSTORMid:165645

Trust: 0.1

db:CNVDid:CNVD-2021-101661

Trust: 0.1

db:VULHUBid:VHN-408743

Trust: 0.1

db:VULMONid:CVE-2021-45105

Trust: 0.1

db:PACKETSTORMid:166793

Trust: 0.1

db:PACKETSTORMid:169176

Trust: 0.1

sources: ZDI: ZDI-21-1541 // VULHUB: VHN-408743 // VULMON: CVE-2021-45105 // PACKETSTORM: 165632 // PACKETSTORM: 165637 // PACKETSTORM: 165648 // PACKETSTORM: 166793 // PACKETSTORM: 165650 // PACKETSTORM: 165503 // PACKETSTORM: 165497 // PACKETSTORM: 165494 // PACKETSTORM: 165516 // PACKETSTORM: 169176 // NVD: CVE-2021-45105

REFERENCES

url:https://logging.apache.org/log4j/2.x/security.html

Trust: 1.8

url:https://www.kb.cert.org/vuls/id/930724

Trust: 1.1

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf

Trust: 1.1

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20211218-0001/

Trust: 1.1

url:https://www.debian.org/security/2021/dsa-5024

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-21-1541/

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2021/12/19/1

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-45105

Trust: 1.0

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2021-45105

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-44832

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-45046

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-45046

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-44832

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-20321

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-42574

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-20321

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications

Trust: 0.1

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=jboss.fuse&version=7.09.0

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=jboss.fuse&version=7.10.0

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44228

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0203

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=jboss.fuse&version=7.08.0

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0083

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xcatrhoar.eclipse.vertx&version=4.1.8

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=1.6.6

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1462

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=red.hat.integration&version

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0223

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0047

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0043

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0042

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.21.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache-log4j2/2.12.4-0ubuntu0.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5222-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.21.10.1

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/apache-log4j2

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

sources: ZDI: ZDI-21-1541 // VULHUB: VHN-408743 // PACKETSTORM: 165632 // PACKETSTORM: 165637 // PACKETSTORM: 165648 // PACKETSTORM: 166793 // PACKETSTORM: 165650 // PACKETSTORM: 165503 // PACKETSTORM: 165497 // PACKETSTORM: 165494 // PACKETSTORM: 165516 // PACKETSTORM: 169176 // NVD: CVE-2021-45105

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 165632 // PACKETSTORM: 165637 // PACKETSTORM: 165648 // PACKETSTORM: 166793 // PACKETSTORM: 165650 // PACKETSTORM: 165503 // PACKETSTORM: 165497 // PACKETSTORM: 165494

SOURCES

db:ZDIid:ZDI-21-1541
db:VULHUBid:VHN-408743
db:VULMONid:CVE-2021-45105
db:PACKETSTORMid:165632
db:PACKETSTORMid:165637
db:PACKETSTORMid:165648
db:PACKETSTORMid:166793
db:PACKETSTORMid:165650
db:PACKETSTORMid:165503
db:PACKETSTORMid:165497
db:PACKETSTORMid:165494
db:PACKETSTORMid:165516
db:PACKETSTORMid:169176
db:NVDid:CVE-2021-45105

LAST UPDATE DATE

2024-11-20T19:35:14.964000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-1541date:2021-12-19T00:00:00
db:VULHUBid:VHN-408743date:2022-10-06T00:00:00
db:VULMONid:CVE-2021-45105date:2022-10-06T00:00:00
db:NVDid:CVE-2021-45105date:2022-10-06T17:31:39.640

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-1541date:2021-12-19T00:00:00
db:VULHUBid:VHN-408743date:2021-12-18T00:00:00
db:VULMONid:CVE-2021-45105date:2021-12-18T00:00:00
db:PACKETSTORMid:165632date:2022-01-20T17:49:05
db:PACKETSTORMid:165637date:2022-01-20T17:50:03
db:PACKETSTORMid:165648date:2022-01-21T15:28:58
db:PACKETSTORMid:166793date:2022-04-21T15:08:12
db:PACKETSTORMid:165650date:2022-01-21T15:29:54
db:PACKETSTORMid:165503date:2022-01-10T18:01:18
db:PACKETSTORMid:165497date:2022-01-10T17:55:11
db:PACKETSTORMid:165494date:2022-01-10T17:52:32
db:PACKETSTORMid:165516date:2022-01-12T15:36:56
db:PACKETSTORMid:169176date:2021-12-28T20:12:00
db:NVDid:CVE-2021-45105date:2021-12-18T12:15:07.433