Sign-up

ID

VAR-202112-1782


CVE

CVE-2021-45105


TITLE

Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-1541

DESCRIPTION

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability.The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validation of user-supplied data, which can result in a resource exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the process. Log4j is an open source project of Apache. By using Log4j, the destination of log information transmission can be controlled to be console, file, GUI component, even socket server, NT event recorder, etc. Apache Log4j2 has a denial of service vulnerability. This vulnerability is due to the fact that Apache Log4j2 is configured with a non-default Pattern Layout scenario with Context Lookup (for example: $${ctx:loginId}), attackers can use this vulnerability to construct malicious data and execute denial of service without authorization attack, eventually causing the server to denial of service. Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. For further information, refer to the release notes linked to in the References section. The purpose of this text-only errata is to inform you about the security issues fixed. The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update Advisory ID: RHSA-2022:1297-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1297 Issue date: 2022-04-11 CVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ===================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) * log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) * log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046) * log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 7. Package List: Red Hat JBoss EAP 7.4 for RHEL 8: Source: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm noarch: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm x86_64: eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK HU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K khbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ rZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo P1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e sPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R IwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt l3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0 U8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp zhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca dcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe UnHI/WwB37w= =eCh2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): LOG-1868 - The elasticsearch-im-xxx job failed when trying to start index management process for a non-existent(empty-named) index [openshift-logging-5.1] LOG-2022 - resourceVersion is overflowing type Integer causing ES rejection 6

Trust: 2.52

sources: NVD: CVE-2021-45105 // ZDI: ZDI-21-1541 // VULHUB: VHN-408743 // PACKETSTORM: 165636 // PACKETSTORM: 165648 // PACKETSTORM: 165649 // PACKETSTORM: 166673 // PACKETSTORM: 166676 // PACKETSTORM: 166798 // PACKETSTORM: 166797 // PACKETSTORM: 165499 // PACKETSTORM: 165497 // PACKETSTORM: 165494

AFFECTED PRODUCTS

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:e-business suitescope:eqversion:12.2

Trust: 1.0

vendor:oraclemodel:insurance insbridge rating and underwritingscope:eqversion:5.2.0

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:sonicwallmodel:network security managerscope:gteversion:2.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:banking enterprise default managementscope:eqversion:2.12.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:1.15.1

Trust: 1.0

vendor:sonicwallmodel:web application firewallscope:ltversion:3.1.0

Trust: 1.0

vendor:oraclemodel:webcenter sitesscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:apachemodel:log4jscope:ltversion:2.12.3

Trust: 1.0

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.4

Trust: 1.0

vendor:sonicwallmodel:email securityscope:lteversion:10.0.12

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3.8

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.1.0

Trust: 1.0

vendor:oraclemodel:hyperion infrastructure technologyscope:ltversion:11.2.8.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0.3.7

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:lteversion:12.4

Trust: 1.0

vendor:oraclemodel:health sciences empirica signalscope:eqversion:9.2.0.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:15.0.3.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:retail order management systemscope:eqversion:19.5

Trust: 1.0

vendor:oraclemodel:insurance insbridge rating and underwritingscope:eqversion:5.6.1.0

Trust: 1.0

vendor:oraclemodel:communications service brokerscope:eqversion:6.2

Trust: 1.0

vendor:oraclemodel:banking treasury managementscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:sql developerscope:ltversion:21.4.2

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:lteversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:management cloud enginescope:eqversion:1.5.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.13

Trust: 1.0

vendor:oraclemodel:retail data extractor for merchandisingscope:eqversion:15.0.2

Trust: 1.0

vendor:oraclemodel:retail data extractor for merchandisingscope:eqversion:16.0.2

Trust: 1.0

vendor:oraclemodel:communications cloud native core consolescope:eqversion:1.9.0

Trust: 1.0

vendor:apachemodel:log4jscope:gteversion:2.13.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:21.12.0.0

Trust: 1.0

vendor:oraclemodel:healthcare foundationscope:lteversion:7.3.0.4

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.2

Trust: 1.0

vendor:oraclemodel:communications user data repositoryscope:eqversion:12.4

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.5

Trust: 1.0

vendor:oraclemodel:financial services model management and governancescope:eqversion:8.1.1.0.0

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:gteversion:14.0.0

Trust: 1.0

vendor:oraclemodel:insurance insbridge rating and underwritingscope:gteversion:5.4

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:eqversion:7.0

Trust: 1.0

vendor:sonicwallmodel:6bk1602-0aa32-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:oraclemodel:health sciences empirica signalscope:eqversion:9.1.0.6

Trust: 1.0

vendor:oraclemodel:payment interfacescope:eqversion:20.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:gteversion:19.0.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:ltversion:9.0

Trust: 1.0

vendor:oraclemodel:agile plm mcad connectorscope:eqversion:3.6

Trust: 1.0

vendor:oraclemodel:retail invoice matchingscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:health sciences informscope:eqversion:7.0.0.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:21.12.0

Trust: 1.0

vendor:oraclemodel:enterprise manager for peoplesoftscope:eqversion:13.4.1.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3.46

Trust: 1.0

vendor:oraclemodel:communications cloud native core unified data repositoryscope:eqversion:1.15.0

Trust: 1.0

vendor:apachemodel:log4jscope:ltversion:2.3.1

Trust: 1.0

vendor:oraclemodel:insurance data gatewayscope:eqversion:1.0.1

Trust: 1.0

vendor:oraclemodel:communications ip service activatorscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:20.12.7

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:20.0.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.3.1

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:19.0.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3.14

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.3.0.0

Trust: 1.0

vendor:oraclemodel:communications evolved communications application serverscope:eqversion:7.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:13.2

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:14.1.3.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core service communication proxyscope:eqversion:1.15.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core security edge protection proxyscope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1.3.5

Trust: 1.0

vendor:oraclemodel:communications pricing design centerscope:eqversion:12.0.0.4

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:lteversion:21.12

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:21.0.0

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:eqversion:11.83.3

Trust: 1.0

vendor:oraclemodel:payment interfacescope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:communications convergent charging controllerscope:gteversion:12.0.1.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:gteversion:3.0.1

Trust: 1.0

vendor:apachemodel:log4jscope:lteversion:2.16.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:19.12.18.0

Trust: 1.0

vendor:oraclemodel:healthcare translational researchscope:eqversion:4.1.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:20.12.0.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:gteversion:4.3.0.1.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:autovue for agile product lifecycle managementscope:eqversion:21.0.2

Trust: 1.0

vendor:oraclemodel:communications cloud native core network function cloud native environmentscope:eqversion:1.10.0

Trust: 1.0

vendor:oraclemodel:hyperion planningscope:ltversion:11.2.8.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.7.1

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:17.0.2

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:5.5.0.0.0

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0.3.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:19.0.1

Trust: 1.0

vendor:apachemodel:log4jscope:gteversion:2.4

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:lteversion:14.3.0

Trust: 1.0

vendor:oraclemodel:communications network charging and controlscope:eqversion:6.0.1.0.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.15.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:ltversion:9.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:19.0.0

Trust: 1.0

vendor:oraclemodel:enterprise manager for peoplesoftscope:eqversion:13.5.1.1

Trust: 1.0

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.2.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:20.12.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:20.12.12.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:lteversion:16.0.3

Trust: 1.0

vendor:oraclemodel:identity manager connectorscope:eqversion:9.1.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:gteversion:16.0.1

Trust: 1.0

vendor:oraclemodel:insurance insbridge rating and underwritingscope:lteversion:5.6.0.0

Trust: 1.0

vendor:oraclemodel:identity management suitescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:hyperion profitability and cost managementscope:ltversion:11.2.8.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:gteversion:16.0.1

Trust: 1.0

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.2.0.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3.115

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.240

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.0

vendor:oraclemodel:banking deposits and lines of credit servicingscope:eqversion:2.12.0

Trust: 1.0

vendor:oraclemodel:communications pricing design centerscope:eqversion:12.0.0.5

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:14.0.4

Trust: 1.0

vendor:oraclemodel:banking paymentsscope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:gteversion:16.0.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.3.0

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:15.0.2

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:ltversion:9.0

Trust: 1.0

vendor:oraclemodel:banking enterprise default managementscope:eqversion:2.7.1

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:lteversion:3.0.4

Trust: 1.0

vendor:netappmodel:cloud managerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:webcenter sitesscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:health sciences informscope:eqversion:6.2.1.1

Trust: 1.0

vendor:oraclemodel:jdeveloperscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:lteversion:16.0.3

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:18.0

Trust: 1.0

vendor:oraclemodel:hospitality token proxy servicescope:eqversion:19.2

Trust: 1.0

vendor:oraclemodel:retail price managementscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:21.12

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:5.0.1

Trust: 1.0

vendor:oraclemodel:communications asapscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:18.0.1

Trust: 1.0

vendor:oraclemodel:communications convergencescope:eqversion:3.0.3.0

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.6

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:banking party managementscope:eqversion:2.7.0

Trust: 1.0

vendor:oraclemodel:communications convergent charging controllerscope:eqversion:6.0.1.0.0

Trust: 1.0

vendor:oraclemodel:communications network charging and controlscope:lteversion:12.0.4.0.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.1

Trust: 1.0

vendor:sonicwallmodel:6bk1602-0aa42-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:oraclemodel:hyperion bi\+scope:ltversion:11.2.8.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:1.15.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:lteversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:health sciences informscope:eqversion:6.3.2.1

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.4

Trust: 1.0

vendor:oraclemodel:communications eagle element management systemscope:eqversion:46.6

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:lteversion:16.0.3

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:19.12.0.0

Trust: 1.0

vendor:oraclemodel:communications convergent charging controllerscope:lteversion:12.0.4.0.0

Trust: 1.0

vendor:oraclemodel:banking trade financescope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:healthcare foundationscope:gteversion:7.3.0.1

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1.3.2

Trust: 1.0

vendor:sonicwallmodel:web application firewallscope:gteversion:3.0.0

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.1

Trust: 1.0

vendor:sonicwallmodel:6bk1602-0aa12-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:oraclemodel:communications network charging and controlscope:gteversion:12.0.1.0.0

Trust: 1.0

vendor:sonicwallmodel:network security managerscope:ltversion:3.0

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:16.0.2

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:healthcare translational researchscope:eqversion:4.1.1

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.0.4.13

Trust: 1.0

vendor:oraclemodel:flexcube universal bankingscope:gteversion:12.1.0

Trust: 1.0

vendor:apachemodel:log4jscope:gteversion:2.0

Trust: 1.0

vendor:oraclemodel:hospitality suite8scope:eqversion:8.13.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:communications convergencescope:eqversion:3.0.2.2.0

Trust: 1.0

vendor:oraclemodel:retail invoice matchingscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:19.0.0

Trust: 1.0

vendor:oraclemodel:banking loans servicingscope:eqversion:2.12.0

Trust: 1.0

vendor:oraclemodel:hospitality suite8scope:eqversion:8.14.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:1.8.0

Trust: 1.0

vendor:oraclemodel:communications eagle ftp table base retrievalscope:eqversion:4.5

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.1

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:eqversion:10.4.0.3

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:hyperion data relationship managementscope:ltversion:11.2.8.0

Trust: 1.0

vendor:oraclemodel:financial services model management and governancescope:eqversion:8.0.8.0.0

Trust: 1.0

vendor:oraclemodel:healthcare data repositoryscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:8.0.29

Trust: 1.0

vendor:oraclemodel:identity management suitescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0.3.3

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.12

Trust: 1.0

vendor:oraclemodel:retail returns managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.5

Trust: 1.0

vendor:sonicwallmodel:6bk1602-0aa52-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.12.0

Trust: 1.0

vendor:oraclemodel:communications messaging serverscope:eqversion:8.1

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.2

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:oraclemodel:financial services model management and governancescope:eqversion:8.1.0.0.0

Trust: 1.0

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.3

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:data integratorscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0.0

Trust: 1.0

vendor:oraclemodel:taleo platformscope:ltversion:22.1

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.6

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.5.0.0

Trust: 1.0

vendor:sonicwallmodel:6bk1602-0aa22-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:oraclemodel:hyperion tax provisionscope:ltversion:11.2.8.0

Trust: 1.0

vendor:apachemodel:log4jscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-1541 // NVD: CVE-2021-45105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-45105
value: MEDIUM

Trust: 1.0

ZDI: CVE-2021-45105
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-202112-1493
value: MEDIUM

Trust: 0.6

VULHUB: VHN-408743
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-45105
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-408743
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-45105
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

ZDI: CVE-2021-45105
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-1541 // VULHUB: VHN-408743 // CNNVD: CNNVD-202112-1493 // NVD: CVE-2021-45105

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-674

Trust: 1.1

sources: VULHUB: VHN-408743 // NVD: CVE-2021-45105

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 166673 // PACKETSTORM: 166676 // CNNVD: CNNVD-202112-1493

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-1493

PATCH

title:Apache has issued an update to correct this vulnerability.url:https://logging.apache.org/log4j/2.x/security.html

Trust: 0.7

title:Apache Log4j Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178594

Trust: 0.6

sources: ZDI: ZDI-21-1541 // CNNVD: CNNVD-202112-1493

EXTERNAL IDS

db:NVDid:CVE-2021-45105

Trust: 3.4

db:ZDIid:ZDI-21-1541

Trust: 2.4

db:CERT/CCid:VU#930724

Trust: 1.7

db:SIEMENSid:SSA-501673

Trust: 1.7

db:SIEMENSid:SSA-479842

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/12/19/1

Trust: 1.7

db:PACKETSTORMid:165497

Trust: 0.8

db:PACKETSTORMid:165648

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-16160

Trust: 0.7

db:PACKETSTORMid:165516

Trust: 0.7

db:PACKETSTORMid:165373

Trust: 0.7

db:PACKETSTORMid:165552

Trust: 0.7

db:PACKETSTORMid:165645

Trust: 0.7

db:PACKETSTORMid:166798

Trust: 0.7

db:CS-HELPid:SB2022072076

Trust: 0.6

db:CS-HELPid:SB2022032006

Trust: 0.6

db:CS-HELPid:SB2022042115

Trust: 0.6

db:CS-HELPid:SB2021122913

Trust: 0.6

db:CS-HELPid:SB2022022126

Trust: 0.6

db:CS-HELPid:SB2022062006

Trust: 0.6

db:CS-HELPid:SB2022011734

Trust: 0.6

db:CS-HELPid:SB2022012334

Trust: 0.6

db:CS-HELPid:SB2022010325

Trust: 0.6

db:CS-HELPid:SB2021122308

Trust: 0.6

db:CS-HELPid:SB2022010517

Trust: 0.6

db:CS-HELPid:SB2022021429

Trust: 0.6

db:CS-HELPid:SB2022030709

Trust: 0.6

db:CS-HELPid:SB2021123016

Trust: 0.6

db:CS-HELPid:SB2021121903

Trust: 0.6

db:CS-HELPid:SB2022011838

Trust: 0.6

db:CS-HELPid:SB2021122726

Trust: 0.6

db:CS-HELPid:SB2022010632

Trust: 0.6

db:CS-HELPid:SB2022072504

Trust: 0.6

db:CS-HELPid:SB2022011042

Trust: 0.6

db:CS-HELPid:SB2022012045

Trust: 0.6

db:CS-HELPid:SB2022010421

Trust: 0.6

db:CS-HELPid:SB2022012443

Trust: 0.6

db:CS-HELPid:SB2021122814

Trust: 0.6

db:CS-HELPid:SB2022012501

Trust: 0.6

db:CS-HELPid:SB2022020608

Trust: 0.6

db:CS-HELPid:SB2022011226

Trust: 0.6

db:CS-HELPid:SB2021122213

Trust: 0.6

db:CS-HELPid:SB2022012742

Trust: 0.6

db:CS-HELPid:SB2021122114

Trust: 0.6

db:CS-HELPid:SB2022060808

Trust: 0.6

db:CS-HELPid:SB2022032405

Trust: 0.6

db:CS-HELPid:SB2022060712

Trust: 0.6

db:CS-HELPid:SB2021122019

Trust: 0.6

db:PACKETSTORMid:166677

Trust: 0.6

db:AUSCERTid:ESB-2022.0199

Trust: 0.6

db:AUSCERTid:ESB-2022.0125

Trust: 0.6

db:AUSCERTid:ESB-2022.0044.2

Trust: 0.6

db:AUSCERTid:ESB-2022.0086

Trust: 0.6

db:AUSCERTid:ESB-2022.0045

Trust: 0.6

db:AUSCERTid:ESB-2022.0240

Trust: 0.6

db:AUSCERTid:ESB-2022.0247

Trust: 0.6

db:AUSCERTid:ESB-2021.4187.6

Trust: 0.6

db:AUSCERTid:ESB-2022.0332

Trust: 0.6

db:AUSCERTid:ESB-2021.4302.3

Trust: 0.6

db:AUSCERTid:ESB-2022.0038

Trust: 0.6

db:AUSCERTid:ESB-2021.4313

Trust: 0.6

db:AUSCERTid:ESB-2022.0175

Trust: 0.6

db:AUSCERTid:ESB-2022.0091

Trust: 0.6

db:LENOVOid:LEN-76573

Trust: 0.6

db:CNNVDid:CNNVD-202112-1493

Trust: 0.6

db:PACKETSTORMid:165499

Trust: 0.2

db:PACKETSTORMid:165649

Trust: 0.2

db:PACKETSTORMid:165494

Trust: 0.2

db:PACKETSTORMid:165636

Trust: 0.2

db:PACKETSTORMid:165637

Trust: 0.1

db:PACKETSTORMid:165503

Trust: 0.1

db:PACKETSTORMid:165650

Trust: 0.1

db:PACKETSTORMid:165632

Trust: 0.1

db:CNVDid:CNVD-2021-101661

Trust: 0.1

db:VULHUBid:VHN-408743

Trust: 0.1

db:PACKETSTORMid:166673

Trust: 0.1

db:PACKETSTORMid:166676

Trust: 0.1

db:PACKETSTORMid:166797

Trust: 0.1

sources: ZDI: ZDI-21-1541 // VULHUB: VHN-408743 // PACKETSTORM: 165636 // PACKETSTORM: 165648 // PACKETSTORM: 165649 // PACKETSTORM: 166673 // PACKETSTORM: 166676 // PACKETSTORM: 166798 // PACKETSTORM: 166797 // PACKETSTORM: 165499 // PACKETSTORM: 165497 // PACKETSTORM: 165494 // CNNVD: CNNVD-202112-1493 // NVD: CVE-2021-45105

REFERENCES

url:https://logging.apache.org/log4j/2.x/security.html

Trust: 2.4

url:https://www.zerodayinitiative.com/advisories/zdi-21-1541/

Trust: 2.3

url:https://www.kb.cert.org/vuls/id/930724

Trust: 1.7

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf

Trust: 1.7

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20211218-0001/

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-5024

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/12/19/1

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2021-45105

Trust: 1.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-45105

Trust: 1.0

url:https://bugzilla.redhat.com/):

Trust: 1.0

url:https://access.redhat.com/security/team/contact/

Trust: 1.0

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/

Trust: 0.6

url:https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0125

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0045

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060808

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072076

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0086

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0240

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-log4j-overload-via-lookup-evaluation-infinite-recursion-37103

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011838

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4302.3

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122213

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122814

Trust: 0.6

url:https://packetstormsecurity.com/files/165645/red-hat-security-advisory-2022-0205-02.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011042

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010632

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122019

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0038

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012334

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072504

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0199

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030709

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010517

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012742

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012501

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022062006

Trust: 0.6

url:https://packetstormsecurity.com/files/165552/red-hat-security-advisory-2022-0026-06.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021123016

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011734

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122726

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010325

Trust: 0.6

url:https://packetstormsecurity.com/files/165516/ubuntu-security-notice-usn-5222-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022020608

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011226

Trust: 0.6

url:https://packetstormsecurity.com/files/165373/ubuntu-security-notice-usn-5203-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122114

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122913

Trust: 0.6

url:https://packetstormsecurity.com/files/165648/red-hat-security-advisory-2022-0219-03.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032405

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021121903

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032006

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0332

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0175

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042115

Trust: 0.6

url:https://packetstormsecurity.com/files/166798/red-hat-security-advisory-2022-1469-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0044.2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0091

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060712

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022126

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4313

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022021429

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4187.6

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122308

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-76573

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012045

Trust: 0.6

url:https://packetstormsecurity.com/files/166677/red-hat-security-advisory-2022-1296-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012443

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010421

Trust: 0.6

url:https://packetstormsecurity.com/files/165497/red-hat-security-advisory-2022-0043-03.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0247

Trust: 0.6

url:https://issues.jboss.org/):

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-45046

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-44832

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-45046

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-44832

Trust: 0.4

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-20321

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-42574

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-20321

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.3

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=appplatform&version=7.4

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23307

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23302

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23305

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4104

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23302

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23305

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23307

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4104

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.2

url:https://access.redhat.com/errata/rhsa-2022:0216

Trust: 0.1

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.1

url:https://access.redhat.com/solutions/6577421

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=1.6.6

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0222

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=red.hat.integration&version

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1299

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1297

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html/release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1469

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=patches&version=7.5

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1463

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36327

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36327

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0044

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0043

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0042

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Trust: 0.1

sources: ZDI: ZDI-21-1541 // VULHUB: VHN-408743 // PACKETSTORM: 165636 // PACKETSTORM: 165648 // PACKETSTORM: 165649 // PACKETSTORM: 166673 // PACKETSTORM: 166676 // PACKETSTORM: 166798 // PACKETSTORM: 166797 // PACKETSTORM: 165499 // PACKETSTORM: 165497 // PACKETSTORM: 165494 // CNNVD: CNNVD-202112-1493 // NVD: CVE-2021-45105

CREDITS

Guy Lederfein of Trend Micro Security Research

Trust: 1.3

sources: ZDI: ZDI-21-1541 // CNNVD: CNNVD-202112-1493

SOURCES

db:ZDIid:ZDI-21-1541
db:VULHUBid:VHN-408743
db:PACKETSTORMid:165636
db:PACKETSTORMid:165648
db:PACKETSTORMid:165649
db:PACKETSTORMid:166673
db:PACKETSTORMid:166676
db:PACKETSTORMid:166798
db:PACKETSTORMid:166797
db:PACKETSTORMid:165499
db:PACKETSTORMid:165497
db:PACKETSTORMid:165494
db:CNNVDid:CNNVD-202112-1493
db:NVDid:CVE-2021-45105

LAST UPDATE DATE

2024-12-21T21:56:31.041000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-1541date:2021-12-19T00:00:00
db:VULHUBid:VHN-408743date:2022-10-06T00:00:00
db:CNNVDid:CNNVD-202112-1493date:2022-07-26T00:00:00
db:NVDid:CVE-2021-45105date:2024-11-21T06:31:58.170

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-1541date:2021-12-19T00:00:00
db:VULHUBid:VHN-408743date:2021-12-18T00:00:00
db:PACKETSTORMid:165636date:2022-01-20T17:49:52
db:PACKETSTORMid:165648date:2022-01-21T15:28:58
db:PACKETSTORMid:165649date:2022-01-21T15:29:08
db:PACKETSTORMid:166673date:2022-04-11T17:07:22
db:PACKETSTORMid:166676date:2022-04-11T17:14:49
db:PACKETSTORMid:166798date:2022-04-21T15:09:01
db:PACKETSTORMid:166797date:2022-04-21T15:08:51
db:PACKETSTORMid:165499date:2022-01-10T17:56:39
db:PACKETSTORMid:165497date:2022-01-10T17:55:11
db:PACKETSTORMid:165494date:2022-01-10T17:52:32
db:CNNVDid:CNNVD-202112-1493date:2021-12-18T00:00:00
db:NVDid:CVE-2021-45105date:2021-12-18T12:15:07.433