Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2021-45105

Disclosure Date: December 18, 2021
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.9 Medium
Impact Score:
3.6
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • apache,
  • debian,
  • netapp,
  • oracle,
  • sonicwall

Products

  • 6bk1602-0aa12-0tp0 firmware,
  • 6bk1602-0aa22-0tp0 firmware,
  • 6bk1602-0aa32-0tp0 firmware,
  • 6bk1602-0aa42-0tp0 firmware,
  • 6bk1602-0aa52-0tp0 firmware,
  • agile engineering data management 6.2.1.0,
  • agile plm 9.3.6,
  • agile plm mcad connector 3.6,
  • autovue for agile product lifecycle management 21.0.2,
  • banking deposits and lines of credit servicing 2.12.0,
  • banking enterprise default management 2.12.0,
  • banking enterprise default management 2.7.1,
  • banking loans servicing 2.12.0,
  • banking party management 2.7.0,
  • banking payments 14.5,
  • banking platform 2.12.0,
  • banking platform 2.6.2,
  • banking platform 2.7.1,
  • banking trade finance 14.5,
  • banking treasury management 14.5,
  • business intelligence 5.5.0.0.0,
  • cloud manager -,
  • communications asap 7.3,
  • communications billing and revenue management 12.0.0.4,
  • communications billing and revenue management 12.0.0.5,
  • communications cloud native core console 1.9.0,
  • communications cloud native core network function cloud native environment 1.10.0,
  • communications cloud native core network repository function 1.15.0,
  • communications cloud native core network repository function 1.15.1,
  • communications cloud native core network slice selection function 1.8.0,
  • communications cloud native core policy 1.15.0,
  • communications cloud native core security edge protection proxy 1.7.0,
  • communications cloud native core service communication proxy 1.15.0,
  • communications cloud native core unified data repository 1.15.0,
  • communications convergence 3.0.2.2.0,
  • communications convergence 3.0.3.0,
  • communications convergent charging controller,
  • communications convergent charging controller 6.0.1.0.0,
  • communications diameter signaling router,
  • communications eagle element management system 46.6,
  • communications eagle ftp table base retrieval 4.5,
  • communications element manager,
  • communications evolved communications application server 7.1,
  • communications interactive session recorder 6.3,
  • communications interactive session recorder 6.4,
  • communications ip service activator 7.4.0,
  • communications messaging server 8.1,
  • communications network charging and control,
  • communications network charging and control 6.0.1.0.0,
  • communications network integrity 7.3.6,
  • communications performance intelligence center 10.4.0.3,
  • communications pricing design center 12.0.0.4,
  • communications pricing design center 12.0.0.5,
  • communications service broker 6.2,
  • communications services gatekeeper 7.0,
  • communications session report manager,
  • communications session route manager,
  • communications unified inventory management 7.3.5,
  • communications unified inventory management 7.4.1,
  • communications unified inventory management 7.4.2,
  • communications user data repository 12.4,
  • communications webrtc session controller 7.2.0.0,
  • communications webrtc session controller 7.2.1,
  • data integrator 12.2.1.3.0,
  • data integrator 12.2.1.4.0,
  • debian linux 10.0,
  • debian linux 11.0,
  • e-business suite 12.2,
  • email security,
  • enterprise manager base platform 13.4.0.0,
  • enterprise manager base platform 13.5.0.0,
  • enterprise manager for peoplesoft 13.4.1.1,
  • enterprise manager for peoplesoft 13.5.1.1,
  • enterprise manager ops center 12.4.0.0,
  • financial services analytical applications infrastructure,
  • financial services model management and governance 8.0.8.0.0,
  • financial services model management and governance 8.1.0.0.0,
  • financial services model management and governance 8.1.1.0.0,
  • flexcube universal banking,
  • flexcube universal banking 11.83.3,
  • flexcube universal banking 14.5,
  • health sciences empirica signal 9.1.0.6,
  • health sciences empirica signal 9.2.0.0,
  • health sciences inform 6.2.1.1,
  • health sciences inform 6.3.2.1,
  • health sciences inform 7.0.0.0,
  • health sciences information manager,
  • healthcare data repository 8.1.1,
  • healthcare foundation,
  • healthcare master person index 5.0.1,
  • healthcare translational research 4.1.0,
  • healthcare translational research 4.1.1,
  • hospitality suite8 8.13.0,
  • hospitality suite8 8.14.0,
  • hospitality token proxy service 19.2,
  • hyperion bi+,
  • hyperion data relationship management,
  • hyperion infrastructure technology,
  • hyperion planning,
  • hyperion profitability and cost management,
  • hyperion tax provision,
  • identity management suite 12.2.1.3.0,
  • identity management suite 12.2.1.4.0,
  • identity manager connector 9.1.0,
  • instantis enterprisetrack 17.1,
  • instantis enterprisetrack 17.2,
  • instantis enterprisetrack 17.3,
  • insurance data gateway 1.0.1,
  • insurance insbridge rating and underwriting,
  • insurance insbridge rating and underwriting 5.2.0,
  • insurance insbridge rating and underwriting 5.6.1.0,
  • jdeveloper 12.2.1.4.0,
  • log4j,
  • managed file transfer 12.2.1.3.0,
  • managed file transfer 12.2.1.4.0,
  • management cloud engine 1.5.0,
  • mysql enterprise monitor,
  • network security manager,
  • payment interface 19.1,
  • payment interface 20.3,
  • peoplesoft enterprise peopletools 8.58,
  • peoplesoft enterprise peopletools 8.59,
  • primavera gateway,
  • primavera gateway 21.12.0,
  • primavera p6 enterprise project portfolio management,
  • primavera p6 enterprise project portfolio management 21.12.0.0,
  • primavera unifier 18.8,
  • primavera unifier 19.12,
  • primavera unifier 20.12,
  • primavera unifier 21.12,
  • retail back office 14.1,
  • retail central office 14.1,
  • retail customer insights 15.0.2,
  • retail customer insights 16.0.2,
  • retail data extractor for merchandising 15.0.2,
  • retail data extractor for merchandising 16.0.2,
  • retail eftlink 16.0.3,
  • retail eftlink 17.0.2,
  • retail eftlink 18.0.1,
  • retail eftlink 19.0.1,
  • retail eftlink 20.0.1,
  • retail eftlink 21.0.0,
  • retail financial integration,
  • retail financial integration 14.1.3.2,
  • retail financial integration 15.0.3.1,
  • retail financial integration 19.0.0,
  • retail financial integration 19.0.1,
  • retail integration bus,
  • retail integration bus 14.1.3,
  • retail integration bus 14.1.3.2,
  • retail integration bus 15.0.3.1,
  • retail integration bus 19.0.0,
  • retail integration bus 19.0.1,
  • retail invoice matching 15.0.3,
  • retail invoice matching 16.0.3,
  • retail merchandising system 16.0.3,
  • retail merchandising system 19.0.1,
  • retail order broker 16.0,
  • retail order broker 18.0,
  • retail order broker 19.1,
  • retail order management system 19.5,
  • retail point-of-service 14.1,
  • retail predictive application server 14.1.3.46,
  • retail predictive application server 15.0.3.115,
  • retail predictive application server 16.0.3.240,
  • retail price management 13.2,
  • retail price management 14.0.4,
  • retail price management 14.1.3.0,
  • retail price management 15.0.3.0,
  • retail price management 16.0.3.0,
  • retail returns management 14.1,
  • retail service backbone,
  • retail service backbone 14.1.3,
  • retail service backbone 14.1.3.2,
  • retail service backbone 15.0.3.1,
  • retail service backbone 19.0.0,
  • retail service backbone 19.0.1,
  • retail service backbone 19.0.1.0,
  • retail store inventory management 14.0.4.13,
  • retail store inventory management 14.1.3.14,
  • retail store inventory management 14.1.3.5,
  • retail store inventory management 15.0.3.3,
  • retail store inventory management 15.0.3.8,
  • retail store inventory management 16.0.3.7,
  • siebel ui framework,
  • sql developer,
  • taleo platform,
  • utilities framework,
  • utilities framework 4.4.0.0.0,
  • utilities framework 4.4.0.2.0,
  • utilities framework 4.4.0.3.0,
  • web application firewall,
  • webcenter portal 12.2.1.3.0,
  • webcenter portal 12.2.1.4.0,
  • webcenter sites 12.2.1.3.0,
  • webcenter sites 12.2.1.4.0,
  • weblogic server 12.2.1.3.0,
  • weblogic server 12.2.1.4.0,
  • weblogic server 14.1.1.0.0

Exploited in the Wild

Reported by:
Technical Analysis