FKIE_CVE-2021-44832

Vulnerability from fkie_nvd - Published: 2021-12-28 20:15 - Updated: 2024-11-21 06:31
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
References
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/12/28/1Mailing List, Third Party Advisory
security@apache.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdfThird Party Advisory
security@apache.orghttps://issues.apache.org/jira/browse/LOG4J2-3293Issue Tracking, Patch, Vendor Advisory
security@apache.orghttps://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143Mailing List, Vendor Advisory
security@apache.orghttps://lists.debian.org/debian-lts-announce/2021/12/msg00036.htmlMailing List, Third Party Advisory
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/
security@apache.orghttps://security.netapp.com/advisory/ntap-20220104-0001/Third Party Advisory
security@apache.orghttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/12/28/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/LOG4J2-3293Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/12/msg00036.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220104-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache log4j *
apache log4j *
apache log4j *
apache log4j 2.0
apache log4j 2.0
apache log4j 2.0
apache log4j 2.0
apache log4j 2.0
apache log4j 2.0
oracle communications_diameter_signaling_router *
oracle communications_interactive_session_recorder 6.3
oracle communications_interactive_session_recorder 6.4
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 21.12.0
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management 21.12.0.0
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle primavera_unifier 20.12
oracle primavera_unifier 21.12
oracle retail_assortment_planning 16.0.3
oracle retail_fiscal_management 14.2
oracle siebel_ui_framework 21.12
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0
cisco cloudcenter 4.10.0.16
fedoraproject fedora 34
fedoraproject fedora 35
debian debian_linux 9.0
oracle communications_brm_-_elastic_charging_engine *
oracle communications_brm_-_elastic_charging_engine 12.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_interactive_session_recorder 6.3
oracle communications_interactive_session_recorder 6.4
oracle communications_offline_mediation_controller *
oracle communications_offline_mediation_controller 12.0.0.5.0
oracle flexcube_private_banking 12.1.0
oracle health_sciences_data_management_workbench 2.5.2.1
oracle health_sciences_data_management_workbench 3.0.0.0
oracle health_sciences_data_management_workbench 3.1.0.3
oracle policy_automation *
oracle policy_automation_for_mobile_devices *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 21.12.0
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management 21.12.0.0
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle primavera_unifier 20.12
oracle primavera_unifier 21.12
oracle product_lifecycle_analytics 3.6.1
oracle retail_order_broker 18.0
oracle retail_order_broker 19.1
oracle retail_xstore_point_of_service 17.0.4
oracle retail_xstore_point_of_service 18.0.3
oracle retail_xstore_point_of_service 19.0.2
oracle retail_xstore_point_of_service 20.0.1
oracle retail_xstore_point_of_service 21.0.1
oracle siebel_ui_framework *
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5737813-009A-4FDD-AC84-42E871EA1676",
              "versionEndExcluding": "2.3.2",
              "versionStartIncluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1858C4-53AC-4528-B86F-0AB83777B4F4",
              "versionEndExcluding": "2.12.4",
              "versionStartIncluding": "2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D127EBB0-E86F-4349-96E5-19BD198E0CCA",
              "versionEndExcluding": "2.17.1",
              "versionStartIncluding": "2.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "17854E42-7063-4A55-BF2A-4C7074CC2D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "F9D58C21-34AE-4782-8580-816B2F6A8F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "DCFCBA59-E0DF-46FD-8431-C1043E7AB4EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "53F32FB2-6970-4975-8BD0-EAE12E9AD03A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B773ED91-1D39-42E6-9C52-D02210DE1A94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EF24312D-1A62-482E-8078-7EC24758B710",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F42D52-1E43-44E0-8B53-A2A918BDDEC3",
              "versionEndIncluding": "8.5.1.0",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
              "versionEndIncluding": "17.12.11",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5",
              "versionEndIncluding": "18.8.13",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A",
              "versionEndIncluding": "19.12.12",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792",
              "versionEndIncluding": "20.12.7",
              "versionStartIncluding": "20.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66F0C7C-4310-489F-8E91-4171D17DB32F",
              "versionEndIncluding": "19.12.18.0",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD",
              "versionEndIncluding": "20.12.12.0",
              "versionStartIncluding": "20.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F6FD19-A314-4A1F-96CB-6DB1CED79430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D62731F-3290-4383-A4F6-5274B4D63B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "66AB39B2-0CE1-4C7E-9E7B-B288A080D584",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6894D860-000E-439D-8AB7-07E9B2ACC31B",
              "versionEndExcluding": "12.0.0.4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD66C717-85E0-40E7-A51F-549C8196D557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9550113-7423-48D8-A1C7-95D6AEE9B33C",
              "versionEndIncluding": "8.5.1.0",
              "versionStartIncluding": "8.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11",
              "versionEndExcluding": "12.0.0.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C9A32B-B776-4704-818D-977B4B20D677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6989178B-A3D5-4441-A56C-6C639D4759DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5049591-AA1B-4D64-A925-40D0724074D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F47057A9-2DDE-4178-B140-F7D70EAED8F6",
              "versionEndIncluding": "12.2.24",
              "versionStartIncluding": "12.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9132D7F2-43B3-4595-B8BF-C9DE897087F6",
              "versionEndIncluding": "12.2.24",
              "versionStartIncluding": "12.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
              "versionEndIncluding": "17.12.11",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5",
              "versionEndIncluding": "18.8.13",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A",
              "versionEndIncluding": "19.12.12",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792",
              "versionEndIncluding": "20.12.7",
              "versionStartIncluding": "20.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981",
              "versionEndIncluding": "19.12.18.0",
              "versionStartIncluding": "19.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD",
              "versionEndIncluding": "20.12.12.0",
              "versionStartIncluding": "20.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ABA57AC-4BBF-4E4F-9F7E-D42472C36EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "889916ED-5EB2-49D6-8400-E6DBBD6C287F",
              "versionEndIncluding": "21.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."
    },
    {
      "lang": "es",
      "value": "Las versiones de Apache Log4j2 de la 2.0-beta7 a la 2.17.0 (excluyendo las versiones de correcci\u00f3n de seguridad 2.3.2 y 2.12.4) son vulnerables a un ataque de ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando una configuraci\u00f3n utiliza un JDBC Appender con un URI de origen de datos JNDI LDAP cuando un atacante tiene el control del servidor LDAP de destino. Este problema se soluciona limitando los nombres de fuentes de datos JNDI al protocolo java en las versiones 2.17.1, 2.12.4 y 2.3.2 de Log4j2"
    }
  ],
  "id": "CVE-2021-44832",
  "lastModified": "2024-11-21T06:31:34.783",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-28T20:15:08.400",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.