Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-45105 (GCVE-0-2021-45105)
Vulnerability from cvelistv5 – Published: 2021-12-18 11:55 – Updated: 2026-05-29 11:45
VLAI
EPSS
Title
Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://logging.apache.org/log4j/2.x/security.html | x_refsource_MISC |
| https://psirt.global.sonicwall.com/vuln-detail/SN… | x_refsource_CONFIRM |
| https://www.kb.cert.org/vuls/id/930724 | third-party-advisoryx_refsource_CERT-VN |
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| http://www.openwall.com/lists/oss-security/2021/12/19/1 | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2021/dsa-5024 | vendor-advisoryx_refsource_DEBIAN |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2021121… | x_refsource_CONFIRM |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Affected:
log4j-core , < 2.17.0
(custom)
|
Credits
Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro’s Zero Day Initiative, and another anonymous vulnerability researcher
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:20.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
},
{
"name": "DSA-5024",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5024"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-45105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T11:45:21.048570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T11:45:26.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Log4j2",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.13.0",
"status": "affected"
},
{
"at": "2.12.3",
"status": "unaffected"
},
{
"at": "2.4",
"status": "affected"
},
{
"at": "2.3.1",
"status": "unaffected"
},
{
"at": "2.0-alpha1",
"status": "affected"
}
],
"lessThan": "2.17.0",
"status": "affected",
"version": "log4j-core",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
}
],
"metrics": [
{
"other": {
"content": {
"other": "high"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:41:57.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
},
{
"name": "DSA-5024",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5024"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"source": {
"defect": [
"LOG4J2-3230"
],
"discovery": "UNKNOWN"
},
"title": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
"workarounds": [
{
"lang": "en",
"value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-45105",
"STATE": "PUBLIC",
"TITLE": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Log4j2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.17.0"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.13.0"
},
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.12.3"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.4"
},
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.3.1"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.0-alpha1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "high"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-674: Uncontrolled Recursion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://logging.apache.org/log4j/2.x/security.html",
"refsource": "MISC",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"name": "VU#930724",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
},
{
"name": "DSA-5024",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5024"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211218-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
},
"source": {
"defect": [
"LOG4J2-3230"
],
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-45105",
"datePublished": "2021-12-18T11:55:08.000Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2026-05-29T11:45:26.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-45105",
"date": "2026-06-06",
"epss": "0.74016",
"percentile": "0.98851"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-45105\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2021-12-18T12:15:07.433\",\"lastModified\":\"2026-05-29T13:16:19.967\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.\"},{\"lang\":\"es\",\"value\":\"Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no proteg\u00edan de la recursi\u00f3n no controlada de las b\u00fasquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegaci\u00f3n de servicio cuando es interpretada una cadena dise\u00f1ada. Este problema se ha corregido en Log4j versiones 2.17.0, 2.12.3 y 2.3.1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-674\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"2.3.1\",\"matchCriteriaId\":\"42BCB94E-86D2-4B98-B9E6-5789F2272692\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4\",\"versionEndExcluding\":\"2.12.3\",\"matchCriteriaId\":\"19DA22A8-0B29-4181-B44E-57D28D9DB331\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.13.0\",\"versionEndIncluding\":\"2.16.0\",\"matchCriteriaId\":\"61E2AC03-D49B-4A15-BDA4-61DAF142CEED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"197D0D80-6702-4B61-B681-AFDBA7D69067\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.0.12\",\"matchCriteriaId\":\"421BCD43-8ECC-4B1E-9F3E-C20BB2BC672A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"1EA49667-8F94-4091-B9A9-A94318D83C24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"7C1B257C-9442-4C73-91CB-67893A78F0DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.1.0\",\"matchCriteriaId\":\"AD1E667A-9CAA-4382-957A-E4F1A4960E0C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"B407FBDB-7900-4F69-B745-809277F26050\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05AF56AD-FBAF-4AB8-B04D-1E28BF10B767\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"E3103225-6440-43F4-9493-131878735B2A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B3A0115-86AB-4677-A026-D99B971D9EF5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"914A44DE-C4AA-45A0-AC26-5FAAF576130E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D1C62CF-414A-4670-9F19-C11A381DB830\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"75359CC5-58A7-4B5A-B9BF-BDE59552EF1C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"706A3F00-8489-4735-B09B-34528F7C556A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"C23D02B7-C9A7-4ED9-AE71-765F01ACA55C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9DCB171-E4C8-4472-8023-20992ABB9348\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80C9DBB8-3D50-4D5D-859A-B022EB7C2E64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0C0714E-4255-4095-B26C-70EB193B8F98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97994257-C9A4-4491-B362-E8B25B7187AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F834ACC-D65B-4CA3-91F1-415CBC6077E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"473749BD-267E-480F-8E7F-C762702DB66E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"320D36DA-D99F-4149-B582-3F4AB2F41A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E502A46-BAF4-4558-BC8F-9F014A2FB26A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C542DC5E-6657-4178-9C69-46FD3C187D56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"633E5B20-A7A7-4346-A71D-58121B006D00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132CE62A-FBFC-4001-81EC-35D81F73AF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDC6D658-09EA-4C41-869F-1C2EA163F751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64750C01-21AC-4947-B674-6690EAAAC5DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C3D0063-9458-4018-9B92-79A219716C10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"D40AD626-B23A-44A3-A6C0-1FFB4D647AE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3141B86F-838D-491A-A8ED-3B7C54EA89C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B465F237-0271-4389-8035-89C07A52350D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"123CB9B5-C800-47FD-BD0C-BE44198E97E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAAB7154-4DE8-4806-86D0-C1D33B84417B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2A5B24D-BDF2-423C-98EA-A40778C01A05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F60E32F-0CA0-4C2D-9848-CB92765A9ACB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF616620-88CE-4A77-B904-C1728A2E6F9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA09838-BF13-46AC-BB97-A69F48B73A8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4367D9B-BF81-47AD-A840-AC46317C774D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"175B97A7-0B00-4378-AD9F-C01B6D9FD570\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6EAA723-2A23-4151-930B-86ACF9CC1C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEC452FA-D1D5-4175-9371-F6055818192E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.1.0.0\",\"versionEndIncluding\":\"12.0.4.0.0\",\"matchCriteriaId\":\"0172500D-DE51-44E0-91E8-C8F36617C1F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E99E7D49-AE53-4D16-AB24-EBEAAD084289\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0.0\",\"versionEndIncluding\":\"8.5.1.0\",\"matchCriteriaId\":\"F9550113-7423-48D8-A1C7-95D6AEE9B33C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FDD479D-9070-42E2-A8B1-9497BC4C0CF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0\",\"matchCriteriaId\":\"02712DD6-D944-4452-8015-000B9851D257\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"987811D5-DA5E-493D-8709-F9231A84E5F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46E23F2E-6733-45AF-9BD9-1A600BD278C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E812639B-EE28-4C68-9F6F-70C8BF981C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE7A60DB-A287-4E61-8131-B6314007191B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1214FDF-357A-4BB9-BADE-50FB2BD16D10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.1.0.0\",\"versionEndIncluding\":\"12.0.4.0.0\",\"matchCriteriaId\":\"26940103-F37C-4FBD-BDFD-528A497209D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B21E6EEF-2AB7-4E96-B092-1F49D11B4175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00E9A2B1-7562-4E6B-AE25-1B647F24EFDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6BDB265-293F-4F27-8CE0-576DF3ECD3BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53600579-4542-4D80-A93C-3E45938C749D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6235EAE-47DD-4292-9941-6FF8D0A83843\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062E4E7C-55BB-46F3-8B61-5A663B565891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0\",\"matchCriteriaId\":\"274BCA96-2E6A-4B77-B69E-E2093A668D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0\",\"matchCriteriaId\":\"8D4B738B-08CF-44F6-A939-39F5BEAF03B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E43D793A-7756-4D58-A8ED-72DC4EC9CEA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FAF2403-99A1-4DBC-BAC4-35D883D8E5D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4AA6214-A85D-4BF4-ABBF-0E4F8B7DA817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F05AF4B-A747-4314-95AE-F8495479AB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9901F6BA-78D5-45B8-9409-07FF1C6DDD38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FADE563-5AAA-42FF-B43F-35B20A2386C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3C968F-4038-4A8D-A345-8CD3F73A653B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E8758C8-87D3-450A-878B-86CE8C9FC140\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"615C7D0D-A9D5-43BA-AF61-373EC1095354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F772DC1-F93E-43A4-81DA-A2A1E204C5D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.7\",\"versionEndIncluding\":\"8.1.1\",\"matchCriteriaId\":\"7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F033C6C8-61D9-41ED-94E6-63BE7BA22EFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B829B72-7DE0-415F-A1AF-51637F134B76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF8DC5FD-09DE-446F-879B-DB86C0CC95B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.4\",\"matchCriteriaId\":\"B0148D20-089E-4C19-8CA3-07598D8AFBF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.3.0\",\"matchCriteriaId\":\"54BE0CCE-8216-4CCF-96E1-38EF76124368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0017AE8C-DBCA-46B4-A036-DF0E289199D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"609645BF-B34F-40AC-B9C9-C3FB870F4ED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67013CB6-5FA6-438B-A131-5AEDEBC66723\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC5F6E6-3515-439B-9665-3B6151CEF577\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB4F0E6-3B36-4736-B2F2-CB2A16309F8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E72CF27-6E5F-404E-B5DF-B470C99AF5E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51BCEC65-25B7-480C-860C-9D97F78CCE3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.1\",\"versionEndIncluding\":\"3.0.4\",\"matchCriteriaId\":\"16AEA21E-0B11-44A5-8BFB-550521D8E0D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA92E70A-2249-4144-B0B8-35501159ADB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3.0.1\",\"versionEndIncluding\":\"7.3.0.4\",\"matchCriteriaId\":\"9F69F8F6-BA2D-4DC6-BAB2-B9155F8B45CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10774601-93C3-4938-A3E7-3C3D97A6F73C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"523391D8-CB84-4EBD-B337-6A99F52E537F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0A3C700-710A-4A0A-A2D4-ABB7AAC9B128\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7E9060-BA5B-4682-AC0D-EE5105AD0332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7D45E2D-241B-4839-B255-A81107BF94BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_bi\\\\+:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.8.0\",\"matchCriteriaId\":\"9C083F1E-8BF2-48C7-92FB-BD105905258E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.8.0\",\"matchCriteriaId\":\"E8E7FBA9-0FFF-4C86-B151-28C17A142E0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.8.0\",\"matchCriteriaId\":\"55BBCD48-BCC6-4E19-A4CE-970E524B9FF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.8.0\",\"matchCriteriaId\":\"C3E11E28-78AA-42BB-927D-D22CBDDD62B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.8.0\",\"matchCriteriaId\":\"30927787-2815-4BEF-A7C2-960F92238303\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2.8.0\",\"matchCriteriaId\":\"C0ABD2DC-9357-4097-BE62-BB7A4988A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1489DDA7-EDBE-404C-B48D-F0B52B741708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"535BC19C-21A1-48E3-8CC0-B276BA5D494E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8508EF23-43DC-431F-B410-FD0BA897C371\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F69B9A5-F21B-4904-9F27-95C0F7A628E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B85A426-5714-4CEA-8A97-720F882B2D58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4\",\"versionEndIncluding\":\"5.6.0.0\",\"matchCriteriaId\":\"604FBBC9-04DC-49D2-AB7A-6124256431AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"428D2B1D-CFFD-49D1-BC05-2D85D22004DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B8AA91A-1880-43CD-938D-48EF58ACF2CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E3E923-E2AD-400D-A618-26ADF7F841A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB58D27-37F2-4A32-B786-3490024290A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F66C747-733F-46A1-9A6B-EEB1A1AEC45D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.29\",\"matchCriteriaId\":\"B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D01A0EC-3846-4A74-A174-3797078DC699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03E5FCFB-093A-48E9-8A4E-34C993D2764E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.11\",\"matchCriteriaId\":\"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.13\",\"matchCriteriaId\":\"A621A5AE-6974-4BA5-B1AC-7130A46F68F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.12\",\"matchCriteriaId\":\"4096281D-2EBA-490D-8180-3C9D05EB890A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0\",\"versionEndIncluding\":\"20.12.7\",\"matchCriteriaId\":\"E6B70E72-B9FC-4E49-8EDD-29C7E14F5792\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F45363-236B-4040-8AE4-C6C0E204EDBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0.0\",\"versionEndIncluding\":\"19.12.18.0\",\"matchCriteriaId\":\"AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0.0\",\"versionEndIncluding\":\"20.12.12.0\",\"matchCriteriaId\":\"651104CE-0569-4E6D-ACAB-AD2AC85084DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45D89239-9142-46BD-846D-76A5A74A67B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C55C69-E22E-4B80-9371-5CD821D79FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0735989-13BD-40B3-B954-AC0529C5B53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58405263-E84C-4071-BB23-165D49034A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D1C35DF-D30D-42C8-B56D-C809609AB2A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"834B4CE7-042E-489F-AE19-0EEA2C37E7A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82653579-FF7D-4492-9CA2-B3DF6A708831\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32D2EB48-F9A2-4D23-81C5-4B30F2D785DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3796186-D3A7-4259-846B-165AD9CEB7F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEDA5540-692D-47DA-9F68-83158D9AE628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5435583-C454-4AC9-8A35-D2D30EB252EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2140357-503A-4D2A-A099-CFA4DC649E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BAE5686-8E11-4EF1-BC7E-5C565F2440C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4B95628-F108-424A-8C19-40A5F5B7D37B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.1\",\"versionEndIncluding\":\"16.0.3\",\"matchCriteriaId\":\"1E03B340-8C77-4DFA-8536-C57656E237D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"798E4FEE-9B2B-436E-A2B3-B8AA1079892A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B7B0B33-2361-4CF5-8075-F609858A582E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7435071D-0C95-4686-A978-AFC4C9A0D0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.1\",\"versionEndIncluding\":\"16.0.3\",\"matchCriteriaId\":\"A921C710-1C59-429F-B985-67C0DBFD695E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.0.0\",\"versionEndIncluding\":\"19.0.1.0\",\"matchCriteriaId\":\"B9E458AF-0EEC-453E-AA9D-6C79211000AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1AFAE16-B69F-410A-8CE3-1CDD998A8433\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CFCE558-9972-46A2-8539-C16044F1BAA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFDF4CB0-4680-449A-8576-915721D59500\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD311C33-A309-44D5-BBFB-539D72C7F8C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0472632-4104-4397-B619-C4E86A748465\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E25E7C-F7E8-4739-8251-00ACD11C12FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8383028-B719-41FD-9B6A-71F8EB4C5F8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38E74E68-7F19-4EF3-AC00-3C249EAAA39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7BD0D41-1BED-4C4F-95C8-8987C98908DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B5DC78-1C24-4F2B-A254-D833FAF47013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E13DF2AE-F315-4085-9172-6C8B21AF1C9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9002379B-4FDA-44F3-98EB-0C9B6083E429\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"476B038D-7F60-482D-87AD-B58BEA35558E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB86C644-7B79-4F87-A06D-C178E8C2B8B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C19C5CC9-544A-4E4D-8F0A-579BB5270F07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E1A9B0C-735A-40B4-901C-663CF5162E96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0791694C-9B4E-42EA-8F6C-899B43B6D769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"312992F0-E65A-4E38-A44C-363A7E157CE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1940FD6-39FA-4F92-9625-F215D8051E80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB925C6-2CBC-4D88-B9EA-F246F4F7A206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.1\",\"versionEndIncluding\":\"16.0.3\",\"matchCriteriaId\":\"0CE45891-A6A5-4699-90A6-6F49E60A7987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7FCC976-615C-4DE5-9F50-1B25E9553962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E702EBED-DB39-4084-84B1-258BC5FE7545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F7956BF-D5B6-484B-999C-36B45CD8B75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D14A54A-4B04-41DE-B731-844D8AC3BE23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DA6B655-A445-42E5-B6D9-70AB1C04774A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D57F5CB-E566-450F-B7D7-DD771F7C746C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88458537-6DE8-4D79-BC71-9D08883AD0C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E310654-0793-41CC-B049-C754AC31D016\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C5B22C6-97AF-4D1B-84C9-987C6F62C401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFD9AAE5-9472-49C6-B054-DB76BEB86D35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A104FDBD-0B28-44EE-91A0-A0C8939865A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"21.12\",\"matchCriteriaId\":\"889916ED-5EB2-49D6-8400-E6DBBD6C287F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.4.2\",\"matchCriteriaId\":\"1C470BAD-F7E2-4802-B1BE-E71EBB073DA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.1\",\"matchCriteriaId\":\"4E1A18FB-85E6-4C5D-8F8A-12F86EDC6A2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0.1.0\",\"versionEndIncluding\":\"4.3.0.6.0\",\"matchCriteriaId\":\"51309958-121D-4649-AB9A-EBFA3A49F7CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F906F04-39E4-4BE4-8A73-9D058AAADB43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B393A82-476A-4270-A903-38ED4169E431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A502118-5B2B-47AE-82EC-1999BD841103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D551CAB1-4312-44AA-BDA8-A030817E153A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"174A6D2E-E42E-4C92-A194-C6A820CD7EF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/12/19/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://logging.apache.org/log4j/2.x/security.html\",\"source\":\"security@apache.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211218-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-5024\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/930724\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1541/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/12/19/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://logging.apache.org/log4j/2.x/security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211218-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-5024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/930724\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1541/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://logging.apache.org/log4j/2.x/security.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/930724\", \"name\": \"VU#930724\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\", \"name\": \"20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/12/19/1\", \"name\": \"[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-5024\", \"name\": \"DSA-5024\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20211218-0001/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-21-1541/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T04:39:20.295Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-45105\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-29T11:45:21.048570Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-29T11:45:16.287Z\"}}], \"cna\": {\"title\": \"Apache Log4j2 does not always protect from infinite recursion in lookup evaluation\", \"source\": {\"defect\": [\"LOG4J2-3230\"], \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\\u2019s Zero Day Initiative, and another anonymous vulnerability researcher\"}], \"metrics\": [{\"other\": {\"type\": \"unknown\", \"content\": {\"other\": \"high\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Log4j2\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"2.13.0\", \"status\": \"affected\"}, {\"at\": \"2.12.3\", \"status\": \"unaffected\"}, {\"at\": \"2.4\", \"status\": \"affected\"}, {\"at\": \"2.3.1\", \"status\": \"unaffected\"}, {\"at\": \"2.0-alpha1\", \"status\": \"affected\"}], \"version\": \"log4j-core\", \"lessThan\": \"2.17.0\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://logging.apache.org/log4j/2.x/security.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/930724\", \"name\": \"VU#930724\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\", \"name\": \"20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/12/19/1\", \"name\": \"[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-5024\", \"name\": \"DSA-5024\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20211218-0001/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-21-1541/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"tags\": [\"x_refsource_MISC\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Implement one of the following mitigation techniques:\\n\\n* Java 8 (or later) users should upgrade to release 2.17.0.\\n\\nAlternatively, this can be mitigated in configuration:\\n\\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \\nfrom sources external to the application such as HTTP headers or user input.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674: Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2022-07-25T16:41:57.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\\u2019s Zero Day Initiative, and another anonymous vulnerability researcher\"}], \"impact\": [{\"other\": \"high\"}], \"source\": {\"defect\": [\"LOG4J2-3230\"], \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_name\": \"log4j-core\", \"version_value\": \"2.17.0\", \"version_affected\": \"\u003c\"}, {\"version_name\": \"log4j-core\", \"version_value\": \"2.13.0\", \"version_affected\": \"\u003e=\"}, {\"version_name\": \"log4j-core\", \"version_value\": \"2.12.3\", \"version_affected\": \"\u003c\"}, {\"version_name\": \"log4j-core\", \"version_value\": \"2.4\", \"version_affected\": \"\u003e=\"}, {\"version_name\": \"log4j-core\", \"version_value\": \"2.3.1\", \"version_affected\": \"\u003c\"}, {\"version_name\": \"log4j-core\", \"version_value\": \"2.0-alpha1\", \"version_affected\": \"\u003e=\"}]}, \"product_name\": \"Apache Log4j2\"}]}, \"vendor_name\": \"Apache Software Foundation\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://logging.apache.org/log4j/2.x/security.html\", \"name\": \"https://logging.apache.org/log4j/2.x/security.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\", \"name\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/930724\", \"name\": \"VU#930724\", \"refsource\": \"CERT-VN\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\", \"name\": \"20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021\", \"refsource\": \"CISCO\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/12/19/1\", \"name\": \"[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.debian.org/security/2021/dsa-5024\", \"name\": \"DSA-5024\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf\", \"name\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20211218-0001/\", \"name\": \"https://security.netapp.com/advisory/ntap-20211218-0001/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-21-1541/\", \"name\": \"https://www.zerodayinitiative.com/advisories/ZDI-21-1541/\", \"refsource\": \"MISC\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf\", \"name\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20 Improper Input Validation\"}]}, {\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-674: Uncontrolled Recursion\"}]}]}, \"work_around\": [{\"lang\": \"en\", \"value\": \"Implement one of the following mitigation techniques:\\n\\n* Java 8 (or later) users should upgrade to release 2.17.0.\\n\\nAlternatively, this can be mitigated in configuration:\\n\\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \\nfrom sources external to the application such as HTTP headers or user input.\"}], \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-45105\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Apache Log4j2 does not always protect from infinite recursion in lookup evaluation\", \"ASSIGNER\": \"security@apache.org\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-45105\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-29T11:45:26.064Z\", \"dateReserved\": \"2021-12-16T00:00:00.000Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2021-12-18T11:55:08.000Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CISCO-SA-APACHE-LOG4J-QRUKNEBD
Vulnerability from csaf_cisco - Published: 2021-12-10 18:45 - Updated: 2022-01-31 21:16Summary
Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021
Notes
Summary: Critical Vulnerabilities in Apache Log4j Java Logging Library
On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2.15.0 was disclosed:
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
On December 14, 2021, the following critical vulnerability, which affects certain Apache Log4j use cases in versions 2.15.0 and earlier, was disclosed:
CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
On December 18, 2021, a vulnerability in the Apache Log4j component affecting versions 2.16 and earlier was disclosed:
CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
On December 28, 2021, a vulnerability in the Apache Log4j component affecting versions 2.17 and earlier was disclosed:
CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration
For a description of these vulnerabilities, see the Apache Log4j Security Vulnerabilities ["https://logging.apache.org/log4j/2.x/security.html"] page.
Cisco's Response to These Vulnerabilities
Cisco assessed all products and services for impact from both CVE-2021-44228 and CVE-2021-45046. To help detect exploitation of these vulnerabilities, Cisco has released Snort rules at the following location: Talos Rules 2021-12-21 ["https://www.snort.org/advisories/talos-rules-2021-12-21"]
Product fixes that are listed in this advisory will address both CVE-2021-44228 and CVE-2021-45046 unless otherwise noted.
Cisco has reviewed CVE-2021-45105 and CVE-2021-44832 and has determined that no Cisco products or cloud offerings are impacted by these vulnerabilities.
Cisco's standard practice is to update integrated third-party software components to later versions as they become available.
Affected Products: Cisco investigated its product line to determine which products may be affected by these vulnerabilities.
This advisory only lists Cisco products and services that are known to include the impacted software component and thus may be vulnerable. Products and services that do not contain the impacted software component are not vulnerable and therefore are not listed in this advisory. Any Cisco product or service that is not explicitly listed in the Affected Products section of this advisory is not affected by the vulnerability or vulnerabilities described.
The Vulnerable Products ["#vp"] section includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software releases.
Vulnerable Products: Cisco investigated its product line to determine which products may be affected by these vulnerabilities.
The following table lists Cisco products that are affected by one or both of the vulnerabilities that are described in this advisory. Customers should refer to the associated Cisco bug(s) for further details.
Product Cisco Bug ID Fixed Release Availability ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"] Collaboration and Social Media Cisco Webex Meetings Server CSCwa47283 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47283"] CWMS-3.0MR4SP3 patch (21 Dec 2021)
CWMS-4.0MR4SP3 patch (21 Dec 2021)
CWMS-3.0MR4SP2 patch (14 Dec 2021)
CWMS-4.0MR4SP2 patch (14 Dec 2021) Endpoint Clients and Client Software Cisco CX Cloud Agent Software CSCwa47272 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47272"] 1.12.2 (17 Dec 2021) Network Application, Service, and Acceleration Cisco Call Studio CSCwa54008 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa54008"] 11.6(2) (23 Dec 2021)
12.0(1) (23 Dec 2021)
12.5(1) (23 Dec 2021)
12.6(1) (23 Dec 2021) Cisco Nexus Insights CSCwa47284 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47284"] 6.0.2 (17 Dec 2021) Network and Content Security Devices Cisco Firepower Threat Defense (FTD) managed by Firepower Device Manager (FDM) CSCwa46963 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46963"] 6.2.3 hotfix (Available)
6.4.0 hotfix (Available)
6.6.5 hotfix (Available)
6.7.0 hotfix (Available)
7.0.1 hotfix (Available)
7.1.0 hotfix (Available) Cisco Identity Services Engine (ISE) CSCwa47133 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47133"] 2.4 hotfix (15 Dec 2021)
2.6 hotfix (15 Dec 2021)
2.7 hotfix (15 Dec 2021)
3.0 hotfix (15 Dec 2021)
3.1 hotfix (17 Dec 2021) Network Management and Provisioning Cisco Application Policy Infrastructure Controller (APIC) - Network Insights Base App CSCwa47295 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47295"] 4.2(7r) (Available)
5.2(3g) (Available) Cisco Automated Subsea Tuning CSCwa48806 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48806"] 2.1.0.4 (22 Dec 2021) Cisco Business Process Automation CSCwa47269 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47269"] 3.0.000.115 (patch) (17 Dec 2021)
3.1.000.044 (patch) (17 Dec 2021)
3.2.000.009 (patch) (17 Dec 2021) Cisco CloudCenter Cost Optimizer CSCwa48074 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48074"] 5.5.2 (Available) Cisco CloudCenter Suite Admin CSCwa47349 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47349"] 5.3.1 (Available) Cisco CloudCenter Workload Manager CSCwa47350 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47350"] 5.5.2 (Available) Cisco CloudCenter CSCwa48832 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48832"] 4.10.0.16 (22 Dec 2021) Cisco Common Services Platform Collector (CSPC) CSCwa47271 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47271"] 2.10.0.1 hotfix (Available)
2.9.1.3 hotfix (Available) Cisco Crosswork Data Gateway CSCwa47257 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47257"] 2.0.2 patch (21 Dec 2021)
3.0.1 patch (21 Dec 2021) Cisco Crosswork Network Controller CSCwa49936 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49936"] 2.0.1 patch (22 Dec 2021)
3.0.1 patch (22 Dec 2021) Cisco Crosswork Optimization Engine CSCwa49939 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49939"] 2.0.1 patch (21 Dec 2021)
3.0.1 patch (21 Dec 2021) Cisco Crosswork Platform Infrastructure CSCwa47367 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47367"] 4.0.1 patch (22 Dec 2021)
4.1.1 patch (22 Dec 2021) Cisco Crosswork Situation Manager CSCwa51878 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51878"] 8.0.0.8 patch (21 Dec 2021) Cisco Crosswork Zero Touch Provisioning (ZTP) CSCwa47259 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47259"] 2.0.1 patch (21 Dec 2021)
3.0.1 patch (21 Dec 2021) Cisco Cyber Vision Sensor Management Extension CSCwa49482 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49482"] 4.0.3 (22 Dec 2021) Cisco DNA Spaces Connector CSCwa47320 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47320"] v2.0.588 (Available)
v2.2.12 (Available) Cisco Data Center Network Manager (DCNM) CSCwa47291 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47291"] 12.0(2f) (Available)
11.5(3) patch (Available)
11.5(2) patch (Available)
11.5(1) patch (Available)
11.4(1) patch (Available)
11.3(1) patch (Available) Cisco Evolved Programmable Network Manager CSCwa47310 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47310"] 5.1.3.1 patch (22 Dec 2021)
5.0.2.1 patch (13 Jan 2022)
4.1.1.1 patch (13 Jan 2022) Cisco Intersight Virtual Appliance CSCwa47304 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47304"] 1.0.9-361 (20 Dec 2021) Cisco Network Services Orchestrator (NSO) CSCwa47342 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47342"] nso-5.3.5.1 (17 Dec 2021)
nso-5.4.5.2 (17 Dec 2021)
nso-5.5.4.1 (17 Dec 2021)
nso-5.6.3.1 (17 Dec 2021) Cisco Nexus Dashboard, formerly Cisco Application Services Engine CSCwa47299 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47299"] 2.1.2 (23 Dec 2021) Cisco Prime Service Catalog CSCwa47347 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47347"] 12.1 patch (20 Dec 2021) Cisco Secure Agile Exchange (SAE) Core Function Pack CSCwa52921 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa52921"] 2.4.1 (14 Jan 2022) Cisco Smart PHY CSCwa50021 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa50021"] 3.1.4 patch (Available)
3.2.0 patch (Available)
3.2.1 patch (Available)
21.3 patch (21 Jan 2022) Cisco Virtual Topology System (VTS) CSCwa47334 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47334"] 2.6.7 (22 Dec 2021) Cisco Virtualized Infrastructure Manager CSCwa49924 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49924"] 3.2.x patch (17 Dec 2021)
3.4.4 patch (17 Dec 2021)
3.4.6 patch (17 Dec 2021)
4.2.0 patch (17 Dec 2021)
4.2.1 patch (17 Dec 2021) Cisco WAN Automation Engine (WAE) CSCwa47369 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47369"] 7.5.0.1 (22 Dec 2021)
7.4.0.1 (28 Jan 2022)
7.3.0.2 (28 Jan 2022) Routing and Switching - Enterprise and Service Provider Cisco DNA Center CSCwa47322 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47322"] 2.2.2.8 patch (Available)
2.1.2.8 patch (Available)
2.2.3.4 patch (Available) Cisco IOx Fog Director CSCwa47370 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47370"] 1.14.5 patch (16 Dec 2021)
1.16.4 patch (Available) Cisco Network Assurance Engine CSCwa47285 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47285"] 6.0.2 (23 Dec 2021) Cisco Network Convergence System 1004 CSCwa52235 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa52235"] 7.3.2 SMU/GISO (14 Jan 2022)
7.3.1 SMU (21 Jan 2022) Cisco Optical Network Controller CSCwa48793 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48793"] 1.1.0 (22 Dec 2021) Cisco SD-WAN vManage CSCwa47745 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47745"] 20.3.4.1 (Available)
20.6.2.1 (Available)
20.5.1.1 (Available)
20.4.2.1 (Available) Unified Computing Cisco Integrated Management Controller (IMC) Supervisor CSCwa47307 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47307"] 2.3.2.1 (23 Dec 2021) Cisco UCS Central Software CSCwa47303 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47303"] 2.0(1p) (22 Dec 2021) Cisco UCS Director CSCwa47288 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47288"] 6.8.2.0 (23 Dec 2021) Cisco Workload Optimization Manager CSCwa50220 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa50220"] 3.2.1 patch (Available) Voice and Unified Communications Devices Cisco BroadWorks CSCwa47315 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47315"] 2021.11_1.162 (13 Dec 2021)
ap381882 (15 Dec 2021) Cisco Cloud Connect CSCwa51545 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51545"] 12.6(1) (Available) Cisco Contact Center Domain Manager (CCDM) CSCwa47383 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47383"] 12.5(1) ES6 (Available)
12.6(1) ES3 (Available) Cisco Contact Center Management Portal (CCMP) CSCwa47383 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47383"] 12.5(1) ES6 (Available)
12.6(1) ES3 (Available) Cisco Emergency Responder CSCwa47391 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47391"] 11.5(4)SU9 patch (16 Dec 2021)
11.5(4)SU10 patch (16 Dec 2021) Cisco Enterprise Chat and Email CSCwa47392 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47392"] 12.0(1) patch (Available)
12.5 (1) patch (Available)
12.6(1) patch (Available) Cisco Finesse CSCwa46459 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46459"] 12.6(1)ES03 (23 Dec 2021) Cisco Packaged Contact Center Enterprise CSCwa47274 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47274"] 11.6(2) (Available)
12.0(1) (Available)
12.5(1) (Available)
12.6(1) (Available) Cisco Paging Server CSCwa47395 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47395"] 14.4.2 (21 Dec 2021) Cisco Unified Communications Manager / Cisco Unified Communications Manager Session Management Edition CSCwa47249 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47249"] 11.5(1)SU7 patch (16 Dec 2021)
11.5(1)SU8 patch (16 Dec 2021)
11.5(1)SU9 patch (16 Dec 2021)
11.5(1)SU10 patch (16 Dec 2021)
11.5(1.18119-2) through 11.5(1.23162-1) patch (16 Dec 2021) Cisco Unified Communications Manager IM &Presence Service CSCwa47393 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47393"] 11.5(1)SU7 patch (16 Dec 2021)
11.5(1)SU8 patch (16 Dec 2021)
11.5(1)SU9 patch (16 Dec 2021)
11.5(1)SU10 patch (16 Dec 2021)
11.5(1.18900-16) patch (16 Dec 2021)
11.5(1.18901-3) patch (16 Dec 2021) Cisco Unified Contact Center Enterprise - Live Data server CSCwa46810 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46810"] 11.6(1)ES23 (23 Dec 2021)
12.0(1)ES18 (23 Dec 2021)
12.5(1)ES13 (23 Dec 2021)
12.6(1)ES03 (23 Dec 2021) Cisco Unified Contact Center Enterprise CSCwa47273 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47273"] 11.6(2) (Available)
12.0(1) (Available)
12.5(1) (Available)
12.6(1) (Available) Cisco Unified Contact Center Express CSCwa47388 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47388"] 12.5(1)SU1 (23 Dec 2021) Cisco Unified Customer Voice Portal CSCwa47275 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47275"] 11.6(2) (Available)
12.0(1) (Available)
12.5(1) (Available)
12.6(1) (23 Dec 2021) Cisco Unified Intelligence Center CSCwa46525 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46525"] 12.6(1) (23 Dec 2021) Cisco Unified SIP Proxy Software CSCwa47265 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47265"] 10.2.1v2 patch (23 Dec 2021) Cisco Unity Connection CSCwa47387 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47387"] 11.5(1)SU7 patch (16 Dec 2021)
11.5(1)SU8 patch (16 Dec 2021)
11.5(1)SU9 patch (16 Dec 2021)
11.5(1)SU10 patch (16 Dec 2021)
11.5(1.18119-2) through 11.5(1.23162-1) patch (16 Dec 2021) Cisco Virtualized Voice Browser CSCwa47397 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47397"] 12.5(1) (Available)
12.6(1) (23 Dec 2021) Cisco Webex Workforce Optimization CSCwa51476 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51476"] Product is End of Software Maintenance - No Fixes Planned Video, Streaming, TelePresence, and Transcoding Devices Cisco Video Surveillance Operations Manager CSCwa47360 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47360"] 7.14.4 patch (Available) Cisco Vision Dynamic Signage Director CSCwa47351 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47351"] Contact Cisco TAC for a patch
6.4 SP3 (17 Jan 2021) Wireless Cisco Connected Mobile Experiences (CMX) CSCwa47312 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47312"] 10.6.3-70 patch (Available)
10.6.3-105 patch (Available)
10.6.2-89 patch (Available)
10.4.1 patch (Available)
Products Confirmed Not Vulnerable: Cisco investigated its product line to determine which products may be affected by these vulnerabilities.
Any product not listed in the Products Under Investigation or Vulnerable Products section of this advisory is to be considered not vulnerable.
Cisco has confirmed that these vulnerabilities do not affect the following Cisco products:
Cable Devices
Cisco GS7000 Nodes
Cisco RF Gateway Series
Cisco Remote PHY 120
Collaboration and Social Media
Cisco SocialMiner
Endpoint Clients and Client Software
Cisco AnyConnect Secure Mobility Client
Cisco Jabber Guest
Cisco Jabber
Cisco Secure Endpoint, formerly Cisco Advanced Malware Protection for Endpoints
Cisco Webex App
Meraki Products
Cisco Meraki Go Series
Cisco Meraki MR Series Cloud-Managed Wireless Access Points
Cisco Meraki MS Series Switches
Cisco Meraki MT Series Sensors
Cisco Meraki MV Series Cloud-Managed Smart Cameras
Cisco Meraki MX Series Cloud-Managed Security and SD-WAN
Cisco Meraki Systems Manager (SM)
Cisco Meraki Z-Series Cloud-Managed Teleworker Gateway
Network Application, Service, and Acceleration
Cisco Cloud Services Platform 2100
Cisco Cloud Services Platform 5000 Series
Cisco Nexus Dashboard Data Broker
Cisco Tetration Analytics
Cisco Wide Area Application Services (WAAS)
ConfD
Network and Content Security Devices
Cisco AMP Virtual Private Cloud Appliance
Cisco Adaptive Security Appliance (ASA) Software
Cisco Adaptive Security Device Manager
Cisco Adaptive Security Virtual Appliance (ASAv)
Cisco Advanced Web Security Reporting Application
Cisco Email Security Appliance (ESA)
Cisco FXOS Firepower Chassis Manager
Cisco Firepower Management Center
Cisco Firepower Next-Generation Intrusion Prevention System (NGIPS)
Cisco Firepower Threat Defense (FTD) managed by Cisco Firepower Management Center
Cisco Secure Email Encryption Add-in
Cisco Secure Email Encryption Plugin for Outlook
Cisco Secure Email Security Plugin for Outlook
Cisco Secure Email and Web Manager, formerly Cisco Content Security Management Appliance (SMA)
Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, Advanced Host Group Automation (AHGA)
Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, Flow Adapter
Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, Network Forensics Automation (NFA)
Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, Proxy Adapter
Cisco Secure Network Analytics, formerly Stealthwatch
Cisco Secure Services Proxy (CSSP)
Cisco Security Malware Analytics Appliance, formerly Cisco Threat Grid Appliance
Cisco Security Manager
Cisco Web Security Appliance (WSA)
Network Management and Provisioning
Cisco ACI Multi-Site Orchestrator
Cisco CloudCenter Action Orchestrator
Cisco Connected Grid Device Manager
Cisco Container Platform
Cisco Crosswork Change Automation
Cisco Crosswork Health Insights
Cisco Crosswork Service Health
Cisco Elastic Services Controller (ESC)
Cisco Intelligent Node (iNode) Manager
Cisco Intersight Mobile App
Cisco IoT Field Network Director, formerly Cisco Connected Grid Network Management System
Cisco Modeling Labs
Cisco NCS 2000 Shelf Virtualization Orchestrator
Cisco Optical Network Planner
Cisco Policy Suite
Cisco Prime Access Registrar
Cisco Prime Cable Provisioning
Cisco Prime Central for Service Providers
Cisco Prime Collaboration Assurance
Cisco Prime Collaboration Deployment
Cisco Prime Collaboration Provisioning
Cisco Prime IP Express
Cisco Prime Infrastructure
Cisco Prime License Manager
Cisco Prime Network Registrar
Cisco Prime Network
Cisco Prime Optical for Service Providers
Cisco Prime Performance Manager
Cisco Prime Provisioning
Cisco Process Orchestrator
Cisco Smart Software Manager On-Prem
Cisco Telemetry Broker
Routing and Switching - Enterprise and Service Provider
Cisco ACI Virtual Edge
Cisco ASR 5000 Series Routers
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)
Cisco Enterprise NFV Infrastructure Software (NFVIS)
Cisco GGSN Gateway GPRS Support Node
Cisco IOS XR Software
Cisco IOS and IOS XE Software
Cisco IP Services Gateway (IPSG)
Cisco MDS 9000 Series Multilayer Switches
Cisco MME Mobility Management Entity
Cisco Mobility Unified Reporting and Analytics System
Cisco Network Convergence System 2000 Series
Cisco Nexus 3000 Series Switches
Cisco Nexus 5500 Platform Switches
Cisco Nexus 5600 Platform Switches
Cisco Nexus 6000 Series Switches
Cisco Nexus 7000 Series Switches
Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
Cisco Nexus 9000 Series Switches in standalone NX-OS mode
Cisco ONS 15454 Series Multiservice Provisioning Platforms
Cisco PDSN/HA Packet Data Serving Node and Home Agent
Cisco PGW Packet Data Network Gateway
Cisco SD-WAN vBond Controller Software
Cisco SD-WAN vEdge 100 Series Routers
Cisco SD-WAN vEdge 1000 Series Routers
Cisco SD-WAN vEdge 2000 Series Routers
Cisco SD-WAN vEdge 5000 Series Routers
Cisco SD-WAN vEdge Cloud Router Platform
Cisco SD-WAN vSmart Controller Software
Cisco System Architecture Evolution Gateway (SAEGW)
Cisco Ultra Cloud Core - Access and Mobility Management Function
Cisco Ultra Cloud Core - Policy Control Function
Cisco Ultra Cloud Core - Redundancy Configuration Manager
Cisco Ultra Cloud Core - Session Management Function
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure
Cisco Ultra Packet Core
Cisco Ultra Services Platform
Routing and Switching - Small Business
Cisco 220 Series Smart Plus Switches
Cisco 250 Series Smart Switches
Cisco 350 Series Managed Switches
Cisco 550 Series Stackable Managed Switches
Cisco Business 220 Series Smart Switches
Cisco Business 250 Series Smart Switches
Cisco Business 350 Series Managed Switches
Cisco Business Dashboard
Cisco RV110W Wireless-N VPN Firewall
Cisco RV130 VPN Router
Cisco RV130W Wireless-N Multifunction VPN Router
Cisco RV132W ADSL2+ Wireless-N VPN Router
Cisco RV134W VDSL2 Wireless-AC VPN Router
Cisco RV160 VPN Router
Cisco RV160W Wireless-AC VPN Router
Cisco RV215W Wireless-N VPN Router
Cisco RV260 VPN Routers
Cisco RV260P VPN Router with PoE
Cisco RV260W Wireless-AC VPN Router
Cisco RV320 Dual Gigabit WAN VPN Router
Cisco RV325 Dual Gigabit WAN VPN Router
Cisco RV340 Dual WAN Gigabit VPN Router
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
Cisco RV345 Dual WAN Gigabit VPN Router
Cisco RV345P Dual WAN Gigabit POE VPN Router
Cisco Small Business 200 Series Smart Switches
Cisco Small Business 300 Series Managed Switches
Cisco Small Business 500 Series Stackable Managed Switches
Cisco WAP125 Wireless-AC Dual Band Desktop Access Point with PoE
Cisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE
Cisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE
Cisco WAP371 Wireless-AC/N Radio Access Point with Single Point Setup
Cisco WAP571 Wireless-AC/N Premium Dual Radio Access Point with PoE
Cisco WAP571E Wireless-AC/N Premium Dual Radio Outdoor Access Point
Cisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN
Unified Computing
Cisco 5000 Series Enterprise Network Compute System (ENCS)
Cisco HyperFlex System
Cisco Hyperflex Storage Replication Adapter
Cisco UCS C-Series Rack Servers and S-Series Storage Servers - Integrated Management Controller (CIMC)
Cisco UCS E-Series Servers
Cisco UCS Manager
Voice and Unified Communications Devices
Cisco Headset 500 and 700 Series
Cisco Hosted Collaboration Mediation Fulfillment
Cisco IP Phones with Multiplatform Firmware
Cisco IP Phones
Cisco TelePresence Endpoints
Cisco Unified Attendant Console Advanced
Cisco Unified Attendant Console Business Edition
Cisco Unified Attendant Console Department Edition
Cisco Unified Attendant Console Enterprise Edition
Cisco Unified Attendant Console Premium Edition
Cisco Unified Communications Domain Manager
Cisco Unity Express
Cisco Webex Devices
Cisco Webex Hybrid Data Security Node
Cisco Webex Video Mesh
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Expressway Series
Cisco Meeting Management (CMM)
Cisco Meeting Server
Cisco TelePresence Management Suite
Cisco TelePresence Video Communication Server (VCS)
Cisco Video Surveillance Media Server
Wireless
Cisco AireOS Wireless LAN Controllers
Cisco Aironet Access Points
Cisco Business 100 and 200 Series Access Points
Cisco Business Wireless
Cisco Catalyst 9100 Series Access Points
Cisco Catalyst 9800 Series Wireless Controllers
Cisco IOS Access Points
Cisco Mobility Services Engine
Cisco Ultra-Reliable Wireless Backhaul
Cisco Cloud Offerings
Cisco investigated its cloud offerings to determine which products may be affected by these vulnerabilities. The following table lists Cisco cloud offerings that were part of this investigation.
Product CVE-2021-44228 CVE-2021-45046 AppDynamics Remediated - service-specific details ["https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability"] Remediated - service-specific details ["https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability"] AppDynamics with Cisco Secure Application Remediated - service-specific details ["https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability"] Remediated - service-specific details ["https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability"] Cisco Cloud Email Security Not vulnerable Not vulnerable Cisco Cloudlock Remediated Remediated Cisco Cloudlock for Government Remediated Remediated Cisco Cognitive Intelligence Not vulnerable Not vulnerable Cisco Collaboration Experience Service (CES) Not vulnerable Not vulnerable Cisco Collaboration Experience Service Management (CESM) Not vulnerable Not vulnerable Cisco Crosswork Cloud Not vulnerable Not vulnerable Cisco CX Cloud Remediated Remediated Cisco Defense Orchestrator Not vulnerable Not vulnerable Cisco DNA Spaces Remediated Remediated Cisco Intersight Remediated Remediated Cisco IoT Control Center Remediated Remediated Cisco IoT Operations Dashboard Remediated Remediated Cisco Kinetic for Cities Remediated Remediated Cisco Kinetic Gateway Management Module Remediated Remediated Cisco Managed Services Accelerator (MSX) Remediated Remediated Cisco Placetel Not vulnerable Not vulnerable Cisco PX Cloud Remediated Remediated Cisco SD-WAN Cloud Remediated Remediated Cisco SD-WAN vAnalytics Not vulnerable Not vulnerable Cisco Secure Application (integrated with AppDynamics) Not vulnerable ["https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability"] Not vulnerable ["https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability"] Cisco Secure Cloud Analytics, formerly Cisco Stealthwatch Cloud Not vulnerable Not vulnerable Cisco Secure Cloud Insights Not vulnerable Not vulnerable Cisco Secure Email Cloud Mailbox, formerly Cisco Cloud Mailbox Defense Not vulnerable Not vulnerable Cisco Secure Email Encryption Service, formerly Cisco Registered Envelope Service Not vulnerable Not vulnerable Cisco Secure Endpoint, formerly Cisco Advanced Malware Protection for Endpoints Not vulnerable Not vulnerable Cisco Secure Malware Analytics, formerly Cisco Threat Grid Not vulnerable Not vulnerable Cisco SecureX Not vulnerable Not vulnerable Cisco ServiceGrid Not vulnerable Not vulnerable Cisco Smart Net Total Care Remediated Remediated Cisco Umbrella DNS Remediated Remediated Cisco Umbrella SIG Remediated Remediated Cisco Unified Communications Management Cloud - UC Management Remediated Remediated Cisco Unified Communications Manager Cloud Commercial Remediated Remediated Cisco Unified Communications Manager Cloud for Government Remediated Remediated Cisco Webex Calling Remediated Remediated Cisco Webex Calling Carrier Remediated Remediated Cisco Webex Cloud Registered Endpoints Not vulnerable Not vulnerable Cisco Webex Cloud-Connected UC Remediated Remediated Cisco Webex Contact Center Remediated Remediated Cisco Webex Contact Center Enterprise Remediated Remediated Cisco Webex Control Hub Remediated Remediated Cisco Webex Experience Management Not vulnerable Not vulnerable Cisco Webex FedRAMP Remediated Remediated Cisco Webex for Government FedRAMP Remediated Remediated Cisco Webex Meetings Remediated Remediated Cisco Webex Meetings Slow Channel Remediated Remediated Cisco Webex Messaging Remediated Remediated Cisco Webex Site Admin webpage Remediated Remediated Duo Security Remediated Remediated Duo Security for Government Remediated Remediated eSIM Flex Remediated Remediated IMIassist Not vulnerable Not vulnerable IMIcampaign Not vulnerable Not vulnerable IMIconnect Remediated Remediated IMIengage Not vulnerable Not vulnerable IMImessenger/TextLocal Messenger Not vulnerable Not vulnerable IMImobile - Webex Contact Center Integration Remediated Remediated IMInotify Not vulnerable Not vulnerable IMIsocial Not vulnerable Not vulnerable Kenna.AppSec Remediated Remediated Kenna.VI/VI+ Remediated Remediated Kenna.VM Remediated Remediated Meraki Not vulnerable Not vulnerable Partner Supporting Service(PSS) Remediated Remediated Slido Not vulnerable Not vulnerable Smart Call Home(SCH) Remediated Remediated Socio Not vulnerable Not vulnerable ThousandEyes Remediated Remediated UC-One - UMS Not vulnerable Not vulnerable
Workarounds: Any workarounds are documented in the product-specific Cisco bugs, which are identified in the Vulnerable Products ["#vp"] section of this advisory.
Fixed Software: For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products ["#vp"] section of this advisory.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Vulnerability Policy: To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements: The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerabilities described in this advisory.
Source: These vulnerabilities were disclosed by the Apache Software Foundation.
Legal Disclaimer: THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
6.6 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco Evolved Programmable Network Manager (EPNM)
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Network Services Orchestrator
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Unified Communications Manager / Cisco Unity Connection
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Unified Communications Manager IM and Presence Service
Cisco
|
— |
Vendor Fix
fix
|
9.0 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco Network Services Orchestrator
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Unified Communications Manager / Cisco Unity Connection
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Evolved Programmable Network Manager (EPNM)
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Unified Communications Manager IM and Presence Service
Cisco
|
— |
Vendor Fix
fix
|
10.0 (Critical)
5.9 (Medium)
References
71 references
Acknowledgments
{
"document": {
"acknowledgments": [
{
"summary": "These vulnerabilities were disclosed by the Apache Software Foundation."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "Critical Vulnerabilities in Apache Log4j Java Logging Library\r\n\r\nOn December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2.15.0 was disclosed:\r\n\r\nCVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints\r\n\r\nOn December 14, 2021, the following critical vulnerability, which affects certain Apache Log4j use cases in versions 2.15.0 and earlier, was disclosed:\r\n\r\nCVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack\r\n\r\nOn December 18, 2021, a vulnerability in the Apache Log4j component affecting versions 2.16 and earlier was disclosed:\r\n\r\nCVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation\r\n\r\nOn December 28, 2021, a vulnerability in the Apache Log4j component affecting versions 2.17 and earlier was disclosed:\r\n\r\nCVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration\r\n\r\nFor a description of these vulnerabilities, see the Apache Log4j Security Vulnerabilities [\"https://logging.apache.org/log4j/2.x/security.html\"] page.\r\n\r\nCisco\u0027s Response to These Vulnerabilities\r\n\r\nCisco assessed all products and services for impact from both CVE-2021-44228 and CVE-2021-45046. To help detect exploitation of these vulnerabilities, Cisco has released Snort rules at the following location: Talos Rules 2021-12-21 [\"https://www.snort.org/advisories/talos-rules-2021-12-21\"]\r\n\r\nProduct fixes that are listed in this advisory will address both CVE-2021-44228 and CVE-2021-45046 unless otherwise noted.\r\n\r\nCisco has reviewed CVE-2021-45105 and CVE-2021-44832 and has determined that no Cisco products or cloud offerings are impacted by these vulnerabilities.\r\n\r\nCisco\u0027s standard practice is to update integrated third-party software components to later versions as they become available.\r\n\r\n",
"title": "Summary"
},
{
"category": "general",
"text": "Cisco investigated its product line to determine which products may be affected by these vulnerabilities.\r\n\r\nThis advisory only lists Cisco products and services that are known to include the impacted software component and thus may be vulnerable. Products and services that do not contain the impacted software component are not vulnerable and therefore are not listed in this advisory. Any Cisco product or service that is not explicitly listed in the Affected Products section of this advisory is not affected by the vulnerability or vulnerabilities described.\r\n\r\nThe Vulnerable Products [\"#vp\"] section includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software releases.",
"title": "Affected Products"
},
{
"category": "general",
"text": "Cisco investigated its product line to determine which products may be affected by these vulnerabilities.\r\n\r\nThe following table lists Cisco products that are affected by one or both of the vulnerabilities that are described in this advisory. Customers should refer to the associated Cisco bug(s) for further details.\r\n Product Cisco Bug ID Fixed Release Availability [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] Collaboration and Social Media Cisco Webex Meetings Server CSCwa47283 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47283\"] CWMS-3.0MR4SP3 patch (21 Dec 2021)\r\nCWMS-4.0MR4SP3 patch (21 Dec 2021)\r\nCWMS-3.0MR4SP2 patch (14 Dec 2021)\r\nCWMS-4.0MR4SP2 patch (14 Dec 2021) Endpoint Clients and Client Software Cisco CX Cloud Agent Software CSCwa47272 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47272\"] 1.12.2 (17 Dec 2021) Network Application, Service, and Acceleration Cisco Call Studio CSCwa54008 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa54008\"] 11.6(2) (23 Dec 2021)\r\n12.0(1) (23 Dec 2021)\r\n12.5(1) (23 Dec 2021)\r\n12.6(1) (23 Dec 2021) Cisco Nexus Insights CSCwa47284 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47284\"] 6.0.2 (17 Dec 2021) Network and Content Security Devices Cisco Firepower Threat Defense (FTD) managed by Firepower Device Manager (FDM) CSCwa46963 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46963\"] 6.2.3 hotfix (Available)\r\n6.4.0 hotfix (Available)\r\n6.6.5 hotfix (Available)\r\n6.7.0 hotfix (Available)\r\n7.0.1 hotfix (Available)\r\n7.1.0 hotfix (Available) Cisco Identity Services Engine (ISE) CSCwa47133 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47133\"] 2.4 hotfix (15 Dec 2021)\r\n2.6 hotfix (15 Dec 2021)\r\n2.7 hotfix (15 Dec 2021)\r\n3.0 hotfix (15 Dec 2021)\r\n3.1 hotfix (17 Dec 2021) Network Management and Provisioning Cisco Application Policy Infrastructure Controller (APIC) - Network Insights Base App CSCwa47295 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47295\"] 4.2(7r) (Available)\r\n5.2(3g) (Available) Cisco Automated Subsea Tuning CSCwa48806 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48806\"] 2.1.0.4 (22 Dec 2021) Cisco Business Process Automation CSCwa47269 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47269\"] 3.0.000.115 (patch) (17 Dec 2021)\r\n3.1.000.044 (patch) (17 Dec 2021)\r\n3.2.000.009 (patch) (17 Dec 2021) Cisco CloudCenter Cost Optimizer CSCwa48074 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48074\"] 5.5.2 (Available) Cisco CloudCenter Suite Admin CSCwa47349 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47349\"] 5.3.1 (Available) Cisco CloudCenter Workload Manager CSCwa47350 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47350\"] 5.5.2 (Available) Cisco CloudCenter CSCwa48832 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48832\"] 4.10.0.16 (22 Dec 2021) Cisco Common Services Platform Collector (CSPC) CSCwa47271 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47271\"] 2.10.0.1 hotfix (Available)\r\n2.9.1.3 hotfix (Available) Cisco Crosswork Data Gateway CSCwa47257 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47257\"] 2.0.2 patch (21 Dec 2021)\r\n3.0.1 patch (21 Dec 2021) Cisco Crosswork Network Controller CSCwa49936 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49936\"] 2.0.1 patch (22 Dec 2021)\r\n3.0.1 patch (22 Dec 2021) Cisco Crosswork Optimization Engine CSCwa49939 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49939\"] 2.0.1 patch (21 Dec 2021)\r\n3.0.1 patch (21 Dec 2021) Cisco Crosswork Platform Infrastructure CSCwa47367 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47367\"] 4.0.1 patch (22 Dec 2021)\r\n4.1.1 patch (22 Dec 2021) Cisco Crosswork Situation Manager CSCwa51878 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51878\"] 8.0.0.8 patch (21 Dec 2021) Cisco Crosswork Zero Touch Provisioning (ZTP) CSCwa47259 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47259\"] 2.0.1 patch (21 Dec 2021)\r\n3.0.1 patch (21 Dec 2021) Cisco Cyber Vision Sensor Management Extension CSCwa49482 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49482\"] 4.0.3 (22 Dec 2021) Cisco DNA Spaces Connector CSCwa47320 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47320\"] v2.0.588 (Available)\r\nv2.2.12 (Available) Cisco Data Center Network Manager (DCNM) CSCwa47291 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47291\"] 12.0(2f) (Available)\r\n11.5(3) patch (Available)\r\n11.5(2) patch (Available)\r\n11.5(1) patch (Available)\r\n11.4(1) patch (Available)\r\n11.3(1) patch (Available) Cisco Evolved Programmable Network Manager CSCwa47310 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47310\"] 5.1.3.1 patch (22 Dec 2021)\r\n5.0.2.1 patch (13 Jan 2022)\r\n4.1.1.1 patch (13 Jan 2022) Cisco Intersight Virtual Appliance CSCwa47304 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47304\"] 1.0.9-361 (20 Dec 2021) Cisco Network Services Orchestrator (NSO) CSCwa47342 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47342\"] nso-5.3.5.1 (17 Dec 2021)\r\nnso-5.4.5.2 (17 Dec 2021)\r\nnso-5.5.4.1 (17 Dec 2021)\r\nnso-5.6.3.1 (17 Dec 2021) Cisco Nexus Dashboard, formerly Cisco Application Services Engine CSCwa47299 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47299\"] 2.1.2 (23 Dec 2021) Cisco Prime Service Catalog CSCwa47347 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47347\"] 12.1 patch (20 Dec 2021) Cisco Secure Agile Exchange (SAE) Core Function Pack CSCwa52921 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa52921\"] 2.4.1 (14 Jan 2022) Cisco Smart PHY CSCwa50021 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa50021\"] 3.1.4 patch (Available)\r\n3.2.0 patch (Available)\r\n3.2.1 patch (Available)\r\n21.3 patch (21 Jan 2022) Cisco Virtual Topology System (VTS) CSCwa47334 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47334\"] 2.6.7 (22 Dec 2021) Cisco Virtualized Infrastructure Manager CSCwa49924 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49924\"] 3.2.x patch (17 Dec 2021)\r\n3.4.4 patch (17 Dec 2021)\r\n3.4.6 patch (17 Dec 2021)\r\n4.2.0 patch (17 Dec 2021)\r\n4.2.1 patch (17 Dec 2021) Cisco WAN Automation Engine (WAE) CSCwa47369 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47369\"] 7.5.0.1 (22 Dec 2021)\r\n7.4.0.1 (28 Jan 2022)\r\n7.3.0.2 (28 Jan 2022) Routing and Switching - Enterprise and Service Provider Cisco DNA Center CSCwa47322 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47322\"] 2.2.2.8 patch (Available)\r\n2.1.2.8 patch (Available)\r\n2.2.3.4 patch (Available) Cisco IOx Fog Director CSCwa47370 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47370\"] 1.14.5 patch (16 Dec 2021)\r\n1.16.4 patch (Available) Cisco Network Assurance Engine CSCwa47285 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47285\"] 6.0.2 (23 Dec 2021) Cisco Network Convergence System 1004 CSCwa52235 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa52235\"] 7.3.2 SMU/GISO (14 Jan 2022)\r\n7.3.1 SMU (21 Jan 2022) Cisco Optical Network Controller CSCwa48793 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48793\"] 1.1.0 (22 Dec 2021) Cisco SD-WAN vManage CSCwa47745 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47745\"] 20.3.4.1 (Available)\r\n20.6.2.1 (Available)\r\n20.5.1.1 (Available)\r\n20.4.2.1 (Available) Unified Computing Cisco Integrated Management Controller (IMC) Supervisor CSCwa47307 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47307\"] 2.3.2.1 (23 Dec 2021) Cisco UCS Central Software CSCwa47303 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47303\"] 2.0(1p) (22 Dec 2021) Cisco UCS Director CSCwa47288 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47288\"] 6.8.2.0 (23 Dec 2021) Cisco Workload Optimization Manager CSCwa50220 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa50220\"] 3.2.1 patch (Available) Voice and Unified Communications Devices Cisco BroadWorks CSCwa47315 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47315\"] 2021.11_1.162 (13 Dec 2021)\r\nap381882 (15 Dec 2021) Cisco Cloud Connect CSCwa51545 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51545\"] 12.6(1) (Available) Cisco Contact Center Domain Manager (CCDM) CSCwa47383 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47383\"] 12.5(1) ES6 (Available)\r\n12.6(1) ES3 (Available) Cisco Contact Center Management Portal (CCMP) CSCwa47383 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47383\"] 12.5(1) ES6 (Available)\r\n12.6(1) ES3 (Available) Cisco Emergency Responder CSCwa47391 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47391\"] 11.5(4)SU9 patch (16 Dec 2021)\r\n11.5(4)SU10 patch (16 Dec 2021) Cisco Enterprise Chat and Email CSCwa47392 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47392\"] 12.0(1) patch (Available)\r\n12.5 (1) patch (Available)\r\n12.6(1) patch (Available) Cisco Finesse CSCwa46459 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46459\"] 12.6(1)ES03 (23 Dec 2021) Cisco Packaged Contact Center Enterprise CSCwa47274 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47274\"] 11.6(2) (Available)\r\n12.0(1) (Available)\r\n12.5(1) (Available)\r\n12.6(1) (Available) Cisco Paging Server CSCwa47395 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47395\"] 14.4.2 (21 Dec 2021) Cisco Unified Communications Manager / Cisco Unified Communications Manager Session Management Edition CSCwa47249 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47249\"] 11.5(1)SU7 patch (16 Dec 2021)\r\n11.5(1)SU8 patch (16 Dec 2021)\r\n11.5(1)SU9 patch (16 Dec 2021)\r\n11.5(1)SU10 patch (16 Dec 2021)\r\n11.5(1.18119-2) through 11.5(1.23162-1) patch (16 Dec 2021) Cisco Unified Communications Manager IM \u0026Presence Service CSCwa47393 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47393\"] 11.5(1)SU7 patch (16 Dec 2021)\r\n11.5(1)SU8 patch (16 Dec 2021)\r\n11.5(1)SU9 patch (16 Dec 2021)\r\n11.5(1)SU10 patch (16 Dec 2021)\r\n11.5(1.18900-16) patch (16 Dec 2021)\r\n11.5(1.18901-3) patch (16 Dec 2021) Cisco Unified Contact Center Enterprise - Live Data server CSCwa46810 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46810\"] 11.6(1)ES23 (23 Dec 2021)\r\n12.0(1)ES18 (23 Dec 2021)\r\n12.5(1)ES13 (23 Dec 2021)\r\n12.6(1)ES03 (23 Dec 2021) Cisco Unified Contact Center Enterprise CSCwa47273 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47273\"] 11.6(2) (Available)\r\n12.0(1) (Available)\r\n12.5(1) (Available)\r\n12.6(1) (Available) Cisco Unified Contact Center Express CSCwa47388 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47388\"] 12.5(1)SU1 (23 Dec 2021) Cisco Unified Customer Voice Portal CSCwa47275 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47275\"] 11.6(2) (Available)\r\n12.0(1) (Available)\r\n12.5(1) (Available)\r\n12.6(1) (23 Dec 2021) Cisco Unified Intelligence Center CSCwa46525 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46525\"] 12.6(1) (23 Dec 2021) Cisco Unified SIP Proxy Software CSCwa47265 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47265\"] 10.2.1v2 patch (23 Dec 2021) Cisco Unity Connection CSCwa47387 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47387\"] 11.5(1)SU7 patch (16 Dec 2021)\r\n11.5(1)SU8 patch (16 Dec 2021)\r\n11.5(1)SU9 patch (16 Dec 2021)\r\n11.5(1)SU10 patch (16 Dec 2021)\r\n11.5(1.18119-2) through 11.5(1.23162-1) patch (16 Dec 2021) Cisco Virtualized Voice Browser CSCwa47397 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47397\"] 12.5(1) (Available)\r\n12.6(1) (23 Dec 2021) Cisco Webex Workforce Optimization CSCwa51476 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51476\"] Product is End of Software Maintenance - No Fixes Planned Video, Streaming, TelePresence, and Transcoding Devices Cisco Video Surveillance Operations Manager CSCwa47360 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47360\"] 7.14.4 patch (Available) Cisco Vision Dynamic Signage Director CSCwa47351 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47351\"] Contact Cisco TAC for a patch\r\n6.4 SP3 (17 Jan 2021) Wireless Cisco Connected Mobile Experiences (CMX) CSCwa47312 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47312\"] 10.6.3-70 patch (Available)\r\n10.6.3-105 patch (Available)\r\n10.6.2-89 patch (Available)\r\n10.4.1 patch (Available)",
"title": "Vulnerable Products"
},
{
"category": "general",
"text": "Cisco investigated its product line to determine which products may be affected by these vulnerabilities.\r\n\r\nAny product not listed in the Products Under Investigation or Vulnerable Products section of this advisory is to be considered not vulnerable.\r\n\r\nCisco has confirmed that these vulnerabilities do not affect the following Cisco products:\r\n\r\nCable Devices\r\n\r\nCisco GS7000 Nodes\r\nCisco RF Gateway Series\r\nCisco Remote PHY 120\r\n\r\nCollaboration and Social Media\r\n\r\nCisco SocialMiner\r\n\r\nEndpoint Clients and Client Software\r\n\r\nCisco AnyConnect Secure Mobility Client\r\nCisco Jabber Guest\r\nCisco Jabber\r\nCisco Secure Endpoint, formerly Cisco Advanced Malware Protection for Endpoints\r\nCisco Webex App\r\n\r\nMeraki Products\r\n\r\nCisco Meraki Go Series\r\nCisco Meraki MR Series Cloud-Managed Wireless Access Points\r\nCisco Meraki MS Series Switches\r\nCisco Meraki MT Series Sensors\r\nCisco Meraki MV Series Cloud-Managed Smart Cameras\r\nCisco Meraki MX Series Cloud-Managed Security and SD-WAN\r\nCisco Meraki Systems Manager (SM)\r\nCisco Meraki Z-Series Cloud-Managed Teleworker Gateway\r\n\r\nNetwork Application, Service, and Acceleration\r\n\r\nCisco Cloud Services Platform 2100\r\nCisco Cloud Services Platform 5000 Series\r\nCisco Nexus Dashboard Data Broker\r\nCisco Tetration Analytics\r\nCisco Wide Area Application Services (WAAS)\r\nConfD\r\n\r\nNetwork and Content Security Devices\r\n\r\nCisco AMP Virtual Private Cloud Appliance\r\nCisco Adaptive Security Appliance (ASA) Software\r\nCisco Adaptive Security Device Manager\r\nCisco Adaptive Security Virtual Appliance (ASAv)\r\nCisco Advanced Web Security Reporting Application\r\nCisco Email Security Appliance (ESA)\r\nCisco FXOS Firepower Chassis Manager\r\nCisco Firepower Management Center\r\nCisco Firepower Next-Generation Intrusion Prevention System (NGIPS)\r\nCisco Firepower Threat Defense (FTD) managed by Cisco Firepower Management Center\r\nCisco Secure Email Encryption Add-in\r\nCisco Secure Email Encryption Plugin for Outlook\r\nCisco Secure Email Security Plugin for Outlook\r\nCisco Secure Email and Web Manager, formerly Cisco Content Security Management Appliance (SMA)\r\nCisco Secure Network Analytics, formerly Stealthwatch Enterprise, Advanced Host Group Automation (AHGA)\r\nCisco Secure Network Analytics, formerly Stealthwatch Enterprise, Flow Adapter\r\nCisco Secure Network Analytics, formerly Stealthwatch Enterprise, Network Forensics Automation (NFA)\r\nCisco Secure Network Analytics, formerly Stealthwatch Enterprise, Proxy Adapter\r\nCisco Secure Network Analytics, formerly Stealthwatch\r\nCisco Secure Services Proxy (CSSP)\r\nCisco Security Malware Analytics Appliance, formerly Cisco Threat Grid Appliance\r\nCisco Security Manager\r\nCisco Web Security Appliance (WSA)\r\n\r\nNetwork Management and Provisioning\r\n\r\nCisco ACI Multi-Site Orchestrator\r\nCisco CloudCenter Action Orchestrator\r\nCisco Connected Grid Device Manager\r\nCisco Container Platform\r\nCisco Crosswork Change Automation\r\nCisco Crosswork Health Insights\r\nCisco Crosswork Service Health\r\nCisco Elastic Services Controller (ESC)\r\nCisco Intelligent Node (iNode) Manager\r\nCisco Intersight Mobile App\r\nCisco IoT Field Network Director, formerly Cisco Connected Grid Network Management System\r\nCisco Modeling Labs\r\nCisco NCS 2000 Shelf Virtualization Orchestrator\r\nCisco Optical Network Planner\r\nCisco Policy Suite\r\nCisco Prime Access Registrar\r\nCisco Prime Cable Provisioning\r\nCisco Prime Central for Service Providers\r\nCisco Prime Collaboration Assurance\r\nCisco Prime Collaboration Deployment\r\nCisco Prime Collaboration Provisioning\r\nCisco Prime IP Express\r\nCisco Prime Infrastructure\r\nCisco Prime License Manager\r\nCisco Prime Network Registrar\r\nCisco Prime Network\r\nCisco Prime Optical for Service Providers\r\nCisco Prime Performance Manager\r\nCisco Prime Provisioning\r\nCisco Process Orchestrator\r\nCisco Smart Software Manager On-Prem\r\nCisco Telemetry Broker\r\n\r\nRouting and Switching - Enterprise and Service Provider\r\n\r\nCisco ACI Virtual Edge\r\nCisco ASR 5000 Series Routers\r\nCisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)\r\nCisco Enterprise NFV Infrastructure Software (NFVIS)\r\nCisco GGSN Gateway GPRS Support Node\r\nCisco IOS XR Software\r\nCisco IOS and IOS XE Software\r\nCisco IP Services Gateway (IPSG)\r\nCisco MDS 9000 Series Multilayer Switches\r\nCisco MME Mobility Management Entity\r\nCisco Mobility Unified Reporting and Analytics System\r\nCisco Network Convergence System 2000 Series\r\nCisco Nexus 3000 Series Switches\r\nCisco Nexus 5500 Platform Switches\r\nCisco Nexus 5600 Platform Switches\r\nCisco Nexus 6000 Series Switches\r\nCisco Nexus 7000 Series Switches\r\nCisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode\r\nCisco Nexus 9000 Series Switches in standalone NX-OS mode\r\nCisco ONS 15454 Series Multiservice Provisioning Platforms\r\nCisco PDSN/HA Packet Data Serving Node and Home Agent\r\nCisco PGW Packet Data Network Gateway\r\nCisco SD-WAN vBond Controller Software\r\nCisco SD-WAN vEdge 100 Series Routers\r\nCisco SD-WAN vEdge 1000 Series Routers\r\nCisco SD-WAN vEdge 2000 Series Routers\r\nCisco SD-WAN vEdge 5000 Series Routers\r\nCisco SD-WAN vEdge Cloud Router Platform\r\nCisco SD-WAN vSmart Controller Software\r\nCisco System Architecture Evolution Gateway (SAEGW)\r\nCisco Ultra Cloud Core - Access and Mobility Management Function\r\nCisco Ultra Cloud Core - Policy Control Function\r\nCisco Ultra Cloud Core - Redundancy Configuration Manager\r\nCisco Ultra Cloud Core - Session Management Function\r\nCisco Ultra Cloud Core - Subscriber Microservices Infrastructure\r\nCisco Ultra Packet Core\r\nCisco Ultra Services Platform\r\n\r\nRouting and Switching - Small Business\r\n\r\nCisco 220 Series Smart Plus Switches\r\nCisco 250 Series Smart Switches\r\nCisco 350 Series Managed Switches\r\nCisco 550 Series Stackable Managed Switches\r\nCisco Business 220 Series Smart Switches\r\nCisco Business 250 Series Smart Switches\r\nCisco Business 350 Series Managed Switches\r\nCisco Business Dashboard\r\nCisco RV110W Wireless-N VPN Firewall\r\nCisco RV130 VPN Router\r\nCisco RV130W Wireless-N Multifunction VPN Router\r\nCisco RV132W ADSL2+ Wireless-N VPN Router\r\nCisco RV134W VDSL2 Wireless-AC VPN Router\r\nCisco RV160 VPN Router\r\nCisco RV160W Wireless-AC VPN Router\r\nCisco RV215W Wireless-N VPN Router\r\nCisco RV260 VPN Routers\r\nCisco RV260P VPN Router with PoE\r\nCisco RV260W Wireless-AC VPN Router\r\nCisco RV320 Dual Gigabit WAN VPN Router\r\nCisco RV325 Dual Gigabit WAN VPN Router\r\nCisco RV340 Dual WAN Gigabit VPN Router\r\nCisco RV340W Dual WAN Gigabit Wireless-AC VPN Router\r\nCisco RV345 Dual WAN Gigabit VPN Router\r\nCisco RV345P Dual WAN Gigabit POE VPN Router\r\nCisco Small Business 200 Series Smart Switches\r\nCisco Small Business 300 Series Managed Switches\r\nCisco Small Business 500 Series Stackable Managed Switches\r\nCisco WAP125 Wireless-AC Dual Band Desktop Access Point with PoE\r\nCisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE\r\nCisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE\r\nCisco WAP371 Wireless-AC/N Radio Access Point with Single Point Setup\r\nCisco WAP571 Wireless-AC/N Premium Dual Radio Access Point with PoE\r\nCisco WAP571E Wireless-AC/N Premium Dual Radio Outdoor Access Point\r\nCisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN\r\n\r\nUnified Computing\r\n\r\nCisco 5000 Series Enterprise Network Compute System (ENCS)\r\nCisco HyperFlex System\r\nCisco Hyperflex Storage Replication Adapter\r\nCisco UCS C-Series Rack Servers and S-Series Storage Servers - Integrated Management Controller (CIMC)\r\nCisco UCS E-Series Servers\r\nCisco UCS Manager\r\n\r\nVoice and Unified Communications Devices\r\n\r\nCisco Headset 500 and 700 Series\r\nCisco Hosted Collaboration Mediation Fulfillment\r\nCisco IP Phones with Multiplatform Firmware\r\nCisco IP Phones\r\nCisco TelePresence Endpoints\r\nCisco Unified Attendant Console Advanced\r\nCisco Unified Attendant Console Business Edition\r\nCisco Unified Attendant Console Department Edition\r\nCisco Unified Attendant Console Enterprise Edition\r\nCisco Unified Attendant Console Premium Edition\r\nCisco Unified Communications Domain Manager\r\nCisco Unity Express\r\nCisco Webex Devices\r\nCisco Webex Hybrid Data Security Node\r\nCisco Webex Video Mesh\r\n\r\nVideo, Streaming, TelePresence, and Transcoding Devices\r\n\r\nCisco Expressway Series\r\nCisco Meeting Management (CMM)\r\nCisco Meeting Server\r\nCisco TelePresence Management Suite\r\nCisco TelePresence Video Communication Server (VCS)\r\nCisco Video Surveillance Media Server\r\n\r\nWireless\r\n\r\nCisco AireOS Wireless LAN Controllers\r\nCisco Aironet Access Points\r\nCisco Business 100 and 200 Series Access Points\r\nCisco Business Wireless\r\nCisco Catalyst 9100 Series Access Points\r\nCisco Catalyst 9800 Series Wireless Controllers\r\nCisco IOS Access Points\r\nCisco Mobility Services Engine\r\nCisco Ultra-Reliable Wireless Backhaul\r\n Cisco Cloud Offerings\r\nCisco investigated its cloud offerings to determine which products may be affected by these vulnerabilities. The following table lists Cisco cloud offerings that were part of this investigation.\r\n\r\n Product CVE-2021-44228 CVE-2021-45046 AppDynamics Remediated - service-specific details [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] Remediated - service-specific details [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] AppDynamics with Cisco Secure Application Remediated - service-specific details [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] Remediated - service-specific details [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] Cisco Cloud Email Security Not vulnerable Not vulnerable Cisco Cloudlock Remediated Remediated Cisco Cloudlock for Government Remediated Remediated Cisco Cognitive Intelligence Not vulnerable Not vulnerable Cisco Collaboration Experience Service (CES) Not vulnerable Not vulnerable Cisco Collaboration Experience Service Management (CESM) Not vulnerable Not vulnerable Cisco Crosswork Cloud Not vulnerable Not vulnerable Cisco CX Cloud Remediated Remediated Cisco Defense Orchestrator Not vulnerable Not vulnerable Cisco DNA Spaces Remediated Remediated Cisco Intersight Remediated Remediated Cisco IoT Control Center Remediated Remediated Cisco IoT Operations Dashboard Remediated Remediated Cisco Kinetic for Cities Remediated Remediated Cisco Kinetic Gateway Management Module Remediated Remediated Cisco Managed Services Accelerator (MSX) Remediated Remediated Cisco Placetel Not vulnerable Not vulnerable Cisco PX Cloud Remediated Remediated Cisco SD-WAN Cloud Remediated Remediated Cisco SD-WAN vAnalytics Not vulnerable Not vulnerable Cisco Secure Application (integrated with AppDynamics) Not vulnerable [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] Not vulnerable [\"https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability\"] Cisco Secure Cloud Analytics, formerly Cisco Stealthwatch Cloud Not vulnerable Not vulnerable Cisco Secure Cloud Insights Not vulnerable Not vulnerable Cisco Secure Email Cloud Mailbox, formerly Cisco Cloud Mailbox Defense Not vulnerable Not vulnerable Cisco Secure Email Encryption Service, formerly Cisco Registered Envelope Service Not vulnerable Not vulnerable Cisco Secure Endpoint, formerly Cisco Advanced Malware Protection for Endpoints Not vulnerable Not vulnerable Cisco Secure Malware Analytics, formerly Cisco Threat Grid Not vulnerable Not vulnerable Cisco SecureX Not vulnerable Not vulnerable Cisco ServiceGrid Not vulnerable Not vulnerable Cisco Smart Net Total Care Remediated Remediated Cisco Umbrella DNS Remediated Remediated Cisco Umbrella SIG Remediated Remediated Cisco Unified Communications Management Cloud - UC Management Remediated Remediated Cisco Unified Communications Manager Cloud Commercial Remediated Remediated Cisco Unified Communications Manager Cloud for Government Remediated Remediated Cisco Webex Calling Remediated Remediated Cisco Webex Calling Carrier Remediated Remediated Cisco Webex Cloud Registered Endpoints Not vulnerable Not vulnerable Cisco Webex Cloud-Connected UC Remediated Remediated Cisco Webex Contact Center Remediated Remediated Cisco Webex Contact Center Enterprise Remediated Remediated Cisco Webex Control Hub Remediated Remediated Cisco Webex Experience Management Not vulnerable Not vulnerable Cisco Webex FedRAMP Remediated Remediated Cisco Webex for Government FedRAMP Remediated Remediated Cisco Webex Meetings Remediated Remediated Cisco Webex Meetings Slow Channel Remediated Remediated Cisco Webex Messaging Remediated Remediated Cisco Webex Site Admin webpage Remediated Remediated Duo Security Remediated Remediated Duo Security for Government Remediated Remediated eSIM Flex Remediated Remediated IMIassist Not vulnerable Not vulnerable IMIcampaign Not vulnerable Not vulnerable IMIconnect Remediated Remediated IMIengage Not vulnerable Not vulnerable IMImessenger/TextLocal Messenger Not vulnerable Not vulnerable IMImobile - Webex Contact Center Integration Remediated Remediated IMInotify Not vulnerable Not vulnerable IMIsocial Not vulnerable Not vulnerable Kenna.AppSec Remediated Remediated Kenna.VI/VI+ Remediated Remediated Kenna.VM Remediated Remediated Meraki Not vulnerable Not vulnerable Partner Supporting Service(PSS) Remediated Remediated Slido Not vulnerable Not vulnerable Smart Call Home(SCH) Remediated Remediated Socio Not vulnerable Not vulnerable ThousandEyes Remediated Remediated UC-One - UMS Not vulnerable Not vulnerable",
"title": "Products Confirmed Not Vulnerable"
},
{
"category": "general",
"text": "Any workarounds are documented in the product-specific Cisco bugs, which are identified in the Vulnerable Products [\"#vp\"] section of this advisory.",
"title": "Workarounds"
},
{
"category": "general",
"text": "For information about fixed software releases, consult the Cisco bugs identified in the Vulnerable Products [\"#vp\"] section of this advisory.\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
"title": "Fixed Software"
},
{
"category": "general",
"text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
"title": "Vulnerability Policy"
},
{
"category": "general",
"text": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerabilities described in this advisory.",
"title": "Exploitation and Public Announcements"
},
{
"category": "general",
"text": "These vulnerabilities were disclosed by the Apache Software Foundation.",
"title": "Source"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
"title": "Legal Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@cisco.com",
"issuing_authority": "Cisco PSIRT",
"name": "Cisco",
"namespace": "https://wwww.cisco.com"
},
"references": [
{
"category": "self",
"summary": "Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"category": "external",
"summary": "Cisco Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
},
{
"category": "external",
"summary": "Apache Log4j Security Vulnerabilities",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"category": "external",
"summary": "Talos Rules 2021-12-21",
"url": "https://www.snort.org/advisories/talos-rules-2021-12-21"
},
{
"category": "external",
"summary": "Fixed Release Availability",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
},
{
"category": "external",
"summary": "CSCwa47283",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47283"
},
{
"category": "external",
"summary": "CSCwa47272",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47272"
},
{
"category": "external",
"summary": "CSCwa54008",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa54008"
},
{
"category": "external",
"summary": "CSCwa47284",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47284"
},
{
"category": "external",
"summary": "CSCwa46963",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46963"
},
{
"category": "external",
"summary": "CSCwa47133",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47133"
},
{
"category": "external",
"summary": "CSCwa47295",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47295"
},
{
"category": "external",
"summary": "CSCwa48806",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48806"
},
{
"category": "external",
"summary": "CSCwa47269",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47269"
},
{
"category": "external",
"summary": "CSCwa48074",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48074"
},
{
"category": "external",
"summary": "CSCwa47349",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47349"
},
{
"category": "external",
"summary": "CSCwa47350",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47350"
},
{
"category": "external",
"summary": "CSCwa48832",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48832"
},
{
"category": "external",
"summary": "CSCwa47271",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47271"
},
{
"category": "external",
"summary": "CSCwa47257",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47257"
},
{
"category": "external",
"summary": "CSCwa49936",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49936"
},
{
"category": "external",
"summary": "CSCwa49939",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49939"
},
{
"category": "external",
"summary": "CSCwa47367",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47367"
},
{
"category": "external",
"summary": "CSCwa51878",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51878"
},
{
"category": "external",
"summary": "CSCwa47259",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47259"
},
{
"category": "external",
"summary": "CSCwa49482",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49482"
},
{
"category": "external",
"summary": "CSCwa47320",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47320"
},
{
"category": "external",
"summary": "CSCwa47291",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47291"
},
{
"category": "external",
"summary": "CSCwa47310",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47310"
},
{
"category": "external",
"summary": "CSCwa47304",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47304"
},
{
"category": "external",
"summary": "CSCwa47342",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47342"
},
{
"category": "external",
"summary": "CSCwa47299",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47299"
},
{
"category": "external",
"summary": "CSCwa47347",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47347"
},
{
"category": "external",
"summary": "CSCwa52921",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa52921"
},
{
"category": "external",
"summary": "CSCwa50021",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa50021"
},
{
"category": "external",
"summary": "CSCwa47334",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47334"
},
{
"category": "external",
"summary": "CSCwa49924",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa49924"
},
{
"category": "external",
"summary": "CSCwa47369",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47369"
},
{
"category": "external",
"summary": "CSCwa47322",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47322"
},
{
"category": "external",
"summary": "CSCwa47370",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47370"
},
{
"category": "external",
"summary": "CSCwa47285",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47285"
},
{
"category": "external",
"summary": "CSCwa52235",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa52235"
},
{
"category": "external",
"summary": "CSCwa48793",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa48793"
},
{
"category": "external",
"summary": "CSCwa47745",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47745"
},
{
"category": "external",
"summary": "CSCwa47307",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47307"
},
{
"category": "external",
"summary": "CSCwa47303",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47303"
},
{
"category": "external",
"summary": "CSCwa47288",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47288"
},
{
"category": "external",
"summary": "CSCwa50220",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa50220"
},
{
"category": "external",
"summary": "CSCwa47315",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47315"
},
{
"category": "external",
"summary": "CSCwa51545",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51545"
},
{
"category": "external",
"summary": "CSCwa47383",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47383"
},
{
"category": "external",
"summary": "CSCwa47391",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47391"
},
{
"category": "external",
"summary": "CSCwa47392",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47392"
},
{
"category": "external",
"summary": "CSCwa46459",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46459"
},
{
"category": "external",
"summary": "CSCwa47274",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47274"
},
{
"category": "external",
"summary": "CSCwa47395",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47395"
},
{
"category": "external",
"summary": "CSCwa47249",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47249"
},
{
"category": "external",
"summary": "CSCwa47393",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47393"
},
{
"category": "external",
"summary": "CSCwa46810",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46810"
},
{
"category": "external",
"summary": "CSCwa47273",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47273"
},
{
"category": "external",
"summary": "CSCwa47388",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47388"
},
{
"category": "external",
"summary": "CSCwa47275",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47275"
},
{
"category": "external",
"summary": "CSCwa46525",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa46525"
},
{
"category": "external",
"summary": "CSCwa47265",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47265"
},
{
"category": "external",
"summary": "CSCwa47387",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47387"
},
{
"category": "external",
"summary": "CSCwa47397",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47397"
},
{
"category": "external",
"summary": "CSCwa51476",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa51476"
},
{
"category": "external",
"summary": "CSCwa47360",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47360"
},
{
"category": "external",
"summary": "CSCwa47351",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47351"
},
{
"category": "external",
"summary": "CSCwa47312",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47312"
},
{
"category": "external",
"summary": "Remediated - service-specific details",
"url": "https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability"
}
],
"title": "Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tracking": {
"current_release_date": "2022-01-31T21:16:10+00:00",
"generator": {
"date": "2024-05-10T23:12:04+00:00",
"engine": {
"name": "TVCE"
}
},
"id": "cisco-sa-apache-log4j-qRuKNEbd",
"initial_release_date": "2021-12-10T18:45:00+00:00",
"revision_history": [
{
"date": "2021-12-10T18:49:19+00:00",
"number": "1.0.0",
"summary": "Initial public release."
},
{
"date": "2021-12-10T20:58:15+00:00",
"number": "1.1.0",
"summary": "Added Snort rule link."
},
{
"date": "2021-12-11T00:58:43+00:00",
"number": "1.2.0",
"summary": "Added Products Under Investigation."
},
{
"date": "2021-12-11T19:15:38+00:00",
"number": "1.3.0",
"summary": "Indicated advisory update schedule. Updated the vulnerable products and products confirmed not vulnerable."
},
{
"date": "2021-12-11T23:12:24+00:00",
"number": "1.4.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-12T15:01:39+00:00",
"number": "1.5.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-12T18:11:59+00:00",
"number": "1.6.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-12T19:02:40+00:00",
"number": "1.7.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-12T23:05:52+00:00",
"number": "1.8.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-13T15:31:38+00:00",
"number": "1.9.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-13T20:34:26+00:00",
"number": "1.10.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-13T23:43:56+00:00",
"number": "1.11.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-14T15:42:33+00:00",
"number": "1.12.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-14T19:36:34+00:00",
"number": "1.13.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-14T23:57:07+00:00",
"number": "1.14.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-15T15:08:09+00:00",
"number": "1.15.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-15T19:27:33+00:00",
"number": "1.16.0",
"summary": "Updated the summary, products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-15T23:51:35+00:00",
"number": "1.17.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-16T15:22:33+00:00",
"number": "1.18.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-16T19:07:05+00:00",
"number": "1.19.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-16T23:12:10+00:00",
"number": "1.20.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-17T19:02:40+00:00",
"number": "1.21.0",
"summary": "Updated the summary, products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-18T00:07:30+00:00",
"number": "1.22.0",
"summary": "Updated the products under investigation, vulnerable products, and products confirmed not vulnerable."
},
{
"date": "2021-12-19T16:29:55+00:00",
"number": "1.23.0",
"summary": "Updated summary and products under investigation."
},
{
"date": "2021-12-20T20:29:03+00:00",
"number": "1.24.0",
"summary": "Updated vulnerable products and products confirmed not vulnerable."
},
{
"date": "2021-12-21T20:55:00+00:00",
"number": "1.25.0",
"summary": "Updated vulnerable products and products confirmed not vulnerable."
},
{
"date": "2021-12-22T20:47:44+00:00",
"number": "1.26.0",
"summary": "Updated vulnerable products and products confirmed not vulnerable. Updated the summary to indicate that no Cisco products are affected by CVE-2021-45105."
},
{
"date": "2021-12-22T22:58:15+00:00",
"number": "1.27.0",
"summary": "Updated vulnerable products."
},
{
"date": "2022-01-06T23:16:04+00:00",
"number": "1.28.0",
"summary": "Updated summary and vulnerable products."
},
{
"date": "2022-01-07T18:00:53+00:00",
"number": "1.29.0",
"summary": "Updated vulnerable products."
},
{
"date": "2022-01-10T18:01:02+00:00",
"number": "1.30.0",
"summary": "Updated vulnerable products."
},
{
"date": "2022-01-11T20:28:32+00:00",
"number": "1.31.0",
"summary": "Updated products confirmed not vulnerable."
},
{
"date": "2022-01-31T21:16:10+00:00",
"number": "1.32.0",
"summary": "Updated vulnerable products."
}
],
"status": "final",
"version": "1.32.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "Cisco Unified Communications Manager IM and Presence Service",
"product": {
"name": "Cisco Unified Communications Manager IM and Presence Service ",
"product_id": "CSAFPID-189784"
}
},
{
"category": "product_family",
"name": "Cisco Evolved Programmable Network Manager (EPNM)",
"product": {
"name": "Cisco Evolved Programmable Network Manager (EPNM) ",
"product_id": "CSAFPID-213688"
}
},
{
"category": "product_family",
"name": "Cisco Network Services Orchestrator",
"product": {
"name": "Cisco Network Services Orchestrator ",
"product_id": "CSAFPID-227765"
}
},
{
"category": "product_family",
"name": "Cisco Unified Communications Manager / Cisco Unity Connection",
"product": {
"name": "Cisco Unified Communications Manager / Cisco Unity Connection ",
"product_id": "CSAFPID-277610"
}
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-44832",
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-213688",
"CSAFPID-227765",
"CSAFPID-277610",
"CSAFPID-189784"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-189784",
"CSAFPID-213688",
"CSAFPID-227765",
"CSAFPID-277610"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-213688",
"CSAFPID-227765",
"CSAFPID-277610",
"CSAFPID-189784"
]
}
],
"title": "vuln-CVE-2021-44832"
},
{
"cve": "CVE-2021-45046",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCwa47310"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCwa56230"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-227765",
"CSAFPID-277610",
"CSAFPID-213688",
"CSAFPID-189784"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-189784",
"CSAFPID-213688",
"CSAFPID-227765",
"CSAFPID-277610"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-227765",
"CSAFPID-277610",
"CSAFPID-213688",
"CSAFPID-189784"
]
}
],
"title": "vuln-CVE-2021-45046"
},
{
"cve": "CVE-2021-44228",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCwa56230"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277610",
"CSAFPID-189784"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-189784",
"CSAFPID-277610"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-277610",
"CSAFPID-189784"
]
}
],
"title": "Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021"
},
{
"cve": "CVE-2021-45105",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCwa56230"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCwa54650"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCwa47310"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-189784",
"CSAFPID-213688"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-189784",
"CSAFPID-213688"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-189784",
"CSAFPID-213688"
]
}
],
"title": "Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 (CVE-2021-45105)"
}
]
}
Title
Apache Log4j2拒绝服务漏洞(CNVD-2021-101661)
Description
Log4j是Apache的一个开源项目,通过使用Log4j,可以控制日志信息输送的目的地是控制台、文件、GUI组件,甚至是套接口服务器、NT的事件记录器等。
Apache Log4j2存在拒绝服务漏洞。该漏洞是由于Apache Log4j2配置了非默认的带有Context Lookup的Pattern Layout场景(例如:$${ctx:loginId}),攻击者可利用该漏洞在未授权的情况下,构造恶意数据执行拒绝服务攻击,最终造成服务器拒绝服务。
Severity
中
Patch Name
Apache Log4j2拒绝服务漏洞(CNVD-2021-101661)的补丁
Patch Description
Log4j是Apache的一个开源项目,通过使用Log4j,可以控制日志信息输送的目的地是控制台、文件、GUI组件,甚至是套接口服务器、NT的事件记录器等。
Apache Log4j2存在拒绝服务漏洞。该漏洞是由于Apache Log4j2配置了非默认的带有Context Lookup的Pattern Layout场景(例如:$${ctx:loginId}),攻击者可利用该漏洞在未授权的情况下,构造恶意数据执行拒绝服务攻击,最终造成服务器拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前官方已发布最新版本,及时更新升级到最新版本。链接如下: https://github.com/apache/logging-log4j2/tags
Reference
https://logging.apache.org/log4j/2.x/security.html
Impacted products
| Name | Apache Apache Log4j >=2.0.0,< 2.17.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-45105",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105"
}
},
"description": "Log4j\u662fApache\u7684\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u901a\u8fc7\u4f7f\u7528Log4j\uff0c\u53ef\u4ee5\u63a7\u5236\u65e5\u5fd7\u4fe1\u606f\u8f93\u9001\u7684\u76ee\u7684\u5730\u662f\u63a7\u5236\u53f0\u3001\u6587\u4ef6\u3001GUI\u7ec4\u4ef6\uff0c\u751a\u81f3\u662f\u5957\u63a5\u53e3\u670d\u52a1\u5668\u3001NT\u7684\u4e8b\u4ef6\u8bb0\u5f55\u5668\u7b49\u3002\n\nApache Log4j2\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eApache Log4j2\u914d\u7f6e\u4e86\u975e\u9ed8\u8ba4\u7684\u5e26\u6709Context Lookup\u7684Pattern Layout\u573a\u666f\uff08\u4f8b\u5982\uff1a$${ctx:loginId}\uff09\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u672a\u6388\u6743\u7684\u60c5\u51b5\u4e0b\uff0c\u6784\u9020\u6076\u610f\u6570\u636e\u6267\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\uff0c\u6700\u7ec8\u9020\u6210\u670d\u52a1\u5668\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u76ee\u524d\u5b98\u65b9\u5df2\u53d1\u5e03\u6700\u65b0\u7248\u672c\uff0c\u53ca\u65f6\u66f4\u65b0\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\u3002\u94fe\u63a5\u5982\u4e0b\uff1a\r\nhttps://github.com/apache/logging-log4j2/tags",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-101661",
"openTime": "2021-12-22",
"patchDescription": "Log4j\u662fApache\u7684\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u901a\u8fc7\u4f7f\u7528Log4j\uff0c\u53ef\u4ee5\u63a7\u5236\u65e5\u5fd7\u4fe1\u606f\u8f93\u9001\u7684\u76ee\u7684\u5730\u662f\u63a7\u5236\u53f0\u3001\u6587\u4ef6\u3001GUI\u7ec4\u4ef6\uff0c\u751a\u81f3\u662f\u5957\u63a5\u53e3\u670d\u52a1\u5668\u3001NT\u7684\u4e8b\u4ef6\u8bb0\u5f55\u5668\u7b49\u3002\r\n\r\nApache Log4j2\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eApache Log4j2\u914d\u7f6e\u4e86\u975e\u9ed8\u8ba4\u7684\u5e26\u6709Context Lookup\u7684Pattern Layout\u573a\u666f\uff08\u4f8b\u5982\uff1a$${ctx:loginId}\uff09\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u672a\u6388\u6743\u7684\u60c5\u51b5\u4e0b\uff0c\u6784\u9020\u6076\u610f\u6570\u636e\u6267\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\uff0c\u6700\u7ec8\u9020\u6210\u670d\u52a1\u5668\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Log4j2\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-101661\uff09\u7684\u8865\u4e01",
"products": {
"product": "Apache Apache Log4j \u003e=2.0.0\uff0c\u003c 2.17.0"
},
"referenceLink": "https://logging.apache.org/log4j/2.x/security.html",
"serverity": "\u4e2d",
"submitTime": "2021-12-20",
"title": "Apache Log4j2\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-101661\uff09"
}
FKIE_CVE-2021-45105
Vulnerability from fkie_nvd - Published: 2021-12-18 12:15 - Updated: 2026-05-29 13:16
Severity
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42BCB94E-86D2-4B98-B9E6-5789F2272692",
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19DA22A8-0B29-4181-B44E-57D28D9DB331",
"versionEndExcluding": "2.12.3",
"versionStartIncluding": "2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61E2AC03-D49B-4A15-BDA4-61DAF142CEED",
"versionEndIncluding": "2.16.0",
"versionStartIncluding": "2.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "421BCD43-8ECC-4B1E-9F3E-C20BB2BC672A",
"versionEndIncluding": "10.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "1EA49667-8F94-4091-B9A9-A94318D83C24",
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*",
"matchCriteriaId": "7C1B257C-9442-4C73-91CB-67893A78F0DF",
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1E667A-9CAA-4382-957A-E4F1A4960E0C",
"versionEndExcluding": "3.1.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B407FBDB-7900-4F69-B745-809277F26050",
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05AF56AD-FBAF-4AB8-B04D-1E28BF10B767",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3103225-6440-43F4-9493-131878735B2A",
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3A0115-86AB-4677-A026-D99B971D9EF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "914A44DE-C4AA-45A0-AC26-5FAAF576130E",
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1C62CF-414A-4670-9F19-C11A381DB830",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75359CC5-58A7-4B5A-B9BF-BDE59552EF1C",
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "706A3F00-8489-4735-B09B-34528F7C556A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C23D02B7-C9A7-4ED9-AE71-765F01ACA55C",
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9DCB171-E4C8-4472-8023-20992ABB9348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C0714E-4255-4095-B26C-70EB193B8F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F834ACC-D65B-4CA3-91F1-415CBC6077E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "473749BD-267E-480F-8E7F-C762702DB66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E502A46-BAF4-4558-BC8F-9F014A2FB26A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "633E5B20-A7A7-4346-A71D-58121B006D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC6D658-09EA-4C41-869F-1C2EA163F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "64750C01-21AC-4947-B674-6690EAAAC5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3D0063-9458-4018-9B92-79A219716C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3141B86F-838D-491A-A8ED-3B7C54EA89C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B465F237-0271-4389-8035-89C07A52350D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "123CB9B5-C800-47FD-BD0C-BE44198E97E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF616620-88CE-4A77-B904-C1728A2E6F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEC452FA-D1D5-4175-9371-F6055818192E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0172500D-DE51-44E0-91E8-C8F36617C1F8",
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E99E7D49-AE53-4D16-AB24-EBEAAD084289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9550113-7423-48D8-A1C7-95D6AEE9B33C",
"versionEndIncluding": "8.5.1.0",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7FDD479D-9070-42E2-A8B1-9497BC4C0CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02712DD6-D944-4452-8015-000B9851D257",
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26940103-F37C-4FBD-BDFD-528A497209D6",
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00E9A2B1-7562-4E6B-AE25-1B647F24EFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BDB265-293F-4F27-8CE0-576DF3ECD3BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53600579-4542-4D80-A93C-3E45938C749D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6235EAE-47DD-4292-9941-6FF8D0A83843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "274BCA96-2E6A-4B77-B69E-E2093A668D28",
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4B738B-08CF-44F6-A939-39F5BEAF03B2",
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FAF2403-99A1-4DBC-BAC4-35D883D8E5D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4AA6214-A85D-4BF4-ABBF-0E4F8B7DA817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F05AF4B-A747-4314-95AE-F8495479AB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3C968F-4038-4A8D-A345-8CD3F73A653B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "615C7D0D-A9D5-43BA-AF61-373EC1095354",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F772DC1-F93E-43A4-81DA-A2A1E204C5D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C",
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F033C6C8-61D9-41ED-94E6-63BE7BA22EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B829B72-7DE0-415F-A1AF-51637F134B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8DC5FD-09DE-446F-879B-DB86C0CC95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0148D20-089E-4C19-8CA3-07598D8AFBF1",
"versionEndIncluding": "12.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54BE0CCE-8216-4CCF-96E1-38EF76124368",
"versionEndIncluding": "14.3.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0017AE8C-DBCA-46B4-A036-DF0E289199D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "609645BF-B34F-40AC-B9C9-C3FB870F4ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "67013CB6-5FA6-438B-A131-5AEDEBC66723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC5F6E6-3515-439B-9665-3B6151CEF577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4F0E6-3B36-4736-B2F2-CB2A16309F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E72CF27-6E5F-404E-B5DF-B470C99AF5E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51BCEC65-25B7-480C-860C-9D97F78CCE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16AEA21E-0B11-44A5-8BFB-550521D8E0D5",
"versionEndIncluding": "3.0.4",
"versionStartIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA92E70A-2249-4144-B0B8-35501159ADB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F69F8F6-BA2D-4DC6-BAB2-B9155F8B45CD",
"versionEndIncluding": "7.3.0.4",
"versionStartIncluding": "7.3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10774601-93C3-4938-A3E7-3C3D97A6F73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "523391D8-CB84-4EBD-B337-6A99F52E537F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A3C700-710A-4A0A-A2D4-ABB7AAC9B128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7E9060-BA5B-4682-AC0D-EE5105AD0332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D45E2D-241B-4839-B255-A81107BF94BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_bi\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C083F1E-8BF2-48C7-92FB-BD105905258E",
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B",
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4",
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E11E28-78AA-42BB-927D-D22CBDDD62B9",
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30927787-2815-4BEF-A7C2-960F92238303",
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0ABD2DC-9357-4097-BE62-BB7A4988A01F",
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1489DDA7-EDBE-404C-B48D-F0B52B741708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "535BC19C-21A1-48E3-8CC0-B276BA5D494E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8508EF23-43DC-431F-B410-FD0BA897C371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B85A426-5714-4CEA-8A97-720F882B2D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "604FBBC9-04DC-49D2-AB7A-6124256431AF",
"versionEndIncluding": "5.6.0.0",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "428D2B1D-CFFD-49D1-BC05-2D85D22004DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8AA91A-1880-43CD-938D-48EF58ACF2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F66C747-733F-46A1-9A6B-EEB1A1AEC45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D01A0EC-3846-4A74-A174-3797078DC699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "03E5FCFB-093A-48E9-8A4E-34C993D2764E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5",
"versionEndIncluding": "18.8.13",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A",
"versionEndIncluding": "19.12.12",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792",
"versionEndIncluding": "20.12.7",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981",
"versionEndIncluding": "19.12.18.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD",
"versionEndIncluding": "20.12.12.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1C35DF-D30D-42C8-B56D-C809609AB2A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "834B4CE7-042E-489F-AE19-0EEA2C37E7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82653579-FF7D-4492-9CA2-B3DF6A708831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32D2EB48-F9A2-4D23-81C5-4B30F2D785DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3796186-D3A7-4259-846B-165AD9CEB7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDA5540-692D-47DA-9F68-83158D9AE628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5435583-C454-4AC9-8A35-D2D30EB252EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2140357-503A-4D2A-A099-CFA4DC649E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B95628-F108-424A-8C19-40A5F5B7D37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E03B340-8C77-4DFA-8536-C57656E237D0",
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7B0B33-2361-4CF5-8075-F609858A582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A921C710-1C59-429F-B985-67C0DBFD695E",
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E458AF-0EEC-453E-AA9D-6C79211000AC",
"versionEndIncluding": "19.0.1.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AFAE16-B69F-410A-8CE3-1CDD998A8433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDF4CB0-4680-449A-8576-915721D59500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0472632-4104-4397-B619-C4E86A748465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48E25E7C-F7E8-4739-8251-00ACD11C12FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99B5DC78-1C24-4F2B-A254-D833FAF47013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "9002379B-4FDA-44F3-98EB-0C9B6083E429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "476B038D-7F60-482D-87AD-B58BEA35558E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*",
"matchCriteriaId": "AB86C644-7B79-4F87-A06D-C178E8C2B8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C19C5CC9-544A-4E4D-8F0A-579BB5270F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1A9B0C-735A-40B4-901C-663CF5162E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0791694C-9B4E-42EA-8F6C-899B43B6D769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "312992F0-E65A-4E38-A44C-363A7E157CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1940FD6-39FA-4F92-9625-F215D8051E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE45891-A6A5-4699-90A6-6F49E60A7987",
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7FCC976-615C-4DE5-9F50-1B25E9553962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D14A54A-4B04-41DE-B731-844D8AC3BE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D57F5CB-E566-450F-B7D7-DD771F7C746C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "88458537-6DE8-4D79-BC71-9D08883AD0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2E310654-0793-41CC-B049-C754AC31D016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5B22C6-97AF-4D1B-84C9-987C6F62C401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD9AAE5-9472-49C6-B054-DB76BEB86D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A104FDBD-0B28-44EE-91A0-A0C8939865A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889916ED-5EB2-49D6-8400-E6DBBD6C287F",
"versionEndIncluding": "21.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C470BAD-F7E2-4802-B1BE-E71EBB073DA1",
"versionEndExcluding": "21.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1A18FB-85E6-4C5D-8F8A-12F86EDC6A2D",
"versionEndExcluding": "22.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "174A6D2E-E42E-4C92-A194-C6A820CD7EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
},
{
"lang": "es",
"value": "Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no proteg\u00edan de la recursi\u00f3n no controlada de las b\u00fasquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegaci\u00f3n de servicio cuando es interpretada una cadena dise\u00f1ada. Este problema se ha corregido en Log4j versiones 2.17.0, 2.12.3 y 2.3.1"
}
],
"id": "CVE-2021-45105",
"lastModified": "2026-05-29T13:16:19.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-12-18T12:15:07.433",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5024"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-P6XC-XR62-6R2G
Vulnerability from github – Published: 2021-12-18 18:00 – Updated: 2025-05-09 12:31
VLAI
Summary
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
Details
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.
Affected packages
Only the org.apache.logging.log4j:log4j-core package is directly affected by this vulnerability. The org.apache.logging.log4j:log4j-api should be kept at the same version as the org.apache.logging.log4j:log4j-core package to ensure compatability if in use.
Severity
8.6 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.logging.log4j:log4j-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.12.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.logging.log4j:log4j-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.13.0"
},
{
"fixed": "2.17.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.logging.log4j:log4j-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.ops4j.pax.logging:pax-logging-log4j2"
},
"ranges": [
{
"events": [
{
"introduced": "1.8.0"
},
{
"fixed": "1.9.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.ops4j.pax.logging:pax-logging-log4j2"
},
"ranges": [
{
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.ops4j.pax.logging:pax-logging-log4j2"
},
"ranges": [
{
"events": [
{
"introduced": "1.11.0"
},
{
"fixed": "1.11.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.ops4j.pax.logging:pax-logging-log4j2"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-45105"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2021-12-18T17:59:37Z",
"nvd_published_at": "2021-12-18T12:15:00Z",
"severity": "HIGH"
},
"details": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.\n\n\n# Affected packages\nOnly the `org.apache.logging.log4j:log4j-core` package is directly affected by this vulnerability. The `org.apache.logging.log4j:log4j-api` should be kept at the same version as the `org.apache.logging.log4j:log4j-core` package to ensure compatability if in use.",
"id": "GHSA-p6xc-xr62-6r2g",
"modified": "2025-05-09T12:31:03Z",
"published": "2021-12-18T18:00:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ"
},
{
"type": "WEB",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211218-0001"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-5024"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion"
}
GSD-2021-45105
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-45105",
"description": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.",
"id": "GSD-2021-45105",
"references": [
"https://www.suse.com/security/cve/CVE-2021-45105.html",
"https://www.debian.org/security/2021/dsa-5024",
"https://access.redhat.com/errata/RHSA-2022:0223",
"https://access.redhat.com/errata/RHSA-2022:0222",
"https://access.redhat.com/errata/RHSA-2022:0219",
"https://access.redhat.com/errata/RHSA-2022:0216",
"https://access.redhat.com/errata/RHSA-2022:0205",
"https://access.redhat.com/errata/RHSA-2022:0203",
"https://access.redhat.com/errata/RHSA-2022:0083",
"https://access.redhat.com/errata/RHSA-2022:0047",
"https://access.redhat.com/errata/RHSA-2022:0044",
"https://access.redhat.com/errata/RHSA-2022:0043",
"https://access.redhat.com/errata/RHSA-2022:0042",
"https://access.redhat.com/errata/RHSA-2022:0026",
"https://ubuntu.com/security/CVE-2021-45105",
"https://advisories.mageia.org/CVE-2021-45105.html",
"https://access.redhat.com/errata/RHSA-2022:1296",
"https://access.redhat.com/errata/RHSA-2022:1297",
"https://access.redhat.com/errata/RHSA-2022:1299",
"https://access.redhat.com/errata/RHSA-2022:1462",
"https://access.redhat.com/errata/RHSA-2022:1463",
"https://access.redhat.com/errata/RHSA-2022:1469"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-45105"
],
"details": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.",
"id": "GSD-2021-45105",
"modified": "2023-12-13T01:23:19.628814Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-45105",
"STATE": "PUBLIC",
"TITLE": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Log4j2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.17.0"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.13.0"
},
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.12.3"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.4"
},
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.3.1"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.0-alpha1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "high"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-674: Uncontrolled Recursion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://logging.apache.org/log4j/2.x/security.html",
"refsource": "MISC",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"name": "VU#930724",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
},
{
"name": "DSA-5024",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5024"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211218-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
},
"source": {
"defect": [
"LOG4J2-3230"
],
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input."
}
]
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,0)",
"affected_versions": "All versions before 2.12.3, all versions after 2.12.3 before 2.17.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-674",
"CWE-937"
],
"date": "2022-02-08",
"description": "This advisory has been marked as a false positive.",
"fixed_versions": [
"2.12.3",
"2.17.0"
],
"identifier": "CVE-2021-45105",
"identifiers": [
"GHSA-p6xc-xr62-6r2g",
"CVE-2021-45105"
],
"not_impacted": "Version 2.12.3, all versions starting from 2.17.0",
"package_slug": "maven/org.apache.logging.log4j/log4j-api",
"pubdate": "2021-12-18",
"solution": "Upgrade to versions 2.12.3, 2.17.0 or above.",
"title": "Uncontrolled Recursion",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-45105",
"https://logging.apache.org/log4j/2.x/security.html",
"https://security.netapp.com/advisory/ntap-20211218-0001/",
"https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf",
"https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf",
"https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd",
"https://www.debian.org/security/2021/dsa-5024",
"https://www.kb.cert.org/vuls/id/930724",
"https://www.zerodayinitiative.com/advisories/ZDI-21-1541/",
"http://www.openwall.com/lists/oss-security/2021/12/19/1",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://github.com/advisories/GHSA-p6xc-xr62-6r2g"
],
"uuid": "f2e8f66e-6588-4771-bf08-cff3bfad7a12"
},
{
"affected_range": "[2.0,2.3.1),[2.4,2.12.3),[2.13.0,2.16.0]",
"affected_versions": "All versions starting from 2.0 before 2.3.1, all versions starting from 2.4 before 2.12.3, all versions starting from 2.13.0 up to 2.16.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2022-10-06",
"description": "Apache Log4j2 does not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted.",
"fixed_versions": [
"2.3.1",
"2.12.3",
"2.17.0"
],
"identifier": "CVE-2021-45105",
"identifiers": [
"CVE-2021-45105"
],
"not_impacted": "All versions before 2.0, all versions starting from 2.3.1 before 2.4, all versions starting from 2.12.3 before 2.13.0, all versions after 2.16.0",
"package_slug": "maven/org.apache.logging.log4j/log4j-core",
"pubdate": "2021-12-18",
"solution": "Upgrade to versions 2.3.1, 2.12.3, 2.17.0 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-45105",
"https://logging.apache.org/log4j/2.x/security.html",
"https://security.netapp.com/advisory/ntap-20211218-0001/",
"http://www.openwall.com/lists/oss-security/2021/12/19/1",
"https://www.debian.org/security/2021/dsa-5024",
"https://www.zerodayinitiative.com/advisories/ZDI-21-1541/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd",
"https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf",
"https://www.kb.cert.org/vuls/id/930724"
],
"uuid": "d72930d1-220e-47da-8fff-1e6ad9a98ebd"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.3",
"versionStartIncluding": "2.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.16.0",
"versionStartIncluding": "2.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.3.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.7",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.0.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.1.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.12.12.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.18.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.12",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.13",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.1.0",
"versionStartIncluding": "8.3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.0.4",
"versionStartIncluding": "7.3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.4",
"versionStartIncluding": "3.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.0.0",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hyperion_bi\\+:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.3",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-45105"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-674"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://logging.apache.org/log4j/2.x/security.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211218-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
},
{
"name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
},
{
"name": "DSA-5024",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5024"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"refsource": "CISCO",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
},
{
"name": "VU#930724",
"refsource": "CERT-VN",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-10-06T17:31Z",
"publishedDate": "2021-12-18T12:15Z"
}
}
}
NCSC-2026-0027
Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:08 - Updated: 2026-01-21 10:08Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.
Interpretaties: De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-117: Improper Output Neutralization for Logs
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122: Heap-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences
CWE-209: Generation of Error Message Containing Sensitive Information
CWE-252: Unchecked Return Value
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-289: Authentication Bypass by Alternate Name
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-457: Use of Uninitialized Variable
CWE-476: NULL Pointer Dereference
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-827: Improper Control of Document Type Definition
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-863: Incorrect Authorization
CWE-918: Server-Side Request Forgery (SSRF)
CWE-937: CWE-937
CWE-1035: CWE-1035
Multiple vulnerabilities across Apache Log4j, Oracle products, and various dependencies expose systems to denial-of-service and remote code execution risks, necessitating updates to secure versions.
10.0 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle products, including the Oracle HTTP Server and Database, allow for potential privilege escalation, remote code execution, and denial of service, with varying CVSS scores indicating significant risk.
7.8 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.
7.2 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Apache HTTP Server and Oracle HTTP Server, including CVE-2023-38709 and CVE-2024-42516, expose systems to risks such as HTTP response splitting, SSRF, and unauthorized access.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Apache HTTP Server versions prior to 2.4.64 are vulnerable to multiple security issues, including SSRF and HTTP response splitting, affecting mod_proxy and mod_headers configurations, with critical vulnerabilities also identified in Oracle HTTP Server.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Apache HTTP Server versions 2.4.63 and earlier, including insufficient escaping in mod_ssl, allow untrusted clients to compromise log integrity and potentially lead to unauthorized access and denial of service.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO allow for denial of service attacks, with CVSS scores ranging from 4.3 to 7.5, affecting various versions of these products.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Oracle Fusion Middleware and Perl, including heap buffer overflows and denial of service risks, affect various versions, with CVSS scores indicating significant severity.
8.6 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Database Server, Oracle Fusion Middleware, and Eclipse JGit expose systems to unauthorized access, severe impacts, and information disclosure through various attack vectors.
9.8 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities, including the 'MadeYouReset' attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.
8.7 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities in Apache HTTP Server versions 2.4.35 to 2.4.63 and Oracle HTTP Server allow unauthorized access, data modification, and denial of service, particularly through TLS session resumption and other exploit vectors.
9.1 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.
5.9 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.
6.3 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Hyperion Financial Reporting (version 11.2.23) has a denial of service vulnerability (CVSS 7.5), while libheif library versions prior to 1.19.6 have a NULL pointer dereference issue in the ImageItem_Grid::get_decoder function.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.
9.1 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities across Oracle WebLogic Server, Oracle GoldenGate, and Connect2id Nimbus JOSE + JWT allow unauthenticated attackers to exploit denial of service conditions, affecting various versions with CVSS scores of 5.8.
5.8 (Medium)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.
9.8 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft's OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.
9.8 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.
7.5 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.
10.0 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
A critical vulnerability in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise systems, affecting specific versions with a CVSS score of 10.0.
10.0 (Critical)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Data Integrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Fusion Middleware
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Identity Manager Connector
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Managed File Transfer
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Business Process Management Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Coherence
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Lifecycle Management NextGen OUI Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Identity Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Outside In Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle SOA Suite
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Security Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Service Bus
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Unified Directory
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebCenter Enterprise Capture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle WebLogic Server
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Weblogic Server Proxy Plug-in
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Service Delivery Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / WebCenter Sites
|
vers:unknown/* |
References
29 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
},
{
"category": "general",
"text": "Improper Output Neutralization for Logs",
"title": "CWE-117"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
"tracking": {
"current_release_date": "2026-01-21T10:08:59.379774Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0027",
"initial_release_date": "2026-01-21T10:08:59.379774Z",
"revision_history": [
{
"date": "2026-01-21T10:08:59.379774Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Data Integrator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Identity Manager Connector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Managed File Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Business Process Management Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Global Lifecycle Management NextGen OUI Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Identity Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Outside In Technology"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle SOA Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Security Service"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Service Bus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Unified Directory"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Enterprise Capture"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle WebLogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Weblogic Server Proxy Plug-in"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Service Delivery Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "WebCenter Sites"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45105",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Log4j, Oracle products, and various dependencies expose systems to denial-of-service and remote code execution risks, necessitating updates to secure versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-45105 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-45105.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2021-45105"
},
{
"cve": "CVE-2022-41342",
"notes": [
{
"category": "description",
"text": "Recent vulnerabilities in Oracle products, including the Oracle HTTP Server and Database, allow for potential privilege escalation, remote code execution, and denial of service, with varying CVSS scores indicating significant risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41342 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-41342.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2022-41342"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-13009.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-42516",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server and Oracle HTTP Server, including CVE-2023-38709 and CVE-2024-42516, expose systems to risks such as HTTP response splitting, SSRF, and unauthorized access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-42516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-42516"
},
{
"cve": "CVE-2024-43204",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Apache HTTP Server versions prior to 2.4.64 are vulnerable to multiple security issues, including SSRF and HTTP response splitting, affecting mod_proxy and mod_headers configurations, with critical vulnerabilities also identified in Oracle HTTP Server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43204 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-43204.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-43204"
},
{
"cve": "CVE-2024-47252",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "other",
"text": "Improper Output Neutralization for Logs",
"title": "CWE-117"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.63 and earlier, including insufficient escaping in mod_ssl, allow untrusted clients to compromise log integrity and potentially lead to unauthorized access and denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47252 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47252.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-47252"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO allow for denial of service attacks, with CVSS scores ranging from 4.3 to 7.5, affecting various versions of these products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-56406",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Fusion Middleware and Perl, including heap buffer overflows and denial of service risks, affect various versions, with CVSS scores indicating significant severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56406 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56406.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-56406"
},
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Database Server, Oracle Fusion Middleware, and Eclipse JGit expose systems to unauthorized access, severe impacts, and information disclosure through various attack vectors.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4949 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4949.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-4949"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-12383",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12383 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12383.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-23048",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.35 to 2.4.63 and Oracle HTTP Server allow unauthorized access, data modification, and denial of service, particularly through TLS session resumption and other exploit vectors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23048 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-23048.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-23048"
},
{
"cve": "CVE-2025-26333",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26333 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-41248",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41248 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41248.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-43967",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Oracle Hyperion Financial Reporting (version 11.2.23) has a denial of service vulnerability (CVSS 7.5), while libheif library versions prior to 1.19.6 have a NULL pointer dereference issue in the ImageItem_Grid::get_decoder function.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43967 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43967.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-43967"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle WebLogic Server, Oracle GoldenGate, and Connect2id Nimbus JOSE + JWT allow unauthenticated attackers to exploit denial of service conditions, affecting various versions with CVSS scores of 5.8.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54571",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-54874",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54874 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54874"
},
{
"cve": "CVE-2025-54988",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft\u0027s OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54988"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2026-21962",
"notes": [
{
"category": "description",
"text": "A critical vulnerability in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise systems, affecting specific versions with a CVSS score of 10.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2026-21962"
}
]
}
OPENSUSE-SU-2021:1605-1
Vulnerability from csaf_opensuse - Published: 2021-12-22 06:11 - Updated: 2021-12-22 06:11Summary
Security update for log4j
Severity
Important
Notes
Title of the patch: Security update for log4j
Description of the patch: This update for log4j fixes the following issues:
- Update to 2.17.0
- CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. (bsc#1193887, bsc#1193888)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2021-1605
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:log4j-2.17.0-lp152.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:log4j-javadoc-2.17.0-lp152.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:log4j-jcl-2.17.0-lp152.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:log4j-slf4j-2.17.0-lp152.3.12.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for log4j",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for log4j fixes the following issues:\n\n- Update to 2.17.0\n- CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. (bsc#1193887, bsc#1193888)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1605",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1605-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1605-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LEXBDKT4RJAGPFECN424ZRWUCLSEVT5K/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1605-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LEXBDKT4RJAGPFECN424ZRWUCLSEVT5K/"
},
{
"category": "self",
"summary": "SUSE Bug 1193887",
"url": "https://bugzilla.suse.com/1193887"
},
{
"category": "self",
"summary": "SUSE Bug 1193888",
"url": "https://bugzilla.suse.com/1193888"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45105 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45105/"
}
],
"title": "Security update for log4j",
"tracking": {
"current_release_date": "2021-12-22T06:11:42Z",
"generator": {
"date": "2021-12-22T06:11:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1605-1",
"initial_release_date": "2021-12-22T06:11:42Z",
"revision_history": [
{
"date": "2021-12-22T06:11:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "log4j-2.17.0-lp152.3.12.1.noarch",
"product": {
"name": "log4j-2.17.0-lp152.3.12.1.noarch",
"product_id": "log4j-2.17.0-lp152.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "log4j-javadoc-2.17.0-lp152.3.12.1.noarch",
"product": {
"name": "log4j-javadoc-2.17.0-lp152.3.12.1.noarch",
"product_id": "log4j-javadoc-2.17.0-lp152.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "log4j-jcl-2.17.0-lp152.3.12.1.noarch",
"product": {
"name": "log4j-jcl-2.17.0-lp152.3.12.1.noarch",
"product_id": "log4j-jcl-2.17.0-lp152.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "log4j-slf4j-2.17.0-lp152.3.12.1.noarch",
"product": {
"name": "log4j-slf4j-2.17.0-lp152.3.12.1.noarch",
"product_id": "log4j-slf4j-2.17.0-lp152.3.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-2.17.0-lp152.3.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:log4j-2.17.0-lp152.3.12.1.noarch"
},
"product_reference": "log4j-2.17.0-lp152.3.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-javadoc-2.17.0-lp152.3.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:log4j-javadoc-2.17.0-lp152.3.12.1.noarch"
},
"product_reference": "log4j-javadoc-2.17.0-lp152.3.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-jcl-2.17.0-lp152.3.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:log4j-jcl-2.17.0-lp152.3.12.1.noarch"
},
"product_reference": "log4j-jcl-2.17.0-lp152.3.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-slf4j-2.17.0-lp152.3.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:log4j-slf4j-2.17.0-lp152.3.12.1.noarch"
},
"product_reference": "log4j-slf4j-2.17.0-lp152.3.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45105"
}
],
"notes": [
{
"category": "general",
"text": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:log4j-2.17.0-lp152.3.12.1.noarch",
"openSUSE Leap 15.2:log4j-javadoc-2.17.0-lp152.3.12.1.noarch",
"openSUSE Leap 15.2:log4j-jcl-2.17.0-lp152.3.12.1.noarch",
"openSUSE Leap 15.2:log4j-slf4j-2.17.0-lp152.3.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45105",
"url": "https://www.suse.com/security/cve/CVE-2021-45105"
},
{
"category": "external",
"summary": "SUSE Bug 1193887 for CVE-2021-45105",
"url": "https://bugzilla.suse.com/1193887"
},
{
"category": "external",
"summary": "SUSE Bug 1193888 for CVE-2021-45105",
"url": "https://bugzilla.suse.com/1193888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:log4j-2.17.0-lp152.3.12.1.noarch",
"openSUSE Leap 15.2:log4j-javadoc-2.17.0-lp152.3.12.1.noarch",
"openSUSE Leap 15.2:log4j-jcl-2.17.0-lp152.3.12.1.noarch",
"openSUSE Leap 15.2:log4j-slf4j-2.17.0-lp152.3.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:log4j-2.17.0-lp152.3.12.1.noarch",
"openSUSE Leap 15.2:log4j-javadoc-2.17.0-lp152.3.12.1.noarch",
"openSUSE Leap 15.2:log4j-jcl-2.17.0-lp152.3.12.1.noarch",
"openSUSE Leap 15.2:log4j-slf4j-2.17.0-lp152.3.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-22T06:11:42Z",
"details": "important"
}
],
"title": "CVE-2021-45105"
}
]
}
OPENSUSE-SU-2021:4118-1
Vulnerability from csaf_opensuse - Published: 2021-12-20 11:43 - Updated: 2021-12-20 11:43Summary
Security update for log4j
Severity
Important
Notes
Title of the patch: Security update for log4j
Description of the patch: This update for log4j fixes the following issues:
- Update to 2.17.0
- CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. (bsc#1193887, bsc#1193888)
Patchnames: openSUSE-SLE-15.3-2021-4118
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:log4j-2.17.0-4.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:log4j-javadoc-2.17.0-4.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:log4j-jcl-2.17.0-4.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:log4j-slf4j-2.17.0-4.13.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for log4j",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for log4j fixes the following issues:\n\n- Update to 2.17.0\n- CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. (bsc#1193887, bsc#1193888)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-4118",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_4118-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:4118-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NGNGOILLVCJD7VSJJU7BEDG6ERFOONG6/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:4118-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NGNGOILLVCJD7VSJJU7BEDG6ERFOONG6/"
},
{
"category": "self",
"summary": "SUSE Bug 1193887",
"url": "https://bugzilla.suse.com/1193887"
},
{
"category": "self",
"summary": "SUSE Bug 1193888",
"url": "https://bugzilla.suse.com/1193888"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45105 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45105/"
}
],
"title": "Security update for log4j",
"tracking": {
"current_release_date": "2021-12-20T11:43:14Z",
"generator": {
"date": "2021-12-20T11:43:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:4118-1",
"initial_release_date": "2021-12-20T11:43:14Z",
"revision_history": [
{
"date": "2021-12-20T11:43:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "log4j-2.17.0-4.13.1.noarch",
"product": {
"name": "log4j-2.17.0-4.13.1.noarch",
"product_id": "log4j-2.17.0-4.13.1.noarch"
}
},
{
"category": "product_version",
"name": "log4j-javadoc-2.17.0-4.13.1.noarch",
"product": {
"name": "log4j-javadoc-2.17.0-4.13.1.noarch",
"product_id": "log4j-javadoc-2.17.0-4.13.1.noarch"
}
},
{
"category": "product_version",
"name": "log4j-jcl-2.17.0-4.13.1.noarch",
"product": {
"name": "log4j-jcl-2.17.0-4.13.1.noarch",
"product_id": "log4j-jcl-2.17.0-4.13.1.noarch"
}
},
{
"category": "product_version",
"name": "log4j-slf4j-2.17.0-4.13.1.noarch",
"product": {
"name": "log4j-slf4j-2.17.0-4.13.1.noarch",
"product_id": "log4j-slf4j-2.17.0-4.13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-2.17.0-4.13.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:log4j-2.17.0-4.13.1.noarch"
},
"product_reference": "log4j-2.17.0-4.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-javadoc-2.17.0-4.13.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:log4j-javadoc-2.17.0-4.13.1.noarch"
},
"product_reference": "log4j-javadoc-2.17.0-4.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-jcl-2.17.0-4.13.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:log4j-jcl-2.17.0-4.13.1.noarch"
},
"product_reference": "log4j-jcl-2.17.0-4.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-slf4j-2.17.0-4.13.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:log4j-slf4j-2.17.0-4.13.1.noarch"
},
"product_reference": "log4j-slf4j-2.17.0-4.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45105"
}
],
"notes": [
{
"category": "general",
"text": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:log4j-2.17.0-4.13.1.noarch",
"openSUSE Leap 15.3:log4j-javadoc-2.17.0-4.13.1.noarch",
"openSUSE Leap 15.3:log4j-jcl-2.17.0-4.13.1.noarch",
"openSUSE Leap 15.3:log4j-slf4j-2.17.0-4.13.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45105",
"url": "https://www.suse.com/security/cve/CVE-2021-45105"
},
{
"category": "external",
"summary": "SUSE Bug 1193887 for CVE-2021-45105",
"url": "https://bugzilla.suse.com/1193887"
},
{
"category": "external",
"summary": "SUSE Bug 1193888 for CVE-2021-45105",
"url": "https://bugzilla.suse.com/1193888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:log4j-2.17.0-4.13.1.noarch",
"openSUSE Leap 15.3:log4j-javadoc-2.17.0-4.13.1.noarch",
"openSUSE Leap 15.3:log4j-jcl-2.17.0-4.13.1.noarch",
"openSUSE Leap 15.3:log4j-slf4j-2.17.0-4.13.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:log4j-2.17.0-4.13.1.noarch",
"openSUSE Leap 15.3:log4j-javadoc-2.17.0-4.13.1.noarch",
"openSUSE Leap 15.3:log4j-jcl-2.17.0-4.13.1.noarch",
"openSUSE Leap 15.3:log4j-slf4j-2.17.0-4.13.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-20T11:43:14Z",
"details": "important"
}
],
"title": "CVE-2021-45105"
}
]
}
OPENSUSE-SU-2024:11691-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
log4j-2.17.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: log4j-2.17.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the log4j-2.17.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11691
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:log4j-2.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-2.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-2.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-2.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "log4j-2.17.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the log4j-2.17.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11691",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11691-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45105 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45105/"
}
],
"title": "log4j-2.17.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11691-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "log4j-2.17.0-1.1.aarch64",
"product": {
"name": "log4j-2.17.0-1.1.aarch64",
"product_id": "log4j-2.17.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "log4j-javadoc-2.17.0-1.1.aarch64",
"product": {
"name": "log4j-javadoc-2.17.0-1.1.aarch64",
"product_id": "log4j-javadoc-2.17.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "log4j-jcl-2.17.0-1.1.aarch64",
"product": {
"name": "log4j-jcl-2.17.0-1.1.aarch64",
"product_id": "log4j-jcl-2.17.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "log4j-slf4j-2.17.0-1.1.aarch64",
"product": {
"name": "log4j-slf4j-2.17.0-1.1.aarch64",
"product_id": "log4j-slf4j-2.17.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "log4j-2.17.0-1.1.ppc64le",
"product": {
"name": "log4j-2.17.0-1.1.ppc64le",
"product_id": "log4j-2.17.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "log4j-javadoc-2.17.0-1.1.ppc64le",
"product": {
"name": "log4j-javadoc-2.17.0-1.1.ppc64le",
"product_id": "log4j-javadoc-2.17.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "log4j-jcl-2.17.0-1.1.ppc64le",
"product": {
"name": "log4j-jcl-2.17.0-1.1.ppc64le",
"product_id": "log4j-jcl-2.17.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "log4j-slf4j-2.17.0-1.1.ppc64le",
"product": {
"name": "log4j-slf4j-2.17.0-1.1.ppc64le",
"product_id": "log4j-slf4j-2.17.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "log4j-2.17.0-1.1.s390x",
"product": {
"name": "log4j-2.17.0-1.1.s390x",
"product_id": "log4j-2.17.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "log4j-javadoc-2.17.0-1.1.s390x",
"product": {
"name": "log4j-javadoc-2.17.0-1.1.s390x",
"product_id": "log4j-javadoc-2.17.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "log4j-jcl-2.17.0-1.1.s390x",
"product": {
"name": "log4j-jcl-2.17.0-1.1.s390x",
"product_id": "log4j-jcl-2.17.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "log4j-slf4j-2.17.0-1.1.s390x",
"product": {
"name": "log4j-slf4j-2.17.0-1.1.s390x",
"product_id": "log4j-slf4j-2.17.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "log4j-2.17.0-1.1.x86_64",
"product": {
"name": "log4j-2.17.0-1.1.x86_64",
"product_id": "log4j-2.17.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "log4j-javadoc-2.17.0-1.1.x86_64",
"product": {
"name": "log4j-javadoc-2.17.0-1.1.x86_64",
"product_id": "log4j-javadoc-2.17.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "log4j-jcl-2.17.0-1.1.x86_64",
"product": {
"name": "log4j-jcl-2.17.0-1.1.x86_64",
"product_id": "log4j-jcl-2.17.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "log4j-slf4j-2.17.0-1.1.x86_64",
"product": {
"name": "log4j-slf4j-2.17.0-1.1.x86_64",
"product_id": "log4j-slf4j-2.17.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-2.17.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-2.17.0-1.1.aarch64"
},
"product_reference": "log4j-2.17.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-2.17.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-2.17.0-1.1.ppc64le"
},
"product_reference": "log4j-2.17.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-2.17.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-2.17.0-1.1.s390x"
},
"product_reference": "log4j-2.17.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-2.17.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-2.17.0-1.1.x86_64"
},
"product_reference": "log4j-2.17.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-javadoc-2.17.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.aarch64"
},
"product_reference": "log4j-javadoc-2.17.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-javadoc-2.17.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.ppc64le"
},
"product_reference": "log4j-javadoc-2.17.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-javadoc-2.17.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.s390x"
},
"product_reference": "log4j-javadoc-2.17.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-javadoc-2.17.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.x86_64"
},
"product_reference": "log4j-javadoc-2.17.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-jcl-2.17.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.aarch64"
},
"product_reference": "log4j-jcl-2.17.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-jcl-2.17.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.ppc64le"
},
"product_reference": "log4j-jcl-2.17.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-jcl-2.17.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.s390x"
},
"product_reference": "log4j-jcl-2.17.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-jcl-2.17.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.x86_64"
},
"product_reference": "log4j-jcl-2.17.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-slf4j-2.17.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.aarch64"
},
"product_reference": "log4j-slf4j-2.17.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-slf4j-2.17.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.ppc64le"
},
"product_reference": "log4j-slf4j-2.17.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-slf4j-2.17.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.s390x"
},
"product_reference": "log4j-slf4j-2.17.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-slf4j-2.17.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.x86_64"
},
"product_reference": "log4j-slf4j-2.17.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45105"
}
],
"notes": [
{
"category": "general",
"text": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:log4j-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-2.17.0-1.1.x86_64",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.x86_64",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.x86_64",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45105",
"url": "https://www.suse.com/security/cve/CVE-2021-45105"
},
{
"category": "external",
"summary": "SUSE Bug 1193887 for CVE-2021-45105",
"url": "https://bugzilla.suse.com/1193887"
},
{
"category": "external",
"summary": "SUSE Bug 1193888 for CVE-2021-45105",
"url": "https://bugzilla.suse.com/1193888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:log4j-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-2.17.0-1.1.x86_64",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.x86_64",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.x86_64",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:log4j-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-2.17.0-1.1.x86_64",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-javadoc-2.17.0-1.1.x86_64",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-jcl-2.17.0-1.1.x86_64",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.aarch64",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.ppc64le",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.s390x",
"openSUSE Tumbleweed:log4j-slf4j-2.17.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-45105"
}
]
}
RHSA-2022:0026
Vulnerability from csaf_redhat - Published: 2022-01-12 09:50 - Updated: 2026-05-29 13:06Summary
Red Hat Security Advisory: OpenShift Container Platform 4.6.53 security update
Severity
Low
Notes
Topic: Red Hat OpenShift Container Platform release 4.6.53 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.53. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:0025
Security Fix(es):
* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data
contains a recursive lookup and context lookup pattern (CVE-2021-45105)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.
5.9 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.6:openshift4/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f_amd64 | — |
Workaround
|
Threats
Impact
Low
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.6.53 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.6.\n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.53. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:0025\n\nSecurity Fix(es):\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data\ncontains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0026",
"url": "https://access.redhat.com/errata/RHSA-2022:0026"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "2034067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0026.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.53 security update",
"tracking": {
"current_release_date": "2026-05-29T13:06:05+00:00",
"generator": {
"date": "2026-05-29T13:06:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2022:0026",
"initial_release_date": "2022-01-12T09:50:38+00:00",
"revision_history": [
{
"date": "2022-01-12T09:50:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-12T09:50:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-29T13:06:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.6",
"product": {
"name": "Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484_s390x",
"product": {
"name": "openshift4/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484_s390x",
"product_id": "openshift4/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-logging-operator\u0026tag=v4.6.0-202201061151.p0.g7f7eccc.assembly.4.6.53"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe_s390x",
"product": {
"name": "openshift4/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe_s390x",
"product_id": "openshift4/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202112201736.p0.gd421c69.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16_s390x",
"product": {
"name": "openshift4/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16_s390x",
"product_id": "openshift4/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-curator5\u0026tag=v4.6.0-202201061151.p0.gce7f68c.assembly.4.6.53"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835_s390x",
"product": {
"name": "openshift4/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835_s390x",
"product_id": "openshift4/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202112201736.p0.gce7f68c.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060_s390x",
"product": {
"name": "openshift4/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060_s390x",
"product_id": "openshift4/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-fluentd\u0026tag=v4.6.0-202112201736.p0.gce7f68c.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53_s390x",
"product": {
"name": "openshift4/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53_s390x",
"product_id": "openshift4/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-kibana6\u0026tag=v4.6.0-202112201736.p0.gce7f68c.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7_s390x",
"product": {
"name": "openshift4/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7_s390x",
"product_id": "openshift4/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.6.0-202112141645.p0.g618b71d.assembly.stream"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb_ppc64le",
"product": {
"name": "openshift4/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb_ppc64le",
"product_id": "openshift4/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-logging-operator\u0026tag=v4.6.0-202201061151.p0.g7f7eccc.assembly.4.6.53"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b_ppc64le",
"product": {
"name": "openshift4/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b_ppc64le",
"product_id": "openshift4/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202112201736.p0.gd421c69.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26_ppc64le",
"product": {
"name": "openshift4/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26_ppc64le",
"product_id": "openshift4/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-curator5\u0026tag=v4.6.0-202201061151.p0.gce7f68c.assembly.4.6.53"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3_ppc64le",
"product": {
"name": "openshift4/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3_ppc64le",
"product_id": "openshift4/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202112201736.p0.gce7f68c.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c_ppc64le",
"product": {
"name": "openshift4/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c_ppc64le",
"product_id": "openshift4/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-fluentd\u0026tag=v4.6.0-202112201736.p0.gce7f68c.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d_ppc64le",
"product": {
"name": "openshift4/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d_ppc64le",
"product_id": "openshift4/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-kibana6\u0026tag=v4.6.0-202112201736.p0.gce7f68c.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121_ppc64le",
"product": {
"name": "openshift4/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121_ppc64le",
"product_id": "openshift4/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.6.0-202112141645.p0.g618b71d.assembly.stream"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441_amd64",
"product": {
"name": "openshift4/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441_amd64",
"product_id": "openshift4/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-logging-operator\u0026tag=v4.6.0-202201061151.p0.g7f7eccc.assembly.4.6.53"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d_amd64",
"product": {
"name": "openshift4/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d_amd64",
"product_id": "openshift4/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202112201736.p0.gd421c69.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96_amd64",
"product": {
"name": "openshift4/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96_amd64",
"product_id": "openshift4/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-hadoop\u0026tag=v4.6.0-202112150825.p0.gf381145.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa_amd64",
"product": {
"name": "openshift4/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa_amd64",
"product_id": "openshift4/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-curator5\u0026tag=v4.6.0-202201061151.p0.gce7f68c.assembly.4.6.53"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547_amd64",
"product": {
"name": "openshift4/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547_amd64",
"product_id": "openshift4/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202112201736.p0.gce7f68c.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6_amd64",
"product": {
"name": "openshift4/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6_amd64",
"product_id": "openshift4/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-fluentd\u0026tag=v4.6.0-202112201736.p0.gce7f68c.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b_amd64",
"product": {
"name": "openshift4/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b_amd64",
"product_id": "openshift4/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-kibana6\u0026tag=v4.6.0-202112201736.p0.gce7f68c.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd_amd64",
"product": {
"name": "openshift4/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd_amd64",
"product_id": "openshift4/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.6.0-202112141645.p0.g618b71d.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2_amd64",
"product": {
"name": "openshift4/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2_amd64",
"product_id": "openshift4/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-ansible-operator\u0026tag=v4.6.0-202201061005.p0.gd74112d.assembly.4.6.53"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f_amd64",
"product": {
"name": "openshift4/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f_amd64",
"product_id": "openshift4/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-presto\u0026tag=v4.6.0-202112150825.p0.g190688a.assembly.stream"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484_s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484_s390x"
},
"product_reference": "openshift4/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb_ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb_ppc64le"
},
"product_reference": "openshift4/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441_amd64"
},
"product_reference": "openshift4/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd_amd64"
},
"product_reference": "openshift4/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7_s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7_s390x"
},
"product_reference": "openshift4/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121_ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121_ppc64le"
},
"product_reference": "openshift4/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b_ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b_ppc64le"
},
"product_reference": "openshift4/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d_amd64"
},
"product_reference": "openshift4/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe_s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe_s390x"
},
"product_reference": "openshift4/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa_amd64"
},
"product_reference": "openshift4/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26_ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26_ppc64le"
},
"product_reference": "openshift4/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16_s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16_s390x"
},
"product_reference": "openshift4/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3_ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3_ppc64le"
},
"product_reference": "openshift4/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835_s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835_s390x"
},
"product_reference": "openshift4/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547_amd64"
},
"product_reference": "openshift4/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6_amd64"
},
"product_reference": "openshift4/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c_ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c_ppc64le"
},
"product_reference": "openshift4/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060_s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060_s390x"
},
"product_reference": "openshift4/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53_s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53_s390x"
},
"product_reference": "openshift4/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d_ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d_ppc64le"
},
"product_reference": "openshift4/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b_amd64"
},
"product_reference": "openshift4/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2_amd64"
},
"product_reference": "openshift4/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96_amd64"
},
"product_reference": "openshift4/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f_amd64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f_amd64"
},
"product_reference": "openshift4/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45105",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2021-12-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484_s390x",
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441_amd64",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd_amd64",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7_s390x",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d_amd64",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa_amd64",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6_amd64",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547_amd64"
],
"known_not_affected": [
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484_s390x",
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441_amd64",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd_amd64",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7_s390x",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d_amd64",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa_amd64",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6_amd64",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45105"
},
{
"category": "external",
"summary": "RHBZ#2034067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/LOG4J2-3230",
"url": "https://issues.apache.org/jira/browse/LOG4J2-3230"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/security.html",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1",
"url": "https://www.openwall.com/lists/oss-security/2021/12/19/1"
}
],
"release_date": "2021-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-12T09:50:38+00:00",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0026"
},
{
"category": "workaround",
"details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.",
"product_ids": [
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484_s390x",
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441_amd64",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd_amd64",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7_s390x",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d_amd64",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa_amd64",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547_amd64",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6_amd64",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:36fb516f19ab985c16b353898a7f50b898adeb1c78a7c2743a0658cb19a05484_s390x",
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:42f65580290ce0f8c840dc3473e11eaa868e1b53b6793e34681b8e5fff5926eb_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:d101b67692e9d5cca517be23106835124a27e67dc1372f10aebf768210c77441_amd64",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:32ed19af20fdca8aea3ca49bb20e0e34a5b6798655fe78a8dd1db2b0f78d54cd_amd64",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:8349a4a59394b19bf6a745289c327174523fde41e16f0760fc6ede3ff4782bc7_s390x",
"8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy@sha256:d5810afd8c7d36f44c5130bd4bdcf2215dcc99582d020b1db4a8866606707121_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b1320c22359023ced54a7df87ae1cc7e81f6dd0879ca9b57db7cfb1492cb109b_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:bbb81923102a18e5123d3273684feb69dce22715eeda2330ed47569cc4b60a7d_amd64",
"8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:eba0695fa94be0d083f86bc962352699a44357ef02f22e0ef80caedf31150bbe_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:1f9e1c24dae620af738fecb0b2fd36aecdb8f7f433f70c6b5089bb023fd7e9aa_amd64",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:2e5d5ad2823b8a40bc7fee550f3078e2794b86daf90a73dc2ec2ea06e5488a26_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:d696874a0eeac134653d68d38bc36a57517b93c4be2e16eb9f3f6ad3d2a6bd16_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:169e6882974d9cd36d72e1db75b57071aca7b8cf5aa2c13c8f7e3157505b80c3_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:29643626fe608c5ff0ea815a0afaed3fe7112f6c50963991014542cdb7ece835_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:f1a53e3be27c714226869b259c8eed80ac797b0cb83fbc2d786a9bba383d9547_amd64",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:69e442480c0730d9856561a6ddfeb1989383d2d4cdd33944740d38e41ef25fc6_amd64",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:71abdeda606871f7b84a09debbddf204ee99f42e806b10f0cd17e5d74632757c_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:81e179ed88533175874d7f5d34d32a568c6e6b1bd362727305b61f2451dbb060_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:39b545a87dedd058beab6206b1cac9ed947dbe30a50f26a35aab25e5e59a6e53_s390x",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:79aa1de7f02407c2560597368614340d06cf2bd57f500860f75344d70e3b3a5d_ppc64le",
"8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:f2f672f0ef01723a1097ff08e84b21311441d119d77eee9e65937f47e876311b_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:c2ff7992fd5ce33e1d40fc4123f9a479394d31be28b1cceaa5c22a6196ed87a2_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-hadoop@sha256:ca61ce16449acf4e38d0333c3fab0b533b9db6253b2944565c7f4eda2c6a4e96_amd64",
"8Base-RHOSE-4.6:openshift4/ose-metering-presto@sha256:865fa3774bdc2c5c58fa6b3ea2cee245194945c6a4094a43e9e3c5be4579a12f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…