CVE-2021-4104 - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr

CVE-2021-4104

Summary

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

References

Vulnerable Configurations

cpe:2.3:a:apache:log4j:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:1.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq_streaming:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq_streaming:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:11.1.2.4.330:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:11.1.2.4.330:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:11.1.2.4.344:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:11.1.2.4.344:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:11.1.2.4.345:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_data_relationship_management:11.1.2.4.345:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6.8003:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6.8003:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1182:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1182:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2.1162:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2.1162:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4.3247:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4.3247:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2.4181:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2.4181:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7.4297:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7.4297:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9.4237:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9.4237:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4.5235:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4.5235:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6.5281:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6.5281:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.11.5331:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.11.5331:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0.8131:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0.8131:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2.8191:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2.8191:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.18.1217:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.18.1217:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.23:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.23:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.25:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.25:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.29:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.29:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:timesten_grid:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:timesten_grid:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:stream_analytics:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:stream_analytics:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:goldengate:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:goldengate:-:*:*:*:*:*:*:*

CVSS

Base:	6.0 (as of 22-12-2023 - 09:15)
Impact:
Exploitability:

CWE

CWE-502

CAPEC

Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:P/A:P

Last major update

22-12-2023 - 09:15

Published

14-12-2021 - 12:15

Last modified

22-12-2023 - 09:15