gsd-2021-45105
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-45105", description: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", id: "GSD-2021-45105", references: [ "https://www.suse.com/security/cve/CVE-2021-45105.html", "https://www.debian.org/security/2021/dsa-5024", "https://access.redhat.com/errata/RHSA-2022:0223", "https://access.redhat.com/errata/RHSA-2022:0222", "https://access.redhat.com/errata/RHSA-2022:0219", "https://access.redhat.com/errata/RHSA-2022:0216", "https://access.redhat.com/errata/RHSA-2022:0205", "https://access.redhat.com/errata/RHSA-2022:0203", "https://access.redhat.com/errata/RHSA-2022:0083", "https://access.redhat.com/errata/RHSA-2022:0047", "https://access.redhat.com/errata/RHSA-2022:0044", "https://access.redhat.com/errata/RHSA-2022:0043", "https://access.redhat.com/errata/RHSA-2022:0042", "https://access.redhat.com/errata/RHSA-2022:0026", "https://ubuntu.com/security/CVE-2021-45105", "https://advisories.mageia.org/CVE-2021-45105.html", "https://access.redhat.com/errata/RHSA-2022:1296", "https://access.redhat.com/errata/RHSA-2022:1297", "https://access.redhat.com/errata/RHSA-2022:1299", "https://access.redhat.com/errata/RHSA-2022:1462", "https://access.redhat.com/errata/RHSA-2022:1463", "https://access.redhat.com/errata/RHSA-2022:1469", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-45105", ], details: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", id: "GSD-2021-45105", modified: "2023-12-13T01:23:19.628814Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-45105", STATE: "PUBLIC", TITLE: "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Log4j2", version: { version_data: [ { version_affected: "<", version_name: "log4j-core", version_value: "2.17.0", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.13.0", }, { version_affected: "<", version_name: "log4j-core", version_value: "2.12.3", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.4", }, { version_affected: "<", version_name: "log4j-core", version_value: "2.3.1", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.0-alpha1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro’s Zero Day Initiative, and another anonymous vulnerability researcher", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "high", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20 Improper Input Validation", }, ], }, { description: [ { lang: "eng", value: "CWE-674: Uncontrolled Recursion", }, ], }, ], }, references: { reference_data: [ { name: "https://logging.apache.org/log4j/2.x/security.html", refsource: "MISC", url: "https://logging.apache.org/log4j/2.x/security.html", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { name: "VU#930724", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { name: "DSA-5024", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-5024", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { name: "https://security.netapp.com/advisory/ntap-20211218-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { defect: [ "LOG4J2-3230", ], discovery: "UNKNOWN", }, work_around: [ { lang: "eng", value: "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input.", }, ], }, "gitlab.com": { advisories: [ { affected_range: "(,0)", affected_versions: "All versions before 2.12.3, all versions after 2.12.3 before 2.17.0", cvss_v2: "AV:N/AC:M/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-20", "CWE-674", "CWE-937", ], date: "2022-02-08", description: "This advisory has been marked as a false positive.", fixed_versions: [ "2.12.3", "2.17.0", ], identifier: "CVE-2021-45105", identifiers: [ "GHSA-p6xc-xr62-6r2g", "CVE-2021-45105", ], not_impacted: "Version 2.12.3, all versions starting from 2.17.0", package_slug: "maven/org.apache.logging.log4j/log4j-api", pubdate: "2021-12-18", solution: "Upgrade to versions 2.12.3, 2.17.0 or above.", title: "Uncontrolled Recursion", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "https://logging.apache.org/log4j/2.x/security.html", "https://security.netapp.com/advisory/ntap-20211218-0001/", "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", "https://www.debian.org/security/2021/dsa-5024", "https://www.kb.cert.org/vuls/id/930724", "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", "http://www.openwall.com/lists/oss-security/2021/12/19/1", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://github.com/advisories/GHSA-p6xc-xr62-6r2g", ], uuid: "f2e8f66e-6588-4771-bf08-cff3bfad7a12", }, { affected_range: "[2.0,2.3.1),[2.4,2.12.3),[2.13.0,2.16.0]", affected_versions: "All versions starting from 2.0 before 2.3.1, all versions starting from 2.4 before 2.12.3, all versions starting from 2.13.0 up to 2.16.0", cvss_v2: "AV:N/AC:M/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-20", "CWE-937", ], date: "2022-10-06", description: "Apache Log4j2 does not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted.", fixed_versions: [ "2.3.1", "2.12.3", "2.17.0", ], identifier: "CVE-2021-45105", identifiers: [ "CVE-2021-45105", ], not_impacted: "All versions before 2.0, all versions starting from 2.3.1 before 2.4, all versions starting from 2.12.3 before 2.13.0, all versions after 2.16.0", package_slug: "maven/org.apache.logging.log4j/log4j-core", pubdate: "2021-12-18", solution: "Upgrade to versions 2.3.1, 2.12.3, 2.17.0 or above.", title: "Improper Input Validation", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "https://logging.apache.org/log4j/2.x/security.html", "https://security.netapp.com/advisory/ntap-20211218-0001/", "http://www.openwall.com/lists/oss-security/2021/12/19/1", "https://www.debian.org/security/2021/dsa-5024", "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", "https://www.kb.cert.org/vuls/id/930724", ], uuid: "d72930d1-220e-47da-8fff-1e6ad9a98ebd", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.1", versionStartIncluding: "2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.12.3", versionStartIncluding: "2.4", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.16.0", versionStartIncluding: "2.13.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*", cpe_name: [], versionEndExcluding: "3.0", versionStartIncluding: "2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*", cpe_name: [], versionEndExcluding: "3.0", versionStartIncluding: "2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.0.12", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.1.0", versionStartIncluding: "3.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.3.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "17.12.11", versionStartIncluding: "17.12.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "20.12.7", versionStartIncluding: "20.12.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.7", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "21.12", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "19.0.1.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "20.12.12.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "19.12.18.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "19.12.12", versionStartIncluding: "19.12.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "18.8.13", versionStartIncluding: "18.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.5.1.0", versionStartIncluding: "8.3.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "21.4.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "12.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "7.3.0.4", versionStartIncluding: "7.3.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.0.4", versionStartIncluding: "3.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.0.29", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.4", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.2.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.2.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.2.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.2.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.2.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:hyperion_bi\\+:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.2.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "22.1", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-45105", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-674", }, ], }, ], }, references: { reference_data: [ { name: "https://logging.apache.org/log4j/2.x/security.html", refsource: "MISC", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { name: "https://security.netapp.com/advisory/ntap-20211218-0001/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { name: "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", refsource: "MLIST", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { name: "DSA-5024", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", refsource: "MISC", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", refsource: "CISCO", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { name: "VU#930724", refsource: "CERT-VN", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "N/A", refsource: "N/A", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, }, }, lastModifiedDate: "2022-10-06T17:31Z", publishedDate: "2021-12-18T12:15Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.