Vulnerability Details : CVE-2021-45105
Potential exploit
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2021-45105
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*
- Oracle » Retail Integration BusVersions from including (>=) 16.0.1 and up to, including, (<=) 16.0.3cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*
- Oracle » Retail Integration BusVersions from including (>=) 19.0.0 and up to, including, (<=) 19.0.1.0cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
- Oracle » Primavera P6 Enterprise Project Portfolio ManagementVersions from including (>=) 20.12.0.0 and up to, including, (<=) 20.12.12.0cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
- Oracle » Primavera P6 Enterprise Project Portfolio ManagementVersions from including (>=) 19.12.0.0 and up to, including, (<=) 19.12.18.0cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*
- Oracle » Health Sciences Information ManagerVersions from including (>=) 3.0.1 and up to, including, (<=) 3.0.4cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
- Oracle » Retail Service BackboneVersions from including (>=) 16.0.1 and up to, including, (<=) 16.0.3cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*
- Oracle » Flexcube Universal BankingVersions from including (>=) 14.0.0 and up to, including, (<=) 14.3.0cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*
- Oracle » Flexcube Universal BankingVersions from including (>=) 12.1.0 and up to, including, (<=) 12.4cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion_bi\+:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
- Oracle » Financial Services Analytical Applications InfrastructureVersions from including (>=) 8.0.7 and up to, including, (<=) 8.1.1cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
- Oracle » Communications Diameter Signaling RouterVersions from including (>=) 8.3.0.0 and up to, including, (<=) 8.5.1.0cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
- Oracle » Healthcare FoundationVersions from including (>=) 7.3.0.1 and up to, including, (<=) 7.3.0.4cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*
- Oracle » Insurance Insbridge Rating And UnderwritingVersions from including (>=) 5.4 and up to, including, (<=) 5.6.0.0cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
- Oracle » Utilities FrameworkVersions from including (>=) 4.3.0.1.0 and up to, including, (<=) 4.3.0.6.0cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
- Oracle » Retail Financial IntegrationVersions from including (>=) 16.0.1 and up to, including, (<=) 16.0.3cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
- Oracle » Communications Network Charging And ControlVersions from including (>=) 12.0.1.0.0 and up to, including, (<=) 12.0.4.0.0cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*
- Oracle » Communications Cloud Native Core Network Function Cloud Native Environment » Version: 1.10.0cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*
- Oracle » Communications Convergent Charging ControllerVersions from including (>=) 12.0.1.0.0 and up to, including, (<=) 12.0.4.0.0cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*
- Sonicwall » Network Security Manager » On-premises EditionVersions from including (>=) 2.0 and before (<) 3.0cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*
- Sonicwall » Network Security Manager » Saas EditionVersions from including (>=) 2.0 and before (<) 3.0cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*
- cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-45105
95.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-45105
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2021-45105
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Primary)
- security@apache.org (Secondary)
-
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.Assigned by:
- nvd@nist.gov (Primary)
- security@apache.org (Secondary)
References for CVE-2021-45105
-
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
Security AdvisoryThird Party Advisory
-
https://www.kb.cert.org/vuls/id/930724
VU#930724 - Apache Log4j allows insecure JNDI lookupsThird Party Advisory;US Government Resource
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20211218-0001/
CVE-2021-45105 Apache Log4j Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-21-1541/
ZDI-21-1541 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
Third Party Advisory
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021Third Party Advisory
-
https://logging.apache.org/log4j/2.x/security.html
Log4j – Apache Log4j Security VulnerabilitiesRelease Notes;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2021/12/19/1
oss-security - CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluationMailing List;Mitigation;Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
Third Party Advisory
-
https://www.debian.org/security/2021/dsa-5024
Debian -- Security Information -- DSA-5024-1 apache-log4j2Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2022.html
Oracle Critical Patch Update Advisory - July 2022Third Party Advisory
Jump to