Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
apache / log4j 2.0 2.8.2
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux 7.4 7.4.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / enterprise_linux 7.0 7.0.x
redhat / enterprise_linux 6.0 6.0.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / enterprise_linux 6.7 6.7.x
redhat / enterprise_linux 7.3 7.3.x
redhat / enterprise_linux_server_aus 7.4 7.4.x
redhat / enterprise_linux_server_eus 7.4 7.4.x
redhat / enterprise_linux 7.5 7.5.x
redhat / enterprise_linux_server_tus 7.4 7.4.x
redhat / enterprise_linux_server_eus 7.5 7.5.x
redhat / enterprise_linux_server_tus 7.6 7.6.x
redhat / enterprise_linux_server_eus 7.6 7.6.x
redhat / enterprise_linux_server_aus 7.6 7.6.x
redhat / enterprise_linux 7.6 7.6.x
redhat / fuse 1.0 1.0.x
oracle / flexcube_investor_servicing 12.3.0 12.3.0.x
oracle / flexcube_investor_servicing 12.1.0 12.1.0.x
oracle / jd_edwards_enterpriseone_tools 9.2 9.2.x
oracle / retail_service_backbone 14.1 14.1.x
oracle / enterprise_manager_base_platform 12.1.0.5 12.1.0.5.x
oracle / api_gateway 11.1.2.4.0 11.1.2.4.0.x
oracle / flexcube_investor_servicing 12.0.4 12.0.4.x
oracle / weblogic_server 12.1.3.0.0 12.1.3.0.0.x
oracle / fusion_middleware_mapviewer 12.2.1.2 12.2.1.2.x
oracle / jdeveloper 11.1.1.9.0 11.1.1.9.0.x
oracle / retail_service_backbone 15.0 15.0.x
oracle / jdeveloper 12.1.3.0.0 12.1.3.0.0.x
oracle / retail_integration_bus 15.0 15.0.x
oracle / weblogic_server 10.3.6.0.0 10.3.6.0.0.x
oracle / weblogic_server 12.2.1.3.0 12.2.1.3.0.x
oracle / flexcube_investor_servicing 12.4.0 12.4.0.x
oracle / soa_suite 12.1.3.0.0 12.1.3.0.0.x
oracle / soa_suite 12.2.1.3.0 12.2.1.3.0.x
oracle / identity_analytics 11.1.1.5.8 11.1.1.5.8.x
oracle / siebel_ui_framework 18.7 18.7.x
oracle / siebel_ui_framework 18.8 18.8.x
oracle / siebel_ui_framework 18.9 18.9.x
oracle / retail_open_commerce_platform 6.0.1 6.0.1.x
oracle / application_testing_suite 13.3.0.1 13.3.0.1.x
oracle / flexcube_investor_servicing 14.0.0 14.0.0.x
oracle / insurance_rules_palette 10.0 10.0.x
oracle / insurance_rules_palette 10.2 10.2.x
oracle / tape_library_acsls 8.4 8.4.x
oracle / retail_open_commerce_platform 5.3.0 5.3.0.x
oracle / retail_open_commerce_platform 6.0.0 6.0.0.x
oracle / insurance_calculation_engine 10.2.1 10.2.1.x
oracle / insurance_calculation_engine 10.1.1 10.1.1.x
oracle / insurance_rules_palette 10.1 10.1.x
oracle / insurance_rules_palette 11.0 11.0.x
oracle / insurance_rules_palette 11.1 11.1.x
oracle / retail_integration_bus 16.0 16.0.x
oracle / banking_platform 2.6.0 2.6.0.x
oracle / banking_platform 2.6.1 2.6.1.x
oracle / banking_platform 2.6.2 2.6.2.x
oracle / communications_webrtc_session_controller - 7.2
oracle / enterprise_manager_for_peoplesoft 13.1.1.1 13.1.1.1.x
oracle / enterprise_manager_for_peoplesoft 13.2.1.1 13.2.1.1.x
oracle / enterprise_manager_for_oracle_database 12.1.0.8 12.1.0.8.x
oracle / enterprise_manager_for_oracle_database 13.2.2 13.2.2.x
oracle / enterprise_manager_for_mysql_database - 13.2.2.0.0.x
oracle / enterprise_manager_for_fusion_middleware 12.1.0.5 12.1.0.5.x
oracle / enterprise_manager_for_fusion_middleware 13.2.0.0 13.2.0.0.x
oracle / enterprise_manager_base_platform 13.2.0.0 13.2.0.0.x
oracle / communications_pricing_design_center 11.1 11.1.x
oracle / communications_pricing_design_center 12.0 12.0.x
oracle / jdeveloper 12.2.1.3.0 12.2.1.3.0.x
oracle / communications_converged_application_server_-_service_controller 6.1 6.1.x
oracle / communications_online_mediation_controller 6.1 6.1.x
oracle / communications_service_broker 6.0 6.0.x
oracle / goldengate_application_adapters 12.3.2.1.1 12.3.2.1.1.x
oracle / soa_suite 12.2.2.0.0 12.2.2.0.0.x
oracle / communications_messaging_server - 8.0.2
oracle / configuration_manager 12.1.2.0.2 12.1.2.0.2.x
oracle / configuration_manager 12.1.2.0.5 12.1.2.0.5.x
oracle / bi_publisher 12.2.1.4.0 12.2.1.4.0.x
oracle / bi_publisher 11.1.1.7.0 11.1.1.7.0.x
oracle / bi_publisher 11.1.1.9.0 11.1.1.9.0.x
oracle / bi_publisher 12.2.1.3.0 12.2.1.3.0.x
oracle / identity_management_suite 11.1.2.3.0 11.1.2.3.0.x
oracle / identity_management_suite 12.2.1.3.0 12.2.1.3.0.x
oracle / retail_extract_transform_and_load 13.0 13.0.x
oracle / retail_extract_transform_and_load 13.1 13.1.x
oracle / retail_extract_transform_and_load 13.2 13.2.x
oracle / utilities_work_and_asset_management 1.9.1.2.12 1.9.1.2.12.x
oracle / autovue_vuelink_integration 21.0.1 21.0.1.x
oracle / autovue_vuelink_integration 21.0.0 21.0.0.x
oracle / retail_predictive_application_server 15.0.3 15.0.3.x
oracle / retail_integration_bus 14.1.0 14.1.0.x
oracle / retail_integration_bus 14.0.0 14.0.0.x
oracle / retail_clearance_optimization_engine 14.0.5 14.0.5.x
oracle / policy_automation_for_mobile_devices 10.4.7 10.4.7.x
oracle / policy_automation_for_mobile_devices 12.1.0 12.1.0.x
oracle / policy_automation_for_mobile_devices 12.1.1 12.1.1.x
oracle / policy_automation_for_mobile_devices 12.2.0 12.2.0.x
oracle / policy_automation_for_mobile_devices 12.2.1 12.2.1.x
oracle / policy_automation_for_mobile_devices 12.2.2 12.2.2.x
oracle / policy_automation_for_mobile_devices 12.2.3 12.2.3.x
oracle / policy_automation_for_mobile_devices 12.2.4 12.2.4.x
oracle / policy_automation_for_mobile_devices 12.2.5 12.2.5.x
oracle / policy_automation_for_mobile_devices 12.2.6 12.2.6.x
oracle / policy_automation_for_mobile_devices 12.2.7 12.2.7.x
oracle / policy_automation_for_mobile_devices 12.2.8 12.2.8.x
oracle / policy_automation_for_mobile_devices 12.2.9 12.2.9.x
oracle / policy_automation_for_mobile_devices 12.2.10 12.2.10.x
oracle / policy_automation_connector_for_siebel 10.4.6 10.4.6.x
oracle / policy_automation 10.4.7 10.4.7.x
oracle / policy_automation 12.1.0 12.1.0.x
oracle / policy_automation 12.1.1 12.1.1.x
oracle / policy_automation 12.2.0 12.2.0.x
oracle / policy_automation 12.2.1 12.2.1.x
oracle / policy_automation 12.2.2 12.2.2.x
oracle / policy_automation 12.2.3 12.2.3.x
oracle / policy_automation 12.2.4 12.2.4.x
oracle / policy_automation 12.2.5 12.2.5.x
oracle / policy_automation 12.2.6 12.2.6.x
oracle / policy_automation 12.2.7 12.2.7.x
oracle / policy_automation 12.2.8 12.2.8.x
oracle / policy_automation 12.2.9 12.2.9.x
oracle / policy_automation 12.2.10 12.2.10.x
oracle / peoplesoft_enterprise_fin_install 9.2 9.2.x
oracle / mysql_enterprise_monitor 8.0.0.0.0 8.0.0.8131.x
oracle / mysql_enterprise_monitor 4.0.0.0 4.0.4.5235.x
oracle / mysql_enterprise_monitor 3.4.0.0 3.4.7.4297.x
oracle / insurance_policy_administration 10.0 10.0.x
oracle / insurance_policy_administration 10.1 10.1.x
oracle / insurance_policy_administration 10.2 10.2.x
oracle / insurance_policy_administration 11.0 11.0.x
oracle / fusion_middleware_mapviewer 12.2.1.3 12.2.1.3.x
oracle / enterprise_data_quality 12.2.1.3.0 12.2.1.3.0.x
oracle / financial_services_profitability_management 8.0.0.0.0 8.0.7.0.0.x
oracle / financial_services_profitability_management 6.1.1 6.1.1.x
oracle / financial_services_loan_loss_forecasting_and_provisioning 8.0.4 8.0.4.x
oracle / financial_services_loan_loss_forecasting_and_provisioning 8.0.5 8.0.5.x
oracle / financial_services_hedge_management_and_ifrs_valuations 8.0.4 8.0.4.x
oracle / financial_services_hedge_management_and_ifrs_valuations 8.0.5 8.0.5.x
oracle / financial_services_behavior_detection_platform 8.0.0.0.0 8.0.4.0.0.x
oracle / financial_services_behavior_detection_platform 6.1.1 6.1.1.x
oracle / financial_services_analytical_applications_infrastructure 8.0.0.0.0 8.0.7.0.0.x
oracle / financial_services_analytical_applications_infrastructure 7.3.3.0.0 7.3.3.0.2.x
oracle / endeca_information_discovery_studio 3.2.0 3.2.0.x
oracle / weblogic_server 12.2.1.4.0 12.2.1.4.0.x
oracle / weblogic_server 14.1.1.0.0 14.1.1.0.0.x
oracle / rapid_planning 12.1 12.1.x
oracle / rapid_planning 12.2 12.2.x
oracle / instantis_enterprisetrack 17.1 17.3.x
oracle / utilities_advanced_spatial_and_operational_analytics 2.7.0.1 2.7.0.1.x
oracle / primavera_gateway 16.2.0 16.2.11.x
oracle / identity_manager_connector 9.0 9.0.x
oracle / financial_services_lending_and_leasing 14.1.0 14.8.0.x
oracle / financial_services_lending_and_leasing 12.5.0 12.5.0.x
oracle / communications_network_integrity 7.3.2 7.3.6.x
oracle / primavera_gateway 17.12.0 17.12.7.x
oracle / retail_service_backbone 16.0 16.0.x
oracle / retail_extract_transform_and_load 19.0 19.0.x
oracle / communications_instant_messaging_server 10.0.1.3.0 10.0.1.3.0.x
oracle / financial_services_regulatory_reporting_with_agilereporter 8.0.9.2.0 8.0.9.2.0.x
oracle / retail_advanced_inventory_planning 15.0 15.0.x
oracle / timesten_in-memory_database 11.2.2.8.49 11.2.2.8.49.x
oracle / communications_interactive_session_recorder 6.0 6.2.x
oracle / jd_edwards_enterpriseone_tools 4.0.1.0 4.0.1.0.x
oracle / in-memory_performance-driven_planning 12.2 12.2.x
oracle / in-memory_performance-driven_planning 12.1 12.1.x
oracle / retail_advanced_inventory_planning 14.0 14.0.x
oracle / goldengate 12.3.2.1.1 12.3.2.1.1.x
org.apache.logging.log4j / log4j 2.0 2.8.2
org.apache.logging.log4j / log4j-core 2.0 2.8.2