Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

CVSS v3:

  • Severity: Medium
  • Score: 6.6
  • AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 8.5
  • AV:N/AC:M/Au:S/C:C/I:C/A:C

CWEs:

Software From Fixed in
apache / log4j 2.0-rc1 2.0-rc1.x
apache / log4j 2.0-beta9 2.0-beta9.x
apache / log4j 2.0-rc2 2.0-rc2.x
apache / log4j 2.0-beta8 2.0-beta8.x
apache / log4j 2.0-beta7 2.0-beta7.x
apache / log4j 2.0 2.0.x
apache / log4j 2.13.0 2.17.1
apache / log4j 2.4 2.12.4
apache / log4j 2.0.1 2.3.2
oracle / weblogic_server 12.2.1.3.0 12.2.1.3.0.x
oracle / primavera_unifier 18.8 18.8.x
oracle / weblogic_server 12.2.1.4.0 12.2.1.4.0.x
oracle / primavera_unifier 19.12 19.12.x
oracle / weblogic_server 14.1.1.0.0 14.1.1.0.0.x
oracle / primavera_unifier 20.12 20.12.x
oracle / communications_interactive_session_recorder 6.3 6.3.x
oracle / communications_interactive_session_recorder 6.4 6.4.x
oracle / primavera_gateway 17.12.0 17.12.11.x
oracle / primavera_gateway 20.12.0 20.12.7.x
oracle / retail_assortment_planning 16.0.3 16.0.3.x
oracle / primavera_unifier 21.12 21.12.x
oracle / primavera_p6_enterprise_project_portfolio_management 21.12.0.0 21.12.0.0.x
oracle / primavera_p6_enterprise_project_portfolio_management 20.12.0.0 20.12.12.0.x
oracle / primavera_gateway 21.12.0 21.12.0.x
oracle / primavera_gateway 19.12.0 19.12.12.x
oracle / primavera_gateway 18.8.0 18.8.13.x
oracle / retail_fiscal_management 14.2 14.2.x
oracle / primavera_p6_enterprise_project_portfolio_management 19.12.0 19.12.18.0.x
oracle / siebel_ui_framework 21.12 21.12.x
oracle / communications_diameter_signaling_router 8.0.0.0 8.5.1.0.x
cisco / cloudcenter 4.10.0.16 4.10.0.16.x
fedoraproject / fedora 34 34.x
fedoraproject / fedora 35 35.x
debian / debian_linux 9.0 9.0.x
oracle / flexcube_private_banking 12.1.0 12.1.0.x
oracle / retail_order_broker 18.0 18.0.x
oracle / retail_xstore_point_of_service 17.0.4 17.0.4.x
oracle / retail_xstore_point_of_service 18.0.3 18.0.3.x
oracle / retail_xstore_point_of_service 19.0.2 19.0.2.x
oracle / retail_xstore_point_of_service 20.0.1 20.0.1.x
oracle / retail_order_broker 19.1 19.1.x
oracle / siebel_ui_framework - 21.12.x
oracle / primavera_p6_enterprise_project_portfolio_management 19.12.0.0 19.12.18.0.x
oracle / communications_diameter_signaling_router 8.3.0.0 8.5.1.0.x
oracle / policy_automation 12.2.0 12.2.24.x
oracle / product_lifecycle_analytics 3.6.1 3.6.1.x
oracle / health_sciences_data_management_workbench 2.5.2.1 2.5.2.1.x
oracle / communications_brm_-_elastic_charging_engine 12.0.0.5.0 12.0.0.5.0.x
oracle / communications_brm_-_elastic_charging_engine - 12.0.0.4.6
oracle / retail_xstore_point_of_service 21.0.1 21.0.1.x
oracle / policy_automation_for_mobile_devices 12.2.0 12.2.24.x
oracle / health_sciences_data_management_workbench 3.0.0.0 3.0.0.0.x
oracle / health_sciences_data_management_workbench 3.1.0.3 3.1.0.3.x
oracle / communications_offline_mediation_controller 12.0.0.5.0 12.0.0.5.0.x
oracle / communications_offline_mediation_controller - 12.0.0.4.4
org.apache.logging.log4j / log4j-core 2.0-beta7 2.3.2
org.apache.logging.log4j / log4j-core 2.4 2.12.4
org.apache.logging.log4j / log4j-core 2.13.0 2.17.1