CVE-2021-44832

{"id": "CVE-2021-44832", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2021-12-28T20:15:08.400", "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://issues.apache.org/jira/browse/LOG4J2-3293", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/", "source": "security@apache.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/", "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20220104-0001/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."}, {"lang": "es", "value": "Las versiones de Apache Log4j2 de la 2.0-beta7 a la 2.17.0 (excluyendo las versiones de correcci\u00f3n de seguridad 2.3.2 y 2.12.4) son vulnerables a un ataque de ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando una configuraci\u00f3n utiliza un JDBC Appender con un URI de origen de datos JNDI LDAP cuando un atacante tiene el control del servidor LDAP de destino. Este problema se soluciona limitando los nombres de fuentes de datos JNDI al protocolo java en las versiones 2.17.1, 2.12.4 y 2.3.2 de Log4j2"}], "lastModified": "2023-11-07T03:39:43.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5737813-009A-4FDD-AC84-42E871EA1676", "versionEndExcluding": "2.3.2", "versionStartIncluding": "2.0.1"}, {"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D1858C4-53AC-4528-B86F-0AB83777B4F4", "versionEndExcluding": "2.12.4", "versionStartIncluding": "2.4"}, {"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D127EBB0-E86F-4349-96E5-19BD198E0CCA", "versionEndExcluding": "2.17.1", "versionStartIncluding": "2.13.0"}, {"criteria": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17854E42-7063-4A55-BF2A-4C7074CC2D60"}, {"criteria": "cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9D58C21-34AE-4782-8580-816B2F6A8F9D"}, {"criteria": "cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCFCBA59-E0DF-46FD-8431-C1043E7AB4EE"}, {"criteria": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53F32FB2-6970-4975-8BD0-EAE12E9AD03A"}, {"criteria": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B773ED91-1D39-42E6-9C52-D02210DE1A94"}, {"criteria": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF24312D-1A62-482E-8078-7EC24758B710"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83F42D52-1E43-44E0-8B53-A2A918BDDEC3", "versionEndIncluding": "8.5.1.0", "versionStartIncluding": "8.0.0.0"}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8"}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5", "versionEndIncluding": "18.8.13", "versionStartIncluding": "18.8.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A", "versionEndIncluding": "19.12.12", "versionStartIncluding": "19.12.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", "versionEndIncluding": "20.12.7", "versionStartIncluding": "20.12.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A66F0C7C-4310-489F-8E91-4171D17DB32F", "versionEndIncluding": "19.12.18.0", "versionStartIncluding": "19.12.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD", "versionEndIncluding": "20.12.12.0", "versionStartIncluding": "20.12.0.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2"}, {"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04"}, {"criteria": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F6FD19-A314-4A1F-96CB-6DB1CED79430"}, {"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D62731F-3290-4383-A4F6-5274B4D63B1D"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66AB39B2-0CE1-4C7E-9E7B-B288A080D584"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6894D860-000E-439D-8AB7-07E9B2ACC31B", "versionEndExcluding": "12.0.0.4.6"}, {"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD66C717-85E0-40E7-A51F-549C8196D557"}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9550113-7423-48D8-A1C7-95D6AEE9B33C", "versionEndIncluding": "8.5.1.0", "versionStartIncluding": "8.3.0.0"}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8"}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86"}, {"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11", "versionEndExcluding": "12.0.0.4.4"}, {"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC"}, {"criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C9A32B-B776-4704-818D-977B4B20D677"}, {"criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6989178B-A3D5-4441-A56C-6C639D4759DF"}, {"criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5049591-AA1B-4D64-A925-40D0724074D1"}, {"criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F47057A9-2DDE-4178-B140-F7D70EAED8F6", "versionEndIncluding": "12.2.24", "versionStartIncluding": "12.2.0"}, {"criteria": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9132D7F2-43B3-4595-B8BF-C9DE897087F6", "versionEndIncluding": "12.2.24", "versionStartIncluding": "12.2.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5", "versionEndIncluding": "18.8.13", "versionStartIncluding": "18.8.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A", "versionEndIncluding": "19.12.12", "versionStartIncluding": "19.12.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", "versionEndIncluding": "20.12.7", "versionStartIncluding": "20.12.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981", "versionEndIncluding": "19.12.18.0", "versionStartIncluding": "19.12.0.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD", "versionEndIncluding": "20.12.12.0", "versionStartIncluding": "20.12.0.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2"}, {"criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC"}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D"}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ABA57AC-4BBF-4E4F-9F7E-D42472C36EEB"}, {"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "889916ED-5EB2-49D6-8400-E6DBBD6C287F", "versionEndIncluding": "21.12"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}