Vulnerability Name: CVE-2021-44832 (CCN-216189) Assigned: 2021-12-28 Published: 2021-12-28 Updated: 2022-08-09 Summary: Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. CVSS v3 Severity: 6.6 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
6.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 8.5 High (CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2021-44832 [oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf apache-cve202144832-code-exec(216189) https://issues.apache.org/jira/browse/LOG4J2-3293 https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 [debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update FEDORA-2021-c6f471ce0f FEDORA-2021-1bd9151bab Download Apache Log4j 2 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration https://security.netapp.com/advisory/ntap-20220104-0001/ Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021 20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021 Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server (CVE-2021-45105, CVE-2021-44832) Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j Vulnerability in Apache Log4j (CVE-2021-44832) affects the IBM Performance Management product Apache Log4j vulnerability affects IBM Sterling Secure Proxy (CVE-2021-44832) Apache Log4j vulnerability affects IBM Sterling External Authentication Server (CVE-2021-44832) A vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-44832) IBM Cognos Analytics: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832) IBM MQ Blockchain bridge dependencies are vulnerable to issues in Apache Log4j (CVE-2021-45105 & CVE-2021-44832) Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus V10 (CVE-2021-44832) Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832) Multiple vulnerabilities in Apache Log4j addressed in IBM Spectrum Symphony IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability (CVE-2021-44832) Vulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0 (CVE-2021-44832) IBM Engineering Lifecycle Management products are vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105) IBM PowerVM Novalink is vulnerable to allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system due to Apache Log4j (CVE-2021-44832) Due to use of Apache Log4j, IBM Watson Explorer is vulnerable to arbitrary code execution (CVE-2021-44832, CVE-2021-45046) and denial of service (CVE-2021-45105) Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Operations Center (CVE-2021-44832) IBM Engineering Systems Design Rhapsody (Rhapsody) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105) IBM Engineering Requirements Management DOORS is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105) IBM Cognos Controller 10.4.2 IF17: Apache Log4j vulnerability (CVE-2021-45105 & CVE-2021-44832) IBM Engineering Lifecycle Optimization - Publishing is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105) Vulnerability in Apache Log4j may affect IBM Spectrum Protect Snapshot on Windows (CVE-2021-44832) Vulnerability in Apache Log4j impacts IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2021-44832) Vulnerability in Apache Log4j may affect IBM Spectrum Protect for Space Management (CVE-2021-44832) Vulnerability in Apache Log4j may impact IBM Spectrum Protect Plus (CVE-2021-44832) Vulnerability in Apache Log4j may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-44832) Vulnerability in Apache Log4j may affect IBM Spectrum Copy Data Management (CVE-2021-44832) Vulnerability in Apache Log4j may affect IBM Spectrum Protect Snapshot for VMware (CVE-2021-44832) Vulnerabilities in Apache Log4j may affect Cram Social Program Management (CVE-2021-44832 , CVE-2021-45105) Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Apache Log4j (CVE-2021-44832) Apache Log4j vulnerability affects IBM Cloud Pak for Multicloud Management (CVE-2021-44832) API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832) Due to the use of Apache Log4j, IBM Spectrum Conductor is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105) Vulnerability in Apache Log4j may affect IBM Spectrum Archive Enterprise Edition (CVE-2021-44832) IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105) A vulnerability in Apache Log4j affects some features of IBM Db2 (CVE-2021-44832) IBM Sterling Control Center is vulnerable to remote code execution due to Apache Log4j (CVE-2021-44832) IBM Tivoli Netcool/OMNIbus Common Integration Libraries is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Vulnerability inApache Log4j - CVE-2021-44832 may affect IBM Watson Assistant for IBM Cloud Pak for Data Tivoli Netcool/Omnibus installation contains vulnerable Apache Log4j code (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105) IBM InfoSphere Information Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832) Operations Dashboard is vulnerable to arbitrary code execution in Log4j CVE-2021-44832 IBM Sterling Connect:Direct for UNIX may be vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832) IBM Cloud Pak for Data System 1.0 is vulnerable to remote code execution due to Apache Log4j (CVE-2021-44832) IBM Sterling Connect:Direct for Microsoft Windows may be vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832) IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j IBM Planning Analytics Workspace is affected by security vulnerabilities IBM Sterling Connect:Direct Web Services is vulnerable to remote attacker due to Apache Log4j (CVE-2021-44832) IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2021-44832) IBM Spectrum Control is vulnerable to multiple weaknesses related to IBM Dojo (CVE-2021-234550), Java SE (CVE-2021-35578), IBM WebSphere Application Server - Liberty (CVE-2021-39031), Apache Log4j (CVE-2021-44832) and Gson (217225) Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-44832) Cloudera Data Platform Private Cloud Base with IBM products have log messages vulnerable to arbitrary code execution, denial of service, remote code execution, and SQL injection due to Apache Log4j vulnerabilities IBM Db2 Web Query for i is vulnerable to denial of service in Apache Commons Compress (CVE-2021-36090), arbitrary code execution in Apache Log4j (CVE-2021-44832), and cross-site scripting in TIBCO WebFOCUS (CVE-2021-35493) Crypto Hardware Initialization and Maintenance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832) IBM Telco Network Cloud Manager - Performance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832,CVE-2022-23302 and CVE-2022-23305) IBM Rational Software Architect RealTime Edition (RSA RT) is vulnerable to Apache Log4j2 - CVE-2021-44832 IBM StoredIQ for Legal is vulnerable to denial of service and remote code execution due to Apache log4j ( CVE-2021-44228, CVE-2021-45105) IBM Event Streams is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832) IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics for Communications Service Providers and Datasets Impacted by Log4j Vulnerabilities ( CVE-2021-44832) A Remote Attack Vulnerability in Apache Log4j affects IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent(CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915). Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis (CVE-2021-44832, CVE-2021-45105) Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Governance, Identity Manager virtual appliance component IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-44832) Due to use of Apache Log4j, IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104) Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities. Oracle Critical Patch Update Advisory - April 2022 https://www.oracle.com/security-alerts/cpuapr2022.html Oracle Critical Patch Update Advisory - January 2022 https://www.oracle.com/security-alerts/cpujan2022.html Oracle Critical Patch Update Advisory - July 2022 N/A CVE-2021-44832 Vulnerable Configuration: Configuration 1 :cpe:/a:apache:log4j:2.0:rc1:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.0:beta9:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.0:rc2:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.0:beta8:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.0:beta7:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.0:-:*:*:*:*:*:* OR cpe:/a:apache:log4j:*:*:*:*:*:*:*:* (Version >= 2.13.0 and < 2.17.1) OR cpe:/a:apache:log4j:*:*:*:*:*:*:*:* (Version >= 2.4 and < 2.12.4) OR cpe:/a:apache:log4j:*:*:*:*:*:*:*:* (Version >= 2.0.1 and < 2.3.2) Configuration 2 :cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 17.12.0 and <= 17.12.11) OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 20.12.0 and <= 20.12.7) OR cpe:/a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 20.12.0.0 and <= 20.12.12.0) OR cpe:/a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 19.12.0 and <= 19.12.12) OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 18.8.0 and <= 18.8.13) OR cpe:/a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 19.12.0 and <= 19.12.18.0) OR cpe:/a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* (Version >= 8.0.0.0 and <= 8.5.1.0) Configuration 3 :cpe:/a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:* Configuration 4 :cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:* Configuration 5 :cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:* Configuration 6 :cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 17.12.0 and <= 17.12.11) OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 20.12.0 and <= 20.12.7) OR cpe:/a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* OR cpe:/a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* (Version <= 21.12) OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 20.12.0.0 and <= 20.12.12.0) OR cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* (Version >= 19.12.0.0 and <= 19.12.18.0) OR cpe:/a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 19.12.0 and <= 19.12.12) OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 18.8.0 and <= 18.8.13) OR cpe:/a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* (Version >= 8.3.0.0 and <= 8.5.1.0) OR cpe:/a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:* OR cpe:/a:oracle:policy_automation:*:*:*:*:*:*:*:* (Version >= 12.2.0 and <= 12.2.24) OR cpe:/a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* (Version >= 12.2.0 and <= 12.2.24) OR cpe:/a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:* (Version < 12.0.0.4.4) OR cpe:/a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:* (Version < 12.0.0.4.6) Configuration CCN 1 :cpe:/a:apache:log4j:2.8.1:*:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.13.1:-:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.14.0:-:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.14.1:-:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.15.0:-:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.0:beta9:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.12.1:-:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.13.0:-:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.16.0:-:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.0:beta7:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.17.0:-:*:*:*:*:*:* OR cpe:/a:apache:log4j:2.3.2:-:*:*:*:*:*:* AND cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:api_connect:5.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.3:*:*:*:*:*:*:* OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.5:*:*:*:*:*:*:* OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.1:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_plm_framework:9.3.6:*:*:*:*:*:*:* OR cpe:/a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:utilities_framework:4.3.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_asap:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:monitoring:8.1.4:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* OR cpe:/a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:* OR cpe:/a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_symphony:7.2.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_connect:direct:4.8:*:*:*:microsoft_windows:*:*:* OR cpe:/a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:security_key_lifecycle_manager:3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_symphony:7.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_publishing_engine:6.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:* OR cpe:/a:ibm:jazz_reporting_service:6.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_connect:direct:4.3.0:*:*:*:unix:*:*:* OR cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:enterprise:*:*:* OR cpe:/a:ibm:sterling_secure_proxy:3.4.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_connect:direct:6.0.0:*:*:*:unix:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_connect:direct:6.0:*:*:*:microsoft_windows:*:*:* OR cpe:/a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:jazz_reporting_service:6.0.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:jazz_for_service_management:1.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_publishing_engine:6.0.6.1:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:* OR cpe:/a:ibm:netcool_agile_service_manager:1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_key_lifecycle_manager:3.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:api_connect:2018.4.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_symphony:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:* OR cpe:/a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_conductor:2.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:2019.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_operations_center:7.1.0.000:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_operations_center:8.1.0.000:*:*:*:*:*:*:* OR cpe:/a:ibm:log_analysis:1.3.5.3:*:*:*:*:*:*:* OR cpe:/a:ibm:log_analysis:1.3.6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_key_lifecycle_manager:4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:jazz_reporting_service:7.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:2019.4.2:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:* OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:* OR cpe:/a:ibm:log_analysis:1.3.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:api_connect:10.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:2019.4.3:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:api_connect:10.0.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_for_space_management:7.1.8.10:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_secure_proxy:6.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_secure_proxy:6.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:engineering_requirements_management_doors_next:7.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_plus:10.1.9.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.4.5.2:*:*:*:*:*:*:* Oval Definitions BACK
apache log4j 2.0 rc1
apache log4j 2.0 beta9
apache log4j 2.0 rc2
apache log4j 2.0 beta8
apache log4j 2.0 beta7
apache log4j 2.0 -
apache log4j *
apache log4j *
apache log4j *
oracle weblogic server 12.2.1.3.0
oracle primavera unifier 18.8
oracle weblogic server 12.2.1.4.0
oracle primavera unifier 19.12
oracle weblogic server 14.1.1.0.0
oracle primavera unifier 20.12
oracle communications interactive session recorder 6.3
oracle communications interactive session recorder 6.4
oracle primavera gateway *
oracle primavera gateway *
oracle retail assortment planning 16.0.3
oracle primavera unifier 21.12
oracle primavera p6 enterprise project portfolio management 21.12.0.0
oracle primavera p6 enterprise project portfolio management *
oracle primavera gateway 21.12.0
oracle primavera gateway *
oracle primavera gateway *
oracle retail fiscal management 14.2
oracle primavera p6 enterprise project portfolio management *
oracle siebel ui framework 21.12
oracle communications diameter signaling router *
cisco cloudcenter 4.10.0.16
fedoraproject fedora 34
fedoraproject fedora 35
debian debian linux 9.0
oracle flexcube private banking 12.1.0
oracle weblogic server 12.2.1.3.0
oracle primavera unifier 18.8
oracle weblogic server 12.2.1.4.0
oracle primavera unifier 19.12
oracle weblogic server 14.1.1.0.0
oracle primavera unifier 20.12
oracle retail order broker 18.0
oracle communications interactive session recorder 6.3
oracle communications interactive session recorder 6.4
oracle primavera gateway *
oracle primavera gateway *
oracle primavera unifier 21.12
oracle siebel ui framework *
oracle primavera p6 enterprise project portfolio management 21.12.0.0
oracle primavera p6 enterprise project portfolio management *
oracle primavera p6 enterprise project portfolio management *
oracle primavera gateway 21.12.0
oracle primavera gateway *
oracle primavera gateway *
oracle communications diameter signaling router *
oracle retail xstore point of service 17.0.4
oracle retail xstore point of service 18.0.3
oracle retail xstore point of service 19.0.2
oracle retail xstore point of service 20.0.1
oracle retail order broker 19.1
oracle policy automation *
oracle product lifecycle analytics 3.6.1
oracle retail xstore point of service 21.0.1
oracle policy automation for mobile devices *
oracle health sciences data management workbench 3.0.0.0
oracle health sciences data management workbench 3.1.0.3
oracle health sciences data management workbench 2.5.2.1
oracle communications brm - elastic charging engine 12.0.0.5.0
oracle communications offline mediation controller 12.0.0.5.0
oracle communications offline mediation controller *
oracle communications brm - elastic charging engine *
apache log4j 2.8.1
apache log4j 2.13.1 -
apache log4j 2.14.0 -
apache log4j 2.14.1 -
apache log4j 2.15.0 -
apache log4j 2.0 beta9
apache log4j 2.12.1 -
apache log4j 2.13.0 -
apache log4j 2.16.0 -
apache log4j 2.0 beta7
apache log4j 2.17.0 -
apache log4j 2.3.2 -
ibm websphere application server 8.5
ibm i 7.1
ibm i 7.2
ibm tivoli netcool/impact 7.1.0
ibm tivoli netcool/omnibus 8.1.0
ibm watson explorer 11.0.0
ibm i 7.3
ibm api connect 5.0.0.0
ibm watson explorer 11.0.1
ibm websphere application server 9.0
ibm tivoli monitoring 6.3.0.7
ibm watson explorer 11.0.2
ibm operations analytics predictive insights 1.3.3
ibm operations analytics predictive insights 1.3.5
ibm operations analytics predictive insights 1.3.6
oracle weblogic server 12.2.1.3.0
oracle flexcube private banking 12.1
oracle agile plm framework 9.3.6
oracle identity manager 12.2.1.3.0
oracle utilities framework 4.3.0.3.0
oracle communications asap 7.3
ibm monitoring 8.1.4
oracle webcenter portal 12.2.1.3.0
oracle agile plm mcad connector 3.6
ibm cognos analytics 11.0.6
ibm infosphere information server 11.7
oracle instantis enterprisetrack 17.1
oracle instantis enterprisetrack 17.2
oracle webcenter sites 12.2.1.3.0
ibm spectrum symphony 7.2.0.2
ibm sterling connect:direct 4.8
oracle banking platform 2.6.2
ibm rational engineering lifecycle manager 6.0.6
ibm rational doors next generation 6.0.6
ibm rational team concert 6.0.6
ibm rational quality manager 6.0.6
ibm security key lifecycle manager 3.0
ibm spectrum symphony 7.2.1
ibm rational publishing engine 6.0.6
ibm watson explorer 12.0.0
oracle primavera unifier 18.8
oracle instantis enterprisetrack 17.3
ibm jazz reporting service 6.0.6
ibm sterling connect:direct 4.3.0
ibm app connect 11.0.0.0
ibm sterling secure proxy 3.4.3.2
ibm sterling connect:direct 6.0.0
ibm watson explorer 12.0.1
ibm watson explorer 12.0.2
ibm sterling connect:direct 6.0
ibm rational team concert 6.0.6.1
ibm jazz reporting service 6.0.6.1
ibm jazz for service management 1.1.3
ibm rational publishing engine 6.0.6.1
ibm i 7.4
ibm netcool agile service manager 1.1
ibm rational doors next generation 6.0.6.1
ibm cognos analytics 11.1
ibm security key lifecycle manager 3.0.1
ibm watson discovery 2.0.0
ibm api connect 2018.4.1.0
ibm spectrum symphony 7.3
ibm watson explorer 12.0.3
ibm rational quality manager 6.0.6.1
ibm spectrum conductor 2.4.1
ibm cloud private 3.2.1 cd
ibm qradar security information and event manager 7.4 -
ibm event streams 2019.4.1
ibm spectrum protect operations center 7.1.0.000
ibm spectrum protect operations center 8.1.0.000
ibm log analysis 1.3.5.3
ibm log analysis 1.3.6.0
ibm security key lifecycle manager 4.0
ibm jazz reporting service 7.0.1
ibm event streams 2019.4.2
ibm event streams 10.0.0
ibm cloud private 3.2.2 cd
ibm db2 11.5
ibm db2 11.5
ibm db2 11.5
ibm log analysis 1.3.6.1
ibm api connect 10.0.0.0
ibm cognos controller 10.4.2
ibm event streams 2019.4.3
ibm event streams 10.1.0
ibm rational engineering lifecycle manager 6.0.6.1
ibm engineering lifecycle optimization 7.0
ibm engineering lifecycle optimization 7.0.1
ibm engineering workflow management 7.0.1
ibm api connect 10.0.1.0
ibm engineering test management 7.0.1
ibm engineering lifecycle optimization 7.0.2
ibm watson discovery 2.2.1
ibm spectrum protect for space management 7.1.8.10
ibm event streams 10.2.0
ibm app connect enterprise 12.0.1.0
ibm sterling secure proxy 6.0.2
ibm event streams 10.3.0
ibm event streams 10.3.1
ibm security key lifecycle manager 4.1.1
ibm security key lifecycle manager 4.1.0
ibm sterling secure proxy 6.0.3
ibm integration bus 10.0.0.6
ibm planning analytics workspace 2.0
ibm collaborative lifecycle management 6.0.6
ibm collaborative lifecycle management 6.0.6.1
ibm engineering requirements management doors next 7.0.1
ibm engineering lifecycle management 7.0.1
ibm engineering lifecycle optimization - engineering insights 7.0.1
ibm engineering lifecycle management 7.0.2
ibm spectrum protect plus 10.1.9.2
ibm spectrum control 5.4.5.2
Denotes that component is vulnerable