mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
646 lines
24 KiB
JSON
646 lines
24 KiB
JSON
{
|
|
"id": "CVE-2021-44832",
|
|
"sourceIdentifier": "security@apache.org",
|
|
"published": "2021-12-28T20:15:08.400",
|
|
"lastModified": "2022-08-09T01:24:01.830",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Las versiones de Apache Log4j2 de la 2.0-beta7 a la 2.17.0 (excluyendo las versiones de correcci\u00f3n de seguridad 2.3.2 y 2.12.4) son vulnerables a un ataque de ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando una configuraci\u00f3n utiliza un JDBC Appender con un URI de origen de datos JNDI LDAP cuando un atacante tiene el control del servidor LDAP de destino. Este problema se soluciona limitando los nombres de fuentes de datos JNDI al protocolo java en las versiones 2.17.1, 2.12.4 y 2.3.2 de Log4j2"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 6.6,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 0.7,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 8.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 6.8,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "security@apache.org",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-74"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2.0.1",
|
|
"versionEndExcluding": "2.3.2",
|
|
"matchCriteriaId": "E5737813-009A-4FDD-AC84-42E871EA1676"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2.4",
|
|
"versionEndExcluding": "2.12.4",
|
|
"matchCriteriaId": "0D1858C4-53AC-4528-B86F-0AB83777B4F4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "2.13.0",
|
|
"versionEndExcluding": "2.17.1",
|
|
"matchCriteriaId": "D127EBB0-E86F-4349-96E5-19BD198E0CCA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "17854E42-7063-4A55-BF2A-4C7074CC2D60"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F9D58C21-34AE-4782-8580-816B2F6A8F9D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DCFCBA59-E0DF-46FD-8431-C1043E7AB4EE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*",
|
|
"matchCriteriaId": "53F32FB2-6970-4975-8BD0-EAE12E9AD03A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B773ED91-1D39-42E6-9C52-D02210DE1A94"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EF24312D-1A62-482E-8078-7EC24758B710"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "8.0.0.0",
|
|
"versionEndIncluding": "8.5.1.0",
|
|
"matchCriteriaId": "83F42D52-1E43-44E0-8B53-A2A918BDDEC3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "17.12.0",
|
|
"versionEndIncluding": "17.12.11",
|
|
"matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.8.0",
|
|
"versionEndIncluding": "18.8.13",
|
|
"matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "19.12.0",
|
|
"versionEndIncluding": "19.12.12",
|
|
"matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.12.0",
|
|
"versionEndIncluding": "20.12.7",
|
|
"matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "19.12.0",
|
|
"versionEndIncluding": "19.12.18.0",
|
|
"matchCriteriaId": "A66F0C7C-4310-489F-8E91-4171D17DB32F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.12.0.0",
|
|
"versionEndIncluding": "20.12.12.0",
|
|
"matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A5F6FD19-A314-4A1F-96CB-6DB1CED79430"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8D62731F-3290-4383-A4F6-5274B4D63B1D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "66AB39B2-0CE1-4C7E-9E7B-B288A080D584"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "12.0.0.4.6",
|
|
"matchCriteriaId": "6894D860-000E-439D-8AB7-07E9B2ACC31B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FD66C717-85E0-40E7-A51F-549C8196D557"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "8.3.0.0",
|
|
"versionEndIncluding": "8.5.1.0",
|
|
"matchCriteriaId": "F9550113-7423-48D8-A1C7-95D6AEE9B33C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "12.0.0.4.4",
|
|
"matchCriteriaId": "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E6C9A32B-B776-4704-818D-977B4B20D677"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6989178B-A3D5-4441-A56C-6C639D4759DF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F5049591-AA1B-4D64-A925-40D0724074D1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.2.0",
|
|
"versionEndIncluding": "12.2.24",
|
|
"matchCriteriaId": "F47057A9-2DDE-4178-B140-F7D70EAED8F6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "12.2.0",
|
|
"versionEndIncluding": "12.2.24",
|
|
"matchCriteriaId": "9132D7F2-43B3-4595-B8BF-C9DE897087F6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "17.12.0",
|
|
"versionEndIncluding": "17.12.11",
|
|
"matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.8.0",
|
|
"versionEndIncluding": "18.8.13",
|
|
"matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "19.12.0",
|
|
"versionEndIncluding": "19.12.12",
|
|
"matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.12.0",
|
|
"versionEndIncluding": "20.12.7",
|
|
"matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "19.12.0.0",
|
|
"versionEndIncluding": "19.12.18.0",
|
|
"matchCriteriaId": "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.12.0.0",
|
|
"versionEndIncluding": "20.12.12.0",
|
|
"matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0ABA57AC-4BBF-4E4F-9F7E-D42472C36EEB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "21.12",
|
|
"matchCriteriaId": "889916ED-5EB2-49D6-8400-E6DBBD6C287F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://issues.apache.org/jira/browse/LOG4J2-3293",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Issue Tracking",
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Mailing List",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://security.netapp.com/advisory/ntap-20220104-0001/",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |