CVE-2017-5645

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

References

https://issues.apache.org/jira/browse/LOG4J2-1863

http://www.securityfocus.com/bid/97702

https://access.redhat.com/errata/RHSA-2017:3244

https://access.redhat.com/errata/RHSA-2017:2889

https://access.redhat.com/errata/RHSA-2017:2888

https://access.redhat.com/errata/RHSA-2017:2811

https://access.redhat.com/errata/RHSA-2017:2810

https://access.redhat.com/errata/RHSA-2017:2809

https://access.redhat.com/errata/RHSA-2017:2808

https://access.redhat.com/errata/RHSA-2017:3400

https://access.redhat.com/errata/RHSA-2017:3399

https://access.redhat.com/errata/RHSA-2017:2638

https://access.redhat.com/errata/RHSA-2017:2637

https://access.redhat.com/errata/RHSA-2017:2636

https://access.redhat.com/errata/RHSA-2017:2635

https://access.redhat.com/errata/RHSA-2017:2633

https://access.redhat.com/errata/RHSA-2017:2423

https://access.redhat.com/errata/RHSA-2017:1802

https://access.redhat.com/errata/RHSA-2017:1801

https://access.redhat.com/errata/RHSA-2017:1417

http://www.securitytracker.com/id/1040200

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

https://security.netapp.com/advisory/ntap-20180726-0002/

http://www.securitytracker.com/id/1041294

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://security.netapp.com/advisory/ntap-20181107-0002/

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://access.redhat.com/errata/RHSA-2019:1545

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://lists.apache.org/thread.html/[email protected]%3Ccommits.druid.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.logging.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.logging.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

http://www.openwall.com/lists/oss-security/2019/12/19/2

https://lists.apache.org/thread.html/[email protected]%3Cdev.logging.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tika.apache.org%3E

https://www.oracle.com/security-alerts/cpujan2020.html

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2020.html

https://lists.apache.org/thread.html/[email protected]%3Ccommits.logging.apache.org%3E

https://www.oracle.com/security-alerts/cpujul2020.html

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.geode.apache.org%3E

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpujan2021.html

https://lists.apache.org/thread.html/[email protected]%3Ccommits.doris.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.beam.apache.org%3E

https://www.oracle.com/security-alerts/cpuApr2021.html

https://lists.apache.org/thread.html/[email protected]%3Cgithub.beam.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cgithub.beam.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cgithub.beam.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cgithub.beam.apache.org%3E

Details

Source: MITRE

Published: 2017-04-17

Updated: 2021-07-01

Type: CWE-502

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:log4j:2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:beta1:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:beta2:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:beta3:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:beta5:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:beta4:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:beta6:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.2.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.2.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:bi_publisher:11.1.1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:utilities_work_and_asset_management:1.9.1.2.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_integration_bus:14.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:10.4.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:identity_analytics:11.1.1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:siebel_ui_framework:18.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:siebel_ui_framework:18.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:12.1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:*:*:*:*:*:*:*:* versions up to 13.2.2.0.0 (inclusive)

cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_pricing_design_center:11.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_pricing_design_center:12.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:soa_suite:12.2.2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:configuration_manager:12.1.2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_extract_transform_and_load:13.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_integration_bus:14.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.2.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.2.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.2.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.2.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.2.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions from 8.0.0.0.0 to 8.0.0.8131 (inclusive)

cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions from 3.4.0.0 to 3.4.7.4297 (inclusive)

cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:* versions from 8.0.0.0.0 to 8.0.4.0.0 (inclusive)

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from 8.0.0.0.0 to 8.0.7.0.0 (inclusive)

cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:siebel_ui_framework:18.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.2.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_messaging_server:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:configuration_manager:12.1.2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:identity_management_suite:11.1.2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_extract_transform_and_load:13.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.2.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:policy_automation:12.2.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions from 4.0.0.0 to 4.0.4.5235 (inclusive)

cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from 8.0.0.0.0 to 8.0.7.0.0 (inclusive)

cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_behavior_detection_platform:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from 7.3.3.0.0 to 7.3.3.0.2 (inclusive)

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
138610Oracle Application Testing Suite (Jul 2020 CPU)NessusMisc.
critical
138592Oracle WebLogic Server Multiple Vulnerabilities (Jul 2020 CPU)NessusMisc.
high
138526Oracle Primavera Gateway (Jul 2020 CPU)NessusCGI abuses
critical
133268Oracle GoldenGate for Big Data 12.3.2.1.x < 12.3.2.1.2 Apache Log4j Insecure Deserialization RCE (Jan 2019 CPU)NessusMisc.
critical
120948Oracle Business Intelligence Publisher Multiple Vulnerabilities (October 2018 CPU)NessusMisc.
critical
118330Oracle Identity Manager Multiple Vulnerabilities (October 2018 CPU)NessusMisc.
critical
112177RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 1 (RHSA-2017:1801)NessusRed Hat Local Security Checks
critical
111593MySQL Enterprise Monitor 3.4.x < 3.4.8 / 4.0.x < 4.0.5 / 8.0.x < 8.0.1 Multiple Vulnerabilities (July 2018 CPU)NessusCGI abuses
critical
111352Oracle WebCenter Portal Multiple Vulnerabilities (April 2018 CPU)NessusMisc.
critical
111210Oracle Application Testing Suite Multiple Vulnerabilities (April / July 2018 CPU)NessusMisc.
critical
111152Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (July 2018 CPU)NessusMisc.
critical
109201Oracle WebLogic Server Multiple Vulnerabilities (April 2018 CPU)NessusMisc.
critical
108520Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)NessusJunos Local Security Checks
critical
106349Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)NessusWeb Servers
critical
106299Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)NessusWeb Servers
critical
106199Oracle Secure Global Desktop Multiple Vulnerabilities (January 2018 CPU)NessusMisc.
critical
105209RHEL 6 : JBoss EAP (RHSA-2017:3399)NessusRed Hat Local Security Checks
critical
103527RHEL 6 : JBoss EAP (RHSA-2017:2809)NessusRed Hat Local Security Checks
critical
103526RHEL 7 : JBoss EAP (RHSA-2017:2808)NessusRed Hat Local Security Checks
critical
103500RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2017:2811)NessusRed Hat Local Security Checks
critical
103072EulerOS 2.0 SP2 : log4j (EulerOS-SA-2017-1214)NessusHuawei Local Security Checks
critical
103071EulerOS 2.0 SP1 : log4j (EulerOS-SA-2017-1213)NessusHuawei Local Security Checks
critical
103044RHEL 6 : jboss-ec2-eap (RHSA-2017:2638)NessusRed Hat Local Security Checks
critical
103043RHEL 5 : JBoss EAP (RHSA-2017:2637)NessusRed Hat Local Security Checks
high
103042RHEL 7 : JBoss EAP (RHSA-2017:2636)NessusRed Hat Local Security Checks
critical
103041RHEL 6 : JBoss EAP (RHSA-2017:2635)NessusRed Hat Local Security Checks
critical
102878CentOS 7 : log4j (CESA-2017:2423)NessusCentOS Local Security Checks
critical
102666Scientific Linux Security Update : log4j on SL7.x (noarch) (20170807)NessusScientific Linux Local Security Checks
critical
102348RHEL 7 : log4j (RHSA-2017:2423)NessusRed Hat Local Security Checks
critical
102345Oracle Linux 7 : log4j (ELSA-2017-2423)NessusOracle Linux Local Security Checks
critical
101708Fedora 26 : log4j12 (2017-b8358cda24)NessusFedora Local Security Checks
critical
101576Fedora 26 : log4j (2017-11edc0d6c3)NessusFedora Local Security Checks
critical
100746Fedora 25 : log4j12 (2017-8348115acd)NessusFedora Local Security Checks
critical
100745Fedora 24 : log4j12 (2017-7e0ff7f73a)NessusFedora Local Security Checks
critical
99988Fedora 24 : log4j (2017-2ccfbd650a)NessusFedora Local Security Checks
critical
99955Fedora 25 : log4j (2017-511ebfa8a3)NessusFedora Local Security Checks
critical