HIGH
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/97702
http://www.securitytracker.com/id/1040200
http://www.securitytracker.com/id/1041294
https://access.redhat.com/errata/RHSA-2017:1417
https://access.redhat.com/errata/RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1802
https://access.redhat.com/errata/RHSA-2017:2423
https://access.redhat.com/errata/RHSA-2017:2633
https://access.redhat.com/errata/RHSA-2017:2635
https://access.redhat.com/errata/RHSA-2017:2636
https://access.redhat.com/errata/RHSA-2017:2637
https://access.redhat.com/errata/RHSA-2017:2638
https://access.redhat.com/errata/RHSA-2017:2808
https://access.redhat.com/errata/RHSA-2017:2809
https://access.redhat.com/errata/RHSA-2017:2810
https://access.redhat.com/errata/RHSA-2017:2811
https://access.redhat.com/errata/RHSA-2017:2888
https://access.redhat.com/errata/RHSA-2017:2889
https://access.redhat.com/errata/RHSA-2017:3244
https://access.redhat.com/errata/RHSA-2017:3399
https://access.redhat.com/errata/RHSA-2017:3400
https://issues.apache.org/jira/browse/LOG4J2-1863
https://security.netapp.com/advisory/ntap-20180726-0002/
https://security.netapp.com/advisory/ntap-20181107-0002/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Source: MITRE
Published: 2017-04-17
Updated: 2019-04-25
Type: CWE-502
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
OR
cpe:2.3:a:apache:log4j:2.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta4:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta5:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta6:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.7:*:*:*:*:*:*:*
OR
cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
OR
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
OR
cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:bi_publisher:11.1.1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_messaging_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_pricing_design_center:11.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:configuration_manager:12.1.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:configuration_manager:12.1.2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:*:*:*:*:*:*:*:* versions up to 13.2.2.0.0 (inclusive)
cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:12.1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from 7.3.3.0.0 to 7.3.3.0.2 (inclusive)
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from 8.0.0.0.0 to 8.0.7.0.0 (inclusive)
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:* versions from 8.0.0.0.0 to 8.0.4.0.0 (inclusive)
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from 8.0.0.0.0 to 8.0.7.0.0 (inclusive)
cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_analytics:11.1.1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:11.1.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions from 3.4.0.0 to 3.4.7.4297 (inclusive)
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions from 4.0.0.0 to 4.0.4.5235 (inclusive)
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions from 8.0.0.0.0 to 8.0.0.8131 (inclusive)
cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.2.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.2.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.2.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation:12.2.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:10.4.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:18.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:soa_suite:12.2.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_work_and_asset_management:1.9.1.2.12:*:*:*:*:*:*:*
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 120948 | Oracle Business Intelligence Publisher Multiple Vulnerabilities (October 2018 CPU) | Nessus | Windows | high |
| 118330 | Oracle Identity Manager Multiple Vulnerabilities (October 2018 CPU) | Nessus | Misc. | high |
| 112177 | RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 1 (RHSA-2017:1801) | Nessus | Red Hat Local Security Checks | high |
| 111593 | MySQL Enterprise Monitor 3.4.x < 3.4.8 / 4.0.x < 4.0.5 / 8.0.x < 8.0.1 Multiple Vulnerabilities (July 2018 CPU) | Nessus | CGI abuses | high |
| 111352 | Oracle WebCenter Portal Multiple Vulnerabilities (April 2018 CPU) | Nessus | Misc. | high |
| 111210 | Oracle Application Testing Suite Multiple Vulnerabilities (April / July 2018 CPU) | Nessus | Misc. | high |
| 111152 | Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (July 2018 CPU) | Nessus | Misc. | critical |
| 109201 | Oracle WebLogic Server Multiple Vulnerabilities (April 2018 CPU) | Nessus | Misc. | critical |
| 108520 | Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838) | Nessus | Junos Local Security Checks | critical |
| 106349 | Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU) | Nessus | Web Servers | high |
| 106299 | Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU) | Nessus | Web Servers | critical |
| 106199 | Oracle Secure Global Desktop Multiple Vulnerabilities (January 2018 CPU) | Nessus | Misc. | high |
| 105209 | RHEL 6 : JBoss EAP (RHSA-2017:3399) | Nessus | Red Hat Local Security Checks | high |
| 103527 | RHEL 6 : JBoss EAP (RHSA-2017:2809) | Nessus | Red Hat Local Security Checks | high |
| 103526 | RHEL 7 : JBoss EAP (RHSA-2017:2808) | Nessus | Red Hat Local Security Checks | high |
| 103500 | RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2017:2811) | Nessus | Red Hat Local Security Checks | high |
| 103072 | EulerOS 2.0 SP2 : log4j (EulerOS-SA-2017-1214) | Nessus | Huawei Local Security Checks | high |
| 103071 | EulerOS 2.0 SP1 : log4j (EulerOS-SA-2017-1213) | Nessus | Huawei Local Security Checks | high |
| 103044 | RHEL 6 : jboss-ec2-eap (RHSA-2017:2638) | Nessus | Red Hat Local Security Checks | high |
| 103043 | RHEL 5 : JBoss EAP (RHSA-2017:2637) | Nessus | Red Hat Local Security Checks | high |
| 103042 | RHEL 7 : JBoss EAP (RHSA-2017:2636) | Nessus | Red Hat Local Security Checks | high |
| 103041 | RHEL 6 : JBoss EAP (RHSA-2017:2635) | Nessus | Red Hat Local Security Checks | high |
| 102878 | CentOS 7 : log4j (CESA-2017:2423) | Nessus | CentOS Local Security Checks | high |
| 102666 | Scientific Linux Security Update : log4j on SL7.x (noarch) | Nessus | Scientific Linux Local Security Checks | high |
| 102348 | RHEL 7 : log4j (RHSA-2017:2423) | Nessus | Red Hat Local Security Checks | high |
| 102345 | Oracle Linux 7 : log4j (ELSA-2017-2423) | Nessus | Oracle Linux Local Security Checks | high |
| 101708 | Fedora 26 : log4j12 (2017-b8358cda24) | Nessus | Fedora Local Security Checks | high |
| 101576 | Fedora 26 : log4j (2017-11edc0d6c3) | Nessus | Fedora Local Security Checks | high |
| 100746 | Fedora 25 : log4j12 (2017-8348115acd) | Nessus | Fedora Local Security Checks | high |
| 100745 | Fedora 24 : log4j12 (2017-7e0ff7f73a) | Nessus | Fedora Local Security Checks | high |
| 99988 | Fedora 24 : log4j (2017-2ccfbd650a) | Nessus | Fedora Local Security Checks | high |
| 99955 | Fedora 25 : log4j (2017-511ebfa8a3) | Nessus | Fedora Local Security Checks | high |