CVE-2021-44832 HIGH

Published: 2021-12-28 | Last Modified: 2026-05-29 | Status: Modified

Description

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

Additional Descriptions (1)

Las versiones de Apache Log4j2 de la 2.0-beta7 a la 2.17.0 (excluyendo las versiones de corrección de seguridad 2.3.2 y 2.12.4) son vulnerables a un ataque de ejecución remota de código (RCE) cuando una configuración utiliza un JDBC Appender con un URI de origen de datos JNDI LDAP cuando un atacante tiene el control del servidor LDAP de destino. Este problema se soluciona limitando los nombres de fuentes de datos JNDI al protocolo java en las versiones 2.17.1, 2.12.4 y 2.3.2 de Log4j2

CVSS Metrics

Base Score: 6.6 (MEDIUM)

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	HIGH
Privileges Required	HIGH
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 0.7

Impact Score: 5.9

Base Score: 8.5 (HIGH)

AV:N/AC:M/Au:S/C:C/I:C/A:C

Access Vector	NETWORK
Access Complexity	MEDIUM
Authentication	SINGLE
Confidentiality Impact	COMPLETE
Integrity Impact	COMPLETE
Availability Impact	COMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 6.8

Impact Score: 10.0

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-20 en CWE-74
[email protected]	Primary	en CWE-20

Affected Products

Vendor	Product	Version	Update	Type
apache	log4j	*	<built-in method update of dict object at 0x72a99a7f3f80>	Application
apache	log4j	*	<built-in method update of dict object at 0x72a99a7f2080>	Application
apache	log4j	*	<built-in method update of dict object at 0x72a99a7f37c0>	Application
apache	log4j	2.0	<built-in method update of dict object at 0x72a99a7f29c0>	Application
apache	log4j	2.0	<built-in method update of dict object at 0x72a99a7f0600>	Application
apache	log4j	2.0	<built-in method update of dict object at 0x72a99a7f0500>	Application
apache	log4j	2.0	<built-in method update of dict object at 0x72a99a7f0380>	Application
apache	log4j	2.0	<built-in method update of dict object at 0x72a99a7f3d80>	Application
apache	log4j	2.0	<built-in method update of dict object at 0x72a99a7f0e00>	Application
oracle	communications_diameter_signaling_router	*	<built-in method update of dict object at 0x72a99a7f3940>	Application
oracle	communications_interactive_session_recorder	6.3	<built-in method update of dict object at 0x72a99a7f2a80>	Application
oracle	communications_interactive_session_recorder	6.4	<built-in method update of dict object at 0x72a99a7f0780>	Application
oracle	primavera_gateway	*	<built-in method update of dict object at 0x72a99a7f19c0>	Application
oracle	primavera_gateway	*	<built-in method update of dict object at 0x72ab550b44c0>	Application
oracle	primavera_gateway	*	<built-in method update of dict object at 0x72a99a7f18c0>	Application
oracle	primavera_gateway	*	<built-in method update of dict object at 0x72a99a7f0d00>	Application
oracle	primavera_gateway	21.12.0	<built-in method update of dict object at 0x72a99a7f2740>	Application
oracle	primavera_p6_enterprise_project_portfolio_management	*	<built-in method update of dict object at 0x72a99a7f17c0>	Application
oracle	primavera_p6_enterprise_project_portfolio_management	*	<built-in method update of dict object at 0x72a99a7f0640>	Application
oracle	primavera_p6_enterprise_project_portfolio_management	21.12.0.0	<built-in method update of dict object at 0x72a99a7f3fc0>	Application
oracle	primavera_unifier	18.8	<built-in method update of dict object at 0x72a99a7f16c0>	Application
oracle	primavera_unifier	19.12	<built-in method update of dict object at 0x72a99a7f2880>	Application
oracle	primavera_unifier	20.12	<built-in method update of dict object at 0x72a99a7f3ec0>	Application
oracle	primavera_unifier	21.12	<built-in method update of dict object at 0x72a99a7f1580>	Application
oracle	retail_assortment_planning	16.0.3	<built-in method update of dict object at 0x72a99a7f2c40>	Application
oracle	retail_fiscal_management	14.2	<built-in method update of dict object at 0x72a99a7f1e80>	Application
oracle	siebel_ui_framework	21.12	<built-in method update of dict object at 0x72a99a7f0040>	Application
oracle	weblogic_server	12.2.1.3.0	<built-in method update of dict object at 0x72a9b0a6d880>	Application
oracle	weblogic_server	12.2.1.4.0	<built-in method update of dict object at 0x72a9ccf289c0>	Application
oracle	weblogic_server	14.1.1.0.0	<built-in method update of dict object at 0x72a9ccf28800>	Application
cisco	cloudcenter	4.10.0.16	<built-in method update of dict object at 0x72a9b0a6d440>	Application
fedoraproject	fedora	34	<built-in method update of dict object at 0x72a9ccf29dc0>	Operating System
fedoraproject	fedora	35	<built-in method update of dict object at 0x72a9ccf29400>	Operating System
debian	debian_linux	9.0	<built-in method update of dict object at 0x72a9ccf28640>	Operating System
oracle	communications_brm_-_elastic_charging_engine	*	<built-in method update of dict object at 0x72a9b0b48980>	Application
oracle	communications_brm_-_elastic_charging_engine	12.0.0.5.0	<built-in method update of dict object at 0x72a9ccf2b880>	Application
oracle	communications_diameter_signaling_router	*	<built-in method update of dict object at 0x72a9ccf290c0>	Application
oracle	communications_interactive_session_recorder	6.3	<built-in method update of dict object at 0x72a9b0b4a6c0>	Application
oracle	communications_interactive_session_recorder	6.4	<built-in method update of dict object at 0x72a9b0b4bf80>	Application
oracle	communications_offline_mediation_controller	*	<built-in method update of dict object at 0x72a9b0ca5bc0>	Application
oracle	communications_offline_mediation_controller	12.0.0.5.0	<built-in method update of dict object at 0x72a9ccf283c0>	Application
oracle	flexcube_private_banking	12.1.0	<built-in method update of dict object at 0x72a9cc8b1a00>	Application
oracle	health_sciences_data_management_workbench	2.5.2.1	<built-in method update of dict object at 0x72a9b0a6f600>	Application
oracle	health_sciences_data_management_workbench	3.0.0.0	<built-in method update of dict object at 0x72a9b0a6e300>	Application
oracle	health_sciences_data_management_workbench	3.1.0.3	<built-in method update of dict object at 0x72a9b0a6ec00>	Application
oracle	policy_automation	*	<built-in method update of dict object at 0x72a9ccf49080>	Application
oracle	policy_automation_for_mobile_devices	*	<built-in method update of dict object at 0x72a9ccf2b700>	Application
oracle	primavera_gateway	*	<built-in method update of dict object at 0x72a9b0c46280>	Application
oracle	primavera_gateway	*	<built-in method update of dict object at 0x72a9cc744c40>	Application
oracle	primavera_gateway	*	<built-in method update of dict object at 0x72a9b0a6f640>	Application
oracle	primavera_gateway	*	<built-in method update of dict object at 0x72a9ccf4b3c0>	Application
oracle	primavera_gateway	21.12.0	<built-in method update of dict object at 0x72a9cdc91d80>	Application
oracle	primavera_p6_enterprise_project_portfolio_management	*	<built-in method update of dict object at 0x72a9cc781e00>	Application
oracle	primavera_p6_enterprise_project_portfolio_management	*	<built-in method update of dict object at 0x72a9cc562600>	Application
oracle	primavera_p6_enterprise_project_portfolio_management	21.12.0.0	<built-in method update of dict object at 0x72a9b0dc7200>	Application
oracle	primavera_unifier	18.8	<built-in method update of dict object at 0x72a9b0b48a80>	Application
oracle	primavera_unifier	19.12	<built-in method update of dict object at 0x72a99a640040>	Application
oracle	primavera_unifier	20.12	<built-in method update of dict object at 0x72a949cf1a00>	Application
oracle	primavera_unifier	21.12	<built-in method update of dict object at 0x72a9cc55f740>	Application
oracle	product_lifecycle_analytics	3.6.1	<built-in method update of dict object at 0x72a9cdc93180>	Application
oracle	retail_order_broker	18.0	<built-in method update of dict object at 0x72a9af7e0680>	Application
oracle	retail_order_broker	19.1	<built-in method update of dict object at 0x72a9cc7be540>	Application
oracle	retail_xstore_point_of_service	17.0.4	<built-in method update of dict object at 0x72a9af7e1140>	Application
oracle	retail_xstore_point_of_service	18.0.3	<built-in method update of dict object at 0x72a9b0b4be80>	Application
oracle	retail_xstore_point_of_service	19.0.2	<built-in method update of dict object at 0x72a9b0d80a40>	Application
oracle	retail_xstore_point_of_service	20.0.1	<built-in method update of dict object at 0x72a9cc427180>	Application
oracle	retail_xstore_point_of_service	21.0.1	<built-in method update of dict object at 0x72a9cc753b40>	Application
oracle	siebel_ui_framework	*	<built-in method update of dict object at 0x72a9cc6abe80>	Application
oracle	weblogic_server	12.2.1.3.0	<built-in method update of dict object at 0x72a9ccf4a3c0>	Application
oracle	weblogic_server	12.2.1.4.0	<built-in method update of dict object at 0x72a9b0d83380>	Application
oracle	weblogic_server	14.1.1.0.0	<built-in method update of dict object at 0x72a9cc4244c0>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:apache:log4j::::::::`
Yes	`cpe:2.3:a:apache:log4j::::::::`
Yes	`cpe:2.3:a:apache:log4j::::::::`
Yes	`cpe:2.3:a:apache:log4j:2.0:-::::::`
Yes	`cpe:2.3:a:apache:log4j:2.0:beta7::::::`
Yes	`cpe:2.3:a:apache:log4j:2.0:beta8::::::`
Yes	`cpe:2.3:a:apache:log4j:2.0:beta9::::::`
Yes	`cpe:2.3:a:apache:log4j:2.0:rc1::::::`
Yes	`cpe:2.3:a:apache:log4j:2.0:rc2::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`
Yes	`cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:::::::*`
Yes	`cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*`
Yes	`cpe:2.3:a:oracle:primavera_gateway::::::::`
Yes	`cpe:2.3:a:oracle:primavera_gateway::::::::`
Yes	`cpe:2.3:a:oracle:primavera_gateway::::::::`
Yes	`cpe:2.3:a:oracle:primavera_gateway::::::::`
Yes	`cpe:2.3:a:oracle:primavera_gateway:21.12.0:::::::*`
Yes	`cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::`
Yes	`cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::`
Yes	`cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:::::::*`
Yes	`cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*`
Yes	`cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*`
Yes	`cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*`
Yes	`cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*`
Yes	`cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:::::::*`
Yes	`cpe:2.3:a:oracle:retail_fiscal_management:14.2:::::::*`
Yes	`cpe:2.3:a:oracle:siebel_ui_framework:21.12:::::::*`
Yes	`cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*`
Yes	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`
Yes	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:cisco:cloudcenter:4.10.0.16:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fedoraproject:fedora:34:::::::*`
Yes	`cpe:2.3:o:fedoraproject:fedora:35:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:9.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::`
Yes	`cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:::::::*`
Yes	`cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::`
Yes	`cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:::::::*`
Yes	`cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*`
Yes	`cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::`
Yes	`cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:::::::*`
Yes	`cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*`
Yes	`cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:::::::*`
Yes	`cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:::::::*`
Yes	`cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:::::::*`
Yes	`cpe:2.3:a:oracle:policy_automation::::::::`
Yes	`cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::`
Yes	`cpe:2.3:a:oracle:primavera_gateway::::::::`
Yes	`cpe:2.3:a:oracle:primavera_gateway::::::::`
Yes	`cpe:2.3:a:oracle:primavera_gateway::::::::`
Yes	`cpe:2.3:a:oracle:primavera_gateway::::::::`
Yes	`cpe:2.3:a:oracle:primavera_gateway:21.12.0:::::::*`
Yes	`cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::`
Yes	`cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::`
Yes	`cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:::::::*`
Yes	`cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*`
Yes	`cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*`
Yes	`cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*`
Yes	`cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*`
Yes	`cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:::::::*`
Yes	`cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*`
Yes	`cpe:2.3:a:oracle:retail_order_broker:19.1:::::::*`
Yes	`cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:::::::*`
Yes	`cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:::::::*`
Yes	`cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:::::::*`
Yes	`cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:::::::*`
Yes	`cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:::::::*`
Yes	`cpe:2.3:a:oracle:siebel_ui_framework::::::::`
Yes	`cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*`
Yes	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`
Yes	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`

References

http://www.openwall.com/lists/oss-security/2021/12/28/1
Source: [email protected]

Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf
Source: [email protected]

Third Party Advisory
https://issues.apache.org/jira/browse/LOG4J2-3293
Source: [email protected]

Issue Tracking Patch Vendor Advisory
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143
Source: [email protected]

Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html
Source: [email protected]

Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
Source: [email protected]
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/
Source: [email protected]
https://security.netapp.com/advisory/ntap-20220104-0001/
Source: [email protected]

Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Source: [email protected]

Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Source: [email protected]

Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Source: [email protected]

Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Source: [email protected]

Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/28/1
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://issues.apache.org/jira/browse/LOG4J2-3293
Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking Patch Vendor Advisory
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20220104-0001/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory