Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
208
Affected Products
26
References
apache / log4j
| - |
| netapp | cloud_manager | - | - |
| debian | debian_linux | - | - |
| debian | debian_linux | - | - |
| sonicwall | email_security | 10.0.12 | - |
| sonicwall | network_security_manager | 2.0 - 3.0 | - |
| sonicwall | network_security_manager | 2.0 - 3.0 | - |
| sonicwall | web_application_firewall | 3.0.0 - 3.1.0 | - |
| sonicwall | 6bk1602-0aa12-0tp0_firmware | 2.7.0 | - |
| sonicwall | 6bk1602-0aa22-0tp0_firmware | 2.7.0 | - |
| sonicwall | 6bk1602-0aa32-0tp0_firmware | 2.7.0 | - |
| sonicwall | 6bk1602-0aa42-0tp0_firmware | 2.7.0 | - |
| sonicwall | 6bk1602-0aa52-0tp0_firmware | 2.7.0 | - |
| oracle | agile_engineering_data_management | - | - |
| oracle | agile_plm | - | - |
| oracle | agile_plm_mcad_connector | - | - |
| oracle | autovue_for_agile_product_lifecycle_management | - | - |
| oracle | banking_deposits_and_lines_of_credit_servicing | - | - |
| oracle | banking_enterprise_default_management | - | - |
| oracle | banking_enterprise_default_management | - | - |
| oracle | banking_loans_servicing | - | - |
| oracle | banking_party_management | - | - |
| oracle | banking_payments | - | - |
| oracle | banking_platform | - | - |
| oracle | banking_platform | - | - |
| oracle | banking_platform | - | - |
| oracle | banking_trade_finance | - | - |
| oracle | banking_treasury_management | - | - |
| oracle | business_intelligence | - | - |
| oracle | communications_asap | - | - |
| oracle | communications_billing_and_revenue_management | - | - |
| oracle | communications_billing_and_revenue_management | - | - |
| oracle | communications_cloud_native_core_console | - | - |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | - | - |
| oracle | communications_cloud_native_core_network_repository_function | - | - |
| oracle | communications_cloud_native_core_network_repository_function | - | - |
| oracle | communications_cloud_native_core_network_slice_selection_function | - | - |
| oracle | communications_cloud_native_core_policy | - | - |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | - | - |
| oracle | communications_cloud_native_core_service_communication_proxy | - | - |
| oracle | communications_cloud_native_core_unified_data_repository | - | - |
| oracle | communications_convergence | - | - |
| oracle | communications_convergence | - | - |
| oracle | communications_convergent_charging_controller | 12.0.1.0.0 - 12.0.4.0.0 | - |
| oracle | communications_convergent_charging_controller | - | - |
| oracle | communications_diameter_signaling_router | 8.3.0.0 - 8.5.1.0 | - |
| oracle | communications_eagle_element_management_system | - | - |
| oracle | communications_eagle_ftp_table_base_retrieval | - | - |
| oracle | communications_element_manager | 9.0 | - |
| oracle | communications_evolved_communications_application_server | - | - |
| oracle | communications_interactive_session_recorder | - | - |
| oracle | communications_interactive_session_recorder | - | - |
| oracle | communications_ip_service_activator | - | - |
| oracle | communications_messaging_server | - | - |
| oracle | communications_network_charging_and_control | 12.0.1.0.0 - 12.0.4.0.0 | - |
| oracle | communications_network_charging_and_control | - | - |
| oracle | communications_network_integrity | - | - |
| oracle | communications_performance_intelligence_center | - | - |
| oracle | communications_pricing_design_center | - | - |
| oracle | communications_pricing_design_center | - | - |
| oracle | communications_service_broker | - | - |
| oracle | communications_services_gatekeeper | - | - |
| oracle | communications_session_report_manager | 9.0 | - |
| oracle | communications_session_route_manager | 9.0 | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | communications_user_data_repository | - | - |
| oracle | communications_webrtc_session_controller | - | - |
| oracle | communications_webrtc_session_controller | - | - |
| oracle | data_integrator | - | - |
| oracle | data_integrator | - | - |
| oracle | e-business_suite | - | - |
| oracle | enterprise_manager_base_platform | - | - |
| oracle | enterprise_manager_base_platform | - | - |
| oracle | enterprise_manager_for_peoplesoft | - | - |
| oracle | enterprise_manager_for_peoplesoft | - | - |
| oracle | enterprise_manager_ops_center | - | - |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.7 - 8.1.1 | - |
| oracle | financial_services_model_management_and_governance | - | - |
| oracle | financial_services_model_management_and_governance | - | - |
| oracle | financial_services_model_management_and_governance | - | - |
| oracle | flexcube_universal_banking | 12.1.0 - 12.4 | - |
| oracle | flexcube_universal_banking | 14.0.0 - 14.3.0 | - |
| oracle | flexcube_universal_banking | - | - |
| oracle | flexcube_universal_banking | - | - |
| oracle | health_sciences_empirica_signal | - | - |
| oracle | health_sciences_empirica_signal | - | - |
| oracle | health_sciences_inform | - | - |
| oracle | health_sciences_inform | - | - |
| oracle | health_sciences_inform | - | - |
| oracle | health_sciences_information_manager | 3.0.1 - 3.0.4 | - |
| oracle | healthcare_data_repository | - | - |
| oracle | healthcare_foundation | 7.3.0.1 - 7.3.0.4 | - |
| oracle | healthcare_master_person_index | - | - |
| oracle | healthcare_translational_research | - | - |
| oracle | healthcare_translational_research | - | - |
| oracle | hospitality_suite8 | - | - |
| oracle | hospitality_suite8 | - | - |
| oracle | hospitality_token_proxy_service | - | - |
| oracle | hyperion_bi\+ | 11.2.8.0 | - |
| oracle | hyperion_data_relationship_management | 11.2.8.0 | - |
| oracle | hyperion_infrastructure_technology | 11.2.8.0 | - |
| oracle | hyperion_planning | 11.2.8.0 | - |
| oracle | hyperion_profitability_and_cost_management | 11.2.8.0 | - |
| oracle | hyperion_tax_provision | 11.2.8.0 | - |
| oracle | identity_management_suite | - | - |
| oracle | identity_management_suite | - | - |
| oracle | identity_manager_connector | - | - |
| oracle | instantis_enterprisetrack | - | - |
| oracle | instantis_enterprisetrack | - | - |
| oracle | instantis_enterprisetrack | - | - |
| oracle | insurance_data_gateway | - | - |
| oracle | insurance_insbridge_rating_and_underwriting | 5.4 - 5.6.0.0 | - |
| oracle | insurance_insbridge_rating_and_underwriting | - | - |
| oracle | insurance_insbridge_rating_and_underwriting | - | - |
| oracle | jdeveloper | - | - |
| oracle | managed_file_transfer | - | - |
| oracle | managed_file_transfer | - | - |
| oracle | management_cloud_engine | - | - |
| oracle | mysql_enterprise_monitor | 8.0.29 | - |
| oracle | payment_interface | - | - |
| oracle | payment_interface | - | - |
| oracle | peoplesoft_enterprise_peopletools | - | - |
| oracle | peoplesoft_enterprise_peopletools | - | - |
| oracle | primavera_gateway | 17.12.0 - 17.12.11 | - |
| oracle | primavera_gateway | 18.8.0 - 18.8.13 | - |
| oracle | primavera_gateway | 19.12.0 - 19.12.12 | - |
| oracle | primavera_gateway | 20.12.0 - 20.12.7 | - |
| oracle | primavera_gateway | - | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | 19.12.0.0 - 19.12.18.0 | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | 20.12.0.0 - 20.12.12.0 | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | - | - |
| oracle | primavera_unifier | - | - |
| oracle | primavera_unifier | - | - |
| oracle | primavera_unifier | - | - |
| oracle | primavera_unifier | - | - |
| oracle | retail_back_office | - | - |
| oracle | retail_central_office | - | - |
| oracle | retail_customer_insights | - | - |
| oracle | retail_customer_insights | - | - |
| oracle | retail_data_extractor_for_merchandising | - | - |
| oracle | retail_data_extractor_for_merchandising | - | - |
| oracle | retail_eftlink | - | - |
| oracle | retail_eftlink | - | - |
| oracle | retail_eftlink | - | - |
| oracle | retail_eftlink | - | - |
| oracle | retail_eftlink | - | - |
| oracle | retail_eftlink | - | - |
| oracle | retail_financial_integration | 16.0.1 - 16.0.3 | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_integration_bus | 16.0.1 - 16.0.3 | - |
| oracle | retail_integration_bus | 19.0.0 - 19.0.1.0 | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_invoice_matching | - | - |
| oracle | retail_invoice_matching | - | - |
| oracle | retail_merchandising_system | - | - |
| oracle | retail_merchandising_system | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_order_management_system | - | - |
| oracle | retail_point-of-service | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_returns_management | - | - |
| oracle | retail_service_backbone | 16.0.1 - 16.0.3 | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_store_inventory_management | - | - |
| oracle | retail_store_inventory_management | - | - |
| oracle | retail_store_inventory_management | - | - |
| oracle | retail_store_inventory_management | - | - |
| oracle | retail_store_inventory_management | - | - |
| oracle | retail_store_inventory_management | - | - |
| oracle | siebel_ui_framework | 21.12 | - |
| oracle | sql_developer | 21.4.2 | - |
| oracle | taleo_platform | 22.1 | - |
| oracle | utilities_framework | 4.3.0.1.0 - 4.3.0.6.0 | - |
| oracle | utilities_framework | - | - |
| oracle | utilities_framework | - | - |
| oracle | utilities_framework | - | - |
| oracle | webcenter_portal | - | - |
| oracle | webcenter_portal | - | - |
| oracle | webcenter_sites | - | - |
| oracle | webcenter_sites | - | - |
| oracle | weblogic_server | - | - |
| oracle | weblogic_server | - | - |
| oracle | weblogic_server | - | - |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability
Impact