DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2017-5645

Critical
Low Medium High Critical
9.8
CVSS Score
Published: Apr 17, 2017
Last Modified: Apr 20, 2025

Vulnerability Description

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H

Known Affected Software

189 configuration(s) from 4 vendor(s)

log4j
Version:
2.3
CPE:
cpe:2.3:a:apache:log4j:2.3:*:*:*:*:*:*:*
log4j
Version:
2.8.1
CPE:
cpe:2.3:a:apache:log4j:2.8.1:-:*:*:*:*:*:*
log4j
Version:
2.8
CPE:
cpe:2.3:a:apache:log4j:2.8:-:*:*:*:*:*:*
log4j
Version:
2.0.1
CPE:
cpe:2.3:a:apache:log4j:2.0.1:*:*:*:*:*:*:*
log4j
Version:
2.1
CPE:
cpe:2.3:a:apache:log4j:2.1:-:*:*:*:*:*:*
log4j
Version:
2.7
CPE:
cpe:2.3:a:apache:log4j:2.7:-:*:*:*:*:*:*
log4j
Version:
2.0
CPE:
cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*
log4j
Version:
2.4.0
CPE:
cpe:2.3:a:apache:log4j:2.4.0:*:*:*:*:*:*:*
log4j
Version:
2.6.2
CPE:
cpe:2.3:a:apache:log4j:2.6.2:-:*:*:*:*:*:*
log4j
Version:
2.6
CPE:
cpe:2.3:a:apache:log4j:2.6:-:*:*:*:*:*:*
log4j
Version:
2.2
CPE:
cpe:2.3:a:apache:log4j:2.2:*:*:*:*:*:*:*
log4j
Version:
2.0.2
CPE:
cpe:2.3:a:apache:log4j:2.0.2:*:*:*:*:*:*:*
log4j
Version:
2.4.1
CPE:
cpe:2.3:a:apache:log4j:2.4.1:*:*:*:*:*:*:*
log4j
Version:
2.5
CPE:
cpe:2.3:a:apache:log4j:2.5:-:*:*:*:*:*:*
log4j
Version:
2.3.2
CPE:
cpe:2.3:a:apache:log4j:2.3.2:rc1:*:*:*:*:*:*
log4j
Version:
2.6.1
CPE:
cpe:2.3:a:apache:log4j:2.6.1:-:*:*:*:*:*:*
log4j
Version:
2.3.1
CPE:
cpe:2.3:a:apache:log4j:2.3.1:rc1:*:*:*:*:*:*
oncommand_api_services
Version:
-
CPE:
cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
oncommand_workflow_automation
Version:
-
CPE:
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
snapcenter
Version:
-
CPE:
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
service_level_manager
Version:
-
CPE:
cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
oncommand_insight
Version:
-
CPE:
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
storage_automation_store
Version:
-
CPE:
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
identity_analytics
Version:
11.1.1.5.8
CPE:
cpe:2.3:a:oracle:identity_analytics:11.1.1.5.8:*:*:*:*:*:*:*
insurance_calculation_engine
Version:
10.2.1
CPE:
cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*
insurance_rules_palette
Version:
11.1
CPE:
cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*
policy_automation
Version:
12.2.10
CPE:
cpe:2.3:a:oracle:policy_automation:12.2.10:*:*:*:*:*:*:*
retail_advanced_inventory_planning
Version:
15.0
CPE:
cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*
autovue_vuelink_integration
Version:
21.0.0
CPE:
cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.0:*:*:*:*:*:*:*
endeca_information_discovery_studio
Version:
3.2.0
CPE:
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
fusion_middleware_mapviewer
Version:
12.2.1.2
CPE:
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*
financial_services_loan_loss_forecasting_and_provisioning
Version:
8.0.5
CPE:
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.5:*:*:*:*:*:*:*
retail_integration_bus
Version:
14.1.0
CPE:
cpe:2.3:a:oracle:retail_integration_bus:14.1.0:*:*:*:*:*:*:*
siebel_ui_framework
Version:
18.9
CPE:
cpe:2.3:a:oracle:siebel_ui_framework:18.9:*:*:*:*:*:*:*
api_gateway
Version:
11.1.2.4.0
CPE:
cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
enterprise_manager_for_oracle_database
Version:
13.2.2
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.2.2:*:*:*:*:*:*:*
retail_advanced_inventory_planning
Version:
14.0
CPE:
cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.0:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
10.4.7
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:10.4.7:*:*:*:*:*:*:*
communications_webrtc_session_controller
Version:
7.1
CPE:
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*
soa_suite
Version:
12.2.1.3.0
CPE:
cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*
soa_suite
Version:
12.2.2.0.0
CPE:
cpe:2.3:a:oracle:soa_suite:12.2.2.0.0:*:*:*:*:*:*:*
jdeveloper
Version:
12.1.3.0.0
CPE:
cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
insurance_rules_palette
Version:
10.0
CPE:
cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.1.0
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.0:*:*:*:*:*:*:*
bi_publisher
Version:
11.1.1.7.0
CPE:
cpe:2.3:a:oracle:bi_publisher:11.1.1.7.0:*:*:*:*:*:*:*
retail_extract_transform_and_load
Version:
19.0
CPE:
cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*
enterprise_manager_for_mysql_database
Version:
12.1.0.2.0
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:12.1.0.2.0:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.2.3
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.3:*:*:*:*:*:*:*
enterprise_manager_for_mysql_database
Version:
13.2.2.0.0
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2.2.0.0:*:*:*:*:*:*:*
utilities_work_and_asset_management
Version:
1.9.1.2.12
CPE:
cpe:2.3:a:oracle:utilities_work_and_asset_management:1.9.1.2.12:*:*:*:*:*:*:*
banking_platform
Version:
2.6.1
CPE:
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
communications_instant_messaging_server
Version:
10.0.1.3.0
CPE:
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*
fusion_middleware_mapviewer
Version:
12.2.1.3
CPE:
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*
flexcube_investor_servicing
Version:
12.1.0
CPE:
cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.2.1
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.1:*:*:*:*:*:*:*
retail_predictive_application_server
Version:
15.0.3
CPE:
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
configuration_manager
Version:
12.1.2.0.2
CPE:
cpe:2.3:a:oracle:configuration_manager:12.1.2.0.2:*:*:*:*:*:*:*
policy_automation
Version:
10.4.7
CPE:
cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
communications_converged_application_server_-_service_controller
Version:
6.1
CPE:
cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.1.1
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.1:*:*:*:*:*:*:*
policy_automation
Version:
12.1.1
CPE:
cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.2.4
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.4:*:*:*:*:*:*:*
enterprise_manager_base_platform
Version:
12.1.0.5
CPE:
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*
tape_library_acsls
Version:
8.4
CPE:
cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*
financial_services_hedge_management_and_ifrs_valuations
Version:
8.0.5
CPE:
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
9.2
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
policy_automation
Version:
12.2.7
CPE:
cpe:2.3:a:oracle:policy_automation:12.2.7:*:*:*:*:*:*:*
in-memory_performance-driven_planning
Version:
12.2
CPE:
cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.2:*:*:*:*:*:*:*
retail_integration_bus
Version:
14.0.0
CPE:
cpe:2.3:a:oracle:retail_integration_bus:14.0.0:*:*:*:*:*:*:*
siebel_ui_framework
Version:
18.7
CPE:
cpe:2.3:a:oracle:siebel_ui_framework:18.7:*:*:*:*:*:*:*
autovue_vuelink_integration
Version:
21.0.1
CPE:
cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.1:*:*:*:*:*:*:*
financial_services_regulatory_reporting_with_agilereporter
Version:
8.0.9.2.0
CPE:
cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*
policy_automation
Version:
12.2.1
CPE:
cpe:2.3:a:oracle:policy_automation:12.2.1:*:*:*:*:*:*:*
siebel_ui_framework
Version:
18.8
CPE:
cpe:2.3:a:oracle:siebel_ui_framework:18.8:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.2.6
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.6:*:*:*:*:*:*:*
retail_service_backbone
Version:
16.0
CPE:
cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
financial_services_behavior_detection_platform
Version:
6.1.1
CPE:
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:6.1.1:*:*:*:*:*:*:*
enterprise_manager_for_peoplesoft
Version:
13.1.1.1
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.1.1.1:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.2.7
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.7:*:*:*:*:*:*:*
rapid_planning
Version:
12.1
CPE:
cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
policy_automation
Version:
12.2.2
CPE:
cpe:2.3:a:oracle:policy_automation:12.2.2:*:*:*:*:*:*:*
enterprise_manager_for_mysql_database
Version:
13.2.1.0.0
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2.1.0.0:*:*:*:*:*:*:*
primavera_gateway
Version:
16.2
CPE:
cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
retail_open_commerce_platform
Version:
6.0.0
CPE:
cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*
primavera_gateway
Version:
16.2.11
CPE:
cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*
application_testing_suite
Version:
13.3.0.1
CPE:
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
timesten_in-memory_database
Version:
11.2.2.8.49
CPE:
cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*
enterprise_manager_for_mysql_database
Version:
12.1.0.3.0
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:12.1.0.3.0:*:*:*:*:*:*:*
insurance_rules_palette
Version:
10.2
CPE:
cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*
communications_webrtc_session_controller
Version:
7.0
CPE:
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*
identity_management_suite
Version:
12.2.1.3.0
CPE:
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
enterprise_manager_base_platform
Version:
13.2.0.0
CPE:
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*
policy_automation
Version:
12.2.8
CPE:
cpe:2.3:a:oracle:policy_automation:12.2.8:*:*:*:*:*:*:*
policy_automation
Version:
12.2.3
CPE:
cpe:2.3:a:oracle:policy_automation:12.2.3:*:*:*:*:*:*:*
flexcube_investor_servicing
Version:
12.4.0
CPE:
cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
flexcube_investor_servicing
Version:
12.3.0
CPE:
cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
retail_open_commerce_platform
Version:
6.0.1
CPE:
cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*
bi_publisher
Version:
12.2.1.3.0
CPE:
cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
in-memory_performance-driven_planning
Version:
12.1
CPE:
cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.1:*:*:*:*:*:*:*
financial_services_lending_and_leasing
Version:
12.5.0
CPE:
cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.2.8
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.8:*:*:*:*:*:*:*
communications_pricing_design_center
Version:
12.0
CPE:
cpe:2.3:a:oracle:communications_pricing_design_center:12.0:*:*:*:*:*:*:*
retail_integration_bus
Version:
16.0
CPE:
cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
insurance_rules_palette
Version:
10.1
CPE:
cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*
goldengate
Version:
12.3.2.1.1
CPE:
cpe:2.3:a:oracle:goldengate:12.3.2.1.1:*:*:*:*:*:*:*
enterprise_data_quality
Version:
12.2.1.3.0
CPE:
cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*
weblogic_server
Version:
10.3.6.0.0
CPE:
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
policy_automation
Version:
12.2.6
CPE:
cpe:2.3:a:oracle:policy_automation:12.2.6:*:*:*:*:*:*:*
retail_open_commerce_platform
Version:
5.3.0
CPE:
cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*
policy_automation_connector_for_siebel
Version:
10.4.6
CPE:
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
identity_management_suite
Version:
11.1.2.3.0
CPE:
cpe:2.3:a:oracle:identity_management_suite:11.1.2.3.0:*:*:*:*:*:*:*
policy_automation
Version:
12.2.0
CPE:
cpe:2.3:a:oracle:policy_automation:12.2.0:*:*:*:*:*:*:*
peoplesoft_enterprise_fin_install
Version:
9.2
CPE:
cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*
bi_publisher
Version:
12.2.1.4.0
CPE:
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
retail_service_backbone
Version:
15.0
CPE:
cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
insurance_calculation_engine
Version:
10.1.1
CPE:
cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*
enterprise_manager_for_fusion_middleware
Version:
13.2.0.0
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*
insurance_policy_administration
Version:
10.2
CPE:
cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*
retail_integration_bus
Version:
15.0
CPE:
cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.2.0
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.0:*:*:*:*:*:*:*
retail_service_backbone
Version:
14.1
CPE:
cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
primavera_gateway
Version:
17.12.7
CPE:
cpe:2.3:a:oracle:primavera_gateway:17.12.7:*:*:*:*:*:*:*
utilities_advanced_spatial_and_operational_analytics
Version:
2.7.0.1
CPE:
cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*
bi_publisher
Version:
11.1.1.9.0
CPE:
cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*
primavera_gateway
Version:
17.12.0
CPE:
cpe:2.3:a:oracle:primavera_gateway:17.12.0:*:*:*:*:*:*:*
flexcube_investor_servicing
Version:
14.0.0
CPE:
cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
financial_services_hedge_management_and_ifrs_valuations
Version:
8.0.4
CPE:
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*
enterprise_manager_for_oracle_database
Version:
12.1.0.8
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:12.1.0.8:*:*:*:*:*:*:*
banking_platform
Version:
2.6.2
CPE:
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
policy_automation
Version:
12.2.4
CPE:
cpe:2.3:a:oracle:policy_automation:12.2.4:*:*:*:*:*:*:*
retail_extract_transform_and_load
Version:
13.2
CPE:
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2:*:*:*:*:*:*:*
policy_automation
Version:
12.2.9
CPE:
cpe:2.3:a:oracle:policy_automation:12.2.9:*:*:*:*:*:*:*
weblogic_server
Version:
12.2.1.4.0
CPE:
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
soa_suite
Version:
12.1.3.0.0
CPE:
cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*
retail_extract_transform_and_load
Version:
13.0
CPE:
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.0:*:*:*:*:*:*:*
jdeveloper
Version:
12.2.1.3.0
CPE:
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
weblogic_server
Version:
14.1.1.0.0
CPE:
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
retail_extract_transform_and_load
Version:
13.1
CPE:
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.1:*:*:*:*:*:*:*
enterprise_manager_for_fusion_middleware
Version:
12.1.0.5
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*
insurance_rules_palette
Version:
11.0
CPE:
cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*
communications_service_broker
Version:
6.0
CPE:
cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*
policy_automation
Version:
12.1.0
CPE:
cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
4.0.1.0
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*
financial_services_profitability_management
Version:
6.1.1
CPE:
cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.2.5
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.5:*:*:*:*:*:*:*
retail_clearance_optimization_engine
Version:
14.0.5
CPE:
cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*
enterprise_manager_for_mysql_database
Version:
12.1.0.4.0
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:12.1.0.4.0:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.2.2
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.2:*:*:*:*:*:*:*
flexcube_investor_servicing
Version:
12.0.4
CPE:
cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*
identity_manager_connector
Version:
9.0
CPE:
cpe:2.3:a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:*
insurance_policy_administration
Version:
11.0
CPE:
cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*
enterprise_manager_for_peoplesoft
Version:
13.2.1.1
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.2.1.1:*:*:*:*:*:*:*
weblogic_server
Version:
12.1.3.0.0
CPE:
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
communications_online_mediation_controller
Version:
6.1
CPE:
cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*
enterprise_manager_for_mysql_database
Version:
13.2
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*
insurance_policy_administration
Version:
10.0
CPE:
cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*
insurance_policy_administration
Version:
10.1
CPE:
cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*
rapid_planning
Version:
12.2
CPE:
cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
primavera_gateway
Version:
16.2.0
CPE:
cpe:2.3:a:oracle:primavera_gateway:16.2.0:*:*:*:*:*:*:*
policy_automation
Version:
12.2.5
CPE:
cpe:2.3:a:oracle:policy_automation:12.2.5:*:*:*:*:*:*:*
communications_pricing_design_center
Version:
11.1
CPE:
cpe:2.3:a:oracle:communications_pricing_design_center:11.1:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.2.9
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.9:*:*:*:*:*:*:*
primavera_gateway
Version:
17.12.6
CPE:
cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
configuration_manager
Version:
12.1.2.0.5
CPE:
cpe:2.3:a:oracle:configuration_manager:12.1.2.0.5:*:*:*:*:*:*:*
policy_automation_for_mobile_devices
Version:
12.2.10
CPE:
cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.10:*:*:*:*:*:*:*
jdeveloper
Version:
11.1.1.9.0
CPE:
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
banking_platform
Version:
2.6.0
CPE:
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
weblogic_server
Version:
12.2.1.3.0
CPE:
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
primavera_gateway
Version:
17.12
CPE:
cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
financial_services_loan_loss_forecasting_and_provisioning
Version:
8.0.4
CPE:
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:*
goldengate_application_adapters
Version:
12.3.2.1.1
CPE:
cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.1:*:*:*:*:*:*:*
fuse
Version:
1.0
CPE:
cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
enterprise_linux
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:intel64:*
enterprise_linux
Version:
7.3
CPE:
cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
enterprise_linux_server_eus
Version:
7.6
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
enterprise_linux_workstation
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*
enterprise_linux_server_tus
Version:
7.4
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
enterprise_linux_server_eus
Version:
7.4
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
enterprise_linux
Version:
6.7
CPE:
cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
enterprise_linux_server_aus
Version:
7.4
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
enterprise_linux
Version:
7.4
CPE:
cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
enterprise_linux_server_tus
Version:
7.6
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
enterprise_linux
Version:
7.5
CPE:
cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
enterprise_linux_server
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:x64:*
enterprise_linux
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:intel64:*
enterprise_linux
Version:
7.6
CPE:
cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
enterprise_linux_server_aus
Version:
7.6
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
enterprise_linux_desktop
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*
enterprise_linux_server_eus
Version:
7.5
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
This vulnerability affects 189 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

9.8
out of 10.0
Critical

Weakness Type (CWE)

CWE-502 Top 25 #15

Deserialization of Untrusted Data

Description
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Exploit Likelihood
Medium
Typical Severity
Medium
OWASP Top 10
A08:2021-Software/Data Integrity Failures
Abstraction Level
Base

Key Information

Published Date
April 17, 2017