CVE-2021-44832
mediumCVSS v3 Base Score
6.6
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
53.6%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
CWE
CWE-20Affected Products
apache log4joracle communications diameter signaling routeroracle communications interactive session recorderoracle primavera gatewayoracle primavera p6 enterprise project portfolio managementoracle primavera unifieroracle retail assortment planningoracle retail fiscal managementoracle siebel ui frameworkoracle weblogic server