CVE-2021-45105
mediumCVSS v3 Base Score
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
74.5%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CWE
CWE-20Affected Products
apache log4jnetapp cloud managerdebian debian linuxsonicwall email securitysonicwall network security managersonicwall web application firewallsonicwall 6bk1602-0aa12-0tp0 firmwaresonicwall 6bk1602-0aa22-0tp0 firmwaresonicwall 6bk1602-0aa32-0tp0 firmwaresonicwall 6bk1602-0aa42-0tp0 firmware