In Apache Log4j 2.x prior to 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache log4j |
||
netapp snapcenter - |
||
netapp storage automation store - |
||
netapp oncommand workflow automation - |
||
netapp oncommand insight - |
||
netapp service level manager - |
||
netapp oncommand api services - |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux 7.4 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 6.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux 6.7 |
||
redhat enterprise linux 7.3 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server eus 7.4 |
||
redhat enterprise linux 7.5 |
||
redhat enterprise linux server tus 7.4 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux 7.6 |
||
redhat fuse 1.0 |
||
oracle flexcube investor servicing 12.3.0 |
||
oracle flexcube investor servicing 12.1.0 |
||
oracle jd edwards enterpriseone tools 9.2 |
||
oracle retail service backbone 14.1 |
||
oracle enterprise manager base platform 12.1.0.5 |
||
oracle api gateway 11.1.2.4.0 |
||
oracle flexcube investor servicing 12.0.4 |
||
oracle weblogic server 12.1.3.0.0 |
||
oracle fusion middleware mapviewer 12.2.1.2 |
||
oracle jdeveloper 11.1.1.9.0 |
||
oracle retail service backbone 15.0 |
||
oracle jdeveloper 12.1.3.0.0 |
||
oracle retail integration bus 15.0 |
||
oracle weblogic server 10.3.6.0.0 |
||
oracle weblogic server 12.2.1.3.0 |
||
oracle flexcube investor servicing 12.4.0 |
||
oracle soa suite 12.1.3.0.0 |
||
oracle soa suite 12.2.1.3.0 |
||
oracle identity analytics 11.1.1.5.8 |
||
oracle siebel ui framework 18.7 |
||
oracle siebel ui framework 18.8 |
||
oracle siebel ui framework 18.9 |
||
oracle retail open commerce platform 6.0.1 |
||
oracle application testing suite 13.3.0.1 |
||
oracle flexcube investor servicing 14.0.0 |
||
oracle insurance rules palette 10.0 |
||
oracle insurance rules palette 10.2 |
||
oracle tape library acsls 8.4 |
||
oracle retail open commerce platform 5.3.0 |
||
oracle retail open commerce platform 6.0.0 |
||
oracle insurance calculation engine 10.2.1 |
||
oracle insurance calculation engine 10.1.1 |
||
oracle insurance rules palette 10.1 |
||
oracle insurance rules palette 11.0 |
||
oracle insurance rules palette 11.1 |
||
oracle retail integration bus 16.0 |
||
oracle banking platform 2.6.0 |
||
oracle banking platform 2.6.1 |
||
oracle banking platform 2.6.2 |
||
oracle communications webrtc session controller |
||
oracle enterprise manager for peoplesoft 13.1.1.1 |
||
oracle enterprise manager for peoplesoft 13.2.1.1 |
||
oracle enterprise manager for oracle database 12.1.0.8 |
||
oracle enterprise manager for oracle database 13.2.2 |
||
oracle enterprise manager for mysql database |
||
oracle enterprise manager for fusion middleware 12.1.0.5 |
||
oracle enterprise manager for fusion middleware 13.2.0.0 |
||
oracle enterprise manager base platform 13.2.0.0 |
||
oracle communications pricing design center 11.1 |
||
oracle communications pricing design center 12.0 |
||
oracle jdeveloper 12.2.1.3.0 |
||
oracle communications converged application server - service controller 6.1 |
||
oracle communications online mediation controller 6.1 |
||
oracle communications service broker 6.0 |
||
oracle goldengate application adapters 12.3.2.1.1 |
||
oracle soa suite 12.2.2.0.0 |
||
oracle communications messaging server |
||
oracle configuration manager 12.1.2.0.2 |
||
oracle configuration manager 12.1.2.0.5 |
||
oracle bi publisher 12.2.1.4.0 |
||
oracle bi publisher 11.1.1.7.0 |
||
oracle bi publisher 11.1.1.9.0 |
||
oracle bi publisher 12.2.1.3.0 |
||
oracle identity management suite 11.1.2.3.0 |
||
oracle identity management suite 12.2.1.3.0 |
||
oracle retail extract transform and load 13.0 |
||
oracle retail extract transform and load 13.1 |
||
oracle retail extract transform and load 13.2 |
||
oracle utilities work and asset management 1.9.1.2.12 |
||
oracle autovue vuelink integration 21.0.1 |
||
oracle autovue vuelink integration 21.0.0 |
||
oracle retail predictive application server 15.0.3 |
||
oracle retail integration bus 14.1.0 |
||
oracle retail integration bus 14.0.0 |
||
oracle retail clearance optimization engine 14.0.5 |
||
oracle policy automation for mobile devices 10.4.7 |
||
oracle policy automation for mobile devices 12.1.0 |
||
oracle policy automation for mobile devices 12.1.1 |
||
oracle policy automation for mobile devices 12.2.0 |
||
oracle policy automation for mobile devices 12.2.1 |
||
oracle policy automation for mobile devices 12.2.2 |
||
oracle policy automation for mobile devices 12.2.3 |
||
oracle policy automation for mobile devices 12.2.4 |
||
oracle policy automation for mobile devices 12.2.5 |
||
oracle policy automation for mobile devices 12.2.6 |
||
oracle policy automation for mobile devices 12.2.7 |
||
oracle policy automation for mobile devices 12.2.8 |
||
oracle policy automation for mobile devices 12.2.9 |
||
oracle policy automation for mobile devices 12.2.10 |
||
oracle policy automation connector for siebel 10.4.6 |
||
oracle policy automation 10.4.7 |
||
oracle policy automation 12.1.0 |
||
oracle policy automation 12.1.1 |
||
oracle policy automation 12.2.0 |
||
oracle policy automation 12.2.1 |
||
oracle policy automation 12.2.2 |
||
oracle policy automation 12.2.3 |
||
oracle policy automation 12.2.4 |
||
oracle policy automation 12.2.5 |
||
oracle policy automation 12.2.6 |
||
oracle policy automation 12.2.7 |
||
oracle policy automation 12.2.8 |
||
oracle policy automation 12.2.9 |
||
oracle policy automation 12.2.10 |
||
oracle peoplesoft enterprise fin install 9.2 |
||
oracle mysql enterprise monitor |
||
oracle insurance policy administration 10.0 |
||
oracle insurance policy administration 10.1 |
||
oracle insurance policy administration 10.2 |
||
oracle insurance policy administration 11.0 |
||
oracle fusion middleware mapviewer 12.2.1.3 |
||
oracle enterprise data quality 12.2.1.3.0 |
||
oracle financial services profitability management |
||
oracle financial services profitability management 6.1.1 |
||
oracle financial services loan loss forecasting and provisioning 8.0.4 |
||
oracle financial services loan loss forecasting and provisioning 8.0.5 |
||
oracle financial services hedge management and ifrs valuations 8.0.4 |
||
oracle financial services hedge management and ifrs valuations 8.0.5 |
||
oracle financial services behavior detection platform |
||
oracle financial services behavior detection platform 6.1.1 |
||
oracle financial services analytical applications infrastructure |
||
oracle endeca information discovery studio 3.2.0 |
||
oracle weblogic server 12.2.1.4.0 |
||
oracle weblogic server 14.1.1.0.0 |
||
oracle rapid planning 12.1 |
||
oracle rapid planning 12.2 |
||
oracle instantis enterprisetrack |
||
oracle utilities advanced spatial and operational analytics 2.7.0.1 |
||
oracle primavera gateway |
||
oracle identity manager connector 9.0 |
||
oracle financial services lending and leasing |
||
oracle financial services lending and leasing 12.5.0 |
||
oracle communications network integrity |
||
oracle retail service backbone 16.0 |
||
oracle retail extract transform and load 19.0 |
||
oracle communications instant messaging server 10.0.1.3.0 |
||
oracle financial services regulatory reporting with agilereporter 8.0.9.2.0 |
||
oracle retail advanced inventory planning 15.0 |
||
oracle timesten in-memory database 11.2.2.8.49 |
||
oracle communications interactive session recorder |
||
oracle jd edwards enterpriseone tools 4.0.1.0 |
||
oracle in-memory performance-driven planning 12.2 |
||
oracle in-memory performance-driven planning 12.1 |
||
oracle retail advanced inventory planning 14.0 |
||
oracle goldengate 12.3.2.1.1 |
How many times do you want to read the CVSS rating 9.8 today?
Oracle has released its final quarterly batch of patches for the year for security flaws in its products. The total this time? 402 fixes, the bulk of which are rated critical in terms of severity. In all, there are 230 CVE-listed bugs fixed across 27 Oracle products, according to Tenable, which noted Big Red's record is still July 2020 with more than 440 patches. "Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already rele...
Java fixes lobbed out, Spectre Solaris patches issued Flash! Ah-ahhh! WebEx pwned for all of us!
Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products. Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most of the Spectre/Meltdown processor design bugs in its products back in January. This update applies further fixes for Solaris versions 10 and 11.3. Java was on the receivi...
Vulmon