Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
2019-12-20T17:15:11.893
2024-11-21T04:32:33.393
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | apache | log4j | ≤ 1.2.17 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Operating System | debian | debian_linux | 10.0 | Yes |
| Operating System | canonical | ubuntu_linux | 18.04 | Yes |
| Operating System | opensuse | leap | 15.1 | Yes |
| Application | netapp | oncommand_system_manager | ≤ 3.1.3 | Yes |
| Application | netapp | oncommand_workflow_automation | - | Yes |
| Application | oracle | application_testing_suite | 13.3.0.1 | Yes |
| Application | oracle | communications_network_integrity | ≤ 7.3.6 | Yes |
| Application | oracle | endeca_information_discovery_studio | 3.2.0 | Yes |
| Application | oracle | financial_services_lending_and_leasing | ≤ 14.8.0 | Yes |
| Application | oracle | financial_services_lending_and_leasing | 12.5.0 | Yes |
| Application | oracle | mysql_enterprise_monitor | ≤ 8.0.29 | Yes |
| Application | oracle | primavera_gateway | ≤ 16.2.11 | Yes |
| Application | oracle | primavera_gateway | ≤ 17.12.7 | Yes |
| Application | oracle | rapid_planning | 12.1 | Yes |
| Application | oracle | rapid_planning | 12.2 | Yes |
| Application | oracle | retail_extract_transform_and_load | 19.0 | Yes |
| Application | oracle | retail_service_backbone | 14.1 | Yes |
| Application | oracle | retail_service_backbone | 15.0 | Yes |
| Application | oracle | retail_service_backbone | 16.0 | Yes |
| Application | oracle | weblogic_server | 10.3.6.0.0 | Yes |
| Application | oracle | weblogic_server | 12.1.3.0.0 | Yes |
| Application | oracle | weblogic_server | 12.2.1.3.0 | Yes |
| Application | oracle | weblogic_server | 12.2.1.4.0 | Yes |
| Application | oracle | weblogic_server | 14.1.1.0.0 | Yes |
| Application | apache | bookkeeper | < 4.14.3 | Yes |