CVE-2021-45105
Description
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
71.364
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Apache Log4j Vulnerability (CVE-2021-45105) | Windows |
| Vulnerabilities CVE-2021-45105,CVE-2021-44832 are fixed in IBM WebSphere 9.0.5.11 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.21 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.13 | Windows |
| Vulnerabilities CVE-2021-45105,CVE-2020-9488 are fixed in Apache - Log4j Core 2.12.3 | Windows |
| Vulnerabilities CVE-2021-45105 are fixed in Apache - Log4j Core 2.17.0 | Windows |
| Vulnerabilities CVE-2021-45105,CVE-2021-44228 are fixed in Apache - Log4j Core 2.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.1.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.4 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.1 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.15 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.3.0 | Windows |
| Vulnerabilities CVE-2021-45105,CVE-2021-44832,CVE-2021-45046,CVE-2021-44228 are fixed in Ops4j - pax-logging-log4j2 1.9.2 | Windows |
| Vulnerabilities CVE-2021-45105,CVE-2021-44832 are fixed in Ops4j - pax-logging-log4j2 1.10.9 | Windows |
| Vulnerabilities CVE-2021-45105 are fixed in Ops4j - pax-logging-log4j2 1.11.12 | Windows |
| Vulnerabilities CVE-2021-45105 are fixed in Ops4j - pax-logging-log4j2 2.0.13 | Windows |
| Apache Log4j - Logging Framework for Java (USN-5203-1) liblog4j2-java_2.17.0-0.20.04.1_all.deb | Linux |
| Apache Log4j - Logging Framework for Java (USN-5203-1) liblog4j2-java_2.17.0-0.21.04.1_all.deb | Linux |
| Apache Log4j - Logging Framework for Java (USN-5203-1) liblog4j2-java_2.17.0-0.21.10.1_all.deb | Linux |
| Apache Log4j - Logging Framework for Java (USN-5222-1) liblog4j2-java_2.17.1-0.20.04.1_all.deb | Linux |
| Apache Log4j - Logging Framework for Java (USN-5222-1) liblog4j2-java_2.17.1-0.21.04.1_all.deb | Linux |
| Apache Log4j - Logging Framework for Java (USN-5222-1) liblog4j2-java_2.17.1-0.21.10.1_all.deb | Linux |
| Apache Log4j - Logging Framework for Java (USN-5222-1) liblog4j2-java_2.12.4-0ubuntu0.1_all.deb | Linux |
| apache-log4j2 security update(DSA-5024-1) liblog4j2-java_2.17.0-1~deb11u1_all.deb | Linux |
| apache-log4j2 security update(DSA-5024-1) liblog4j2-java_2.17.0-1~deb10u1_all.deb | Linux |
| Vulnerabilities CVE-2021-45105,CVE-2020-9488 are fixed in Apache - Log4j Core for Linux 2.12.3 | Linux |
| Vulnerabilities CVE-2021-45105 are fixed in Apache - Log4j Core for Linux 2.17.0 | Linux |
| Vulnerabilities CVE-2021-45105,CVE-2021-44228 are fixed in Apache - Log4j Core for Linux 2.3.1 | Linux |
| Vulnerabilities CVE-2021-45105,CVE-2021-44832,CVE-2021-45046,CVE-2021-44228 are fixed in Ops4j - pax-logging-log4j2 for Linux 1.9.2 | Linux |
| Vulnerabilities CVE-2021-45105,CVE-2021-44832 are fixed in Ops4j - pax-logging-log4j2 for Linux 1.10.9 | Linux |
| Vulnerabilities CVE-2021-45105 are fixed in Ops4j - pax-logging-log4j2 for Linux 1.11.12 | Linux |
| Vulnerabilities CVE-2021-45105 are fixed in Ops4j - pax-logging-log4j2 for Linux 2.0.13 | Linux |
| Improper Input Validation Vulnerability (CVE-2021-45105) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234