CRITICAL✓ PATCH🇬🇧 English

CVE-2017-5645

CVSS 9.8v3.1pub. 2017-04-17upd. 2026-05-13

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Log4j

    APP
    Apache
    2.0 – 2.8.2 (bez)
  • Netapp Oncommand Api Services

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Insight

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Workflow Automation

    APP
    Netapp
    wszystkie wersje
  • Netapp Service Level Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Snapcenter

    APP
    Netapp
    wszystkie wersje
  • Netapp Storage Automation Store

    APP
    Netapp
    wszystkie wersje
  • Oracle Api Gateway

    APP
    Oracle
    11.1.2.4.0
  • Oracle Application Testing Suite

    APP
    Oracle
    13.3.0.1
  • Oracle Autovue Vuelink Integration

    APP
    Oracle
    21.0.021.0.1
  • Oracle Banking Platform

    APP
    Oracle
    2.6.02.6.12.6.2
  • Oracle Bi Publisher

    APP
    Oracle
    11.1.1.7.011.1.1.9.012.2.1.3.012.2.1.4.0
  • Oracle Communications Converged Application Server Service Controller

    APP
    Oracle
    6.1
  • Oracle Communications Instant Messaging Server

    APP
    Oracle
    10.0.1.3.0
  • Oracle Communications Interactive Session Recorder

    APP
    Oracle
    6.0 – 6.2
  • Oracle Communications Messaging Server

    APP
    Oracle
    < 8.0.2
  • Oracle Communications Network Integrity

    APP
    Oracle
    7.3.2 – 7.3.6
  • Oracle Communications Online Mediation Controller

    APP
    Oracle
    6.1
  • Oracle Communications Pricing Design Center

    APP
    Oracle
    11.112.0
  • Oracle Communications Service Broker

    APP
    Oracle
    6.0
  • Oracle Communications Webrtc Session Controller

    APP
    Oracle
    < 7.2
  • Oracle Configuration Manager

    APP
    Oracle
    12.1.2.0.212.1.2.0.5
  • Oracle Endeca Information Discovery Studio

    APP
    Oracle
    3.2.0
  • Oracle Enterprise Data Quality

    APP
    Oracle
    12.2.1.3.0
  • Oracle Enterprise Manager Base Platform

    APP
    Oracle
    12.1.0.513.2.0.0
  • Oracle Enterprise Manager For Fusion Middleware

    APP
    Oracle
    12.1.0.513.2.0.0
  • Oracle Enterprise Manager For MySQL Database

    APP
    Oracle
    ≤ 13.2.2.0.0
  • Oracle Enterprise Manager For Oracle Database

    APP
    Oracle
    12.1.0.813.2.2
  • Oracle Enterprise Manager For Peoplesoft

    APP
    Oracle
    13.1.1.113.2.1.1
  • Oracle Financial Services Analytical Applications Infrastructure

    APP
    Oracle
    8.0.0.0.0 – 8.0.7.0.07.3.3.0.0 – 7.3.3.0.2
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCEDeserialization
CWE
Referencje

Powiązane podatności

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2021-45046CRITICAL9.0⚠ KEVten sam produkt

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-defau...

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...