CVE-2021-44228

Oracle Security Alert for CVE-2021-44228 - Oracle CVRF Oracle Security Alert CVE-2021-44228 Final 3 3 2021-12-17T11:35:00-07:00 Updated CVSS score for CVE-2021-45046. 2021-12-10T17:00:00-07:00 2021-12-17T11:35:00-07:00 This document contains descriptions of Oracle product security vulnerabilities which have had security patches released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including security patch distribution information can be found at the Oracle sites referenced in this document. This document is published at: https://www.oracle.com/a/tech/docs/cve-2021-44228cvrf.xml https://www.oracle.com/security-alerts/alert-cve-2021-44228.html URL to html version of Advisory Dependent Product Version 2.0 - 2.14.1 Dependent Product Version 2.0 - 2.15.0 CVE-2021-44228 Vulnerability in the Apache Log4j product of Third Party Component (component: All). Supported versions that are affected are 2.0 - 2.14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Apache Log4j. While the vulnerability is in Apache Log4j, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Apache Log4j. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-44228 P-10787V-2.0 - 2.14.1 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Dependent Product Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2827611.1 P-10787V-2.0 - 2.14.1 CVE-2021-45046 Vulnerability in the Apache Log4j product of Third Party Component (component: All). Supported versions that are affected are 2.0 - 2.15.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Apache Log4j. While the vulnerability is in Apache Log4j, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Apache Log4j. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Security patch has been released CVE-2021-45046 P-10787V-2.0 - 2.15.0 9.0 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Dependent Product Oracle customers with valid support contracts https://support.oracle.com/rs?type=doc&id=2827611.1 P-10787V-2.0 - 2.15.0