CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

CVSS v3.0 6.6 MEDIUM
CVSS v2.0 8.5 HIGH

6.6^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143	Mailing List Vendor Advisory
https://issues.apache.org/jira/browse/LOG4J2-3293	Issue Tracking Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/12/28/1	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20220104-0001/	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/	Mailing List Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:log4j:2.0:rc1::::::
	cpe:2.3:a:apache:log4j:2.0:beta9::::::
	cpe:2.3:a:apache:log4j:2.0:rc2::::::
	cpe:2.3:a:apache:log4j:2.0:beta8::::::
	cpe:2.3:a:apache:log4j:2.0:beta7::::::
	cpe:2.3:a:apache:log4j:2.0:-::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*
	cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:::::::*
	cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*
	cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:::::::*
	cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::
	cpe:2.3:a:oracle:primavera_gateway:21.12.0:::::::*
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:retail_fiscal_management:14.2:::::::*
	cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::
	cpe:2.3:a:oracle:siebel_ui_framework:21.12:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::

Configuration 3 (hide)

cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 5 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR	cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*
	cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
	cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*
	cpe:2.3:a:oracle:siebel_ui_framework::::::::
	cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:::::::*
	cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::
	cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::
	cpe:2.3:a:oracle:primavera_gateway:21.12.0:::::::*
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:primavera_gateway::::::::
	cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::
	cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:::::::*
	cpe:2.3:a:oracle:retail_order_broker:19.1:::::::*
	cpe:2.3:a:oracle:policy_automation::::::::
	cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:::::::*
	cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
	cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:::::::*
	cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:::::::*
	cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:::::::*
	cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:::::::*
	cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:::::::*
	cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::
	cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine::::::::

Information

Published : 2021-12-28 12:15

Updated : 2022-08-08 18:24

NVD link : CVE-2021-44832

Mitre link : CVE-2021-44832

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

oracle

siebel_ui_framework
primavera_unifier
primavera_p6_enterprise_project_portfolio_management
policy_automation_for_mobile_devices
retail_order_broker
communications_offline_mediation_controller
health_sciences_data_management_workbench
communications_diameter_signaling_router
weblogic_server
policy_automation
communications_interactive_session_recorder
flexcube_private_banking
product_lifecycle_analytics
retail_xstore_point_of_service
primavera_gateway
communications_brm_-_elastic_charging_engine
retail_fiscal_management
retail_assortment_planning

fedoraproject

fedora

debian

debian_linux

cisco

cloudcenter

apache

log4j

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143", "name": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://issues.apache.org/jira/browse/LOG4J2-3293", "name": "https://issues.apache.org/jira/browse/LOG4J2-3293", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1", "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html", "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://security.netapp.com/advisory/ntap-20220104-0001/", "name": "https://security.netapp.com/advisory/ntap-20220104-0001/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/", "name": "FEDORA-2021-1bd9151bab", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/", "name": "FEDORA-2021-c6f471ce0f", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": ["Third Party Advisory"], "refsource": "CISCO"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "name": "N/A", "tags": ["Patch", "Third Party Advisory"], "refsource": "N/A"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-44832", "ASSIGNER": "security@apache.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}}, "publishedDate": "2021-12-28T20:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.17.1", "versionStartIncluding": "2.13.0"}, {"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.12.4", "versionStartIncluding": "2.4"}, {"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.3.2", "versionStartIncluding": "2.0.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "20.12.7", "versionStartIncluding": "20.12.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "20.12.12.0", "versionStartIncluding": "20.12.0.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "19.12.12", "versionStartIncluding": "19.12.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "18.8.13", "versionStartIncluding": "18.8.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "19.12.18.0", "versionStartIncluding": "19.12.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.5.1.0", "versionStartIncluding": "8.0.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "20.12.7", "versionStartIncluding": "20.12.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "21.12"}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "20.12.12.0", "versionStartIncluding": "20.12.0.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "19.12.18.0", "versionStartIncluding": "19.12.0.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "19.12.12", "versionStartIncluding": "19.12.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "18.8.13", "versionStartIncluding": "18.8.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.5.1.0", "versionStartIncluding": "8.3.0.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "12.2.24", "versionStartIncluding": "12.2.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "12.2.24", "versionStartIncluding": "12.2.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "12.0.0.4.4"}, {"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "12.0.0.4.6"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-09T01:24Z"}

6.6 /10