CVE-2017-5645 in Oracle Identity Manager Connectorinfo

Summary

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Reservation

01/29/2017

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
163173Oracle Identity Manager Connector General/Misc deserialization502Not definedOfficial fixCVE-2017-5645
163123Oracle Financial Services Regulatory Reporting with AgileREPORTER deserialization502Not definedOfficial fixCVE-2017-5645
163005Oracle TimesTen In-Memory Database Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
158468Oracle Rapid Planning Middle Tier deserialization502Not definedOfficial fixCVE-2017-5645
158467Oracle Rapid Planning Middle Tier deserialization502Not definedOfficial fixCVE-2017-5645
158418Oracle Retail Service Backbone Installer deserialization502Not definedOfficial fixCVE-2017-5645
158412Oracle Retail Extract Transform/Load Mathematical Operators deserialization502Not definedOfficial fixCVE-2017-5645
158279Oracle WebLogic Server Console deserialization502Not definedOfficial fixCVE-2017-5645
158278Oracle WebLogic Server Centralized Thirdparty Jars deserialization502Not definedOfficial fixCVE-2017-5645
158270Oracle Endeca Information Discovery Studio deserialization502Not definedOfficial fixCVE-2017-5645
158231Oracle Financial Services Lending/Leasing Core deserialization502Not definedOfficial fixCVE-2017-5645
158215Oracle Application Testing Suite Load Testing for Web Apps deserialization502Not definedOfficial fixCVE-2017-5645
158164Oracle Primavera Gateway Admin deserialization502Not definedOfficial fixCVE-2017-5645
158118Oracle Communications Network Integrity Cartridge Management deserialization502Not definedOfficial fixCVE-2017-5645
153651Oracle In-Memory Performance-Driven Planning User deserialization502Not definedOfficial fixCVE-2017-5645
153623Oracle Retail Advanced Inventory Planning AIP Dashboard deserialization502Not definedOfficial fixCVE-2017-5645
153339Oracle Instantis EnterpriseTrack Logging deserialization502Not definedOfficial fixCVE-2017-5645
148696Oracle Communications Instant Messaging Server deserialization502Not definedOfficial fixCVE-2017-5645
143676Oracle JD Edwards EnterpriseOne Tools Log4j deserialization502Not definedOfficial fixCVE-2017-5645
138164Oracle Utilities Advanced Spatial/Operational Analytics Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
138053Oracle JD Edwards EnterpriseOne Tools Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
137997Oracle SOA Suite CKEditor deserialization502Not definedOfficial fixCVE-2017-5645
137880Oracle Interactive Session Recorder Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
133650Oracle JD Edwards EnterpriseOne Tools Monitoring/Diagnostics deserialization502Not definedOfficial fixCVE-2017-5645
133591Oracle JDeveloper Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
133493Oracle Communications Pricing Design Center Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
129688Oracle Tape Library ACSLS Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
129538Oracle SOA Suite Apache Batik deserialization502Not definedOfficial fixCVE-2017-5645
129536Oracle GoldenGate Application Adapters Spring deserialization502Not definedOfficial fixCVE-2017-5645
129522Oracle FLEXCUBE Investor Servicing jQuery deserialization502Not definedOfficial fixCVE-2017-5645
129463Oracle Communications WebRTC Session Controller Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
129460Oracle Communications Service Broker Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
129458Oracle Communications Online Mediation Controller Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
129456Oracle Communications Converged Application Server Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
125624Oracle Siebel CRM UI deserialization502Not definedOfficial fixCVE-2017-5645
125599Oracle Retail Open Commerce Platform Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
125597Oracle Retail Extract Transform/Load Mathematical Operators deserialization502Not definedOfficial fixCVE-2017-5645
125510Oracle Insurance Rules Palette deserialization502Not definedOfficial fixCVE-2017-5645
125508Oracle Insurance Calculation Engine deserialization502Not definedOfficial fixCVE-2017-5645
125428Oracle Identity Management Suite Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
125427Oracle Identity Analytics Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
125424Oracle API Gateway Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
125423Oracle BI Publisher Apache Log4j deserialization502Not definedOfficial fixCVE-2017-5645
125414Oracle Configuration Manager Collector of Config/Diag deserialization502Not definedOfficial fixCVE-2017-5645
125374Oracle Communications Messaging Server Convergence deserialization502Not definedOfficial fixCVE-2017-5645
121885Oracle Utilities Work/Asset Management Logging deserialization502Not definedOfficial fixCVE-2017-5645
121884Oracle Utilities Network Management System Logging deserialization502Not definedOfficial fixCVE-2017-5645
121875Oracle AutoVue VueLink Integration Installation deserialization502Not definedOfficial fixCVE-2017-5645
121833Oracle Retail Service Layer Installation deserialization502Not definedOfficial fixCVE-2017-5645
121832Oracle Retail Service Backbone Install deserialization502Not definedOfficial fixCVE-2017-5645

79 More entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 79 results.

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!