Lucene search

K
kasperskyKaspersky LabKLA12394
HistoryDec 18, 2021 - 12:00 a.m.

KLA12394 DoS vulnerability in Apache Log4j

2021-12-1800:00:00
Kaspersky Lab
threats.kaspersky.com
86

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.967 High

EPSS

Percentile

99.6%

Detect date:

12/18/2021

Severity:

High

Description:

Denial of service vulnerability was found in Apache Log4j. Malicious users can exploit this vulnerability to cause denial of service.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Apache Log4j 2.0-beta9 before 2.3.1, 2.4.0 before 2.12.3, 2.13.0 before 2.17.0
Abbott GLP Track System
Akamai Siem Integration Connector
BCT e-Invoice
BMC Helix Platform
Barco OpSpace
BioJava Java library for processing biological data
Bosch Rexroth Bosch IoT gateway
Broadcom Symantec Advanced Authentication
CIS CAT Lite
CIS CAT Pro Assessor v3 Full and Dissolvable
CIS CAT Pro Assessor v4
CIS CSAT Pro
Dell APEX Console
Dell APEX Data Storage Services
Dell Cloud IQ
Dell Connectrix (Cisco MDS DCNM)
Dell Connectrix B-Series SANnav
Dell Data Domain OS
Dell EMC Avamar
Dell EMC BSN Controller Node
Dell EMC Cloud Disaster Recovery
Dell EMC Data Protection Central
Dell EMC Data Protection Search
Dell EMC ECS
Dell EMC Enterprise Storage Analytics for vRealize Operations
Dell EMC Integrated System for Azure Stack HCI
Dell EMC Integrated System for Microsoft Azure Stack Hub
Dell EMC Metro Node
Dell EMC NetWorker
Dell EMC Networking Virtual Edge Platform with VersaOS
Dell EMC OpenManage Enterprise Services
Dell EMC PowerFlex Appliance
Dell EMC PowerFlex Rack
Dell EMC PowerFlex Software (SDS)
Dell EMC PowerProtect DP Series Appliance (iDPA)
Dell EMC PowerProtect Data Manager
Dell EMC PowerStore
Dell EMC RecoverPoint
Dell EMC Ruckus SmartZone 300 Controller
Dell EMC Ruckus Virtual Software
Dell EMC SRM vApp
Dell EMC Streaming Data Platform
Dell EMC VxRail
Dell EMC XC
Dell Open Management Enterprise - Modular
Dell OpenManage Enterprise
Dell SRS Policy Manager
Dell Secure Connect Gateway (SCG) Appliance
Dell Secure Connect Gateway (SCG) Policy Manager
Dell SupportAssist Enterprise
Dell Unisphere Central
Dell VNXe 3200
Dell Vblock
Dell VxBlock
Dell Wyse Management Suite
Dell vRealize Data Protection Extension Data Management
Elastic Logstash
Elastic search
Ewon (HMS-Networks) eCatcher
FedEx Ship Manager
FileCap Server
GFI Software Kerio Connect
HPE Real Time Management System (RTMS)
Hitachi Energy FOXMAN-UN
Hitachi Energy UNEM
Hitachi Energy nMarket Global I-SEM
Kaltura Blackboard Learn SaaS in the classic Learn experience
Kaltura Blackboard Learn Self- and Managed-Hosting
NVIDIA DGX systems
NVIDIA NetQ
Nulab Backlog
Nulab Cacoo
Nulab Typetalk
Nutanix AOS (STS)
Nutanix Beam
Nutanix Calm
Nutanix Collector Portal
Nutanix Flow Security Central
Nutanix Frame
Nutanix Karbon
Nutanix Leap
Nutanix MSP
Nutanix Mine
Nutanix Objects
Nutanix Prism Central
Nutanix Sizer
Nutanix Volumes
Nutanix Witness VM
PTV Group Map&Market
PTV Group PTV Content Update Service
PTV Group PTV Developer
PTV Group PTV MaaS Modeller
PTV Group PTV Route Optimiser CL
PTV Group PTV Route Optimiser ST
PTV Group PTV Route Optimizer SaaS / Demonstrator
PTV Group PTV TLN planner internet
PTV Group PTV Visum Publisher
PTV Group PTV xServer
Palo Alto PAN-OS for Panorama
Phoenix Contact Cloud Services
QlikTech International Compose
QlikTech International Enterprise Manager
QlikTech International GeoAnalytics
QlikTech International Qlik Catalog
QlikTech International Replicate
Revenera FlexNet Publisher 64-bit License Server Manager
RuneCast Analyzer
SAP Hana Cockpit
SAP XS Advanced Runtime
Snow Software Snow Commander
Snow Software VM Access Proxy
SonicWall Email Security
SonicWall NSM On-Premise
Storage Center - Dell Storage Manager
SyncRO Soft SRL Batch Document Converter
SyncRO Soft SRL Git Client
SyncRO Soft SRL Oxygen Feedback Enterprise
SyncRO Soft SRL Oxygen License Server
SyncRO Soft SRL Oxygen PDF Chemistry
SyncRO Soft SRL Oxygen SDK
SyncRO Soft SRL Oxygen Web Author Test Server Add-on
SyncRO Soft SRL Oxygen XML Author
SyncRO Soft SRL Oxygen XML Content Fusion
SyncRO Soft SRL Oxygen XML Developer
SyncRO Soft SRL Oxygen XML Editor
SyncRO Soft SRL Oxygen XML Publishing Engine
SyncRO Soft SRL Oxygen XML Web Author
SyncRO Soft SRL Oxygen XML WebHelp
SyncRO Soft SRL Web Author PDF Plugin
SyncRO Soft SRL XSD to JSON Schema Converter
Trend Micro Deep Discovery Director
vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage

Solution:

Update to the latest version

Original advisories:

Fixed in Log4j 2.17.0

Impacts:

DoS

Related products:

Apache Log4j

CVE-IDS:

CVE-2021-451055.9High

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.967 High

EPSS

Percentile

99.6%