It was discovered that Apache Log4j does not properly deserialize
untrusted data. An attacker could possibly use this issue to remotely
execute arbitrary code. (CVE-2019-17571)

References

ubuntu.com/security/CVE-2019-17571

ubuntu.com/security/notices/USN-4495-1

veracode 2

ibm 37

osv 5

f5 1

debiancve 1

nessus 23

suse 1

openvas 12

redhat 16

cloudlinux 1

debian 3

github 1

checkpoint_advisories 1

atlassian 3

cve 1

ubuntu 2

symantec 1

prion 1

ubuntucve 1

redhatcve 2

githubexploit 3

rosalinux 1

centos 1

attackerkb 1

amazon 2

gentoo 1

mageia 1

cert 1

oracle 7

veracode

Arbitrary Code Execution

2019-12-23 04:57:47

Remote Code Execution (RCE)

2017-04-18 01:36:45

ibm

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)

2021-11-29 13:23:28

Security Bulletin: Apache-Log4j (Publicly disclosed vulnerability)

2021-12-18 08:39:03

Security Bulletin: IBM OpenPages with Watson is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2019-17571)

2022-02-08 22:56:04

osv

CVE-2019-17571

2019-12-20 17:15:11

apache-log4j1.2 - security update

2020-01-12 00:00:00

Deserialization of Untrusted Data in Log4j

2020-01-06 18:43:49

K61529042 : Log4j vulnerability CVE-2019-17571

2020-04-08 00:00:00

debiancve

CVE-2019-17571

2019-12-20 17:15:00

nessus

Ubuntu 18.04 LTS : Apache Log4j vulnerability (USN-4495-1)

2020-09-15 00:00:00

Debian DLA-2065-1 : apache-log4j1.2 security update

2020-01-13 00:00:00

SUSE SLES11 Security Update : log4j (SUSE-SU-2020:14267-1)

2021-06-10 00:00:00

suse

Security update for log4j (important)

2020-01-14 00:00:00

openvas

Apache Log4j 1.2.x <= 1.2.17 RCE Vulnerability - Windows

2021-12-22 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:0054-1)

2021-04-19 00:00:00

openSUSE: Security Advisory for log4j (openSUSE-SU-2020:0051_1)

2020-01-27 00:00:00

redhat

(RHSA-2022:5053) Important: log4j security update

2022-06-15 10:01:13

(RHSA-2017:3399) Important: Red Hat JBoss Enterprise Application Platform 5.2 security update

2017-12-07 17:04:23

(RHSA-2017:3400) Important: Red Hat JBoss Enterprise Application Platform 5.2 security update

2017-12-07 17:04:46

cloudlinux

Fixed CVE-2019-17571 in log4j

2022-06-21 20:23:31

debian

[SECURITY] [DLA 2065-1] apache-log4j1.2 security update

2020-01-12 22:27:19

[SECURITY] [DSA 4686-1] apache-log4j1.2 security update

2020-05-15 22:17:02

[SECURITY] [DSA 4686-1] apache-log4j1.2 security update

2020-05-15 22:17:02

github

Deserialization of Untrusted Data in Log4j

2020-01-06 18:43:49

checkpoint_advisories

Apache Log4j Remote Code Execution (CVE-2019-17571)

2020-03-01 00:00:00

atlassian

Apache Log4j - Arbitrary Code Execution in confserver/confluence (master)

2020-03-02 03:58:39

Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities

2021-02-03 22:39:15

Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities

2021-02-03 22:39:15

cve

CVE-2019-17571

2019-12-20 17:15:00

ubuntu

Apache Log4j vulnerability

2020-09-15 00:00:00

Apache Log4j vulnerabilities

2023-04-05 00:00:00

symantec

Apache Log4j CVE-2019-17571 Deserialization Remote Code Execution Vulnerability

2019-12-18 00:00:00

prion

Deserialization of untrusted data

2019-12-20 17:15:00

ubuntucve

CVE-2019-17571

2019-12-20 00:00:00

redhatcve

CVE-2017-5645

2019-10-10 10:12:57

CVE-2019-17571

2020-04-05 23:06:12

githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-13 19:14:23

Exploit for Deserialization of Untrusted Data in Apache Log4J

2019-12-25 16:46:11

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-13 07:48:49

rosalinux

Advisory ROSA-SA-2021-1909

2021-07-02 17:26:24

centos

log4j security update

2017-08-31 18:57:53

attackerkb

CVE-2019-17571

2019-12-20 00:00:00

amazon

Important: log4j

2022-01-18 20:15:00

Medium: log4j

2022-01-18 21:37:00

gentoo

Apache Log4j: Multiple Vulnerabilities

2024-02-18 00:00:00

mageia

Updated davmail packages fix security vulnerability

2023-04-15 22:03:44

cert

Apache Log4j allows insecure JNDI lookups

2021-12-15 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.794 High

EPSS

Percentile

98.2%

JSON

Related for OSV:USN-4495-1