CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-17571

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.691

EPSS Ranking 99.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2019-17571

Apache » Bookkeeper » Version: N/A

cpe:2.3:a:apache:bookkeeper:-
Apache » Bookkeeper » Version: 4.0.0

cpe:2.3:a:apache:bookkeeper:4.0.0
Apache » Bookkeeper » Version: 4.1.0

cpe:2.3:a:apache:bookkeeper:4.1.0
Apache » Bookkeeper » Version: 4.10.0

cpe:2.3:a:apache:bookkeeper:4.10.0
Apache » Bookkeeper » Version: 4.11.0

cpe:2.3:a:apache:bookkeeper:4.11.0
Apache » Bookkeeper » Version: 4.11.1

cpe:2.3:a:apache:bookkeeper:4.11.1
Apache » Bookkeeper » Version: 4.12.0

cpe:2.3:a:apache:bookkeeper:4.12.0
Apache » Bookkeeper » Version: 4.12.1

cpe:2.3:a:apache:bookkeeper:4.12.1
Apache » Bookkeeper » Version: 4.13.0

cpe:2.3:a:apache:bookkeeper:4.13.0
Apache » Bookkeeper » Version: 4.14.0

cpe:2.3:a:apache:bookkeeper:4.14.0
Apache » Bookkeeper » Version: 4.14.1

cpe:2.3:a:apache:bookkeeper:4.14.1
Apache » Bookkeeper » Version: 4.14.2

cpe:2.3:a:apache:bookkeeper:4.14.2
Apache » Bookkeeper » Version: 4.2.0

cpe:2.3:a:apache:bookkeeper:4.2.0
Apache » Bookkeeper » Version: 4.2.1

cpe:2.3:a:apache:bookkeeper:4.2.1
Apache » Bookkeeper » Version: 4.2.3

cpe:2.3:a:apache:bookkeeper:4.2.3
Apache » Bookkeeper » Version: 4.2.4

cpe:2.3:a:apache:bookkeeper:4.2.4
Apache » Bookkeeper » Version: 4.3.0

cpe:2.3:a:apache:bookkeeper:4.3.0
Apache » Bookkeeper » Version: 4.3.1

cpe:2.3:a:apache:bookkeeper:4.3.1
Apache » Bookkeeper » Version: 4.3.2

cpe:2.3:a:apache:bookkeeper:4.3.2
Apache » Bookkeeper » Version: 4.4.0

cpe:2.3:a:apache:bookkeeper:4.4.0
Apache » Bookkeeper » Version: 4.5.0

cpe:2.3:a:apache:bookkeeper:4.5.0
Apache » Bookkeeper » Version: 4.5.1

cpe:2.3:a:apache:bookkeeper:4.5.1
Apache » Bookkeeper » Version: 4.6.0

cpe:2.3:a:apache:bookkeeper:4.6.0
Apache » Bookkeeper » Version: 4.6.1

cpe:2.3:a:apache:bookkeeper:4.6.1
Apache » Bookkeeper » Version: 4.6.2

cpe:2.3:a:apache:bookkeeper:4.6.2
Apache » Bookkeeper » Version: 4.7.0

cpe:2.3:a:apache:bookkeeper:4.7.0
Apache » Bookkeeper » Version: 4.7.1

cpe:2.3:a:apache:bookkeeper:4.7.1
Apache » Bookkeeper » Version: 4.7.2

cpe:2.3:a:apache:bookkeeper:4.7.2
Apache » Bookkeeper » Version: 4.7.3

cpe:2.3:a:apache:bookkeeper:4.7.3
Apache » Bookkeeper » Version: 4.8.0

cpe:2.3:a:apache:bookkeeper:4.8.0
Apache » Bookkeeper » Version: 4.8.1

cpe:2.3:a:apache:bookkeeper:4.8.1
Apache » Bookkeeper » Version: 4.8.2

cpe:2.3:a:apache:bookkeeper:4.8.2
Apache » Bookkeeper » Version: 4.9.0

cpe:2.3:a:apache:bookkeeper:4.9.0
Apache » Bookkeeper » Version: 4.9.1

cpe:2.3:a:apache:bookkeeper:4.9.1
Apache » Bookkeeper » Version: 4.9.2

cpe:2.3:a:apache:bookkeeper:4.9.2
Apache » Log4j » Version: 1.0.4

cpe:2.3:a:apache:log4j:1.0.4
Apache » Log4j » Version: 1.1.3

cpe:2.3:a:apache:log4j:1.1.3
Apache » Log4j » Version: 1.2

cpe:2.3:a:apache:log4j:1.2
Apache » Log4j » Version: 1.2.1

cpe:2.3:a:apache:log4j:1.2.1
Apache » Log4j » Version: 1.2.10

cpe:2.3:a:apache:log4j:1.2.10
Apache » Log4j » Version: 1.2.11

cpe:2.3:a:apache:log4j:1.2.11
Apache » Log4j » Version: 1.2.12

cpe:2.3:a:apache:log4j:1.2.12
Apache » Log4j » Version: 1.2.13

cpe:2.3:a:apache:log4j:1.2.13
Apache » Log4j » Version: 1.2.14

cpe:2.3:a:apache:log4j:1.2.14
Apache » Log4j » Version: 1.2.15

cpe:2.3:a:apache:log4j:1.2.15
Apache » Log4j » Version: 1.2.16

cpe:2.3:a:apache:log4j:1.2.16
Apache » Log4j » Version: 1.2.17

cpe:2.3:a:apache:log4j:1.2.17
Apache » Log4j » Version: 1.2.2

cpe:2.3:a:apache:log4j:1.2.2
Apache » Log4j » Version: 1.2.3

cpe:2.3:a:apache:log4j:1.2.3
Apache » Log4j » Version: 1.2.4

cpe:2.3:a:apache:log4j:1.2.4
Apache » Log4j » Version: 1.2.5

cpe:2.3:a:apache:log4j:1.2.5
Apache » Log4j » Version: 1.2.6

cpe:2.3:a:apache:log4j:1.2.6
Apache » Log4j » Version: 1.2.7

cpe:2.3:a:apache:log4j:1.2.7
Apache » Log4j » Version: 1.2.8

cpe:2.3:a:apache:log4j:1.2.8
Apache » Log4j » Version: 1.2.9

cpe:2.3:a:apache:log4j:1.2.9
Netapp » Oncommand System Manager » Version: 3.0

cpe:2.3:a:netapp:oncommand_system_manager:3.0
Netapp » Oncommand System Manager » Version: 3.0.0

cpe:2.3:a:netapp:oncommand_system_manager:3.0.0
Netapp » Oncommand System Manager » Version: 3.1

cpe:2.3:a:netapp:oncommand_system_manager:3.1
Netapp » Oncommand System Manager » Version: 3.1.1

cpe:2.3:a:netapp:oncommand_system_manager:3.1.1
Netapp » Oncommand System Manager » Version: 3.1.2

cpe:2.3:a:netapp:oncommand_system_manager:3.1.2
Netapp » Oncommand System Manager » Version: 3.1.3

cpe:2.3:a:netapp:oncommand_system_manager:3.1.3
Netapp » Oncommand Workflow Automation » Version: N/A

cpe:2.3:a:netapp:oncommand_workflow_automation:-
Oracle » Application Testing Suite » Version: 13.3.0.1

cpe:2.3:a:oracle:application_testing_suite:13.3.0.1
Oracle » Communications Network Integrity » Version: 7.3.2

cpe:2.3:a:oracle:communications_network_integrity:7.3.2
Oracle » Communications Network Integrity » Version: 7.3.5

cpe:2.3:a:oracle:communications_network_integrity:7.3.5
Oracle » Communications Network Integrity » Version: 7.3.6

cpe:2.3:a:oracle:communications_network_integrity:7.3.6
Oracle » Endeca Information Discovery Studio » Version: 3.2.0

cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0
Oracle » Financial Services Lending And Leasing » Version: 12.5.0

cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0
Oracle » Financial Services Lending And Leasing » Version: 14.1.0

cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.1.0
Oracle » Financial Services Lending And Leasing » Version: 14.2.0

cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.2.0
Oracle » Financial Services Lending And Leasing » Version: 14.8.0

cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.8.0
Oracle » Mysql Enterprise Monitor » Version: N/A

cpe:2.3:a:oracle:mysql_enterprise_monitor:-
Oracle » Mysql Enterprise Monitor » Version: 2.3.14

cpe:2.3:a:oracle:mysql_enterprise_monitor:2.3.14
Oracle » Mysql Enterprise Monitor » Version: 3.0.25

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.25
Oracle » Mysql Enterprise Monitor » Version: 3.0.4

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.4
Oracle » Mysql Enterprise Monitor » Version: 3.1.0

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.0
Oracle » Mysql Enterprise Monitor » Version: 3.1.1

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.1
Oracle » Mysql Enterprise Monitor » Version: 3.1.2

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.2
Oracle » Mysql Enterprise Monitor » Version: 3.1.3

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3
Oracle » Mysql Enterprise Monitor » Version: 3.1.3.7856

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3.7856
Oracle » Mysql Enterprise Monitor » Version: 3.1.4

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.4
Oracle » Mysql Enterprise Monitor » Version: 3.1.5

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.5
Oracle » Mysql Enterprise Monitor » Version: 3.1.6

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6
Oracle » Mysql Enterprise Monitor » Version: 3.1.6.8003

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6.8003
Oracle » Mysql Enterprise Monitor » Version: 3.1.7

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.7
Oracle » Mysql Enterprise Monitor » Version: 3.2.0

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.0
Oracle » Mysql Enterprise Monitor » Version: 3.2.1

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1
Oracle » Mysql Enterprise Monitor » Version: 3.2.10

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.10
Oracle » Mysql Enterprise Monitor » Version: 3.2.1182

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1182
Oracle » Mysql Enterprise Monitor » Version: 3.2.2

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.2
Oracle » Mysql Enterprise Monitor » Version: 3.2.3

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.3
Oracle » Mysql Enterprise Monitor » Version: 3.2.4

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.4
Oracle » Mysql Enterprise Monitor » Version: 3.2.5

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.5
Oracle » Mysql Enterprise Monitor » Version: 3.2.6

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.6
Oracle » Mysql Enterprise Monitor » Version: 3.2.7

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.7
Oracle » Mysql Enterprise Monitor » Version: 3.2.8

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8
Oracle » Mysql Enterprise Monitor » Version: 3.2.8.2223

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8.2223
Oracle » Mysql Enterprise Monitor » Version: 3.2.9

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.9
Oracle » Mysql Enterprise Monitor » Version: 3.3.0

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.0
Oracle » Mysql Enterprise Monitor » Version: 3.3.1

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.1
Oracle » Mysql Enterprise Monitor » Version: 3.3.2

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2
Oracle » Mysql Enterprise Monitor » Version: 3.3.2.1162

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2.1162
Oracle » Mysql Enterprise Monitor » Version: 3.3.3

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.3
Oracle » Mysql Enterprise Monitor » Version: 3.3.4

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4
Oracle » Mysql Enterprise Monitor » Version: 3.3.4.3247

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4.3247
Oracle » Mysql Enterprise Monitor » Version: 3.3.5

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.5
Oracle » Mysql Enterprise Monitor » Version: 3.3.6

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.6
Oracle » Mysql Enterprise Monitor » Version: 3.3.6.3293

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.6.3293
Oracle » Mysql Enterprise Monitor » Version: 3.3.7

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.7
Oracle » Mysql Enterprise Monitor » Version: 3.3.8

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.8
Oracle » Mysql Enterprise Monitor » Version: 3.3.9

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.9
Oracle » Mysql Enterprise Monitor » Version: 3.4.0

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.0
Oracle » Mysql Enterprise Monitor » Version: 3.4.1

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.1
Oracle » Mysql Enterprise Monitor » Version: 3.4.10

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.10
Oracle » Mysql Enterprise Monitor » Version: 3.4.2

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2
Oracle » Mysql Enterprise Monitor » Version: 3.4.2.4181

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2.4181
Oracle » Mysql Enterprise Monitor » Version: 3.4.3

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.3
Oracle » Mysql Enterprise Monitor » Version: 3.4.4

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.4
Oracle » Mysql Enterprise Monitor » Version: 3.4.4.4226

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.4.4226
Oracle » Mysql Enterprise Monitor » Version: 3.4.5

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.5
Oracle » Mysql Enterprise Monitor » Version: 3.4.6

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.6
Oracle » Mysql Enterprise Monitor » Version: 3.4.7

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7
Oracle » Mysql Enterprise Monitor » Version: 3.4.7.4297

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7.4297
Oracle » Mysql Enterprise Monitor » Version: 3.4.8

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.8
Oracle » Mysql Enterprise Monitor » Version: 3.4.9

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9
Oracle » Mysql Enterprise Monitor » Version: 3.4.9.4237

cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9.4237
Oracle » Mysql Enterprise Monitor » Version: 4.0.0

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.0
Oracle » Mysql Enterprise Monitor » Version: 4.0.0.5135

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.0.5135
Oracle » Mysql Enterprise Monitor » Version: 4.0.1

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.1
Oracle » Mysql Enterprise Monitor » Version: 4.0.11.5331

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.11.5331
Oracle » Mysql Enterprise Monitor » Version: 4.0.12

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.12
Oracle » Mysql Enterprise Monitor » Version: 4.0.2

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.2
Oracle » Mysql Enterprise Monitor » Version: 4.0.3

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.3
Oracle » Mysql Enterprise Monitor » Version: 4.0.4

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4
Oracle » Mysql Enterprise Monitor » Version: 4.0.4.5235

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4.5235
Oracle » Mysql Enterprise Monitor » Version: 4.0.5

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.5
Oracle » Mysql Enterprise Monitor » Version: 4.0.6

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6
Oracle » Mysql Enterprise Monitor » Version: 4.0.6.5281

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6.5281
Oracle » Mysql Enterprise Monitor » Version: 4.0.7

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.7
Oracle » Mysql Enterprise Monitor » Version: 4.0.8

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.8
Oracle » Mysql Enterprise Monitor » Version: 4.1

cpe:2.3:a:oracle:mysql_enterprise_monitor:4.1
Oracle » Mysql Enterprise Monitor » Version: 8.0.0

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0
Oracle » Mysql Enterprise Monitor » Version: 8.0.0.8131

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0.8131
Oracle » Mysql Enterprise Monitor » Version: 8.0.1

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.1
Oracle » Mysql Enterprise Monitor » Version: 8.0.14

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.14
Oracle » Mysql Enterprise Monitor » Version: 8.0.18.1217

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.18.1217
Oracle » Mysql Enterprise Monitor » Version: 8.0.2

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2
Oracle » Mysql Enterprise Monitor » Version: 8.0.2.8191

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2.8191
Oracle » Mysql Enterprise Monitor » Version: 8.0.20

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.20
Oracle » Mysql Enterprise Monitor » Version: 8.0.21

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.21
Oracle » Mysql Enterprise Monitor » Version: 8.0.22

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.22
Oracle » Mysql Enterprise Monitor » Version: 8.0.23

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.23
Oracle » Mysql Enterprise Monitor » Version: 8.0.25

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.25
Oracle » Mysql Enterprise Monitor » Version: 8.0.29

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.29
Oracle » Mysql Enterprise Monitor » Version: 8.0.3

cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.3
Oracle » Primavera Gateway » Version: 16.2

cpe:2.3:a:oracle:primavera_gateway:16.2
Oracle » Primavera Gateway » Version: 16.2.0

cpe:2.3:a:oracle:primavera_gateway:16.2.0
Oracle » Primavera Gateway » Version: 16.2.11

cpe:2.3:a:oracle:primavera_gateway:16.2.11
Oracle » Primavera Gateway » Version: 17.12.0

cpe:2.3:a:oracle:primavera_gateway:17.12.0
Oracle » Primavera Gateway » Version: 17.12.6

cpe:2.3:a:oracle:primavera_gateway:17.12.6
Oracle » Primavera Gateway » Version: 17.12.7

cpe:2.3:a:oracle:primavera_gateway:17.12.7
Oracle » Rapid Planning » Version: 12.1

cpe:2.3:a:oracle:rapid_planning:12.1
Oracle » Rapid Planning » Version: 12.2

cpe:2.3:a:oracle:rapid_planning:12.2
Oracle » Retail Extract Transform And Load » Version: 19.0

cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0
Oracle » Retail Service Backbone » Version: 14.1

cpe:2.3:a:oracle:retail_service_backbone:14.1
Oracle » Retail Service Backbone » Version: 15.0

cpe:2.3:a:oracle:retail_service_backbone:15.0
Oracle » Retail Service Backbone » Version: 16.0

cpe:2.3:a:oracle:retail_service_backbone:16.0
Oracle » Weblogic Server » Version: 10.3.6.0.0

cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0
Oracle » Weblogic Server » Version: 12.1.3.0.0

cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0
Oracle » Weblogic Server » Version: 12.2.1.3.0

cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0
Oracle » Weblogic Server » Version: 12.2.1.4.0

cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0
Oracle » Weblogic Server » Version: 14.1.1.0.0

cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0
Canonical » Ubuntu Linux » Version: 18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0
Opensuse » Leap » Version: 15.1

cpe:2.3:o:opensuse:leap:15.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-17571

Products

Pricing

Contact Us