CVE-2021-45105

CVE Database · CVE-2021-45105

CVE-2021-45105

· MEDIUMModified

CVSS v3.1

5.9

EPSS

100.00%

Published

Dec 18, 2021

Modified

May 29, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20CWE-674CWE-20CWE-674

Affected Products (213)

apache · log4j (up to 2.3.1)vulnerable

apache · log4j (up to 2.12.3)vulnerable

apache · log4jvulnerable

netapp · cloud_managervulnerable

debian · debian_linuxvulnerable

sonicwall · email_securityvulnerable

sonicwall · network_security_manager (up to 3.0)vulnerable

References (20)

http://www.openwall.com/lists/oss-security/2021/12/19/1

Mailing ListMitigationThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf

Third Party Advisory

https://logging.apache.org/log4j/2.x/security.html

Release NotesVendor Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Third Party Advisory

https://security.netapp.com/advisory/ntap-20211218-0001/

KEV Catalog EPSS Scores Vendors All CVEs

sonicwall · web_application_firewall (up to 3.1.0)

sonicwall · 6bk1602-0aa12-0tp0_firmware (up to 2.7.0)vulnerable

sonicwall · 6bk1602-0aa12-0tp0

sonicwall · 6bk1602-0aa22-0tp0_firmware (up to 2.7.0)vulnerable

sonicwall · 6bk1602-0aa22-0tp0

sonicwall · 6bk1602-0aa32-0tp0_firmware (up to 2.7.0)vulnerable

sonicwall · 6bk1602-0aa32-0tp0

sonicwall · 6bk1602-0aa42-0tp0_firmware (up to 2.7.0)vulnerable

sonicwall · 6bk1602-0aa42-0tp0

sonicwall · 6bk1602-0aa52-0tp0_firmware (up to 2.7.0)vulnerable

sonicwall · 6bk1602-0aa52-0tp0

oracle · agile_engineering_data_managementvulnerable

oracle · agile_plmvulnerable

oracle · agile_plm_mcad_connectorvulnerable

oracle · autovue_for_agile_product_lifecycle_managementvulnerable

oracle · banking_deposits_and_lines_of_credit_servicingvulnerable

oracle · banking_enterprise_default_managementvulnerable

oracle · banking_loans_servicingvulnerable

oracle · banking_party_managementvulnerable

oracle · banking_paymentsvulnerable

oracle · banking_platformvulnerable

oracle · banking_trade_financevulnerable

oracle · banking_treasury_managementvulnerable

oracle · business_intelligencevulnerable

oracle · communications_asapvulnerable

oracle · communications_billing_and_revenue_managementvulnerable

oracle · communications_cloud_native_core_consolevulnerable

oracle · communications_cloud_native_core_network_function_cloud_native_environmentvulnerable

oracle · communications_cloud_native_core_network_repository_functionvulnerable

oracle · communications_cloud_native_core_network_slice_selection_functionvulnerable

oracle · communications_cloud_native_core_policyvulnerable

oracle · communications_cloud_native_core_security_edge_protection_proxyvulnerable

oracle · communications_cloud_native_core_service_communication_proxyvulnerable

oracle · communications_cloud_native_core_unified_data_repositoryvulnerable

oracle · communications_convergencevulnerable

Third Party Advisory

https://www.kb.cert.org/vuls/id/930724

Third Party AdvisoryUS Government Resource

http://www.openwall.com/lists/oss-security/2021/12/19/1

Mailing ListMitigationThird Party Advisory