|
CVE ID |
BDSA |
Description |
Versions impacted |
Upgrade Guidance |
|
BDSA-2021-3887 |
Log4j vulnerable to Remote Code Execution (RCE) via Malicious JDBC Appender Configuration |
2.0-beta7 to 2.17.0 (excluding 2.3.2, 2.12.4) |
2.17.1 – For Java 8 or later 2.12.4 – For Java 7 2.3.2 – For Java 6 |
|
|
BDSA-2021-3817 |
Apache Log4j vulnerable to denial-of-service (DoS) via infinite loop |
2.0-beta9 to 2.16.0 (excluding 2.12.3) |
2.17.0 – For Java 8 or later 2.12.3 – For Java 7 2.3.1- For Java 6 |
|
|
BDSA-2021-3779 |
Apache Log4j vulnerable to Remote Code Execution (RCE) via non-default pattern layout |
2.0-beta9 to 2.15.0 (excluding 2.12.2) |
2.16– For Java 8 or later 2.12.2 – For Java 7 2.3.1- For Java 6 |
|
|
BDSA-2021-3731 |
Apache Log4j vulnerable to Remote Code Execution (RCE) through LDAP access via JNDI and specially crafted log messages |
2.0-beta9 to 2.14.1 |
2.16.0 – For Java 8 or later 2.12.2 – For Java 7 2.3.1 – For Java 6 |
BDSA-2021-3887:
Apache Log4j …