CVEID:CVE-2019-17571
**DESCRIPTION:**Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173314 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Tivoli Netcool Impact 7.1.0	7.1.0.0~7.1.0.17

Remediation/Fixes

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Tivoli Netcool Impact 7.1.0| 7.1.0.18| IJ21951| IBM Tivoli Netcool Impact 7.1.0 FP18

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli netcool/impacteq7.1.0

CPE	Name	Operator	Version
	tivoli netcool/impact	eq	7.1.0

ibm 38

osv 6

f5 1

veracode 2

debiancve 1

nessus 24

openvas 12

debian 3

cloudlinux 1

redhat 16

nvd 1

github 1

suse 1

checkpoint_advisories 1

cve 1

atlassian 3

ubuntu 2

ubuntucve 1

prion 1

symantec 1

cvelist 1

redhatcve 2

centos 1

githubexploit 3

rosalinux 1

attackerkb 1

amazon 2

mageia 1

gentoo 1

cert 1

oracle 7

ibm

Security Bulletin: Apache-Log4j (Publicly disclosed vulnerability)

2021-12-18 08:39:03

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)

2021-11-29 13:23:28

Security Bulletin: IBM OpenPages with Watson is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2019-17571)

2022-02-08 22:56:04

osv

apache-log4j1.2 - security update

2020-01-12 00:00:00

CVE-2019-17571

2019-12-20 17:15:11

Deserialization of Untrusted Data in Log4j

2020-01-06 18:43:49

K61529042 : Log4j vulnerability CVE-2019-17571

2020-04-08 00:00:00

veracode

Arbitrary Code Execution

2019-12-23 04:57:47

Remote Code Execution (RCE)

2017-04-18 01:36:45

debiancve

CVE-2019-17571

2019-12-20 17:15:11

nessus

Debian DLA-2065-1 : apache-log4j1.2 security update

2020-01-13 00:00:00

Ubuntu 18.04 LTS : Apache Log4j vulnerability (USN-4495-1)

2020-09-15 00:00:00

Debian DSA-4686-1 : apache-log4j1.2 - security update

2020-05-18 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2020:0054-1)

2021-04-19 00:00:00

Apache Log4j 1.2.x <= 1.2.17 RCE Vulnerability - Windows

2021-12-22 00:00:00

openSUSE: Security Advisory for log4j (openSUSE-SU-2020:0051_1)

2020-01-27 00:00:00

debian

[SECURITY] [DLA 2065-1] apache-log4j1.2 security update

2020-01-12 22:27:19

[SECURITY] [DSA 4686-1] apache-log4j1.2 security update

2020-05-15 22:17:02

[SECURITY] [DSA 4686-1] apache-log4j1.2 security update

2020-05-15 22:17:02

cloudlinux

Fixed CVE-2019-17571 in log4j

2022-06-21 20:23:31

redhat

(RHSA-2022:5053) Important: log4j security update

2022-06-15 10:01:13

(RHSA-2017:3400) Important: Red Hat JBoss Enterprise Application Platform 5.2 security update

2017-12-07 17:04:46

(RHSA-2017:2423) Important: log4j security update

2017-08-07 07:26:13

nvd

CVE-2019-17571

2019-12-20 17:15:11

github

Deserialization of Untrusted Data in Log4j

2020-01-06 18:43:49

suse

Security update for log4j (important)

2020-01-14 00:00:00

checkpoint_advisories

Apache Log4j Remote Code Execution (CVE-2019-17571)

2020-03-01 00:00:00

cve

CVE-2019-17571

2019-12-20 17:15:11

atlassian

Apache Log4j - Arbitrary Code Execution in confserver/confluence (master)

2020-03-02 03:58:39

Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities

2021-02-03 22:39:15

Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities

2021-02-03 22:39:15

ubuntu

Apache Log4j vulnerability

2020-09-15 00:00:00

Apache Log4j vulnerabilities

2023-04-05 00:00:00

ubuntucve

CVE-2019-17571

2019-12-20 00:00:00

prion

Deserialization of untrusted data

2019-12-20 17:15:00

symantec

Apache Log4j CVE-2019-17571 Deserialization Remote Code Execution Vulnerability

2019-12-18 00:00:00

cvelist

CVE-2019-17571

2019-12-20 16:01:21

redhatcve

CVE-2017-5645

2019-10-10 10:12:57

CVE-2019-17571

2020-04-05 23:06:12

centos

log4j security update

2017-08-31 18:57:53

githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

2019-12-25 16:46:11

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-13 19:14:23

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-13 07:48:49

rosalinux

Advisory ROSA-SA-2021-1909

2021-07-02 17:26:24

attackerkb

CVE-2019-17571

2019-12-20 00:00:00

amazon

Important: log4j

2022-01-18 20:15:00

Medium: log4j

2022-01-18 21:37:00

mageia

Updated davmail packages fix security vulnerability

2023-04-15 22:03:44

gentoo

Apache Log4j: Multiple Vulnerabilities

2024-02-18 00:00:00

cert

Apache Log4j allows insecure JNDI lookups

2021-12-15 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.794 High

EPSS

Percentile

98.3%

JSON

Related for 087CD3B8800A1EB017C933808D8D5E610496ED972CA8243894CB2435705F3CAF