-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security

Vulnerability Details

Registries

Custom Views

Weaknesses

Attack Patterns

Filters & Tools

taleo_platform

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2

Related CVEs Related Vendors Related Assigners Reports

2Vulnerabilities found

Assigner-Apache Software Foundation

Assigner-Apache Software Foundation

CVSS Score-5.9||MEDIUM

EPSS-74.02% / 98.85%

||

7 Day CHG-0.52%

Published-18 Dec, 2021 | 11:55

Updated-29 May, 2026 | 13:16

Rejected-Not Available

Known To Be Used In Ransomware Campaigns?-Not Available

KEV Added-Not Available

KEV Action Due Date-Not Available

Apache Log4j2 does not always protect from infinite recursion in lookup evaluation

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Action-Not Available

Vendor-Oracle Corporation NetApp, Inc.The Apache Software Foundation SonicWall Inc.Debian GNU/Linux

Product-6bk1602-0aa12-0tp0_firmware business_intelligence enterprise_manager_for_peoplesoft communications_performance_intelligence_center financial_services_analytical_applications_infrastructure communications_eagle_ftp_table_base_retrieval siebel_ui_framework 6bk1602-0aa42-0tp0_firmware enterprise_manager_base_platform 6bk1602-0aa32-0tp0_firmware web_application_firewall communications_pricing_design_center healthcare_foundation weblogic_server utilities_framework agile_engineering_data_management 6bk1602-0aa52-0tp0 communications_webrtc_session_controller banking_trade_finance communications_interactive_session_recorder communications_session_report_manager communications_cloud_native_core_unified_data_repository retail_central_office communications_network_integrity communications_cloud_native_core_console identity_manager_connector communications_cloud_native_core_security_edge_protection_proxy communications_diameter_signaling_router payment_interface retail_customer_insights log4j retail_returns_management webcenter_portal primavera_p6_enterprise_project_portfolio_management 6bk1602-0aa22-0tp0 6bk1602-0aa52-0tp0_firmware banking_enterprise_default_management primavera_unifier insurance_insbridge_rating_and_underwriting banking_party_management cloud_manager management_cloud_engine retail_price_management communications_eagle_element_management_system communications_cloud_native_core_policy retail_order_broker debian_linux communications_element_manager communications_network_charging_and_control retail_data_extractor_for_merchandising jdeveloper 6bk1602-0aa42-0tp0 data_integrator hyperion_profitability_and_cost_management agile_plm banking_treasury_management retail_financial_integration instantis_enterprisetrack insurance_data_gateway retail_invoice_matching communications_messaging_server banking_deposits_and_lines_of_credit_servicing financial_services_model_management_and_governance agile_plm_mcad_connector communications_evolved_communications_application_server webcenter_sites 6bk1602-0aa12-0tp0 6bk1602-0aa22-0tp0_firmware autovue_for_agile_product_lifecycle_management banking_loans_servicing communications_user_data_repository retail_merchandising_system banking_payments flexcube_universal_banking hyperion_infrastructure_technology e-business_suite health_sciences_inform hyperion_data_relationship_management enterprise_manager_ops_center hospitality_token_proxy_service communications_service_broker healthcare_translational_research communications_unified_inventory_management retail_order_management_system communications_cloud_native_core_service_communication_proxy healthcare_master_person_index retail_integration_bus communications_ip_service_activator hyperion_tax_provision retail_back_office communications_asap hyperion_bi\+retail_service_backbone communications_session_route_manager communications_services_gatekeeper network_security_manager identity_management_suite communications_cloud_native_core_network_repository_function banking_platform health_sciences_information_manager managed_file_transfer communications_cloud_native_core_network_function_cloud_native_environment 6bk1602-0aa32-0tp0 communications_convergent_charging_controller retail_store_inventory_management hyperion_planning peoplesoft_enterprise_peopletools taleo_platform retail_predictive_application_server email_security communications_convergence health_sciences_empirica_signal communications_billing_and_revenue_management primavera_gateway hospitality_suite8 retail_point-of-service retail_eftlink mysql_enterprise_monitor communications_cloud_native_core_network_slice_selection_function sql_developer healthcare_data_repository Apache Log4j2

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-674

Uncontrolled Recursion

Assigner-Apache Software Foundation

Assigner-Apache Software Foundation

CVSS Score-7.5||HIGH

EPSS-4.28% / 89.04%

||

7 Day CHG~0.00%

Published-14 Oct, 2021 | 19:55

Updated-04 Aug, 2024 | 03:30

Rejected-Not Available

Known To Be Used In Ransomware Campaigns?-Not Available

KEV Added-Not Available

KEV Action Due Date-Not Available

DoS via memory leak with WebSocket connections

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Action-Not Available

Vendor-The Apache Software Foundation NetApp, Inc.Debian GNU/Linux Oracle Corporation

Product-communications_diameter_signaling_router retail_store_inventory_management hospitality_cruise_shipboard_property_management_system taleo_platform sd-wan_edge retail_customer_insights hci retail_data_extractor_for_merchandising retail_financial_integration retail_eftlink agile_engineering_data_management management_services_for_element_software debian_linux middleware_common_libraries_and_tools tomcat payment_interface big_data_spatial_and_graph managed_file_transfer Apache Tomcat

CWE ID-CWE-772

Missing Release of Resource after Effective Lifetime