Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for cloudcenter by cisco
VAR-202112-2011
Vulnerability from variot - Updated: 2026-04-10 22:05Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache Log4j2 2.0-beta7 to 2.17.0 versions have a security vulnerability, which stems from the lack of effective protection and filtering for JDBC Appender and JNDI in the software. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Data Grid 8.2.3 security update Advisory ID: RHSA-2022:0205-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:0205 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 =====================================================================
- Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.
Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3].
Security Fix(es):
-
log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
-
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)
-
log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
To install this update, do the following:
- Download the Data Grid 8.2.3 server patch from the customer portal[²].
- Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
- Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release Notes[³] for patching instructions.
-
Restart Data Grid to ensure the changes take effect.
-
Bugs fixed (https://bugzilla.redhat.com/):
2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
- References:
https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=data.grid&version=8.2 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL bJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI QBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa 5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk N+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9 /WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9 B/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6 EblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y iy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD FX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K LpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd QiLGYFSmmLk= =y5SE -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
The References section of this erratum contains a download link (you must log in to download the update). Bugs fixed (https://bugzilla.redhat.com/):
2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2104 - fluentd crashing after upgrade to openshift-logging 5.2.4-17
- Bugs fixed (https://bugzilla.redhat.com/):
1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.54.
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
- Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1985826 - The elasticsearch-im-xxx job failed when trying to start index management process for a non-existent(empty-named) index 2034412 - Elasticsearch rejects logs with resourceVersion larger than int32 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3.0.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"_id": null,
"model": "cloudcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.10.0.16"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "communications offline mediation controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.4"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.24"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.1"
},
{
"_id": null,
"model": "retail fiscal management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.17.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "communications brm - elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.18.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"_id": null,
"model": "health sciences data management workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0.3"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.24"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.12"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.1"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.13"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.13.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.12.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0.0"
},
{
"_id": null,
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "health sciences data management workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.0.0"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"_id": null,
"model": "health sciences data management workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.5.2.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"_id": null,
"model": "communications brm - elastic charging engine",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.6"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.2"
},
{
"_id": null,
"model": "log4j",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.4"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"_id": null,
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.7"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "165649"
},
{
"db": "PACKETSTORM",
"id": "165927"
},
{
"db": "PACKETSTORM",
"id": "165659"
},
{
"db": "PACKETSTORM",
"id": "165653"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "PACKETSTORM",
"id": "166020"
},
{
"db": "PACKETSTORM",
"id": "165750"
}
],
"trust": 0.8
},
"cve": "CVE-2021-44832",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-44832",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-408213",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.7,
"id": "CVE-2021-44832",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44832",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-408213",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-44832",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "VULMON",
"id": "CVE-2021-44832"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"description": {
"_id": null,
"data": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache Log4j2 2.0-beta7 to 2.17.0 versions have a security vulnerability, which stems from the lack of effective protection and filtering for JDBC Appender and JNDI in the software. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Data Grid 8.2.3 security update\nAdvisory ID: RHSA-2022:0205-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0205\nIssue date: 2022-01-20\nCVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3]. \n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and\ncontext lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data\ncontains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.2.3 server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release\nNotes[\u00b3] for patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)\n2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=data.grid\u0026version=8.2\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL\nbJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI\nQBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa\n5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk\nN+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9\n/WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9\nB/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6\nEblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y\niy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD\nFX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K\nLpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd\nQiLGYFSmmLk=\n=y5SE\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. The purpose of this text-only errata is to inform you\nabout the security issues fixed. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Bugs fixed (https://bugzilla.redhat.com/):\n\n2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink\n2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender\n2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2104 - fluentd crashing after upgrade to openshift-logging 5.2.4-17\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n\n5. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.54. \n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1985826 - The elasticsearch-im-xxx job failed when trying to start index management process for a non-existent(empty-named) index\n2034412 - Elasticsearch rejects logs with resourceVersion larger than int32\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44832"
},
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "VULMON",
"id": "CVE-2021-44832"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "165649"
},
{
"db": "PACKETSTORM",
"id": "165927"
},
{
"db": "PACKETSTORM",
"id": "165659"
},
{
"db": "PACKETSTORM",
"id": "165653"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "PACKETSTORM",
"id": "166020"
},
{
"db": "PACKETSTORM",
"id": "165750"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-44832",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-784507",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/28/1",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165653",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166020",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165750",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165927",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165649",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165659",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165564",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165645",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165637",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165651",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166022",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165711",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165632",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2743",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408213",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-44832",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "VULMON",
"id": "CVE-2021-44832"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "165649"
},
{
"db": "PACKETSTORM",
"id": "165927"
},
{
"db": "PACKETSTORM",
"id": "165659"
},
{
"db": "PACKETSTORM",
"id": "165653"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "PACKETSTORM",
"id": "166020"
},
{
"db": "PACKETSTORM",
"id": "165750"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"id": "VAR-202112-2011",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:05:08.199000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-44832: remote code execution via JDBC Appender",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5e48a524651ae46e6ca9ac28bf933dcd"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.54 extras and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220181 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Streams 1.6.7 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220467 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221297 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1734",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1734"
},
{
"title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221296 - Security Advisory"
},
{
"title": "Red Hat: CVE-2021-44832",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-44832"
},
{
"title": "IBM: Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-44832)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=fcd7c03d55043b4b7009ca8b920eb0ba"
},
{
"title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221299 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis (CVE-2021-44832, CVE-2021-45105)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=56eb883672063a8cb42fae9e94dc10a9"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.7.43 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220493 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.8.31 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220485 - Security Advisory"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-011",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-011"
},
{
"title": "IBM: Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM\u00c2\u00ae Db2\u00c2\u00ae (CVE-2021-44832)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e5bceef16eb57f063a2b356f344b5f60"
},
{
"title": "IBM: Security Bulletin: Due to use of Apache Log4j, IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a0cbd5f5df3a9f322684d99eeb2b9429"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00c2\u00ae Db2\u00c2\u00ae (CVE-2021-45046, CVE-2021-45105)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=073d7506d5d6ad6fb03dbf8d511bb92e"
},
{
"title": "IBM: Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00c2\u00ae Db2\u00c2\u00ae (CVE-2021-44228)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7be059b2ea8ddccc8012a9cd63f3f993"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aff264acb8f6c42a7eec74ebc9aac61e"
},
{
"title": "Cisco: Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-log4j-qRuKNEbd"
},
{
"title": "Citrix Security Bulletins: Citrix Security Advisory for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=f1a2b6f4f4568786daf1fc5e893e9283"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=42e3d15623cd7650d7ccb17534ee39a8"
},
{
"title": "Amazon Linux 2022: ALAS-2022-225",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-225"
},
{
"title": "aws-msk-iam-auth",
"trust": 0.1,
"url": "https://github.com/aws/aws-msk-iam-auth "
},
{
"title": "FuelSDK-Java",
"trust": 0.1,
"url": "https://github.com/salesforce-marketingcloud/FuelSDK-Java "
},
{
"title": "mule-3.x-log4j-update-script",
"trust": 0.1,
"url": "https://github.com/yhorndt/mule-3.x-log4j-update-script "
},
{
"title": "fix_log4j2",
"trust": 0.1,
"url": "https://github.com/YunDingLab/fix_log4j2 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-44832"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-74",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
},
{
"trust": 1.1,
"url": "https://issues.apache.org/jira/browse/log4j2-3293"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/evv25fxl4fu5x6x5bsl7rlq7t6f65mra/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/t57mpjuw3ma6qgwzrtmchhmmpqnvkgfc/"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-44832"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-45046"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-45105"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27292"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/t57mpjuw3ma6qgwzrtmchhmmpqnvkgfc/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/evv25fxl4fu5x6x5bsl7rlq7t6f65mra/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=data.grid\u0026version=8.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0467"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=1.6.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4178"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34429"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=2.0.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34429"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21296"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21299"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21282"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21294"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21293"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21282"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21248"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21294"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21296"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:0180"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0181"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "165649"
},
{
"db": "PACKETSTORM",
"id": "165927"
},
{
"db": "PACKETSTORM",
"id": "165659"
},
{
"db": "PACKETSTORM",
"id": "165653"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "PACKETSTORM",
"id": "166020"
},
{
"db": "PACKETSTORM",
"id": "165750"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-408213",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-44832",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165645",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165649",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165927",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165659",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165653",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165564",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166020",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165750",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-44832",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-408213",
"ident": null
},
{
"date": "2021-12-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44832",
"ident": null
},
{
"date": "2022-01-20T18:11:03",
"db": "PACKETSTORM",
"id": "165645",
"ident": null
},
{
"date": "2022-01-21T15:29:08",
"db": "PACKETSTORM",
"id": "165649",
"ident": null
},
{
"date": "2022-02-09T16:18:41",
"db": "PACKETSTORM",
"id": "165927",
"ident": null
},
{
"date": "2022-01-24T14:39:32",
"db": "PACKETSTORM",
"id": "165659",
"ident": null
},
{
"date": "2022-01-21T15:31:20",
"db": "PACKETSTORM",
"id": "165653",
"ident": null
},
{
"date": "2022-01-14T15:29:02",
"db": "PACKETSTORM",
"id": "165564",
"ident": null
},
{
"date": "2022-02-17T16:54:19",
"db": "PACKETSTORM",
"id": "166020",
"ident": null
},
{
"date": "2022-01-27T14:47:51",
"db": "PACKETSTORM",
"id": "165750",
"ident": null
},
{
"date": "2021-12-28T20:15:08.400000",
"db": "NVD",
"id": "CVE-2021-44832",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-408213",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44832",
"ident": null
},
{
"date": "2024-11-21T06:31:34.783000",
"db": "NVD",
"id": "CVE-2021-44832",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165927"
}
],
"trust": 0.1
},
"title": {
"_id": null,
"data": "Red Hat Security Advisory 2022-0205-02",
"sources": [
{
"db": "PACKETSTORM",
"id": "165645"
}
],
"trust": 0.1
},
"type": {
"_id": null,
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "165649"
},
{
"db": "PACKETSTORM",
"id": "165659"
},
{
"db": "PACKETSTORM",
"id": "165653"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "PACKETSTORM",
"id": "166020"
},
{
"db": "PACKETSTORM",
"id": "165750"
}
],
"trust": 0.7
}
}
VAR-202112-0566
Vulnerability from variot - Updated: 2026-03-09 23:19Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache log4j2 has a denial of service vulnerability. When improperly configured, an attacker can exploit this vulnerability to cause a denial of service attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: Red Hat AMQ Streams 1.8.4 release and security update Advisory ID: RHSA-2021:5138-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:5138 Issue date: 2021-12-14 CVE Names: CVE-2021-44228 ==================================================================== 1. Summary:
Red Hat AMQ Streams 1.8.4 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 1.8.4 serves as a replacement for Red Hat AMQ Streams 1.8.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
- log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- References:
https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.streams&version=1.8.4 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYblI5tzjgjWX9erEAQjb2w/+IySGyUK1nRexUTqiupBqCswjKe/HgWcI cxkZPlLSmU1UszQIqk8z3Btcb0TAqfPLVHNfLmCiq8gJk0fH4gfmF5gBQvpNnwVd E0qCdbELYgulTy6uGu7tqdWLnYX+jixkrm2xE/CBMNHNceISeRc99jBYyX4aOPlt bbOmCG5Nv6niBS5KnacWrBJr1kYTjilbP02GT6i9WQWUMyWcrGo+1z0mEJYNZSCk 4G8ha8QnUaR8aZnbFvpf3GaelMqkyMezdgJTLyIk+dhLvNs/FgR+6Pf/VdNghT40 XmUkqohXkxWgIzZP0ttr1NY+BMGNTJsSxpvCdul73OExdg49fRPvN6vmYToc5Yqj BIUmqmxwfLsxt1nB9VlcwLmBI+0868rxEoE5gAemDJD3hNIK3L0azhBXBKhBwVsg gcfKTR2km3WEodoqRYDnRIX3/HOk1lAydPzzBuiIA+VIEU433TBKksThR2qaIayW t+OiZnbIFl8q+hkTpV4NgSnEyGz7cMzJmtY1VhpMQRpz9x5BmQX4M/kF3HdWhttf 29Bfo3JxmZ01SRtZTlv1LxtXRwq4/m+iyfKM9xa0WxjUelUJYcVeZkHO4TEKDiY1 IGKljVA5lpz996GWg1lJBaPEYNsVLgyB4sapqZGoxAzLZDUQZuuEtRC1mhXQQFCV VjWNTjjcyI4=rLTN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
An update is now available for OpenShift Logging 5.1. Solution:
For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
2021-12-11: VMSA-2021-0028.1 Updated advisory with workaround information for multiple products including vCenter Server Appliance, vRealize Operations, Horizon, vRealize Log Insight, Unified Access Gateway.
2021-12-13: VMSA-2021-0028.2 Revised advisory with updates to multiple products. \x95 VMware HCX \x95 VMware NSX-T Data Center \x95 VMware WorkspaceOne Access \x95 VMware Identity Manager \x95 VMware vRealize Operations Cloud Proxy \x95 VMware vRealize Lifecycle Manager \x95 VMware Site Recovery Manager, vSphere Replication \x95 VMware Carbon Black Cloud Workload Appliance \x95 VMware Carbon Black EDR Server \x95 VMware Tanzu GemFire \x95 VMware Tanzu Greenplum \x95 VMware Tanzu Operations Manager \x95 VMware Tanzu Application Service for VMs \x95 VMware Tanzu Kubernetes Grid Integrated Edition \x95 VMware Tanzu Observability by Wavefront Nozzle \x95 Healthwatch for Tanzu Application Service \x95 Spring Cloud Services for VMware Tanzu \x95 API Portal for VMware Tanzu \x95 Single Sign-On for VMware Tanzu Application Service \x95 App Metrics \x95 VMware vCenter Cloud Gateway \x95 VMware Cloud Foundation \x95 VMware Workspace ONE Access Connector \x95 VMware Horizon DaaS \x95 VMware Horizon Cloud Connector \x95 VMware NSX Data Center for vSphere \x95 VMware AppDefense Appliance \x95 VMware Cloud Director Object Storage Extension
You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.17900.52\\)"
},
{
"_id": null,
"model": "virtualized infrastructure manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.0"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(001.001\\)"
},
{
"_id": null,
"model": "integrated management controller supervisor",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.2.1"
},
{
"_id": null,
"model": "customer experience cloud agent",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.12.1"
},
{
"_id": null,
"model": "6bk1602-0aa42-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"_id": null,
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.5"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6"
},
{
"_id": null,
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.000\\(001\\)"
},
{
"_id": null,
"model": "desigo cc info center",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"_id": null,
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.1"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "unified workforce optimization",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "automated subsea tuning",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "02.01.00"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(2\\)"
},
{
"_id": null,
"model": "desigo cc info center",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.3"
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1\\(1\\)"
},
{
"_id": null,
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.000.115"
},
{
"_id": null,
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.0"
},
{
"_id": null,
"model": "capital",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "emergency responder",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(4.65000.14\\)"
},
{
"_id": null,
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(2.26\\)"
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1"
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5"
},
{
"_id": null,
"model": "6bk1602-0aa32-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(000.000\\)"
},
{
"_id": null,
"model": "network assurance engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2.1912\\)"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.4\\(1\\)"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"_id": null,
"model": "enterprise chat and email",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"_id": null,
"model": "video surveillance operations manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14.4"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"_id": null,
"model": "spectrum power 7",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.30"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"_id": null,
"model": "vesys",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2020.1"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(2\\)"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1h\\)"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.2"
},
{
"_id": null,
"model": "vesys",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(000.002\\)"
},
{
"_id": null,
"model": "fog director",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.1"
},
{
"_id": null,
"model": "comos",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "10.4.2"
},
{
"_id": null,
"model": "prime service catalog",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1"
},
{
"_id": null,
"model": "dna center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.2.8"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "21.3"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(2\\)"
},
{
"_id": null,
"model": "ucs central",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1p\\)"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.10.0"
},
{
"_id": null,
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.3"
},
{
"_id": null,
"model": "mindsphere",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-16"
},
{
"_id": null,
"model": "crosswork data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"_id": null,
"model": "nexus dashboard",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.2"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"_id": null,
"model": "crosswork network controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"_id": null,
"model": "cloudcenter suite admin",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3.1"
},
{
"_id": null,
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3.0"
},
{
"_id": null,
"model": "sentron powermanager",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"_id": null,
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.002\\(000\\)"
},
{
"_id": null,
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(4.018\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.7"
},
{
"_id": null,
"model": "e-car operation center",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(2\\)"
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1f\\)"
},
{
"_id": null,
"model": "connected mobile experiences",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.5.1.1"
},
{
"_id": null,
"model": "spectrum power 4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.70"
},
{
"_id": null,
"model": "unified communications manager im and presence service",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "network assurance engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.2"
},
{
"_id": null,
"model": "brocade san navigator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "integrated management controller supervisor",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.003\\(002.000\\)"
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.4\\(1\\)"
},
{
"_id": null,
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.3"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.18119.2\\)"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(1\\)"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1b\\)"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.004\\(000.914\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6.1"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.1"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.3.4.1"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.18900.97\\)"
},
{
"_id": null,
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.4"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "dna center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.2.8"
},
{
"_id": null,
"model": "synchro",
"scope": "lt",
"trust": 1.0,
"vendor": "bentley",
"version": "6.2.4.2"
},
{
"_id": null,
"model": "packaged contact center enterprise",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5\\(1\\)"
},
{
"_id": null,
"model": "6bk1602-0aa12-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"_id": null,
"model": "cyber vision sensor management extension",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3"
},
{
"_id": null,
"model": "cloud secure agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "crosswork platform infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "20.4"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.007\\(000.356\\)"
},
{
"_id": null,
"model": "unified communications manager im \\\u0026 presence service",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.5"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.3"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.4"
},
{
"_id": null,
"model": "vm access proxy",
"scope": "lt",
"trust": 1.0,
"vendor": "snowsoftware",
"version": "3.6"
},
{
"_id": null,
"model": "intersight virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.9-343"
},
{
"_id": null,
"model": "data center network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.3\\(1\\)"
},
{
"_id": null,
"model": "6bk1602-0aa22-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"_id": null,
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.4.0"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.0"
},
{
"_id": null,
"model": "industrial edge management",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "virtual topology system",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6.7"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0\\(1\\)"
},
{
"_id": null,
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "006.008\\(001.000\\)"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1c\\)"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.6.3.1"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"_id": null,
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.002\\(001\\)"
},
{
"_id": null,
"model": "ontap tools",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.0"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"_id": null,
"model": "cloudcenter",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.10.0.16"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.006\\(000.156\\)"
},
{
"_id": null,
"model": "virtualized voice browser",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"_id": null,
"model": "oneapi sample browser",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "sentron powermanager",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"_id": null,
"model": "cloudcenter cost optimizer",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.2"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(3\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.8"
},
{
"_id": null,
"model": "mendix",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1d\\)"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1g\\)"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0\\(2\\)"
},
{
"_id": null,
"model": "crosswork zero touch provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.1"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(001.000\\)"
},
{
"_id": null,
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.4.2.1"
},
{
"_id": null,
"model": "opcenter intelligence",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.010\\(000.000\\)"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.2"
},
{
"_id": null,
"model": "dna center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.3.0"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.1"
},
{
"_id": null,
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.2"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0"
},
{
"_id": null,
"model": "unified communications manager im \\\u0026 presence service",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.22900.6\\)"
},
{
"_id": null,
"model": "unified communications manager im and presence service",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.3"
},
{
"_id": null,
"model": "sppa-t3000 ses3000",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "cx cloud agent",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "001.012"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.10.0.1"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"_id": null,
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "integrated management controller supervisor",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.2.0"
},
{
"_id": null,
"model": "unified sip proxy",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.2.1v2"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.4.5.2"
},
{
"_id": null,
"model": "iot operations dashboard",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ucs director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.8.2.0"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.1"
},
{
"_id": null,
"model": "capital",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"_id": null,
"model": "crosswork platform infrastructure",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.1"
},
{
"_id": null,
"model": "cyber vision",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2"
},
{
"_id": null,
"model": "siveillance vantage",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.000\\(000\\)"
},
{
"_id": null,
"model": "optical network controller",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0"
},
{
"_id": null,
"model": "solidfire \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "dna center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.2.0"
},
{
"_id": null,
"model": "email security",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.13"
},
{
"_id": null,
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"_id": null,
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7"
},
{
"_id": null,
"model": "crosswork optimization engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"_id": null,
"model": "synchro",
"scope": "gte",
"trust": 1.0,
"vendor": "bentley",
"version": "6.1"
},
{
"_id": null,
"model": "dna center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.2.8"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.1\\(1\\)"
},
{
"_id": null,
"model": "nx",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "datacenter manager",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "5.1"
},
{
"_id": null,
"model": "navigator",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"_id": null,
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(1.26\\)"
},
{
"_id": null,
"model": "prime service catalog",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1"
},
{
"_id": null,
"model": "energyip prepay",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.8.0.12"
},
{
"_id": null,
"model": "business process automation",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.000.000"
},
{
"_id": null,
"model": "gma-manager",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.6.2j-398"
},
{
"_id": null,
"model": "unified intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "mobility services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "broadworks",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.4"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5"
},
{
"_id": null,
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(2\\)"
},
{
"_id": null,
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.5"
},
{
"_id": null,
"model": "synchro 4d",
"scope": "lt",
"trust": 1.0,
"vendor": "bentley",
"version": "6.4.3.2"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "data center network manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.3\\(1\\)"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(001.002\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"_id": null,
"model": "spectrum power 4",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.70"
},
{
"_id": null,
"model": "cloud connect",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.4.1"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.2\\(1\\)"
},
{
"_id": null,
"model": "siguard dsa",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"_id": null,
"model": "vesys",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2021.1"
},
{
"_id": null,
"model": "siguard dsa",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.1"
},
{
"_id": null,
"model": "finesse",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "advanced malware protection virtual private cloud appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5.4"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"_id": null,
"model": "solidfire enterprise sds",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "energy engage",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(2\\)"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1e\\)"
},
{
"_id": null,
"model": "computer vision annotation tool",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "snow commander",
"scope": "lt",
"trust": 1.0,
"vendor": "snowsoftware",
"version": "8.10.0"
},
{
"_id": null,
"model": "cloud insights",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "crosswork optimization engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.1"
},
{
"_id": null,
"model": "log4j",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "emergency responder",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(4.66000.14\\)"
},
{
"_id": null,
"model": "genomics kernel library",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5"
},
{
"_id": null,
"model": "cyber vision sensor management extension",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.21900.40\\)"
},
{
"_id": null,
"model": "network insights for data center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2.1914\\)"
},
{
"_id": null,
"model": "automated subsea tuning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.0"
},
{
"_id": null,
"model": "finesse",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "003.001\\(000.518\\)"
},
{
"_id": null,
"model": "xpedition package integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "optical network controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1"
},
{
"_id": null,
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.6"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.22900.28\\)"
},
{
"_id": null,
"model": "secure device onboard",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "unified workforce optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "siveillance viewpoint",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "industrial edge management hub",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "solid edge harness design",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2020"
},
{
"_id": null,
"model": "contact center domain manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "dna spaces",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.13.0"
},
{
"_id": null,
"model": "intersight virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.9-361"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"_id": null,
"model": "virtualized infrastructure manager",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4.0"
},
{
"_id": null,
"model": "virtual topology system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6.6"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"_id": null,
"model": "spectrum power 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.30"
},
{
"_id": null,
"model": "crosswork zero touch provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"_id": null,
"model": "contact center management portal",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.4.1"
},
{
"_id": null,
"model": "6bk1602-0aa52-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.1.3"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0\\(1\\)"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.6"
},
{
"_id": null,
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.3\\(1\\)"
},
{
"_id": null,
"model": "smart phy",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.1"
},
{
"_id": null,
"model": "broadworks",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2021.11_1.162"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "003.000\\(000.458\\)"
},
{
"_id": null,
"model": "siveillance command",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.16.2.1"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.0"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "003.002\\(000.116\\)"
},
{
"_id": null,
"model": "unified contact center management portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "operation scheduler",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.3"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "vesys",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"_id": null,
"model": "emergency responder",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(4\\)"
},
{
"_id": null,
"model": "logo\\! soft comfort",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "emergency responder",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5"
},
{
"_id": null,
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0"
},
{
"_id": null,
"model": "packaged contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(1\\)"
},
{
"_id": null,
"model": "dna spaces\\: connector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5"
},
{
"_id": null,
"model": "solid edge cam pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.000.044"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.2"
},
{
"_id": null,
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "9.0"
},
{
"_id": null,
"model": "virtualized infrastructure manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4.4"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(2\\)"
},
{
"_id": null,
"model": "cloud manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "head-end system universal device integration system",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"_id": null,
"model": "crosswork network controller",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.1"
},
{
"_id": null,
"model": "unity connection",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3\\(1\\)"
},
{
"_id": null,
"model": "nexus insights",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.2"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0"
},
{
"_id": null,
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.000.009"
},
{
"_id": null,
"model": "unity connection",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.10000.6\\)"
},
{
"_id": null,
"model": "system studio",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "siveillance control pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "20.5"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)su3"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.4"
},
{
"_id": null,
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.0"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.15.0"
},
{
"_id": null,
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "unity connection",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"_id": null,
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.10.0.15"
},
{
"_id": null,
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1a\\)"
},
{
"_id": null,
"model": "opcenter intelligence",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.5"
},
{
"_id": null,
"model": "cloudcenter workload manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.2"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"_id": null,
"model": "business process automation",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.000.000"
},
{
"_id": null,
"model": "identity services engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.4.0"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6.2.1"
},
{
"_id": null,
"model": "solid edge harness design",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2020"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1k\\)"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3.0.2"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3.5.1"
},
{
"_id": null,
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(3.025\\)"
},
{
"_id": null,
"model": "teamcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "xpedition enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "dna center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.3.4"
},
{
"_id": null,
"model": "workload optimization manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.1"
},
{
"_id": null,
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1l\\)"
},
{
"_id": null,
"model": "dna spaces connector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "finesse",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(000.001\\)"
},
{
"_id": null,
"model": "rhythmyx",
"scope": "lte",
"trust": 1.0,
"vendor": "percussion",
"version": "7.3.2"
},
{
"_id": null,
"model": "paging server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "14.4.1"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"credits": {
"_id": null,
"data": "Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.",
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
}
],
"trust": 0.8
},
"cve": "CVE-2021-44228",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-44228",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-407408",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-408570",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44228",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44228",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-44228",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-407408",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-408570",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-44228",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "VULMON",
"id": "CVE-2021-44228"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"description": {
"_id": null,
"data": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 AffectedCVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 Affected. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache log4j2 has a denial of service vulnerability. When improperly configured, an attacker can exploit this vulnerability to cause a denial of service attack. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Critical: Red Hat AMQ Streams 1.8.4 release and security update\nAdvisory ID: RHSA-2021:5138-01\nProduct: Red Hat JBoss AMQ\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:5138\nIssue date: 2021-12-14\nCVE Names: CVE-2021-44228\n====================================================================\n1. Summary:\n\nRed Hat AMQ Streams 1.8.4 is now available from the Red Hat Customer\nPortal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.8.4 serves as a replacement for Red\nHat AMQ Streams 1.8.0, and includes security and bug fixes, and\nenhancements. \n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44228\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.8.4\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYblI5tzjgjWX9erEAQjb2w/+IySGyUK1nRexUTqiupBqCswjKe/HgWcI\ncxkZPlLSmU1UszQIqk8z3Btcb0TAqfPLVHNfLmCiq8gJk0fH4gfmF5gBQvpNnwVd\nE0qCdbELYgulTy6uGu7tqdWLnYX+jixkrm2xE/CBMNHNceISeRc99jBYyX4aOPlt\nbbOmCG5Nv6niBS5KnacWrBJr1kYTjilbP02GT6i9WQWUMyWcrGo+1z0mEJYNZSCk\n4G8ha8QnUaR8aZnbFvpf3GaelMqkyMezdgJTLyIk+dhLvNs/FgR+6Pf/VdNghT40\nXmUkqohXkxWgIzZP0ttr1NY+BMGNTJsSxpvCdul73OExdg49fRPvN6vmYToc5Yqj\nBIUmqmxwfLsxt1nB9VlcwLmBI+0868rxEoE5gAemDJD3hNIK3L0azhBXBKhBwVsg\ngcfKTR2km3WEodoqRYDnRIX3/HOk1lAydPzzBuiIA+VIEU433TBKksThR2qaIayW\nt+OiZnbIFl8q+hkTpV4NgSnEyGz7cMzJmtY1VhpMQRpz9x5BmQX4M/kF3HdWhttf\n29Bfo3JxmZ01SRtZTlv1LxtXRwq4/m+iyfKM9xa0WxjUelUJYcVeZkHO4TEKDiY1\nIGKljVA5lpz996GWg1lJBaPEYNsVLgyB4sapqZGoxAzLZDUQZuuEtRC1mhXQQFCV\nVjWNTjjcyI4=rLTN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nAn update is now available for OpenShift Logging 5.1. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n2021-12-11: VMSA-2021-0028.1\nUpdated advisory with workaround information for multiple products including vCenter Server Appliance, vRealize Operations, Horizon, vRealize Log Insight, Unified Access Gateway. \n\n2021-12-13: VMSA-2021-0028.2\nRevised advisory with updates to multiple products. \n\\x95\tVMware HCX\n\\x95\tVMware NSX-T Data Center\n\\x95\tVMware WorkspaceOne Access\n\\x95\tVMware Identity Manager \n\\x95\tVMware vRealize Operations Cloud Proxy\n\\x95\tVMware vRealize Lifecycle Manager\n\\x95\tVMware Site Recovery Manager, vSphere Replication\n\\x95\tVMware Carbon Black Cloud Workload Appliance\n\\x95\tVMware Carbon Black EDR Server\n\\x95\tVMware Tanzu GemFire\n\\x95\tVMware Tanzu Greenplum\n\\x95\tVMware Tanzu Operations Manager\n\\x95\tVMware Tanzu Application Service for VMs\n\\x95\tVMware Tanzu Kubernetes Grid Integrated Edition\n\\x95\tVMware Tanzu Observability by Wavefront Nozzle\n\\x95\tHealthwatch for Tanzu Application Service\n\\x95\tSpring Cloud Services for VMware Tanzu\n\\x95\tAPI Portal for VMware Tanzu\n\\x95\tSingle Sign-On for VMware Tanzu Application Service\n\\x95\tApp Metrics\n\\x95\tVMware vCenter Cloud Gateway\n\\x95\tVMware Cloud Foundation\n\\x95\tVMware Workspace ONE Access Connector\n\\x95\tVMware Horizon DaaS\n\\x95\tVMware Horizon Cloud Connector\n\\x95\tVMware NSX Data Center for vSphere\n\\x95\tVMware AppDefense Appliance\n\\x95\tVMware Cloud Director Object Storage Extension\n\nYou are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44228"
},
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "VULMON",
"id": "CVE-2021-44228"
},
{
"db": "PACKETSTORM",
"id": "165295"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165260"
}
],
"trust": 2.25
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-407408",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-44228",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#930724",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "165260",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-479842",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-714170",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-661247",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-397453",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/14/4",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/15/3",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "165311",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165225",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165532",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165281",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165306",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165673",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165282",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165371",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "167794",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "167917",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165270",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165261",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165642",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165307",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/13/1",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/10/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/13/2",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/10/2",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/10/1",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "171626",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "165343",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "165329",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165333",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165295",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165326",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165632",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165324",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165520",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165285",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165290",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165291",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165733",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166313",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165297",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165348",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165264",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "50592",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "50590",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-407408",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165637",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165649",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165645",
"trust": 0.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/18/1",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-01776",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408570",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-44228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165286",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "VULMON",
"id": "CVE-2021-44228"
},
{
"db": "PACKETSTORM",
"id": "165295"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165260"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"id": "VAR-202112-0566",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
}
],
"trust": 0.7961849514285715
},
"last_update_date": "2026-03-09T23:19:31.555000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-44228: Remote code injection via crafted log messages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4eae9b09b97da57f4ca6103cc85ed4da"
},
{
"title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b88a8ce4fc53c3a45830bc6bbde8b01c"
},
{
"title": "Debian Security Advisories: DSA-5020-1 apache-log4j2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=24c79c59809a2c5bcddc81889b23a6bc"
},
{
"title": "Debian Security Advisories: DSA-5022-1 apache-log4j2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5ba53229ef5f408ed29126bd4f624def"
},
{
"title": "IBM: Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dbdfcf9d51b60adf542d500e515b9ba8"
},
{
"title": "Red Hat: CVE-2021-44228",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-44228"
},
{
"title": "IBM: An update on the Apache Log4j 2.x vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0648a3f00f067d373b069c4f2acd5db4"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1553",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1553"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c8b40ff47e1d31bee8b0fbdbdd4fe212"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=654a4f5a7bd1fdfd229558535923710b"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1731",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1731"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1730",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1730"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-44228 log"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/canarieids/Zeek-Ubuntu-22.04 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/f5devcentral/f5-professional-services "
},
{
"title": "Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet",
"trust": 0.1,
"url": "https://github.com/thedevappsecguy/Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet "
},
{
"title": "spring-on-k8s",
"trust": 0.1,
"url": "https://github.com/AndriyKalashnykov/spring-on-k8s "
},
{
"title": "jaygooby",
"trust": 0.1,
"url": "https://github.com/jaygooby/jaygooby "
},
{
"title": "log4j-log4shell-playground",
"trust": 0.1,
"url": "https://github.com/rgl/log4j-log4shell-playground "
},
{
"title": "Log4j",
"trust": 0.1,
"url": "https://github.com/kaganoglu/Log4j "
},
{
"title": "trivy-cve-scan",
"trust": 0.1,
"url": "https://github.com/broadinstitute/trivy-cve-scan "
},
{
"title": "test-44228",
"trust": 0.1,
"url": "https://github.com/datadavev/test-44228 "
},
{
"title": "cve-2021-44228-helpers",
"trust": 0.1,
"url": "https://github.com/uint0/cve-2021-44228-helpers "
},
{
"title": "log4j-vendor-list",
"trust": 0.1,
"url": "https://github.com/bizzarecontacts/log4j-vendor-list "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-44228 "
},
{
"title": "log4shell",
"trust": 0.1,
"url": "https://github.com/0xsyr0/log4shell "
},
{
"title": "cve-2021-44228-qingteng-online-patch",
"trust": 0.1,
"url": "https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch "
},
{
"title": "cve-2021-44228",
"trust": 0.1,
"url": "https://github.com/corelight/cve-2021-44228 "
},
{
"title": "Log4Shell-IOCs",
"trust": 0.1,
"url": "https://github.com/curated-intel/Log4Shell-IOCs "
},
{
"title": "Sitecore.Solr-log4j-mitigation",
"trust": 0.1,
"url": "https://github.com/avwolferen/Sitecore.Solr-log4j-mitigation "
},
{
"title": "check-log4j",
"trust": 0.1,
"url": "https://github.com/yahoo/check-log4j "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-44228"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.2
},
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-917",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.2,
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"trust": 1.2,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032"
},
{
"trust": 1.2,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"trust": 1.2,
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213189"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/mar/23"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/jul/11"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/dec/2"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/167794/open-xchange-app-suite-7.10.x-cross-site-scripting-command-injection.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/167917/mobileiron-log4shell-remote-command-execution.html"
},
{
"trust": 1.1,
"url": "https://github.com/nu11secur1ty/cve-mitre/tree/main/cve-2021-44228"
},
{
"trust": 1.1,
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165225/apache-log4j2-2.14.1-remote-code-execution.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165260/vmware-security-advisory-2021-0028.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165261/apache-log4j2-2.14.1-information-disclosure.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165270/apache-log4j2-2.14.1-remote-code-execution.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165281/log4j2-log4shell-regexes.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165282/log4j-payload-generator.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165306/l4sh-log4j-remote-code-execution.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165307/log4j-remote-code-execution-word-bypassing.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-extensive-scanner.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165371/vmware-security-advisory-2021-0028.4.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165532/log4shell-http-header-injection.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165642/vmware-vcenter-server-unauthenticated-log4shell-jndi-injection-remote-code-execution.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165673/unifi-network-application-unauthenticated-log4shell-remote-code-execution.html"
},
{
"trust": 1.1,
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"trust": 1.1,
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/software-list.md"
},
{
"trust": 1.1,
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"trust": 1.1,
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"trust": 1.1,
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/"
},
{
"trust": 1.0,
"url": "http://packetstormsecurity.com/files/171626/ad-manager-plus-7122-remote-code-execution.html"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-44228"
},
{
"trust": 0.8,
"url": "cve-2021-4104 "
},
{
"trust": 0.8,
"url": "cve-2021-44228 "
},
{
"trust": 0.8,
"url": "cve-2021-45046 "
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2021/dsa-5022"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/"
},
{
"trust": 0.1,
"url": "https://www.cve.org/cverecord?id=cve-2021-44228"
},
{
"trust": 0.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/18/1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=1.8.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5128"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/security/advisories/vmsa-2021-0028.html"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "https://lists.vmware.com/mailman/listinfo/security-announce."
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "PACKETSTORM",
"id": "165295"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165260"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#930724",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-407408",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-408570",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-44228",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165295",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165286",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165343",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165260",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-44228",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-12-15T00:00:00",
"db": "CERT/CC",
"id": "VU#930724",
"ident": null
},
{
"date": "2021-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-407408",
"ident": null
},
{
"date": "2021-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-408570",
"ident": null
},
{
"date": "2021-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44228",
"ident": null
},
{
"date": "2021-12-15T15:26:54",
"db": "PACKETSTORM",
"id": "165295",
"ident": null
},
{
"date": "2021-12-15T15:20:33",
"db": "PACKETSTORM",
"id": "165286",
"ident": null
},
{
"date": "2021-12-17T14:05:45",
"db": "PACKETSTORM",
"id": "165343",
"ident": null
},
{
"date": "2021-12-14T15:27:58",
"db": "PACKETSTORM",
"id": "165260",
"ident": null
},
{
"date": "2021-12-10T10:15:09.143000",
"db": "NVD",
"id": "CVE-2021-44228",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-02-07T00:00:00",
"db": "CERT/CC",
"id": "VU#930724",
"ident": null
},
{
"date": "2023-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-407408",
"ident": null
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-408570",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44228",
"ident": null
},
{
"date": "2026-02-20T16:15:59.363000",
"db": "NVD",
"id": "CVE-2021-44228",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165260"
}
],
"trust": 0.1
},
"title": {
"_id": null,
"data": "Apache Log4j allows insecure JNDI lookups",
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165295"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165260"
}
],
"trust": 0.4
}
}
CVE-2021-44832 (GCVE-0-2021-44832)
Vulnerability from nvd – Published: 2021-12-28 19:35 – Updated: 2024-08-04 04:32
VLAI?
Title
Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration
Summary
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Affected:
log4j-core , < 2.17.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
},
{
"name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
},
{
"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
},
{
"name": "FEDORA-2021-c6f471ce0f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
},
{
"name": "FEDORA-2021-1bd9151bab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Log4j2",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.13.0",
"status": "affected"
},
{
"at": "2.12.4",
"status": "unaffected"
},
{
"at": "2.4",
"status": "affected"
},
{
"at": "2.3.2",
"status": "unaffected"
},
{
"at": "2.0-beta7",
"status": "affected"
}
],
"lessThan": "2.17.1",
"status": "affected",
"version": "log4j-core",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."
}
],
"metrics": [
{
"other": {
"content": {
"other": "moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:41:33.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
},
{
"name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
},
{
"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
},
{
"name": "FEDORA-2021-c6f471ce0f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
},
{
"name": "FEDORA-2021-1bd9151bab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"source": {
"defect": [
"LOG4J2-3293",
""
],
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-12-27T00:00:00.000Z",
"value": "reported"
},
{
"lang": "en",
"time": "2021-12-27T00:00:00.000Z",
"value": "patch proposed, 2.17.1-rc1"
},
{
"lang": "en",
"time": "2021-12-28T00:00:00.000Z",
"value": "fixed"
},
{
"lang": "en",
"time": "2021-12-28T00:00:00.000Z",
"value": "public"
}
],
"title": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-44832",
"STATE": "PUBLIC",
"TITLE": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Log4j2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.17.1"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.13.0"
},
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.12.4"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.4"
},
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.3.2"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.0-beta7"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
},
{
"name": "https://issues.apache.org/jira/browse/LOG4J2-3293",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
},
{
"name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
},
{
"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
},
{
"name": "FEDORA-2021-c6f471ce0f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
},
{
"name": "FEDORA-2021-1bd9151bab",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
},
"source": {
"defect": [
"LOG4J2-3293",
""
],
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-12-27T00:00:00.000Z",
"value": "reported"
},
{
"lang": "en",
"time": "2021-12-27T00:00:00.000Z",
"value": "patch proposed, 2.17.1-rc1"
},
{
"lang": "en",
"time": "2021-12-28T00:00:00.000Z",
"value": "fixed"
},
{
"lang": "en",
"time": "2021-12-28T00:00:00.000Z",
"value": "public"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-44832",
"datePublished": "2021-12-28T19:35:11.000Z",
"dateReserved": "2021-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:32:13.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44228 (GCVE-0-2021-44228)
Vulnerability from nvd – Published: 2021-12-10 00:00 – Updated: 2025-10-21 23:25
VLAI?
Title
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Affected:
2.0-beta9 , < log4j-core*
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "DSA-5020",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "FEDORA-2021-66d6c484f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213189"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-44228",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:25:34.416117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:23.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-12-10T00:00:00.000Z",
"value": "CVE-2021-44228 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Log4j2",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.3.1",
"status": "unaffected"
},
{
"at": "2.4",
"status": "affected"
},
{
"at": "2.12.2",
"status": "unaffected"
},
{
"at": "2.13.0",
"status": "affected"
},
{
"at": "2.15.0",
"status": "unaffected"
}
],
"lessThan": "log4j-core*",
"status": "affected",
"version": "2.0-beta9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
}
],
"metrics": [
{
"other": {
"content": {
"other": "critical"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "DSA-5020",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"tags": [
"vendor-advisory"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "FEDORA-2021-66d6c484f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"url": "https://support.apple.com/kb/HT213189"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-44228",
"datePublished": "2021-12-10T00:00:00.000Z",
"dateReserved": "2021-11-26T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:23.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44832 (GCVE-0-2021-44832)
Vulnerability from cvelistv5 – Published: 2021-12-28 19:35 – Updated: 2024-08-04 04:32
VLAI?
Title
Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration
Summary
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Affected:
log4j-core , < 2.17.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
},
{
"name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
},
{
"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
},
{
"name": "FEDORA-2021-c6f471ce0f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
},
{
"name": "FEDORA-2021-1bd9151bab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Log4j2",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.13.0",
"status": "affected"
},
{
"at": "2.12.4",
"status": "unaffected"
},
{
"at": "2.4",
"status": "affected"
},
{
"at": "2.3.2",
"status": "unaffected"
},
{
"at": "2.0-beta7",
"status": "affected"
}
],
"lessThan": "2.17.1",
"status": "affected",
"version": "log4j-core",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."
}
],
"metrics": [
{
"other": {
"content": {
"other": "moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:41:33.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
},
{
"name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
},
{
"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
},
{
"name": "FEDORA-2021-c6f471ce0f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
},
{
"name": "FEDORA-2021-1bd9151bab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"source": {
"defect": [
"LOG4J2-3293",
""
],
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-12-27T00:00:00.000Z",
"value": "reported"
},
{
"lang": "en",
"time": "2021-12-27T00:00:00.000Z",
"value": "patch proposed, 2.17.1-rc1"
},
{
"lang": "en",
"time": "2021-12-28T00:00:00.000Z",
"value": "fixed"
},
{
"lang": "en",
"time": "2021-12-28T00:00:00.000Z",
"value": "public"
}
],
"title": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-44832",
"STATE": "PUBLIC",
"TITLE": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Log4j2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.17.1"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.13.0"
},
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.12.4"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.4"
},
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.3.2"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.0-beta7"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
},
{
"name": "https://issues.apache.org/jira/browse/LOG4J2-3293",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
},
{
"name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
},
{
"name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
},
{
"name": "FEDORA-2021-c6f471ce0f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
},
{
"name": "FEDORA-2021-1bd9151bab",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
},
"source": {
"defect": [
"LOG4J2-3293",
""
],
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-12-27T00:00:00.000Z",
"value": "reported"
},
{
"lang": "en",
"time": "2021-12-27T00:00:00.000Z",
"value": "patch proposed, 2.17.1-rc1"
},
{
"lang": "en",
"time": "2021-12-28T00:00:00.000Z",
"value": "fixed"
},
{
"lang": "en",
"time": "2021-12-28T00:00:00.000Z",
"value": "public"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-44832",
"datePublished": "2021-12-28T19:35:11.000Z",
"dateReserved": "2021-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:32:13.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44228 (GCVE-0-2021-44228)
Vulnerability from cvelistv5 – Published: 2021-12-10 00:00 – Updated: 2025-10-21 23:25
VLAI?
Title
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Affected:
2.0-beta9 , < log4j-core*
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "DSA-5020",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "FEDORA-2021-66d6c484f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213189"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-44228",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:25:34.416117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:23.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-12-10T00:00:00.000Z",
"value": "CVE-2021-44228 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Log4j2",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.3.1",
"status": "unaffected"
},
{
"at": "2.4",
"status": "affected"
},
{
"at": "2.12.2",
"status": "unaffected"
},
{
"at": "2.13.0",
"status": "affected"
},
{
"at": "2.15.0",
"status": "unaffected"
}
],
"lessThan": "log4j-core*",
"status": "affected",
"version": "2.0-beta9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
}
],
"metrics": [
{
"other": {
"content": {
"other": "critical"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "DSA-5020",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"tags": [
"vendor-advisory"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "FEDORA-2021-66d6c484f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"url": "https://support.apple.com/kb/HT213189"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-44228",
"datePublished": "2021-12-10T00:00:00.000Z",
"dateReserved": "2021-11-26T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:23.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}