WID-SEC-W-2022-0197
Vulnerability from csaf_certbund - Published: 2021-12-28 23:00 - Updated: 2025-11-05 23:00Summary
Apache log4j: Schwachstelle ermöglicht Codeausführung
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.
Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - CISCO Appliance
- Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco WebEx Meetings Server
Cisco
|
cpe:/a:cisco:webex_meetings_server:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Cisco Unified Computing System (UCS) Director
Cisco / Unified Computing System (UCS)
|
cpe:/h:cisco:unified_computing_system:director_6.7.4.1
|
Director | |
|
Cisco Network Services Orchestrator
Cisco
|
cpe:/a:cisco:network_services_orchestrator:-
|
— | |
|
Cisco Nexus Insights
Cisco / Nexus
|
cpe:/h:cisco:nexus:insights
|
Insights | |
|
Cisco Identity Services Engine (ISE)
Cisco
|
cpe:/a:cisco:identity_services_engine_software:-
|
— | |
|
HPE Intelligent Management Center (IMC)
HPE
|
cpe:/a:hp:intelligent_management_center:-
|
— | |
|
IBM Rational Software Architect
IBM
|
cpe:/a:ibm:rational_software_architect:-
|
— | |
|
Cisco Finesse Director
Cisco / Finesse
|
cpe:/a:cisco:finesse:-
|
Director | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Cisco Unified Computing System (UCS)
Cisco / Unified Computing System (UCS)
|
cpe:/h:cisco:unified_computing_system:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
IBM WebSphere Application Server
IBM
|
cpe:/a:ibm:websphere_application_server:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Cisco Firepower
Cisco
|
cpe:/a:cisco:firepower:-
|
— | |
|
Cisco Unified Contact Center Enterprise Director
Cisco / Unified Contact Center Enterprise
|
cpe:/a:cisco:unified_contact_center_enterprise:-
|
Director | |
|
Cisco Unified Communications Manager (CUCM) Director
Cisco / Unified Communications Manager (CUCM)
|
cpe:/a:cisco:unified_communications_manager:-
|
Director | |
|
Cisco Emergency Responder Director
Cisco / Emergency Responder
|
cpe:/a:cisco:emergency_responder:-
|
Director | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Apache log4j <2.17.1
Apache / log4j
|
<2.17.1 | ||
|
IBM Security Guardium
IBM
|
cpe:/a:ibm:security_guardium:-
|
— | |
|
Dell ECS
Dell
|
cpe:/h:dell:ecs:-
|
— | |
|
Apache log4j <2.12.4
Apache / log4j
|
<2.12.4 | ||
|
Cisco Integrated Management Controller Supervisor
Cisco / Integrated Management Controller
|
cpe:/a:cisco:integrated_management_controller:::supervisor
|
Supervisor | |
|
Apache log4j <2.3.2
Apache / log4j
|
<2.3.2 | ||
|
Apache Struts
Apache
|
cpe:/a:apache:struts:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Cisco Unified Intelligence Center Director
Cisco / Unified Intelligence Center
|
cpe:/a:cisco:unified_intelligence_center:-
|
Director | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Cisco SD-WAN vManage
Cisco / SD-WAN
|
cpe:/a:cisco:sd_wan:vmanage
|
vManage | |
|
Cisco Nexus Dashboard
Cisco / Nexus
|
cpe:/h:cisco:nexus:::dashboard
|
Dashboard | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Cisco Application Policy Infrastructure Controller
Cisco
|
cpe:/a:cisco:application_policy_infrastructure_controller:-
|
— | |
|
IBM Tivoli Netcool/OMNIbus
IBM
|
cpe:/a:ibm:tivoli_netcool%2fomnibus:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Cisco Video Surveillance Operations Manager Director
Cisco / Video Surveillance Operations Manager
|
cpe:/a:cisco:video_surveillance_operations_manager:-
|
Director | |
|
Cisco Unified Communications Manager IM & Presence Service Director
Cisco / Unified Communications Manager IM & Presence Service
|
cpe:/a:cisco:unified_communications_manager_im_and_presence_service:-
|
Director | |
|
Cisco Unified Contact Center Express (UCCX) Director
Cisco / Unified Contact Center Express (UCCX)
|
cpe:/a:cisco:unified_contact_center_express:-
|
Director | |
|
Cisco Unity Connection Director
Cisco / Unity Connection
|
cpe:/a:cisco:unity_connection:-
|
Director | |
|
SOS GmbH JobScheduler
SOS GmbH
|
cpe:/a:sos_gmbh:jobscheduler:-
|
— |
References
48 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- CISCO Appliance\n- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0197 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0197.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0197 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0197"
},
{
"category": "external",
"summary": "Apache Log4j 2 Website vom 2021-12-28",
"url": "https://logging.apache.org/log4j/2.x/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2870 vom 2021-12-30",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
},
{
"category": "external",
"summary": "Apache Struts Announcement",
"url": "https://struts.apache.org/announce-2022"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6538148 vom 2022-01-05",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affect-ibm-websphere-application-server-cve-2021-45105-cve-2021-44832/"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-apache-log4j-qRuKNEbd vom 2022-01-06",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"category": "external",
"summary": "JobScheduler Vulnerability Release 1.13.11 vom 2022-01-10",
"url": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.11"
},
{
"category": "external",
"summary": "HPE Security Bulletin HPESBGN04215 rev.10 vom 2022-01-08",
"url": "https://support.hpe.com/hpesc/public/docDisplay?elq_mid=17739\u0026elq_cid=67018031\u0026docId=hpesbgn04215en_us"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6539408 vom 2022-01-11",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affect-the-ibm-websphere-application-server-and-ibm-security-guardium-key-lifecycle-manager-cve-2021-4104-cve-2021-45046-cve-2021-45105/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5222-1 vom 2022-01-11",
"url": "https://ubuntu.com/security/notices/USN-5222-1"
},
{
"category": "external",
"summary": "JobScheduler Vulnerability Release 2.2.1 vom 2022-01-11",
"url": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+2.2.1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0138 vom 2022-01-13",
"url": "https://access.redhat.com/errata/RHSA-2022:0138"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6540676 vom 2022-01-15",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-snapshot-on-windows-cve-2021-44832/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6540560 vom 2022-01-15",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-operations-center-cve-2021-44832/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6540846 vom 2022-01-15",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-for-space-management-cve-2021-44832/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6540692 vom 2022-01-15",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-impacts-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments-cve-2021-44832/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6540874 vom 2022-01-15",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2021-44832/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0203 vom 2022-01-20",
"url": "https://access.redhat.com/errata/RHSA-2022:0203"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0226 vom 2022-01-21",
"url": "https://access.redhat.com/errata/RHSA-2022:0226"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0227 vom 2022-01-21",
"url": "https://access.redhat.com/errata/RHSA-2022:0227"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0083 vom 2022-01-20",
"url": "https://access.redhat.com/errata/RHSA-2022:0083"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0225 vom 2022-01-21",
"url": "https://access.redhat.com/errata/RHSA-2022:0225"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0216 vom 2022-01-20",
"url": "https://access.redhat.com/errata/RHSA-2022:0216"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0222 vom 2022-01-21",
"url": "https://access.redhat.com/errata/RHSA-2022:0222"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0205 vom 2022-01-20",
"url": "https://access.redhat.com/errata/RHSA-2022:0205"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0223 vom 2022-01-21",
"url": "https://access.redhat.com/errata/RHSA-2022:0223"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0230 vom 2022-01-22",
"url": "https://access.redhat.com/errata/RHSA-2022:0230"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6549888 vom 2022-01-25",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0236 vom 2022-01-25",
"url": "https://access.redhat.com/errata/RHSA-2022:0236"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0181 vom 2022-01-27",
"url": "https://access.redhat.com/errata/RHSA-2022:0181"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-011 vom 2022-01-27",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-011.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6551310 vom 2022-01-28",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-omnibus-common-integration-libraries-is-vulnerable-to-arbitrary-code-execution-and-denial-of-service-due-to-apache-log4j-cve-2021-44228-cve-2021-45046-cve-2021/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1734 vom 2022-01-27",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1734.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6552546 vom 2022-02-02",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-tivoli-netcool-omnibus-installation-contains-vulnerable-apache-log4j-code-cve-2021-44832-cve-2021-45046-cve-2021-45105/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6553026 vom 2022-02-05",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44832/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0467 vom 2022-02-08",
"url": "https://access.redhat.com/errata/RHSA-2022:0467"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0485 vom 2022-02-16",
"url": "https://access.redhat.com/errata/RHSA-2022:0485"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0493 vom 2022-02-16",
"url": "https://access.redhat.com/errata/RHSA-2022:0493"
},
{
"category": "external",
"summary": "HCL Article KB0097299 vom 2022-03-23",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097299"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1296 vom 2022-04-11",
"url": "https://access.redhat.com/errata/RHSA-2022:1296"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1297 vom 2022-04-11",
"url": "https://access.redhat.com/errata/RHSA-2022:1297"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1299 vom 2022-04-11",
"url": "https://access.redhat.com/errata/RHSA-2022:1299"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2022-001 vom 2022-04-25",
"url": "https://downloads.avaya.com/css/P8/documents/101081576"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6593439 vom 2022-06-09",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-software-architect-realtime-edition-rsa-rt-is-vulnerable-to-apache-log4j2-cve-2021-44832/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6832160 vom 2022-10-27",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-apache-log4j-ibm-qradar-siem-is-vulnerable-to-arbitrary-code-execution-cve-2019-17571-cve-2021-44832-cve-2021-4104/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-225 vom 2022-12-09",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-225.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2021-273 vom 2025-11-05",
"url": "https://www.dell.com/support/kbdoc/de-de/000194612/dsa-2021-273-dell-emc-ecs-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228"
}
],
"source_lang": "en-US",
"title": "Apache log4j: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2025-11-05T23:00:00.000+00:00",
"generator": {
"date": "2025-11-06T09:37:14.655+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2022-0197",
"initial_release_date": "2021-12-28T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-12-28T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-12-29T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-01-02T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Apache aufgenommen"
},
{
"date": "2022-01-04T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-01-05T23:00:00.000+00:00",
"number": "5",
"summary": "Referenz(en) aufgenommen: PH38929"
},
{
"date": "2022-01-06T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Cisco aufgenommen"
},
{
"date": "2022-01-09T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SOS GmbH und HPE aufgenommen"
},
{
"date": "2022-01-10T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-01-11T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-01-12T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-01-13T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-16T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-01-19T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-20T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-23T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-24T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-01-25T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-26T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-27T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Amazon und IBM aufgenommen"
},
{
"date": "2022-02-01T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-02-06T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-02-08T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-02-16T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-03-22T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2022-04-11T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-04-26T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2022-06-08T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-12-11T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-11-05T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "30"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Apache Struts",
"product": {
"name": "Apache Struts",
"product_id": "642",
"product_identification_helper": {
"cpe": "cpe:/a:apache:struts:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.3.2",
"product": {
"name": "Apache log4j \u003c2.3.2",
"product_id": "T021443"
}
},
{
"category": "product_version",
"name": "2.3.2",
"product": {
"name": "Apache log4j 2.3.2",
"product_id": "T021443-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:log4j:2.3.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.12.4",
"product": {
"name": "Apache log4j \u003c2.12.4",
"product_id": "T021444"
}
},
{
"category": "product_version",
"name": "2.12.4",
"product": {
"name": "Apache log4j 2.12.4",
"product_id": "T021444-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:log4j:2.12.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.17.1",
"product": {
"name": "Apache log4j \u003c2.17.1",
"product_id": "T021445"
}
},
{
"category": "product_version",
"name": "2.17.1",
"product": {
"name": "Apache log4j 2.17.1",
"product_id": "T021445-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:log4j:2.17.1"
}
}
}
],
"category": "product_name",
"name": "log4j"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Avaya Aura Application Enablement Services",
"product": {
"name": "Avaya Aura Application Enablement Services",
"product_id": "T015516",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Experience Portal",
"product": {
"name": "Avaya Aura Experience Portal",
"product_id": "T015519",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_experience_portal:-"
}
}
},
{
"category": "product_name",
"name": "Avaya one-X",
"product": {
"name": "Avaya one-X",
"product_id": "1024",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:one-x:-"
}
}
}
],
"category": "vendor",
"name": "Avaya"
},
{
"branches": [
{
"category": "product_name",
"name": "Cisco Application Policy Infrastructure Controller",
"product": {
"name": "Cisco Application Policy Infrastructure Controller",
"product_id": "778219",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:application_policy_infrastructure_controller:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Director",
"product": {
"name": "Cisco Emergency Responder Director",
"product_id": "2040",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:emergency_responder:-"
}
}
}
],
"category": "product_name",
"name": "Emergency Responder"
},
{
"branches": [
{
"category": "product_version",
"name": "Director",
"product": {
"name": "Cisco Finesse Director",
"product_id": "199167",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:finesse:-"
}
}
}
],
"category": "product_name",
"name": "Finesse"
},
{
"category": "product_name",
"name": "Cisco Firepower",
"product": {
"name": "Cisco Firepower",
"product_id": "T011337",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:firepower:-"
}
}
},
{
"category": "product_name",
"name": "Cisco Identity Services Engine (ISE)",
"product": {
"name": "Cisco Identity Services Engine (ISE)",
"product_id": "T000612",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:identity_services_engine_software:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Supervisor",
"product": {
"name": "Cisco Integrated Management Controller Supervisor",
"product_id": "T021487",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:integrated_management_controller:::supervisor"
}
}
}
],
"category": "product_name",
"name": "Integrated Management Controller"
},
{
"category": "product_name",
"name": "Cisco Network Services Orchestrator",
"product": {
"name": "Cisco Network Services Orchestrator",
"product_id": "T021358",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:network_services_orchestrator:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Dashboard",
"product": {
"name": "Cisco Nexus Dashboard",
"product_id": "T021249",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:nexus:::dashboard"
}
}
},
{
"category": "product_version",
"name": "Insights",
"product": {
"name": "Cisco Nexus Insights",
"product_id": "T021357",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:nexus:insights"
}
}
}
],
"category": "product_name",
"name": "Nexus"
},
{
"branches": [
{
"category": "product_version",
"name": "vManage",
"product": {
"name": "Cisco SD-WAN vManage",
"product_id": "T018812",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:sd_wan:vmanage"
}
}
}
],
"category": "product_name",
"name": "SD-WAN"
},
{
"branches": [
{
"category": "product_version",
"name": "Director",
"product": {
"name": "Cisco Unified Communications Manager (CUCM) Director",
"product_id": "2142",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:unified_communications_manager:-"
}
}
}
],
"category": "product_name",
"name": "Unified Communications Manager (CUCM)"
},
{
"branches": [
{
"category": "product_version",
"name": "Director",
"product": {
"name": "Cisco Unified Communications Manager IM \u0026 Presence Service Director",
"product_id": "915287",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:-"
}
}
}
],
"category": "product_name",
"name": "Unified Communications Manager IM \u0026 Presence Service"
},
{
"branches": [
{
"category": "product_name",
"name": "Cisco Unified Computing System (UCS)",
"product": {
"name": "Cisco Unified Computing System (UCS)",
"product_id": "163824",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:-"
}
}
},
{
"category": "product_version",
"name": "Director",
"product": {
"name": "Cisco Unified Computing System (UCS) Director",
"product_id": "T017032",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:unified_computing_system:director_6.7.4.1"
}
}
}
],
"category": "product_name",
"name": "Unified Computing System (UCS)"
},
{
"branches": [
{
"category": "product_version",
"name": "Director",
"product": {
"name": "Cisco Unified Contact Center Enterprise Director",
"product_id": "2143",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:unified_contact_center_enterprise:-"
}
}
}
],
"category": "product_name",
"name": "Unified Contact Center Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "Director",
"product": {
"name": "Cisco Unified Contact Center Express (UCCX) Director",
"product_id": "915286",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:unified_contact_center_express:-"
}
}
}
],
"category": "product_name",
"name": "Unified Contact Center Express (UCCX)"
},
{
"branches": [
{
"category": "product_version",
"name": "Director",
"product": {
"name": "Cisco Unified Intelligence Center Director",
"product_id": "T018811",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:unified_intelligence_center:-"
}
}
}
],
"category": "product_name",
"name": "Unified Intelligence Center"
},
{
"branches": [
{
"category": "product_version",
"name": "Director",
"product": {
"name": "Cisco Unity Connection Director",
"product_id": "T002044",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:unity_connection:-"
}
}
}
],
"category": "product_name",
"name": "Unity Connection"
},
{
"branches": [
{
"category": "product_version",
"name": "Director",
"product": {
"name": "Cisco Video Surveillance Operations Manager Director",
"product_id": "196088",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:video_surveillance_operations_manager:-"
}
}
}
],
"category": "product_name",
"name": "Video Surveillance Operations Manager"
},
{
"category": "product_name",
"name": "Cisco WebEx Meetings Server",
"product": {
"name": "Cisco WebEx Meetings Server",
"product_id": "T001160",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:webex_meetings_server:-"
}
}
}
],
"category": "vendor",
"name": "Cisco"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell ECS",
"product": {
"name": "Dell ECS",
"product_id": "T048328",
"product_identification_helper": {
"cpe": "cpe:/h:dell:ecs:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Intelligent Management Center (IMC)",
"product": {
"name": "HPE Intelligent Management Center (IMC)",
"product_id": "T001888",
"product_identification_helper": {
"cpe": "cpe:/a:hp:intelligent_management_center:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "5104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
},
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "IBM QRadar SIEM 7.4",
"product_id": "T024775",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.4"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"category": "product_name",
"name": "IBM Rational Software Architect",
"product": {
"name": "IBM Rational Software Architect",
"product_id": "T005181",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_software_architect:-"
}
}
},
{
"category": "product_name",
"name": "IBM Security Guardium",
"product": {
"name": "IBM Security Guardium",
"product_id": "T021345",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:-"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Netcool/OMNIbus",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus",
"product_id": "T004181",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:-"
}
}
},
{
"category": "product_name",
"name": "IBM WebSphere Application Server",
"product": {
"name": "IBM WebSphere Application Server",
"product_id": "5198",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SOS GmbH JobScheduler",
"product": {
"name": "SOS GmbH JobScheduler",
"product_id": "T021263",
"product_identification_helper": {
"cpe": "cpe:/a:sos_gmbh:jobscheduler:-"
}
}
}
],
"category": "vendor",
"name": "SOS GmbH"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-44832",
"product_status": {
"known_affected": [
"T001160",
"67646",
"T017032",
"T021358",
"T021357",
"T000612",
"T001888",
"T005181",
"199167",
"398363",
"163824",
"T015519",
"5198",
"T015516",
"T011337",
"2143",
"2142",
"2040",
"T022954",
"T021445",
"T021345",
"T048328",
"T021444",
"T021487",
"T021443",
"642",
"2951",
"T018811",
"1024",
"T000126",
"T018812",
"T021249",
"5104",
"778219",
"T004181",
"T024775",
"196088",
"915287",
"915286",
"T002044",
"T021263"
]
},
"release_date": "2021-12-28T23:00:00.000+00:00",
"title": "CVE-2021-44832"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…