Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Configuration 13 (hide)
|
Configuration 14 (hide)
|
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory |
03 Apr 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Feb 2023, 18:53
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/2 - Exploit, Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:* |
09 Dec 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 CWE-400 CWE-502 |
|
References |
|
17 Aug 2022, 17:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:* | |
First Time |
Percussion rhythmyx
Percussion |
09 Aug 2022, 13:17
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-917 | |
References | (MISC) http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Jul/11 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html - Third Party Advisory, VDB Entry |
03 Aug 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jun 2022, 18:26
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html - Exploit, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
References | (MISC) https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228 - Exploit, Third Party Advisory |
05 May 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Apr 2022, 13:45
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Mar/23 - Mailing List, Third Party Advisory |
12 Apr 2022, 18:14
Type | Values Removed | Values Added |
---|---|---|
First Time |
Bentley
Bentley synchro Bentley synchro 4d |
|
References | (CONFIRM) https://support.apple.com/kb/HT213189 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Mar/23 - Third Party Advisory | |
References | (MISC) https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001 - Third Party Advisory | |
References | (MISC) https://github.com/cisagov/log4j-affected-db - Third Party Advisory | |
CPE | cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:* cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:* |
15 Mar 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Mar 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Feb 2022, 04:23
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory |
07 Feb 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Feb 2022, 20:31
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md - Product, US Government Resource | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html - Third Party Advisory, VDB Entry | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html - Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html - Third Party Advisory, VDB Entry | |
References | (MS) https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - Patch, Third Party Advisory, Vendor Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
24 Jan 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jan 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
28 Dec 2021, 19:32
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory | |
References | (MS) https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:* cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:* |
20 Dec 2021, 18:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:paging_server:9.0\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):-:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:002.006\(000.156\):-:*:*:*:*:*:* cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(2\):*:*:*:*:*:*:* cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:paging_server:8.4\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:* cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:003.001\(000.518\):-:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.6\(1\):es02:*:*:*:*:*:* cpe:2.3:a:cisco:video_surveillance_manager:7.14\(1.26\):*:*:*:*:*:*:* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:003.002\(000.116\):-:*:*:*:*:*:* cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:002.007\(000.356\):-:*:*:*:*:*:* cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\(002.000\):*:*:*:*:*:*:* cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\):*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:* cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:* cpe:2.3:a:cisco:emergency_responder:11.5\(4.66000.14\):*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:* cpe:2.3:a:cisco:paging_server:12.5\(2\):*:*:*:*:*:*:* cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.000\):*:*:*:*:*:*:* cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.001\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es02:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:* cpe:2.3:a:cisco:cloudcenter_suite:5.5\(0\):*:*:*:*:*:*:* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central_software:2.0\(1f\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18119.2\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:video_surveillance_manager:7.14\(4.018\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.21900.40\):*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central_software:2.0\(1l\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18900.97\):*:*:*:*:*:*:* cpe:2.3:a:cisco:paging_server:9.0\(2\):*:*:*:*:*:*:* cpe:2.3:a:cisco:emergency_responder:11.5\(4.65000.14\):*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.6\(1\):-:*:*:*:*:*:* cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.6\(1\):es03:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):su1:*:*:*:*:*:* cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_sip_proxy:010.002\(000\):*:*:*:*:*:*:* cpe:2.3:a:cisco:video_surveillance_manager:7.14\(3.025\):*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_sip_proxy:010.000\(001\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es01:*:*:*:*:*:* cpe:2.3:a:cisco:network_assurance_engine:6.0\(2.1912\):*:*:*:*:*:*:* cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central_software:2.0\(1g\):*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central_software:2.0\(1k\):*:*:*:*:*:*:* cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:* cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central_software:2.0\(1d\):*:*:*:*:*:*:* cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.6\(1\):es01:*:*:*:*:*:* cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central_software:2.0\(1e\):*:*:*:*:*:*:* cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:paging_server:8.3\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.17900.52\):*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:* cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_express:12.6\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1.22900.6\):*:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:003.000\(000.458\):-:*:*:*:*:*:* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):-:*:*:*:*:*:* cpe:2.3:a:cisco:common_services_platform_collector:002.010\(000.000\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.22900.28\):*:*:*:*:*:*:* cpe:2.3:a:cisco:paging_server:14.0\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:cloudcenter_suite:5.4\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_workforce_optimization:11.5\(1\):sr7:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central_software:2.0\(1a\):*:*:*:*:*:*:* cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central_software:2.0\(1c\):*:*:*:*:*:*:* cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_computing_system:006.008\(001.000\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central_software:2.0\(1b\):*:*:*:*:*:*:* cpe:2.3:a:cisco:paging_server:8.5\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:paging_server:9.1\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.5\(1\):su2:*:*:*:*:*:* cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:*:*:*:*:*:*:* cpe:2.3:a:cisco:cloudcenter_suite:5.5\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:network_insights_for_data_center:6.0\(2.1914\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unity_connection:11.5\(1.10000.6\):*:*:*:*:*:*:* cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.002\):*:*:*:*:*:*:* cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central_software:2.0\(1h\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_sip_proxy:010.000\(000\):*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:cloudcenter_suite:5.3\(0\):*:*:*:*:*:*:* cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:video_surveillance_manager:7.14\(2.26\):*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.001\):*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.5\(1\):su1:*:*:*:*:*:* cpe:2.3:a:cisco:cloudcenter_suite:4.10\(0.15\):*:*:*:*:*:*:* cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:002.004\(000.914\):-:*:*:*:*:*:* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(3\):*:*:*:*:*:*:* cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.002\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_express:12.6\(2\):*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_sip_proxy:010.002\(001\):*:*:*:*:*:*:* cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.000\):*:*:*:*:*:*:* |
|
References | (MISC) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory | |
References | (MS) https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - Third Party Advisory |
16 Dec 2021, 19:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html - Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html - Third Party Advisory, VDB Entry | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/12/15/3 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html - Third Party Advisory, VDB Entry | |
References | (MISC) https://twitter.com/kurtseifried/status/1469345530182455296 - Exploit, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-5020 - Third Party Advisory | |
References | (MS) https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - Mitigation, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/12/14/4 - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/ - Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/12/13/1 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html - Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html - Third Party Advisory, VDB Entry | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/12/13/2 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html - Third Party Advisory | |
References | (CERT-VN) https://www.kb.cert.org/vuls/id/930724 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):*:*:*:*:*:*:* cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)su3:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:* cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:* cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:* cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:* cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:* cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:* cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\(1\):*:*:*:*:*:*:* cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:* cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:* cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:fxos:6.7.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:* cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:* cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:data_center_network_manager:11.3\(1\):*:*:*:*:*:*:* cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:* cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:fxos:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:* cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:* cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):*:*:*:-:*:*:* cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:* cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:* cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_sip_proxy:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:fxos:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:* cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:* cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:* cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:* cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:* cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:* cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:* cpe:2.3:a:cisco:dna_spaces\:_connector:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:* cpe:2.3:o:cisco:fxos:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:* cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:* cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:fxos:6.6.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:cisco:fxos:6.5.0:*:*:*:*:*:*:* cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:* cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:* cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:* cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:* cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:* cpe:2.3:a:siemens:logo\!_soft_comfort:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):*:*:*:*:*:*:* cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:fxos:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:12.6\(1\):*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:* cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:* cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:* cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:* cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:* cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:* cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:* cpe:2.3:o:cisco:fxos:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:* cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_workforce_optimization:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):*:*:*:session_management:*:*:* cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:* cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:* cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:* cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:* cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* cpe:2.3:a:intel:data_center_manager:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:* cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:* cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:* |
16 Dec 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Dec 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Dec 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Dec 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | |
References |
|
|
15 Dec 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | |
References |
|
15 Dec 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Dec 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Dec 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Dec 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or it can be mitigated in prior releases (<2.10) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). | |
References |
|
13 Dec 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Dec 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Dec 2021, 15:00
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-502 | |
CPE | cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:* cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:* cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:* cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 10.0 |
References | (CONFIRM) https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/1 - Mailing List, Mitigation, Third Party Advisory | |
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory | |
References | (MISC) https://logging.apache.org/log4j/2.x/security.html - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/2 - Mailing List, Mitigation, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/3 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211210-0007/ - Vendor Advisory | |
References | (MISC) http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html - Third Party Advisory, VDB Entry |
13 Dec 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting "com.sun.jndi.rmi.object.trustURLCodebase" and "com.sun.jndi.cosnaming.object.trustURLCodebase" to "false". |
12 Dec 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or it can be mitigated in prior releases (<2.10) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). |
12 Dec 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Dec 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Dec 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Dec 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Dec 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Dec 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Published : 2021-12-10 10:15
Updated : 2023-11-07 03:39
NVD link : CVE-2021-44228
Mitre link : CVE-2021-44228
CVE.ORG link : CVE-2021-44228
JSON object : View
siemens
- navigator
- energyip
- solid_edge_cam_pro
- logo\!_soft_comfort
- teamcenter
- energyip_prepay
- nx
- xpedition_package_integrator
- desigo_cc_advanced_reports
- vesys
- head-end_system_universal_device_integration_system
- e-car_operation_center
- sentron_powermanager
- industrial_edge_management_hub
- industrial_edge_management
- energy_engage
- spectrum_power_4
- siguard_dsa
- sppa-t3000_ses3000
- mendix
- desigo_cc_info_center
- sppa-t3000_ses3000_firmware
- gma-manager
- spectrum_power_7
- captial
- siveillance_control_pro
- sipass_integrated
- siveillance_vantage
- solid_edge_harness_design
- siveillance_identity
- xpedition_enterprise
- opcenter_intelligence
- siveillance_command
- comos
- siveillance_viewpoint
- operation_scheduler
- mindsphere
cisco
- unified_customer_voice_portal
- video_surveillance_manager
- unified_communications_manager_im_\&_presence_service
- firepower_9300
- identity_services_engine
- firepower_4120
- paging_server
- unified_contact_center_enterprise
- dna_center
- crosswork_platform_infrastructure
- ucs_director
- customer_experience_cloud_agent
- integrated_management_controller_supervisor
- virtualized_infrastructure_manager
- crosswork_optimization_engine
- cloud_connect
- enterprise_chat_and_email
- automated_subsea_tuning
- contact_center_management_portal
- emergency_responder
- firepower_2140
- cloudcenter_workload_manager
- workload_optimization_manager
- evolved_programmable_network_manager
- unity_connection
- firepower_1150
- virtualized_voice_browser
- network_services_orchestrator
- cloudcenter_cost_optimizer
- optical_network_controller
- virtual_topology_system
- iot_operations_dashboard
- firepower_2130
- wan_automation_engine
- crosswork_data_gateway
- firepower_2120
- unified_communications_manager
- broadworks
- fog_director
- firepower_threat_defense
- unified_contact_center_express
- unified_contact_center_management_portal
- webex_meetings_server
- smart_phy
- unified_intelligence_center
- mobility_services_engine
- firepower_4110
- ucs_central
- finesse
- firepower_1120
- crosswork_zero_touch_provisioning
- unified_sip_proxy
- cyber_vision
- dna_spaces_connector
- advanced_malware_protection_virtual_private_cloud_appliance
- firepower_4145
- network_assurance_engine
- cx_cloud_agent
- video_surveillance_operations_manager
- common_services_platform_collector
- firepower_1010
- sd-wan_vmanage
- data_center_network_manager
- business_process_automation
- fxos
- firepower_2110
- cloudcenter_suite_admin
- ucs_central_software
- unified_communications_manager_im_and_presence_service
- firepower_4112
- firepower_4115
- unified_workforce_optimization
- network_dashboard_fabric_controller
- firepower_4125
- connected_mobile_experiences
- dna_spaces
- connected_analytics_for_network_deployment
- packaged_contact_center_enterprise
- intersight_virtual_appliance
- crosswork_network_automation
- network_insights_for_data_center
- nexus_dashboard
- contact_center_domain_manager
- firepower_1140
- cloudcenter
- cyber_vision_sensor_management_extension
- firepower_4140
- nexus_insights
- crosswork_network_controller
- prime_service_catalog
- unified_computing_system
- cloudcenter_suite
- dna_spaces\
- firepower_4150
percussion
- rhythmyx
netapp
- cloud_manager
- oncommand_insight
- ontap_tools
- snapcenter
- active_iq_unified_manager
- cloud_secure_agent
- cloud_insights
intel
- system_debugger
- sensor_solution_firmware_development_kit
- data_center_manager
- audio_development_kit
- computer_vision_annotation_tool
- system_studio
- secure_device_onboard
- oneapi_sample_browser
- genomics_kernel_library
bentley
- synchro_4d
- synchro
snowsoftware
- vm_access_proxy
- snow_commander
sonicwall
- email_security
debian
- debian_linux
fedoraproject
- fedora
apache
- log4j