All the vulnerabilites related to Siemens - Opcenter Intelligence
var-202112-0566
Vulnerability from variot
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Critical: Red Hat Data Grid 8.2.2 security update Advisory ID: RHSA-2021:5132-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2021:5132 Issue date: 2021-12-14 CVE Names: CVE-2021-44228 =====================================================================
- Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.
Data Grid 8.2.2 replaces Data Grid 8.2.1 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.2 in the Release Notes [3].
Security Fix(es):
- log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
To install this update, do the following:
- Download the Data Grid 8.2.2 server patch from the customer portal[²].
- Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
- Install the Data Grid 8.2.2 server patch. Refer to the 8.2.2 Release Notes[³] for patching instructions.
-
Restart Data Grid to ensure the changes take effect.
-
Bugs fixed (https://bugzilla.redhat.com/):
2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- References:
https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381&product=data.grid&version=8.2&downloadType=patches https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYblI0NzjgjWX9erEAQj7mw//TtZnFmrLI6Ts7uC19MnLA/vVPXT1i2Qz R1CZ4T7QCZkiJCNXvwYHj7iQgOm5o/seXRE38qGtJWqiyrZMGHVQnDl1Vuhm31jg 6lxhpjn0kKKZanznosCxF3U2ovLhrEx+5in4piNiyV6CKkkgBV7UvESGWlIKiumq 1r79DAQ7WdYPoOk+m+b5p/okFJXyD0FcEbrqZcgJQCmR9zyJ6DGAy4N9+cgEgGaC QoVZaXa+pUEVjiAOAg0XNcb+GyYSMFwkPUR14NI0V2OHIo97aBg9AG1HrOj3QmSG 5LR/8zWQbfSbtTIzR67gBGF8F8nvnEeBARYje97Cx2FcHGDFisLHM8OGqFNjU5+I HepIdPjwcoy3kPDSfQ9WXx7Iz03tMCbhMWUhH9MRYuUAzCHgsAryZ4AnTBa+Hn7B 7WHuVf24eFcoJysoWGsbQZDzN5oxqIRXP2mA5k7MVemHV5L+7KV15KyJWaDqTdI+ DTpw8kP/WboloegmZmaqbPLlfvl91G8LjU5yfLaa+rNHkbyT4G1c3iQm5yLWlsYW yfGf+XiZPoF5S6862qdx7YPZG0yTkaUYU0Spnr8eV9wt9uUIp57jczrBzgBKYlN0 BdNv9DgqbGvhmdz/k95gRZUpdYAvF6J4+Y4h9uXgxqfdGZjFCSlegOG8gleCnvEw dfFqyyf+3ZQ= =be8O -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
The References section of this erratum contains a download link for the update. You must be logged in to download the update. ========================================================================= Ubuntu Security Notice USN-5192-2 December 17, 2021
apache-log4j2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Apache Log4j 2 could be made to crash or run programs as an administrator if it received a specially crafted input. This update provides the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: liblog4j2-java 2.4-2ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
2021-12-11: VMSA-2021-0028.1 Updated advisory with workaround information for multiple products including vCenter Server Appliance, vRealize Operations, Horizon, vRealize Log Insight, Unified Access Gateway.
2021-12-13: VMSA-2021-0028.2 Revised advisory with updates to multiple products. \x95 VMware HCX \x95 VMware NSX-T Data Center \x95 VMware WorkspaceOne Access \x95 VMware Identity Manager \x95 VMware vRealize Operations Cloud Proxy \x95 VMware vRealize Lifecycle Manager \x95 VMware Site Recovery Manager, vSphere Replication \x95 VMware Carbon Black Cloud Workload Appliance \x95 VMware Carbon Black EDR Server \x95 VMware Tanzu GemFire \x95 VMware Tanzu Greenplum \x95 VMware Tanzu Operations Manager \x95 VMware Tanzu Application Service for VMs \x95 VMware Tanzu Kubernetes Grid Integrated Edition \x95 VMware Tanzu Observability by Wavefront Nozzle \x95 Healthwatch for Tanzu Application Service \x95 Spring Cloud Services for VMware Tanzu \x95 API Portal for VMware Tanzu \x95 Single Sign-On for VMware Tanzu Application Service \x95 App Metrics \x95 VMware vCenter Cloud Gateway \x95 VMware Cloud Foundation \x95 VMware Workspace ONE Access Connector \x95 VMware Horizon DaaS \x95 VMware Horizon Cloud Connector \x95 VMware NSX Data Center for vSphere \x95 VMware AppDefense Appliance \x95 VMware Cloud Director Object Storage Extension
You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce. Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
Security Fix(es):
-
log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
-
jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)
-
kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)
-
xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149)
-
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145)
-
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151)
-
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147)
-
xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148)
-
xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141)
-
xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146)
-
xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154)
-
xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144)
-
xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139)
-
xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153)
-
xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140)
-
xstream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505)
-
xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150)
-
xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Bugs fixed (https://bugzilla.redhat.com/):
1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1997763 - CVE-2021-39139 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997765 - CVE-2021-39140 xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler 1997769 - CVE-2021-39141 xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei. 1997772 - CVE-2021-39144 xstream: Arbitrary code execution via unsafe deserialization of sun.tracing. 1997775 - CVE-2021-39145 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997777 - CVE-2021-39146 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue 1997779 - CVE-2021-39147 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration 1997781 - CVE-2021-39148 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator 1997784 - CVE-2021-39149 xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba. 1997786 - CVE-2021-39150 xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei. 1997791 - CVE-2021-39151 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997793 - CVE-2021-39152 xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData 1997795 - CVE-2021-39153 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997801 - CVE-2021-39154 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
This update also fixes CVE-2020-9488 in the oldstable distribution (buster). Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.
For the oldstable distribution (buster), this problem has been fixed in version 2.15.0-1~deb10u1.
For the stable distribution (bullseye), this problem has been fixed in version 2.15.0-1~deb11u1.
We recommend that you upgrade your apache-log4j2 packages.
For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG0+YVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQvXA/+LIMVC0X80Qc6No564VodtTN3Ci0NyaUcQyZG8Gyo2tPuwKEpOUpmom7f wcZvQgKvwxs3Ad1M5Zt/6Ql3v0KbwzBah0v8KUV86B6g4yb+Wno7iKQR1mN47bpz 2SJPzf6IECwtmz3zYI3fLuJJ/dvAMRlQ+nhPsC8/zJGJgfFHFmDyfG8TtlrYLUHS Pjpov4C/VllQGJ5MjyVF93OqTCy4V7WxH/RgT1YBOs71KNCq5yPoch35geytSQoM Kk59qFLQgST2kYhLVxRRbdQAAhbA7W5XythKqphon6nRmlJPHSGkXMf9s0N3cm6K Zkmvo2/A29FiceZj/bSM4/qw7gqbsJfpSMcTKmxhReolsXAJVj4mGu9cZZTAP7Tb g8fl8kGljFd01ka0208eFyILHCR2bAF2xgS1nG6TCc170azDkvW38fZHHkLQIPbF TOwxoNv8dHgyT6pfI+BDYKy9pNvrLk/jqXkOpry6nY+Ji/RcjGBDIR3VP25VsMk8 6zwERE1LX0IvwiaSFBg6oyWW4siINZzFyVXryLvRr/YBIAYKGv+Y1Wn8ageACItW 2SZjLbK4uBTOHyvPITBgOZSYD7kYcTPxdbb8ntw7Uo489hYXzjYlloTBoUPg1G3o gyZnRfW0yYf2bA63I7vVBDTITt8K4H1UkUDEOIUjXGekFLqDnGw= =BY2+ -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0566", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "cloudcenter cost optimizer", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.5.2" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(001.002\\)" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.0\\(1\\)" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.6" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.2.3" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "8.4\\(1\\)" }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.0" }, { "model": "automated subsea tuning", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "02.01.00" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.1" }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.15.0" }, { "model": "enterprise chat and email", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "captial", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.5.0" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1c\\)" }, { "model": "sd-wan vmanage", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "20.4" }, { "model": "integrated management controller supervisor", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.3.2.1" }, { "model": "broadworks", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "cloudcenter suite", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.4\\(1\\)" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.6" }, { "model": "dna center", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.2.3.4" }, { "model": "contact center management portal", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.2.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.22900.28\\)" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.5" }, { "model": "unity connection", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.7" }, { "model": "vm access proxy", "scope": "lt", "trust": 1.0, "vendor": "snowsoftware", "version": "3.6" }, { "model": "mendix", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "006.005.000.000" }, { "model": "unified computing system", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "006.008\\(001.000\\)" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "dna center", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.1.2.8" }, { "model": "emergency responder", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(4.65000.14\\)" }, { "model": "operation scheduler", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "1.1.3" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1b\\)" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.1.0" }, { "model": "siveillance identity", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "virtual topology system", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.6.6" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(001.001\\)" }, { "model": "captial", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "unity connection", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.10000.6\\)" }, { "model": "e-car operation center", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "crosswork network automation", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0.0" }, { "model": "intersight virtual appliance", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "1.0.9-343" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1k\\)" }, { "model": "oneapi sample browser", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.5" }, { "model": "emergency responder", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.010\\(000.000\\)" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "003.001\\(000.518\\)" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.0" }, { "model": "sppa-t3000 ses3000", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "intersight virtual appliance", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "1.0.9-361" }, { "model": "business process automation", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.0.000.115" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "008.000.000.000.004" }, { "model": "crosswork zero touch provisioning", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0.0" }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.1" }, { "model": "nx", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "dna spaces\\: connector", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.5" }, { "model": "unified contact center express", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "mobility services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "integrated management controller supervisor", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.3.2.0" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.3.0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.0\\(1\\)" }, { "model": "unified intelligence center", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.4\\(1\\)" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "webex meetings server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.0" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "8.3\\(1\\)" }, { "model": "xpedition package integrator", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.3.1" }, { "model": "xpedition enterprise", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "dna center", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "2.2.3.0" }, { "model": "dna center", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.2.2.8" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(000.001\\)" }, { "model": "business process automation", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.2.000.009" }, { "model": "gma-manager", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "8.6.2j-398" }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "9.0\\(1\\)" }, { "model": "common services platform collector", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.10.0.1" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.6" }, { "model": "video surveillance manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.14\\(2.26\\)" }, { "model": "finesse", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "optical network controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "1.1" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.8" }, { "model": "unified contact center express", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "unified intelligence center", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(2\\)" }, { "model": "industrial edge management", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "cloud secure agent", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "network services orchestrator", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "5.4" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.7.0" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1a\\)" }, { "model": "log4j", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.004\\(000.914\\)" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.3" }, { "model": "synchro 4d", "scope": "lt", "trust": 1.0, "vendor": "bentley", "version": "6.2.4.2" }, { "model": "sentron powermanager", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "fog director", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "video surveillance manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.14\\(1.26\\)" }, { "model": "comos", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "crosswork network automation", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.1.0" }, { "model": "network services orchestrator", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.5.4.1" }, { "model": "navigator", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0" }, { "model": "data center manager", "scope": "lt", "trust": 1.0, "vendor": "intel", "version": "5.1" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.6\\(1\\)" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.4" }, { "model": "optical network controller", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "1.1.0" }, { "model": "crosswork zero touch provisioning", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.0.1" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.4" }, { "model": "automated subsea tuning", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.1.0" }, { "model": "cloud manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "broadworks", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2021.11_1.162" }, { "model": "identity services engine", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.4.0" }, { "model": "energyip prepay", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.8" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.0.0" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(001.000\\)" }, { "model": "cloud connect", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "006.004.000.003" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "contact center domain manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "cloudcenter suite", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.10\\(0.15\\)" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.7" }, { "model": "cloudcenter suite", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.3\\(0\\)" }, { "model": "workload optimization manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.2.1" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "8.5\\(1\\)" }, { "model": "nexus insights", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.0.2" }, { "model": "sentron powermanager", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.17900.52\\)" }, { "model": "unity connection", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "network insights for data center", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(2.1914\\)" }, { "model": "emergency responder", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(4\\)" }, { "model": "system debugger", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "enterprise chat and email", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "mindsphere", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-11" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "9.0\\(2\\)" }, { "model": "ontap tools", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.13.0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "unified communications manager im \\\u0026 presence service", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.22900.6\\)" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "unified communications manager im \\\u0026 presence service", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.6.1" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1d\\)" }, { "model": "unified communications manager im and presence service", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(3\\)" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(000.002\\)" }, { "model": "unified sip proxy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "010.002\\(001\\)" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.4.0" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "003.002\\(000.116\\)" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.3" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.003.001.001" }, { "model": "sd-wan vmanage", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "20.3.4.1" }, { "model": "synchro", "scope": "gte", "trust": 1.0, "vendor": "bentley", "version": "6.1" }, { "model": "packaged contact center enterprise", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.6" }, { "model": "network services orchestrator", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "5.6" }, { "model": "unified communications manager im and presence service", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.12.2" }, { "model": "cloudcenter suite admin", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.3.1" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.6\\(2\\)" }, { "model": "finesse", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "business process automation", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "3.1.000.000" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(2\\)" }, { "model": "teamcenter", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "customer experience cloud agent", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "1.12.1" }, { "model": "crosswork network controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0.0" }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "dna center", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "2.2.2.0" }, { "model": "network services orchestrator", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "crosswork platform infrastructure", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "4.0.1" }, { "model": "crosswork data gateway", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.0.2" }, { "model": "cloudcenter suite", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.5\\(1\\)" }, { "model": "snow commander", "scope": "lt", "trust": 1.0, "vendor": "snowsoftware", "version": "8.10.0" }, { "model": "solid edge harness design", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2020" }, { "model": "sd-wan vmanage", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "20.4.2.1" }, { "model": "siveillance identity", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.6" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.002.000" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "cloudcenter suite", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.5\\(0\\)" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1l\\)" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.6.0" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.2.1" }, { "model": "email security", "scope": "lt", "trust": 1.0, "vendor": "sonicwall", "version": "10.0.12" }, { "model": "crosswork optimization engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0.0" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.1.2" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.1.4" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "solid edge cam pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "unified contact center express", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.7.0" }, { "model": "prime service catalog", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.1" }, { "model": "snapcenter", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "spectrum power 4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.70" }, { "model": "cyber vision", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.0.2" }, { "model": "unified sip proxy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "010.002\\(000\\)" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(000.000\\)" }, { "model": "cyber vision sensor management extension", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.0.2" }, { "model": "data center network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.3\\(1\\)" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.003.003" }, { "model": "unified contact center express", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(2\\)" }, { "model": "sd-wan vmanage", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "20.6.2.1" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "finesse", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "common services platform collector", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "2.10.0" }, { "model": "cyber vision sensor management extension", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "4.0.3" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1h\\)" }, { "model": "opcenter intelligence", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.0" }, { "model": "cx cloud agent", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "001.012" }, { "model": "sipass integrated", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.80" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.000.001" }, { "model": "genomics kernel library", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(2\\)" }, { "model": "video surveillance manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.14\\(3.025\\)" }, { "model": "energy engage", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "siveillance command", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.16.2.1" }, { "model": "siveillance viewpoint", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "vesys", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "desigo cc info center", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "14.0\\(1\\)" }, { "model": "crosswork data gateway", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0.0" }, { "model": "secure device onboard", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "006.005.000." }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.0.0" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.3" }, { "model": "smart phy", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.2.1" }, { "model": "data center network manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.3\\(1\\)" }, { "model": "dna center", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.2.2.8" }, { "model": "unified sip proxy", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "10.2.1v2" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5" }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.4.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "nexus dashboard", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.1.2" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "9.0" }, { "model": "desigo cc info center", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "crosswork network controller", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.0.1" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.4.0" }, { "model": "rhythmyx", "scope": "lte", "trust": 1.0, "vendor": "percussion", "version": "7.3.2" }, { "model": "cloudcenter workload manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.5.2" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1g\\)" }, { "model": "virtualized infrastructure manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.2.0" }, { "model": "unified sip proxy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "010.000\\(001\\)" }, { "model": "vesys", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "iot operations dashboard", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.2.3" }, { "model": "spectrum power 7", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.30" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.5" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.5.0" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.2.1" }, { "model": "unified sip proxy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "010.000\\(000\\)" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "virtual topology system", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.6.7" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.2\\(1\\)" }, { "model": "enterprise chat and email", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.0\\(1\\)" }, { "model": "spectrum power 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.30" }, { "model": "unified customer voice portal", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.6" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.003.000" }, { "model": "industrial edge management hub", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.001.000" }, { "model": "solid edge harness design", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2020" }, { "model": "computer vision annotation tool", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "cloudcenter", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "4.10.0.16" }, { "model": "ucs central", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1p\\)" }, { "model": "integrated management controller supervisor", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.003\\(002.000\\)" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.6" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.1.3" }, { "model": "network assurance engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(2.1912\\)" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.6.0" }, { "model": "crosswork network automation", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "dna spaces", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.1.3" }, { "model": "unified intelligence center", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "003.000\\(000.458\\)" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.1.0" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.2.2" }, { "model": "webex meetings server", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.0" }, { "model": "network assurance engine", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.0.2" }, { "model": "head-end system universal device integration system", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "virtualized voice browser", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "unified workforce optimization", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "dna spaces connector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "unified contact center management portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "enterprise chat and email", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.0\\(1\\)" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "21.3" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "siveillance vantage", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sd-wan vmanage", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "20.5" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.18900.97\\)" }, { "model": "common services platform collector", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.9.1.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)su3" }, { "model": "cloud insights", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.1" }, { "model": "spectrum power 4", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.70" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.1\\(1\\)" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1e\\)" }, { "model": "advanced malware protection virtual private cloud appliance", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.5.4" }, { "model": "video surveillance manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.14\\(4.018\\)" }, { "model": "sensor solution development kit", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "business process automation", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.1.000.044" }, { "model": "virtualized infrastructure manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.4.4" }, { "model": "crosswork network automation", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.1.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.21900.40\\)" }, { "model": "crosswork optimization engine", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.0.1" }, { "model": "crosswork platform infrastructure", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.1.0" }, { "model": "network services orchestrator", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.4.5.2" }, { "model": "network services orchestrator", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.6.3.1" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.006\\(000.156\\)" }, { "model": "logo\\! soft comfort", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "business process automation", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "3.2.000.000" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "9.1\\(1\\)" }, { "model": "unified contact center enterprise", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.6\\(2\\)" }, { "model": "video surveillance operations manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.14.4" }, { "model": "evolved programmable network manager", "scope": "lte", "trust": 1.0, "vendor": "cisco", "version": "4.1.1" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.0\\(1\\)" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.3.0" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "008.000.000" }, { "model": "virtualized infrastructure manager", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "3.4.0" }, { "model": "wan automation engine", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.3.0.2" }, { "model": "ucs director", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.8.2.0" }, { "model": "system studio", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1f\\)" }, { "model": "unified communications manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.3\\(1\\)" }, { "model": "network services orchestrator", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "5.5" }, { "model": "synchro", "scope": "lt", "trust": 1.0, "vendor": "bentley", "version": "6.4.3.2" }, { "model": "prime service catalog", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.1" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.1.5" }, { "model": "crosswork network automation", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0.0" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.4.0" }, { "model": "audio development kit", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.007\\(000.356\\)" }, { "model": "sd-wan vmanage", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "20.5.1.1" }, { "model": "sd-wan vmanage", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "20.6" }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.1" }, { "model": "connected mobile experiences", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "paging server", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "14.4.1" }, { "model": "energyip prepay", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.7" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.18119.2\\)" }, { "model": "network services orchestrator", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.3.5.1" }, { "model": "siveillance control pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sipass integrated", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.85" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "emergency responder", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(4.66000.14\\)" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.6\\(1\\)" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(2\\)" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44228" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.15.0", "versionStartIncluding": "2.13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.3.1", "versionStartIncluding": "2.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.12.2", "versionStartIncluding": "2.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.70", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.16.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.6.2j-398", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-13", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-13", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2019.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.30", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2020", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-11", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-13", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2019.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.12", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.3\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.5\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:data_center_network_manager:11.3\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.6\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.6.3.1", "versionStartIncluding": "5.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.5.4.1", "versionStartIncluding": "5.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.3.5.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.9-361", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.4.5.2", "versionStartIncluding": "5.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:dna_spaces\\:_connector:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.10.0.1", "versionStartIncluding": "2.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.10.0.16", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.5.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.3.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.5.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.000.009", "versionStartIncluding": "3.2.000.000", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1.000.044", "versionStartIncluding": "3.1.000.000", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.000.115", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.12.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0\\(1p\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "20.3.4.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.3.4", "versionStartIncluding": "2.2.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "20.4.2.1", "versionStartIncluding": "20.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.3.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.3.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.4.4", "versionStartIncluding": "3.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "20.5.1.1", "versionStartIncluding": "20.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.2.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "20.6.2.1", "versionStartIncluding": "20.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.6.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.2.8", "versionStartIncluding": "2.2.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.14.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.5\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.5\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:unified_workforce_optimization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.5\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:unified_sip_proxy:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.2.1v2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.6\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.6\\(2\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.5\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", "cpe_name": [], "versionEndExcluding": "11.5\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "11.5\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.4.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.0\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.5\\(4\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.5\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.5\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.6\\(1\\)", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021.11_1.162", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:fxos:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:fxos:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(001\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(000\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(001\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(000\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es02:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es01:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):su1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1.22900.6\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.22900.28\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.21900.40\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18900.97\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18119.2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.17900.52\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:paging_server:9.1\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:paging_server:9.0\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:paging_server:9.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:paging_server:8.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:paging_server:8.4\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:paging_server:8.3\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:paging_server:14.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:paging_server:12.5\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.66000.14\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.65000.14\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:006.008\\(001.000\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1l\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1k\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1h\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1g\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1f\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1e\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1d\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1c\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1b\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1a\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\\(002.000\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_assurance_engine:6.0\\(2.1912\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(4.018\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(3.025\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(2.26\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(1.26\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unified_workforce_optimization:11.5\\(1\\):sr7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:unity_connection:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(0\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.4\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:003.002\\(000.116\\):-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:003.001\\(000.518\\):-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:003.000\\(000.458\\):-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:002.007\\(000.356\\):-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:002.006\\(000.156\\):-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:002.004\\(000.914\\):-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:network_insights_for_data_center:6.0\\(2.1914\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.010\\(000.000\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.002\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.001\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.000\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.002\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.001\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.000\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:*", "cpe_name": [], "versionEndExcluding": "6.2.4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:*", "cpe_name": [], "versionEndExcluding": "6.4.3.2", "versionStartIncluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.3.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44228" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.", "sources": [ { "db": "CERT/CC", "id": "VU#930724" } ], "trust": 0.8 }, "cve": "CVE-2021-44228", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-407408", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-44228", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202112-799", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-407408", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-407408" }, { "db": "CNNVD", "id": "CNNVD-202112-799" }, { "db": "NVD", "id": "CVE-2021-44228" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 AffectedCVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 Affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: Red Hat Data Grid 8.2.2 security update\nAdvisory ID: RHSA-2021:5132-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:5132\nIssue date: 2021-12-14\nCVE Names: CVE-2021-44228 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.2.2 replaces Data Grid 8.2.1 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.2.2 in the Release Notes [3]. \n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.2.2 server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.2.2 server patch. Refer to the 8.2.2 Release\nNotes[\u00b3] for patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44228\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=8.2\u0026downloadType=patches\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYblI0NzjgjWX9erEAQj7mw//TtZnFmrLI6Ts7uC19MnLA/vVPXT1i2Qz\nR1CZ4T7QCZkiJCNXvwYHj7iQgOm5o/seXRE38qGtJWqiyrZMGHVQnDl1Vuhm31jg\n6lxhpjn0kKKZanznosCxF3U2ovLhrEx+5in4piNiyV6CKkkgBV7UvESGWlIKiumq\n1r79DAQ7WdYPoOk+m+b5p/okFJXyD0FcEbrqZcgJQCmR9zyJ6DGAy4N9+cgEgGaC\nQoVZaXa+pUEVjiAOAg0XNcb+GyYSMFwkPUR14NI0V2OHIo97aBg9AG1HrOj3QmSG\n5LR/8zWQbfSbtTIzR67gBGF8F8nvnEeBARYje97Cx2FcHGDFisLHM8OGqFNjU5+I\nHepIdPjwcoy3kPDSfQ9WXx7Iz03tMCbhMWUhH9MRYuUAzCHgsAryZ4AnTBa+Hn7B\n7WHuVf24eFcoJysoWGsbQZDzN5oxqIRXP2mA5k7MVemHV5L+7KV15KyJWaDqTdI+\nDTpw8kP/WboloegmZmaqbPLlfvl91G8LjU5yfLaa+rNHkbyT4G1c3iQm5yLWlsYW\nyfGf+XiZPoF5S6862qdx7YPZG0yTkaUYU0Spnr8eV9wt9uUIp57jczrBzgBKYlN0\nBdNv9DgqbGvhmdz/k95gRZUpdYAvF6J4+Y4h9uXgxqfdGZjFCSlegOG8gleCnvEw\ndfFqyyf+3ZQ=\n=be8O\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. =========================================================================\nUbuntu Security Notice USN-5192-2\nDecember 17, 2021\n\napache-log4j2 vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nApache Log4j 2 could be made to crash or run programs as an administrator\nif it received a specially crafted input. This update provides\nthe corresponding update for Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run\n programs via a special crafted input. An attacker could use this vulnerability\n to cause a denial of service or possibly execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n liblog4j2-java 2.4-2ubuntu0.1~esm1\n\nIn general, a standard system update will make all the necessary changes. \n\n2021-12-11: VMSA-2021-0028.1\nUpdated advisory with workaround information for multiple products including vCenter Server Appliance, vRealize Operations, Horizon, vRealize Log Insight, Unified Access Gateway. \n\n2021-12-13: VMSA-2021-0028.2\nRevised advisory with updates to multiple products. \n\\x95\tVMware HCX\n\\x95\tVMware NSX-T Data Center\n\\x95\tVMware WorkspaceOne Access\n\\x95\tVMware Identity Manager \n\\x95\tVMware vRealize Operations Cloud Proxy\n\\x95\tVMware vRealize Lifecycle Manager\n\\x95\tVMware Site Recovery Manager, vSphere Replication\n\\x95\tVMware Carbon Black Cloud Workload Appliance\n\\x95\tVMware Carbon Black EDR Server\n\\x95\tVMware Tanzu GemFire\n\\x95\tVMware Tanzu Greenplum\n\\x95\tVMware Tanzu Operations Manager\n\\x95\tVMware Tanzu Application Service for VMs\n\\x95\tVMware Tanzu Kubernetes Grid Integrated Edition\n\\x95\tVMware Tanzu Observability by Wavefront Nozzle\n\\x95\tHealthwatch for Tanzu Application Service\n\\x95\tSpring Cloud Services for VMware Tanzu\n\\x95\tAPI Portal for VMware Tanzu\n\\x95\tSingle Sign-On for VMware Tanzu Application Service\n\\x95\tApp Metrics\n\\x95\tVMware vCenter Cloud Gateway\n\\x95\tVMware Cloud Foundation\n\\x95\tVMware Workspace ONE Access Connector\n\\x95\tVMware Horizon DaaS\n\\x95\tVMware Horizon Cloud Connector\n\\x95\tVMware NSX Data Center for vSphere\n\\x95\tVMware AppDefense Appliance\n\\x95\tVMware Cloud Director Object Storage Extension\n\nYou are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\n* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a\njava.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* kubernetes-client: fabric8-kubernetes-client: vulnerable to a path\ntraversal leading to integrity and availability compromise (CVE-2021-20218)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.corba.* (CVE-2021-39149)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.xml.internal.ws.client.sei.* (CVE-2021-39141)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\njavax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\njavax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\nsun.tracing.* (CVE-2021-39144)\n\n* xstream: Arbitrary code execution via unsafe deserialization of Xalan\nxsltc.trax.TemplatesImpl (CVE-2021-39139)\n\n* xstream: Arbitrary code execution via unsafe deserialization of Xalan\nxsltc.trax.TemplatesImpl (CVE-2021-39153)\n\n* xstream: Infinite loop DoS via unsafe deserialization of\nsun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140)\n\n* xstream: remote command execution attack by manipulating the processed\ninput stream (CVE-2021-29505)\n\n* xstream: Server-side request forgery (SSRF) via unsafe deserialization of\ncom.sun.xml.internal.ws.client.sei.* (CVE-2021-39150)\n\n* xstream: Server-side request forgery (SSRF) via unsafe deserialization of\njdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. Bugs fixed (https://bugzilla.redhat.com/):\n\n1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise\n1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception\n1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream\n1997763 - CVE-2021-39139 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl\n1997765 - CVE-2021-39140 xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler\n1997769 - CVE-2021-39141 xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*\n1997772 - CVE-2021-39144 xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.*\n1997775 - CVE-2021-39145 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration\n1997777 - CVE-2021-39146 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue\n1997779 - CVE-2021-39147 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration\n1997781 - CVE-2021-39148 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator\n1997784 - CVE-2021-39149 xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.*\n1997786 - CVE-2021-39150 xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*\n1997791 - CVE-2021-39151 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration\n1997793 - CVE-2021-39152 xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData\n1997795 - CVE-2021-39153 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl\n1997801 - CVE-2021-39154 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. \n\nThis update also fixes CVE-2020-9488 in the oldstable distribution\n(buster). Improper validation of certificate with host mismatch in Apache Log4j\nSMTP appender. This could allow an SMTPS connection to be intercepted by a\nman-in-the-middle attack which could leak any log messages sent through that\nappender. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 2.15.0-1~deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.15.0-1~deb11u1. \n\nWe recommend that you upgrade your apache-log4j2 packages. \n\nFor the detailed security status of apache-log4j2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache-log4j2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG0+YVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeQvXA/+LIMVC0X80Qc6No564VodtTN3Ci0NyaUcQyZG8Gyo2tPuwKEpOUpmom7f\nwcZvQgKvwxs3Ad1M5Zt/6Ql3v0KbwzBah0v8KUV86B6g4yb+Wno7iKQR1mN47bpz\n2SJPzf6IECwtmz3zYI3fLuJJ/dvAMRlQ+nhPsC8/zJGJgfFHFmDyfG8TtlrYLUHS\nPjpov4C/VllQGJ5MjyVF93OqTCy4V7WxH/RgT1YBOs71KNCq5yPoch35geytSQoM\nKk59qFLQgST2kYhLVxRRbdQAAhbA7W5XythKqphon6nRmlJPHSGkXMf9s0N3cm6K\nZkmvo2/A29FiceZj/bSM4/qw7gqbsJfpSMcTKmxhReolsXAJVj4mGu9cZZTAP7Tb\ng8fl8kGljFd01ka0208eFyILHCR2bAF2xgS1nG6TCc170azDkvW38fZHHkLQIPbF\nTOwxoNv8dHgyT6pfI+BDYKy9pNvrLk/jqXkOpry6nY+Ji/RcjGBDIR3VP25VsMk8\n6zwERE1LX0IvwiaSFBg6oyWW4siINZzFyVXryLvRr/YBIAYKGv+Y1Wn8ageACItW\n2SZjLbK4uBTOHyvPITBgOZSYD7kYcTPxdbb8ntw7Uo489hYXzjYlloTBoUPg1G3o\ngyZnRfW0yYf2bA63I7vVBDTITt8K4H1UkUDEOIUjXGekFLqDnGw=\n=BY2+\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2021-44228" }, { "db": "CERT/CC", "id": "VU#930724" }, { "db": "VULHUB", "id": "VHN-407408" }, { "db": "PACKETSTORM", "id": "165293" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165290" }, { "db": "PACKETSTORM", "id": "165291" }, { "db": "PACKETSTORM", "id": "165324" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165348" }, { "db": "PACKETSTORM", "id": "165260" }, { "db": "PACKETSTORM", "id": "165733" }, { "db": "PACKETSTORM", "id": "169172" } ], "trust": 2.7 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-407408", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-407408" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44228", "trust": 3.6 }, { "db": "CERT/CC", "id": "VU#930724", "trust": 2.5 }, { "db": "PACKETSTORM", "id": "165260", "trust": 1.8 }, { "db": "PACKETSTORM", "id": "165311", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165225", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165532", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165281", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165306", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165673", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165282", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165371", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "167794", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "167917", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165270", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165261", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165642", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165307", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-479842", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-714170", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-661247", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-397453", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/13/1", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/14/4", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/10/3", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/13/2", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/10/2", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/15/3", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/10/1", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "171626", "trust": 1.6 }, { "db": "PACKETSTORM", "id": "165324", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "165733", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "165348", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "166313", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "165279", "trust": 0.7 }, { "db": "EXPLOIT-DB", "id": "50592", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022060708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012045", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010629", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022072076", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022021428", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071316", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022062001", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122212", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010908", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122403", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121720", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021123016", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010421", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031501", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122907", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012732", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121652", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121492", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010522", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121201", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121535", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122721", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122018", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022032006", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060808", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011732", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122401", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121350", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022030923", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122811", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022020607", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012439", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011042", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022021807", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010322", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122122", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0090", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0492", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4211", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4187.6", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0237", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4236", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0332", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0080", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4186.4", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4269", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4198", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4316", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4274", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0247", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1188", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4302.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4256.2", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022120027", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2021120069", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022080025", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022010065", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-76573", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-357-02", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-034-01", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "51183", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-799", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165293", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165329", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165333", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165290", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165291", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165343", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165295", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165285", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165297", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165298", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165326", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165289", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165264", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165632", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "50590", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-407408", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165286", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169172", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#930724" }, { "db": "VULHUB", "id": "VHN-407408" }, { "db": "PACKETSTORM", "id": "165293" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165290" }, { "db": "PACKETSTORM", "id": "165291" }, { "db": "PACKETSTORM", "id": "165324" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165348" }, { "db": "PACKETSTORM", "id": "165260" }, { "db": "PACKETSTORM", "id": "165733" }, { "db": "PACKETSTORM", "id": "169172" }, { "db": "CNNVD", "id": "CNNVD-202112-799" }, { "db": "NVD", "id": "CVE-2021-44228" } ] }, "id": "VAR-202112-0566", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-407408" } ], "trust": 0.7309832957142857 }, "last_update_date": "2024-07-23T21:58:00.289000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apache Log4j Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=174249" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-799" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.1 }, { "problemtype": "CWE-400", "trust": 1.1 }, { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "CWE-917", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-407408" }, { "db": "NVD", "id": "CVE-2021-44228" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.3, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/167917/mobileiron-log4shell-remote-command-execution.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165225/apache-log4j2-2.14.1-remote-code-execution.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165311/log4j-scan-extensive-scanner.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165371/vmware-security-advisory-2021-0028.4.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165532/log4shell-http-header-injection.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165642/vmware-vcenter-server-unauthenticated-log4shell-jndi-injection-remote-code-execution.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165673/unifi-network-application-unauthenticated-log4shell-remote-code-execution.html" }, { "trust": 1.7, "url": "https://www.kb.cert.org/vuls/id/930724" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "trust": 1.7, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20211210-0007/" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht213189" }, { "trust": 1.7, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" }, { "trust": 1.7, "url": "https://www.debian.org/security/2021/dsa-5020" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2022/mar/23" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2022/jul/11" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2022/dec/2" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/167794/open-xchange-app-suite-7.10.x-cross-site-scripting-command-injection.html" }, { "trust": 1.7, "url": "https://github.com/nu11secur1ty/cve-mitre/tree/main/cve-2021-44228" }, { "trust": 1.7, "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165260/vmware-security-advisory-2021-0028.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165261/apache-log4j2-2.14.1-information-disclosure.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165270/apache-log4j2-2.14.1-remote-code-execution.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165281/log4j2-log4shell-regexes.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165282/log4j-payload-generator.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165306/l4sh-log4j-remote-code-execution.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165307/log4j-remote-code-execution-word-bypassing.html" }, { "trust": 1.7, "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/software-list.md" }, { "trust": 1.7, "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "trust": 1.7, "url": "https://twitter.com/kurtseifried/status/1469345530182455296" }, { "trust": 1.7, "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" }, { "trust": 1.7, "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228" }, { "trust": 1.6, "url": "http://packetstormsecurity.com/files/171626/ad-manager-plus-7122-remote-code-execution.html" }, { "trust": 1.3, "url": "https://access.redhat.com/security/cve/cve-2021-44228" }, { "trust": 1.1, "url": "https://github.com/cisagov/log4j-affected-db" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/" }, { "trust": 0.8, "url": "cve-2021-4104 " }, { "trust": 0.8, "url": "cve-2021-44228 " }, { "trust": 0.8, "url": "cve-2021-45046 " }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/" }, { "trust": 0.7, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010908" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060808" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010629" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022072076" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165733/red-hat-security-advisory-2022-0296-03.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6527216" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.4" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4316" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0080" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-44228" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528268" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122212" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012732" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121201" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4302.3" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/50592" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022080025" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011042" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121720" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122018" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0237" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122811" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022010065" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122401" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011732" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021807" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165324/ubuntu-security-notice-usn-5197-1.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021123016" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121350" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4211" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122122" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022062001" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122403" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122721" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010522" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010322" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022120027" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525816" }, { "trust": 0.6, "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-357-02" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122907" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060708" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/51183" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021428" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6526220" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apache-log4j-code-execution-via-jndi-remote-class-injection-37049" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4269" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht213189" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012439" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022020607" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4256.2" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071316" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022032006" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0332" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022030923" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1188" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0492" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6526754" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2021120069" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0090" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4236" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121652" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6527330" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4198" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121492" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4187.6" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031501" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165279/ubuntu-security-notice-usn-5192-1.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165348/ubuntu-security-notice-usn-5192-2.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4274" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/product_security/len-76573" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012045" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121535" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010421" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0247" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01" }, { "trust": 0.3, "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-45046" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5132" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/softwaredetail.html?softwareid=70381\u0026product=data.grid\u0026version=8.2\u0026downloadtype=patches" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3200" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35522" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35524" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27645" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33574" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13435" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24370" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-43527" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14145" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25014" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19603" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25012" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35521" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-35942" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17594" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3572" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3778" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16135" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36084" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37136" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-17541" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3800" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36087" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36331" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3712" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-31535" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23841" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3445" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22925" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5128" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20673" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36330" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20232" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20266" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22876" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36332" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14155" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36085" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37137" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21409" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33560" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17595" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3481" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-42574" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25009" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25010" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28153" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3426" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18218" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3580" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3796" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5093" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.eclipse.vertx\u0026version=4.1.5.sp1" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5108" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.10.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.20.04.1" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5197-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.04.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4104" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5148" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5106" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5192-1" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5192-2" }, { "trust": 0.1, "url": "https://www.vmware.com/security/advisories/vmsa-2021-0028.html" }, { "trust": 0.1, "url": "http://lists.vmware.com/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://lists.vmware.com/mailman/listinfo/security-announce." }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39139" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39141" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39154" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29505" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39145" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0296" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39144" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39149" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39150" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39151" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39140" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39148" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29505" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39151" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39153" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39152" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39147" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39150" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39139" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39153" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39144" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39146" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39152" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28491" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39146" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39140" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39149" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39147" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39145" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39154" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28491" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39141" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/apache-log4j2" } ], "sources": [ { "db": "CERT/CC", "id": "VU#930724" }, { "db": "VULHUB", "id": "VHN-407408" }, { "db": "PACKETSTORM", "id": "165293" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165290" }, { "db": "PACKETSTORM", "id": "165291" }, { "db": "PACKETSTORM", "id": "165324" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165348" }, { "db": "PACKETSTORM", "id": "165260" }, { "db": "PACKETSTORM", "id": "165733" }, { "db": "PACKETSTORM", "id": "169172" }, { "db": "CNNVD", "id": "CNNVD-202112-799" }, { "db": "NVD", "id": "CVE-2021-44228" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#930724" }, { "db": "VULHUB", "id": "VHN-407408" }, { "db": "PACKETSTORM", "id": "165293" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165290" }, { "db": "PACKETSTORM", "id": "165291" }, { "db": "PACKETSTORM", "id": "165324" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165348" }, { "db": "PACKETSTORM", "id": "165260" }, { "db": "PACKETSTORM", "id": "165733" }, { "db": "PACKETSTORM", "id": "169172" }, { "db": "CNNVD", "id": "CNNVD-202112-799" }, { "db": "NVD", "id": "CVE-2021-44228" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-15T00:00:00", "db": "CERT/CC", "id": "VU#930724" }, { "date": "2021-12-10T00:00:00", "db": "VULHUB", "id": "VHN-407408" }, { "date": "2021-12-15T15:24:58", "db": "PACKETSTORM", "id": "165293" }, { "date": "2021-12-15T15:20:33", "db": "PACKETSTORM", "id": "165286" }, { "date": "2021-12-15T15:23:24", "db": "PACKETSTORM", "id": "165290" }, { "date": "2021-12-15T15:23:37", "db": "PACKETSTORM", "id": "165291" }, { "date": "2021-12-16T15:20:38", "db": "PACKETSTORM", "id": "165324" }, { "date": "2021-12-16T15:25:46", "db": "PACKETSTORM", "id": "165329" }, { "date": "2021-12-16T15:34:27", "db": "PACKETSTORM", "id": "165333" }, { "date": "2021-12-17T14:06:52", "db": "PACKETSTORM", "id": "165348" }, { "date": "2021-12-14T15:27:58", "db": "PACKETSTORM", "id": "165260" }, { "date": "2022-01-27T14:23:56", "db": "PACKETSTORM", "id": "165733" }, { "date": "2021-12-28T20:12:00", "db": "PACKETSTORM", "id": "169172" }, { "date": "2021-12-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-799" }, { "date": "2021-12-10T10:15:09.143000", "db": "NVD", "id": "CVE-2021-44228" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-07T00:00:00", "db": "CERT/CC", "id": "VU#930724" }, { "date": "2023-02-06T00:00:00", "db": "VULHUB", "id": "VHN-407408" }, { "date": "2023-04-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-799" }, { "date": "2023-11-07T03:39:36.897000", "db": "NVD", "id": "CVE-2021-44228" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "165348" }, { "db": "PACKETSTORM", "id": "165260" }, { "db": "CNNVD", "id": "CNNVD-202112-799" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Log4j allows insecure JNDI lookups", "sources": [ { "db": "CERT/CC", "id": "VU#930724" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "165293" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165290" }, { "db": "PACKETSTORM", "id": "165291" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165260" }, { "db": "PACKETSTORM", "id": "165733" } ], "trust": 0.8 } }
var-202007-1236
Vulnerability from variot
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. Several Siemens products contain resource exhaustion vulnerabilities.Information is obtained and denial of service (DoS) It may be put in a state. A resource management error vulnerability exists in . This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected:
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1236", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "soft starter es", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simocode es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "16" }, { "model": "simatic notifier server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opcenter execution discrete", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter quality", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "11.3" }, { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic step 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic pcs neo", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic it lms", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.6" }, { "model": "opcenter intelligence", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic step 7", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "15" }, { "model": "simatic step 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "16" }, { "model": "simocode es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic it production suite", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "8.0" }, { "model": "soft starter es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simocode es", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "opcenter rd\\\u0026l", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.0" }, { "model": "opcenter execution foundation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution process", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "simatic step 7", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "opcenter execution discrete", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter execution foundation", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter execution process", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter intelligence", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "opcenter quality", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "11.3" }, { "model": "opcenter rd\u002626l", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "8.0" }, { "model": "simatic it lms", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic it production suite", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic notifier server", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic pcs neo", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.0 sp1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "NVD", "id": "CVE-2020-7587" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_discrete:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_process:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_rd\\\u0026l:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:update1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_notifier_server:*:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simocode_es:16:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:15.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_production_suite:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_lms:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:3.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "versionStartIncluding": "15", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simocode_es:15.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:soft_starter_es:15.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-7587" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-573" } ], "trust": 0.6 }, "cve": "CVE-2020-7587", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.4, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-7587", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-185712", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 8.2, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-7587", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-7587", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202007-573", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-185712", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-7587", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-185712" }, { "db": "VULMON", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "NVD", "id": "CVE-2020-7587" }, { "db": "CNNVD", "id": "CNNVD-202007-573" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. Several Siemens products contain resource exhaustion vulnerabilities.Information is obtained and denial of service (DoS) It may be put in a state. A resource management error vulnerability exists in . This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected:", "sources": [ { "db": "NVD", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "VULHUB", "id": "VHN-185712" }, { "db": "VULMON", "id": "CVE-2020-7587" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-7587", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-841348", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU97872642", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-008064", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202007-573", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-20-196-05", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2393.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2393", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2021-54362", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-185712", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-7587", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185712" }, { "db": "VULMON", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "NVD", "id": "CVE-2020-7587" }, { "db": "CNNVD", "id": "CNNVD-202007-573" } ] }, "id": "VAR-202007-1236", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-185712" } ], "trust": 0.60384615 }, "last_update_date": "2023-12-18T11:58:10.780000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-841348", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2c5193074a957cb3ecdc0e93e2ad86b5" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2020-7587 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.1 }, { "problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185712" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "NVD", "id": "CVE-2020-7587" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7587" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97872642/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2020-7587" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt" } ], "sources": [ { "db": "VULHUB", "id": "VHN-185712" }, { "db": "VULMON", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "NVD", "id": "CVE-2020-7587" }, { "db": "CNNVD", "id": "CNNVD-202007-573" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-185712" }, { "db": "VULMON", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "NVD", "id": "CVE-2020-7587" }, { "db": "CNNVD", "id": "CNNVD-202007-573" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-14T00:00:00", "db": "VULHUB", "id": "VHN-185712" }, { "date": "2020-07-14T00:00:00", "db": "VULMON", "id": "CVE-2020-7587" }, { "date": "2020-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "date": "2020-07-14T14:15:18.930000", "db": "NVD", "id": "CVE-2020-7587" }, { "date": "2020-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-573" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-30T00:00:00", "db": "VULHUB", "id": "VHN-185712" }, { "date": "2023-01-30T00:00:00", "db": "VULMON", "id": "CVE-2020-7587" }, { "date": "2020-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "date": "2023-01-30T19:53:59.707000", "db": "NVD", "id": "CVE-2020-7587" }, { "date": "2022-08-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-573" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-573" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource exhaustion vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008064" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-573" } ], "trust": 0.6 } }
var-202007-1249
Vulnerability from variot
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges. Multiple Siemens products contain vulnerabilities in unquoted search paths or elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A code issue vulnerability exists in Siemens. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1249", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic step 7", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "16" }, { "model": "simocode es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "soft starter es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic notifier server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opcenter intelligence", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opcenter execution discrete", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter quality", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "11.3" }, { "model": "simatic step 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "16" }, { "model": "opcenter rd\\\u0026l", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.0" }, { "model": "opcenter execution foundation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution process", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution discrete", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution foundation", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution process", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter intelligence", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "opcenter quality", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "11.3" }, { "model": "opcenter rd\u002626l", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "8.0" }, { "model": "simatic notifier server", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic pcs neo", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0 sp1" }, { "model": "simatic step 7", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "15.1 update 5" }, { "model": "simatic step 7", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "16 update 2" }, { "model": "simocode es", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "NVD", "id": "CVE-2020-7581" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_discrete:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_process:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_rd\\\u0026l:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:update1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "16", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_notifier_server:*:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-7581" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-574" } ], "trust": 0.6 }, "cve": "CVE-2020-7581", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "JVNDB-2020-008611", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-185706", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2020-7581", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.7, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-008611", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-7581", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-008611", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202007-574", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-185706", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-7581", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-185706" }, { "db": "VULMON", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "NVD", "id": "CVE-2020-7581" }, { "db": "CNNVD", "id": "CNNVD-202007-574" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges. Multiple Siemens products contain vulnerabilities in unquoted search paths or elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A code issue vulnerability exists in Siemens. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products", "sources": [ { "db": "NVD", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "VULHUB", "id": "VHN-185706" }, { "db": "VULMON", "id": "CVE-2020-7581" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-7581", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-841348", "trust": 1.8 }, { "db": "ICS CERT", "id": "ICSA-20-196-05", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU97872642", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-008611", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202007-574", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.2393.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2393", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-185706", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-7581", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185706" }, { "db": "VULMON", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "NVD", "id": "CVE-2020-7581" }, { "db": "CNNVD", "id": "CNNVD-202007-574" } ] }, "id": "VAR-202007-1249", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-185706" } ], "trust": 0.7076922999999999 }, "last_update_date": "2023-12-18T11:58:11.084000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-841348", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2c5193074a957cb3ecdc0e93e2ad86b5" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2020-7581 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-428", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185706" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "NVD", "id": "CVE-2020-7581" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7581" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7581" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97872642/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/428.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2020-7581" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt" } ], "sources": [ { "db": "VULHUB", "id": "VHN-185706" }, { "db": "VULMON", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "NVD", "id": "CVE-2020-7581" }, { "db": "CNNVD", "id": "CNNVD-202007-574" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-185706" }, { "db": "VULMON", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "NVD", "id": "CVE-2020-7581" }, { "db": "CNNVD", "id": "CNNVD-202007-574" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-14T00:00:00", "db": "VULHUB", "id": "VHN-185706" }, { "date": "2020-07-14T00:00:00", "db": "VULMON", "id": "CVE-2020-7581" }, { "date": "2020-09-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "date": "2020-07-14T14:15:18.587000", "db": "NVD", "id": "CVE-2020-7581" }, { "date": "2020-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-574" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-30T00:00:00", "db": "VULHUB", "id": "VHN-185706" }, { "date": "2023-01-30T00:00:00", "db": "VULMON", "id": "CVE-2020-7581" }, { "date": "2020-09-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "date": "2023-01-30T19:54:07.110000", "db": "NVD", "id": "CVE-2020-7581" }, { "date": "2022-08-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-574" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-574" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities in unquoted search paths or elements in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008611" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-574" } ], "trust": 0.6 } }
var-202007-1237
Vulnerability from variot
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. Multiple Siemens products contain input validation vulnerabilities.Denial of service (DoS) It may be put in a state. An input validation error vulnerability exists in . The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected:
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1237", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic step 7", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "15" }, { "model": "simocode es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "soft starter es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opcenter intelligence", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic notifier server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic it production suite", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opcenter execution discrete", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "simatic step 7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "opcenter quality", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "11.3" }, { "model": "simatic it lms", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic step 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "16" }, { "model": "opcenter rd\\\u0026l", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.0" }, { "model": "opcenter execution foundation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution process", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution discrete", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter execution foundation", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter execution process", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter intelligence", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "opcenter quality", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "11.3" }, { "model": "opcenter rd\u002626l", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "8.0" }, { "model": "simatic it lms", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic it production suite", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic notifier server", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic pcs neo", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.0 sp1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "NVD", "id": "CVE-2020-7588" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_discrete:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_execution_process:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_rd\\\u0026l:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_notifier_server:*:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_lms:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_it_production_suite:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:16:update_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1", "versionStartIncluding": "15", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-7588" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-580" } ], "trust": 0.6 }, "cve": "CVE-2020-7588", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-7588", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-185713", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-7588", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-7588", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202007-580", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-185713", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-7588", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-185713" }, { "db": "VULMON", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "NVD", "id": "CVE-2020-7588" }, { "db": "CNNVD", "id": "CNNVD-202007-580" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. Multiple Siemens products contain input validation vulnerabilities.Denial of service (DoS) It may be put in a state. An input validation error vulnerability exists in . The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected:", "sources": [ { "db": "NVD", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "VULHUB", "id": "VHN-185713" }, { "db": "VULMON", "id": "CVE-2020-7588" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-7588", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-841348", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU97872642", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-008065", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202007-580", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-20-196-05", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2393.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2393", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2021-54361", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-185713", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-7588", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185713" }, { "db": "VULMON", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "NVD", "id": "CVE-2020-7588" }, { "db": "CNNVD", "id": "CNNVD-202007-580" } ] }, "id": "VAR-202007-1237", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-185713" } ], "trust": 0.60384615 }, "last_update_date": "2023-12-18T11:58:10.862000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-841348", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2c5193074a957cb3ecdc0e93e2ad86b5" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2020-7588 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.1 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185713" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "NVD", "id": "CVE-2020-7588" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7588" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97872642/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2020-7588" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt" } ], "sources": [ { "db": "VULHUB", "id": "VHN-185713" }, { "db": "VULMON", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "NVD", "id": "CVE-2020-7588" }, { "db": "CNNVD", "id": "CNNVD-202007-580" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-185713" }, { "db": "VULMON", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "NVD", "id": "CVE-2020-7588" }, { "db": "CNNVD", "id": "CNNVD-202007-580" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-14T00:00:00", "db": "VULHUB", "id": "VHN-185713" }, { "date": "2020-07-14T00:00:00", "db": "VULMON", "id": "CVE-2020-7588" }, { "date": "2020-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "date": "2020-07-14T14:15:18.993000", "db": "NVD", "id": "CVE-2020-7588" }, { "date": "2020-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-580" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-30T00:00:00", "db": "VULHUB", "id": "VHN-185713" }, { "date": "2023-01-30T00:00:00", "db": "VULMON", "id": "CVE-2020-7588" }, { "date": "2020-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "date": "2023-01-30T19:52:34.590000", "db": "NVD", "id": "CVE-2020-7588" }, { "date": "2022-08-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-580" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-580" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008065" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-580" } ], "trust": 0.6 } }
var-202112-0562
Vulnerability from variot
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update Advisory ID: RHSA-2022:1297-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1297 Issue date: 2022-04-11 CVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 =====================================================================
- Summary:
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - GSS Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - GSS WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002
- Package List:
Red Hat JBoss EAP 7.4 for RHEL 8:
Source: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm
noarch: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm
x86_64: eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK HU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K khbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ rZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo P1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e sPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R IwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt l3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0 U8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp zhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca dcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe UnHI/WwB37w= =eCh2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For the oldstable distribution (buster), this problem has been fixed in version 2.16.0-1~deb10u1.
For the stable distribution (bullseye), this problem has been fixed in version 2.16.0-1~deb11u1.
We recommend that you upgrade your apache-log4j2 packages.
For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG7FI5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSqOg//XOye7T/8PKOrrUtHFhH+w2dOC0GujwcIS2mhofVuZQTPYvM5uTZxDTuz rQN+T505t9QaP3sF05gXK6VI675HhgmF3d+vDEnhp8QpZX5HeJrmmX44FewZQAqP yMysAuwG1RJ0Qgs7NmppU/XJBnmhJLsqsW99kcDnNXS67D23e1nUqAEDME5baSoF VPc50Up/yh4DE28Jcs8Mh2cM8UqmeLEQJ8XC3IojQLhmOF1UBJuL4K0sEUqWtJeN TytHya2XdfIIZcRolHe6AUeiLP5JpitbqkVP+hEeruAvk8nTGsLi0HMbWxA9LLcB bB9KKJjf6xndRa/t/IXGMzwr883t5/YLdxbCFcGj9M4Bfj7SAhGdgnJHZaRt1quX Vcqnu1pDHpdFuRX4t6oqF9R0uiBGeupZmGdb1y7os+FU2EbTRYU0rlnhfOsou0ex Vh5sFKFDhgWUQoyuVUMh6eOZ7p92GTzbw5kPkvboa7Xdrs02m7ChLlh8f5ajRFrK WbAcwsBj6RK4dmtdvfO2sVEuRTpFQ3qtecwZUR0pqUIjJ+rfurSGmpPr3iOrBu2s ROol/vLfW5uZd6RxSNbt3twPcwBaZagFQCcDY27Yz0sH6DlQUmWed1KJjbRaZ7fn cqjFisSZxu8d5VoAtjMSP8l95FoAm53r9Q1HCZvXqRhBjFNoYqE= =TNnt -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-16
https://security.gentoo.org/
Severity: High Title: Ubiquiti UniFi: remote code execution via bundled log4j Date: October 26, 2023 Bugs: #828853 ID: 202310-16
Synopsis
A vulnerability has been discovered in unifi where bundled log4j can facilitate a remote code execution
Background
Ubiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi APs. Please review the CVE identifier referenced below for details.
Impact
An attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code.
Workaround
There is no known workaround at this time.
Resolution
All Ubiquity UniFi users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/unifi-6.5.55"
References
[ 1 ] CVE-2021-4104 https://nvd.nist.gov/vuln/detail/CVE-2021-4104 [ 2 ] CVE-2021-45046 https://nvd.nist.gov/vuln/detail/CVE-2021-45046
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0562", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.13.0" }, { "model": "navigator", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "genomics kernel library", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "industrial edge management hub", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "log4j", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "solid edge harness design", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2020" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "captial", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "operation scheduler", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "1.1.3" }, { "model": "solid edge cam pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "spectrum power 4", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.70" }, { "model": "logo\\! soft comfort", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "xpedition package integrator", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "sensor solution development kit", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "mindsphere", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-11" }, { "model": "system studio", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "e-car operation center", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "sipass integrated", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.85" }, { "model": "energyip prepay", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.8" }, { "model": "system debugger", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "audio development kit", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "computer vision annotation tool", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.16.0" }, { "model": "siveillance vantage", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siveillance identity", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "6bk1602-0aa12-0tp0", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7.0" }, { "model": "6bk1602-0aa22-0tp0", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7.0" }, { "model": "6bk1602-0aa52-0tp0", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7.0" }, { "model": "6bk1602-0aa32-0tp0", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7.0" }, { "model": "industrial edge management", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.5" }, { "model": "energy engage", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "siveillance viewpoint", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.7" }, { "model": "opcenter intelligence", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "spectrum power 7", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.30" }, { "model": "solid edge harness design", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2020" }, { "model": "siveillance control pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "captial", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "spectrum power 4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.70" }, { "model": "teamcenter", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sipass integrated", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.80" }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.12.2" }, { "model": "nx", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sppa-t3000 ses3000", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "gma-manager", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "8.6.2j-398" }, { "model": "siveillance command", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.16.2.1" }, { "model": "vesys", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.1" }, { "model": "sentron powermanager", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "spectrum power 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.30" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.6" }, { "model": "vesys", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "mendix", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "datacenter manager", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "desigo cc info center", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "6bk1602-0aa42-0tp0", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7.0" }, { "model": "desigo cc info center", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "9.0" }, { "model": "email security", "scope": "lt", "trust": 1.0, "vendor": "sonicwall", "version": "10.0.12" }, { "model": "sentron powermanager", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "tracealertserverplus", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "xpedition enterprise", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "oneapi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "comos", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "head-end system universal device integration system", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "siveillance identity", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.6" }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "energyip prepay", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.7" }, { "model": "secure device onboard", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-45046" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.12.2", "versionStartIncluding": "2.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "versionStartIncluding": "2.13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:intel:oneapi:-:*:*:*:*:eclipse:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:datacenter_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.70", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.16.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.6.2j-398", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-13", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-13", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2019.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.30", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2020", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-11", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-13", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2019.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:tracealertserverplus:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.12", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-45046" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.", "sources": [ { "db": "CERT/CC", "id": "VU#930724" } ], "trust": 0.8 }, "cve": "CVE-2021-45046", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-45046", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202112-1065", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "db": "NVD", "id": "CVE-2021-45046" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 AffectedCVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 Affected. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html\n\n4. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update\nAdvisory ID: RHSA-2022:1297-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1297\nIssue date: 2022-04-11\nCVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 \n CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 \n CVE-2022-23307 \n=====================================================================\n\n1. Summary:\n\nA security update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.4 for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7\nJBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1\nJBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034\nJBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)\nJBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console\nJBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001\nJBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001\nJBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8\nJBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002\nJBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001\nJBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001\nJBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001\nJBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002\nJBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final\nJBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final\nJBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001\nJBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final\nJBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001\nJBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26\nJBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001\nJBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend\nJBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\nJBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001\nJBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\n\n7. Package List:\n\nRed Hat JBoss EAP 7.4 for RHEL 8:\n\nSource:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm\n\nx86_64:\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\neap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-4104\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/cve/CVE-2022-23302\nhttps://access.redhat.com/security/cve/CVE-2022-23305\nhttps://access.redhat.com/security/cve/CVE-2022-23307\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK\nHU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K\nkhbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ\nrZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo\nP1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e\nsPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R\nIwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt\nl3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0\nU8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp\nzhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca\ndcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe\nUnHI/WwB37w=\n=eCh2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. The purpose of this text-only\nerrata is to inform you about the security issues fixed in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 2.16.0-1~deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.16.0-1~deb11u1. \n\nWe recommend that you upgrade your apache-log4j2 packages. \n\nFor the detailed security status of apache-log4j2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache-log4j2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG7FI5fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeSqOg//XOye7T/8PKOrrUtHFhH+w2dOC0GujwcIS2mhofVuZQTPYvM5uTZxDTuz\nrQN+T505t9QaP3sF05gXK6VI675HhgmF3d+vDEnhp8QpZX5HeJrmmX44FewZQAqP\nyMysAuwG1RJ0Qgs7NmppU/XJBnmhJLsqsW99kcDnNXS67D23e1nUqAEDME5baSoF\nVPc50Up/yh4DE28Jcs8Mh2cM8UqmeLEQJ8XC3IojQLhmOF1UBJuL4K0sEUqWtJeN\nTytHya2XdfIIZcRolHe6AUeiLP5JpitbqkVP+hEeruAvk8nTGsLi0HMbWxA9LLcB\nbB9KKJjf6xndRa/t/IXGMzwr883t5/YLdxbCFcGj9M4Bfj7SAhGdgnJHZaRt1quX\nVcqnu1pDHpdFuRX4t6oqF9R0uiBGeupZmGdb1y7os+FU2EbTRYU0rlnhfOsou0ex\nVh5sFKFDhgWUQoyuVUMh6eOZ7p92GTzbw5kPkvboa7Xdrs02m7ChLlh8f5ajRFrK\nWbAcwsBj6RK4dmtdvfO2sVEuRTpFQ3qtecwZUR0pqUIjJ+rfurSGmpPr3iOrBu2s\nROol/vLfW5uZd6RxSNbt3twPcwBaZagFQCcDY27Yz0sH6DlQUmWed1KJjbRaZ7fn\ncqjFisSZxu8d5VoAtjMSP8l95FoAm53r9Q1HCZvXqRhBjFNoYqE=\n=TNnt\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Ubiquiti UniFi: remote code execution via bundled log4j\n Date: October 26, 2023\n Bugs: #828853\n ID: 202310-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nA vulnerability has been discovered in unifi where bundled log4j can\nfacilitate a remote code execution\n\nBackground\n=========\nUbiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi\nAPs. \nPlease review the CVE identifier referenced below for details. \n\nImpact\n=====\nAn attacker with permission to modify the logging configuration file can\nconstruct a malicious configuration using a JDBC Appender with a data\nsource referencing a JNDI URI which can execute remote code. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Ubiquity UniFi users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-wireless/unifi-6.5.55\"\n\nReferences\n=========\n[ 1 ] CVE-2021-4104\n https://nvd.nist.gov/vuln/detail/CVE-2021-4104\n[ 2 ] CVE-2021-45046\n https://nvd.nist.gov/vuln/detail/CVE-2021-45046\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-16\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2021-45046" }, { "db": "CERT/CC", "id": "VU#930724" }, { "db": "PACKETSTORM", "id": "165326" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165636" }, { "db": "PACKETSTORM", "id": "165649" }, { "db": "PACKETSTORM", "id": "166676" }, { "db": "PACKETSTORM", "id": "166677" }, { "db": "PACKETSTORM", "id": "165650" }, { "db": "PACKETSTORM", "id": "169180" }, { "db": "PACKETSTORM", "id": "175367" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-45046", "trust": 3.3 }, { "db": "CERT/CC", "id": "VU#930724", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-714170", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-397453", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-479842", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-661247", "trust": 1.6 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/15/3", "trust": 1.6 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/14/4", "trust": 1.6 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/18/1", "trust": 1.6 }, { "db": "PACKETSTORM", "id": "165333", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "165649", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166676", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166677", "trust": 0.7 }, { "db": "LENOVO", "id": "LEN-76573", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122212", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042115", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022020815", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010517", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012731", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012443", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121651", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122726", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122119", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012730", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122018", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010632", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122814", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022062006", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022032405", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022022126", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121516", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012501", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021123016", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010325", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012045", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022020602", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010421", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011034", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011226", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121720", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022072076", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022021429", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060808", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022030923", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122307", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122908", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165343", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165645", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0332", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4257", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0086", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4187.6", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4295", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4186.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0247", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0199", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0240", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4186.4", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4302.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4198.4", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0090", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1065", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165326", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165636", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165650", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169180", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175367", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#930724" }, { "db": "PACKETSTORM", "id": "165326" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165636" }, { "db": "PACKETSTORM", "id": "165649" }, { "db": "PACKETSTORM", "id": "166676" }, { "db": "PACKETSTORM", "id": "166677" }, { "db": "PACKETSTORM", "id": "165650" }, { "db": "PACKETSTORM", "id": "169180" }, { "db": "PACKETSTORM", "id": "175367" }, { "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "db": "NVD", "id": "CVE-2021-45046" } ] }, "id": "VAR-202112-0562", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.6654401050000001 }, "last_update_date": "2024-07-23T21:05:01.160000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apache Log4j Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=175394" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1065" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-917", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-45046" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.cve.org/cverecord?id=cve-2021-44228" }, { "trust": 1.6, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/" }, { "trust": 1.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/" }, { "trust": 1.6, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.6, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032" }, { "trust": 1.6, "url": "https://www.kb.cert.org/vuls/id/930724" }, { "trust": 1.6, "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1" }, { "trust": 1.6, "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "trust": 1.6, "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "trust": 1.6, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" }, { "trust": 1.6, "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" }, { "trust": 1.6, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.6, "url": "https://www.debian.org/security/2021/dsa-5022" }, { "trust": 1.6, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd" }, { "trust": 1.6, "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "trust": 1.3, "url": "https://access.redhat.com/security/cve/cve-2021-45046" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/202310-16" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046" }, { "trust": 0.8, "url": "cve-2021-4104 " }, { "trust": 0.8, "url": "cve-2021-44228 " }, { "trust": 0.8, "url": "cve-2021-45046 " }, { "trust": 0.7, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060808" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022072076" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0086" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0240" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.4" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.3" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122212" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012731" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4302.3" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165649/red-hat-security-advisory-2022-0222-02.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122814" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165645/red-hat-security-advisory-2022-0205-02.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121720" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122018" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010632" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012730" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166676/red-hat-security-advisory-2022-1297-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0199" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010517" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022020602" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apache-log4j-denial-of-service-via-thread-context-message-pattern-37075" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4257" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165333/red-hat-security-advisory-2021-5106-04.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012501" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022062006" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021123016" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165343/red-hat-security-advisory-2021-5107-06.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122726" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121516" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4295" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010325" }, { "trust": 0.6, "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122908" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060708" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6527436" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011226" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528374" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022032405" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122119" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0332" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022030923" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4198.4" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6527886" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042115" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0090" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6526750" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022022126" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121651" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021429" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4187.6" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022020815" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122307" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/product_security/len-76573" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012045" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166677/red-hat-security-advisory-2022-1296-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011034" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012443" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010421" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0247" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-44832" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-45105" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-4104" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-44228" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23302" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23305" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23307" }, { "trust": 0.2, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5141" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5106" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0216" }, { "trust": 0.1, "url": "https://access.redhat.com/solutions/6577421" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0222" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1297" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1296" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0223" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/apache-log4j2" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#930724" }, { "db": "PACKETSTORM", "id": "165326" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165636" }, { "db": "PACKETSTORM", "id": "165649" }, { "db": "PACKETSTORM", "id": "166676" }, { "db": "PACKETSTORM", "id": "166677" }, { "db": "PACKETSTORM", "id": "165650" }, { "db": "PACKETSTORM", "id": "169180" }, { "db": "PACKETSTORM", "id": "175367" }, { "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "db": "NVD", "id": "CVE-2021-45046" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#930724" }, { "db": "PACKETSTORM", "id": "165326" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165636" }, { "db": "PACKETSTORM", "id": "165649" }, { "db": "PACKETSTORM", "id": "166676" }, { "db": "PACKETSTORM", "id": "166677" }, { "db": "PACKETSTORM", "id": "165650" }, { "db": "PACKETSTORM", "id": "169180" }, { "db": "PACKETSTORM", "id": "175367" }, { "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "db": "NVD", "id": "CVE-2021-45046" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-15T00:00:00", "db": "CERT/CC", "id": "VU#930724" }, { "date": "2021-12-16T15:22:54", "db": "PACKETSTORM", "id": "165326" }, { "date": "2021-12-16T15:34:27", "db": "PACKETSTORM", "id": "165333" }, { "date": "2022-01-20T17:49:52", "db": "PACKETSTORM", "id": "165636" }, { "date": "2022-01-21T15:29:08", "db": "PACKETSTORM", "id": "165649" }, { "date": "2022-04-11T17:14:49", "db": "PACKETSTORM", "id": "166676" }, { "date": "2022-04-11T17:15:55", "db": "PACKETSTORM", "id": "166677" }, { "date": "2022-01-21T15:29:54", "db": "PACKETSTORM", "id": "165650" }, { "date": "2021-12-28T20:12:00", "db": "PACKETSTORM", "id": "169180" }, { "date": "2023-10-26T14:46:58", "db": "PACKETSTORM", "id": "175367" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "date": "2021-12-14T19:15:07.733000", "db": "NVD", "id": "CVE-2021-45046" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-07T00:00:00", "db": "CERT/CC", "id": "VU#930724" }, { "date": "2023-06-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "date": "2024-06-27T19:24:09.027000", "db": "NVD", "id": "CVE-2021-45046" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "166676" }, { "db": "PACKETSTORM", "id": "166677" }, { "db": "PACKETSTORM", "id": "175367" }, { "db": "CNNVD", "id": "CNNVD-202112-1065" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Log4j allows insecure JNDI lookups", "sources": [ { "db": "CERT/CC", "id": "VU#930724" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "165326" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165636" }, { "db": "PACKETSTORM", "id": "165649" }, { "db": "PACKETSTORM", "id": "165650" }, { "db": "PACKETSTORM", "id": "175367" } ], "trust": 0.6 } }
cve-2020-7581
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:33:19.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Opcenter Execution Discrete", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Foundation", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Process", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Intelligence", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "product": "Opcenter Quality", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V11.3" } ] }, { "product": "Opcenter RD\u0026L", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "V8.0" } ] }, { "product": "SIMATIC Notifier Server for Windows", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC PCS neo", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0 SP1" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V15", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 5" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 2" } ] }, { "product": "SIMOCODE ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 4" } ] }, { "product": "SIMOCODE ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] }, { "product": "Soft Starter ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 3" } ] }, { "product": "Soft Starter ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-428", "description": "CWE-428: Unquoted Search Path or Element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-10T11:16:47", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-7581", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Opcenter Execution Discrete", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Foundation", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Process", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Intelligence", "version": { "version_data": [ { "version_value": "All versions \u003c V3.3" } ] } }, { "product_name": "Opcenter Quality", "version": { "version_data": [ { "version_value": "All versions \u003c V11.3" } ] } }, { "product_name": "Opcenter RD\u0026L", "version": { "version_data": [ { "version_value": "V8.0" } ] } }, { "product_name": "SIMATIC Notifier Server for Windows", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC PCS neo", "version": { "version_data": [ { "version_value": "All versions \u003c V3.0 SP1" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V15", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 5" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 2" } ] } }, { "product_name": "SIMOCODE ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 4" } ] } }, { "product_name": "SIMOCODE ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } }, { "product_name": "Soft Starter ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 3" } ] } }, { "product_name": "Soft Starter ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-428: Unquoted Search Path or Element" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-7581", "datePublished": "2020-07-14T13:18:05", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.617Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-7587
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:33:19.877Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Opcenter Execution Discrete", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Foundation", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Process", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Intelligence", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "product": "Opcenter Quality", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V11.3" } ] }, { "product": "Opcenter RD\u0026L", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "V8.0" } ] }, { "product": "SIMATIC IT LMS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.6" } ] }, { "product": "SIMATIC IT Production Suite", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V8.0" } ] }, { "product": "SIMATIC Notifier Server for Windows", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC PCS neo", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0 SP1" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V15", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 5" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 2" } ] }, { "product": "SIMOCODE ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 4" } ] }, { "product": "SIMOCODE ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] }, { "product": "Soft Starter ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 3" } ] }, { "product": "Soft Starter ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-10T11:16:51", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-7587", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Opcenter Execution Discrete", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Foundation", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Process", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Intelligence", "version": { "version_data": [ { "version_value": "All versions \u003c V3.3" } ] } }, { "product_name": "Opcenter Quality", "version": { "version_data": [ { "version_value": "All versions \u003c V11.3" } ] } }, { "product_name": "Opcenter RD\u0026L", "version": { "version_data": [ { "version_value": "V8.0" } ] } }, { "product_name": "SIMATIC IT LMS", "version": { "version_data": [ { "version_value": "All versions \u003c V2.6" } ] } }, { "product_name": "SIMATIC IT Production Suite", "version": { "version_data": [ { "version_value": "All versions \u003c V8.0" } ] } }, { "product_name": "SIMATIC Notifier Server for Windows", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC PCS neo", "version": { "version_data": [ { "version_value": "All versions \u003c V3.0 SP1" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V15", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 5" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 2" } ] } }, { "product_name": "SIMOCODE ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 4" } ] } }, { "product_name": "SIMOCODE ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } }, { "product_name": "Soft Starter ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 3" } ] } }, { "product_name": "Soft Starter ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-7587", "datePublished": "2020-07-14T13:18:05", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.877Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-7588
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:33:19.850Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Opcenter Execution Discrete", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Foundation", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Process", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Intelligence", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "product": "Opcenter Quality", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V11.3" } ] }, { "product": "Opcenter RD\u0026L", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "V8.0" } ] }, { "product": "SIMATIC IT LMS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.6" } ] }, { "product": "SIMATIC IT Production Suite", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V8.0" } ] }, { "product": "SIMATIC Notifier Server for Windows", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC PCS neo", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0 SP1" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V15", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 5" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 2" } ] }, { "product": "SIMOCODE ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 4" } ] }, { "product": "SIMOCODE ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] }, { "product": "Soft Starter ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 3" } ] }, { "product": "Soft Starter ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-10T11:16:56", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-7588", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Opcenter Execution Discrete", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Foundation", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Process", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Intelligence", "version": { "version_data": [ { "version_value": "All versions \u003c V3.3" } ] } }, { "product_name": "Opcenter Quality", "version": { "version_data": [ { "version_value": "All versions \u003c V11.3" } ] } }, { "product_name": "Opcenter RD\u0026L", "version": { "version_data": [ { "version_value": "V8.0" } ] } }, { "product_name": "SIMATIC IT LMS", "version": { "version_data": [ { "version_value": "All versions \u003c V2.6" } ] } }, { "product_name": "SIMATIC IT Production Suite", "version": { "version_data": [ { "version_value": "All versions \u003c V8.0" } ] } }, { "product_name": "SIMATIC Notifier Server for Windows", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC PCS neo", "version": { "version_data": [ { "version_value": "All versions \u003c V3.0 SP1" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V15", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 5" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 2" } ] } }, { "product_name": "SIMOCODE ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 4" } ] } }, { "product_name": "SIMOCODE ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } }, { "product_name": "Soft Starter ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 3" } ] } }, { "product_name": "Soft Starter ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20: Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-7588", "datePublished": "2020-07-14T13:18:05", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.850Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }