All the vulnerabilites related to Siemens - Operation Scheduler
var-202112-0566
Vulnerability from variot

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Critical: Red Hat Data Grid 8.2.2 security update Advisory ID: RHSA-2021:5132-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2021:5132 Issue date: 2021-12-14 CVE Names: CVE-2021-44228 =====================================================================

  1. Summary:

An update for Red Hat Data Grid is now available.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.

Data Grid 8.2.2 replaces Data Grid 8.2.1 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.2 in the Release Notes [3].

Security Fix(es):

  • log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

To install this update, do the following:

  1. Download the Data Grid 8.2.2 server patch from the customer portal[²].
  2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
  3. Install the Data Grid 8.2.2 server patch. Refer to the 8.2.2 Release Notes[³] for patching instructions.
  4. Restart Data Grid to ensure the changes take effect.

  5. Bugs fixed (https://bugzilla.redhat.com/):

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

  1. References:

https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381&product=data.grid&version=8.2&downloadType=patches https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index https://access.redhat.com/security/vulnerabilities/RHSB-2021-009

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYblI0NzjgjWX9erEAQj7mw//TtZnFmrLI6Ts7uC19MnLA/vVPXT1i2Qz R1CZ4T7QCZkiJCNXvwYHj7iQgOm5o/seXRE38qGtJWqiyrZMGHVQnDl1Vuhm31jg 6lxhpjn0kKKZanznosCxF3U2ovLhrEx+5in4piNiyV6CKkkgBV7UvESGWlIKiumq 1r79DAQ7WdYPoOk+m+b5p/okFJXyD0FcEbrqZcgJQCmR9zyJ6DGAy4N9+cgEgGaC QoVZaXa+pUEVjiAOAg0XNcb+GyYSMFwkPUR14NI0V2OHIo97aBg9AG1HrOj3QmSG 5LR/8zWQbfSbtTIzR67gBGF8F8nvnEeBARYje97Cx2FcHGDFisLHM8OGqFNjU5+I HepIdPjwcoy3kPDSfQ9WXx7Iz03tMCbhMWUhH9MRYuUAzCHgsAryZ4AnTBa+Hn7B 7WHuVf24eFcoJysoWGsbQZDzN5oxqIRXP2mA5k7MVemHV5L+7KV15KyJWaDqTdI+ DTpw8kP/WboloegmZmaqbPLlfvl91G8LjU5yfLaa+rNHkbyT4G1c3iQm5yLWlsYW yfGf+XiZPoF5S6862qdx7YPZG0yTkaUYU0Spnr8eV9wt9uUIp57jczrBzgBKYlN0 BdNv9DgqbGvhmdz/k95gRZUpdYAvF6J4+Y4h9uXgxqfdGZjFCSlegOG8gleCnvEw dfFqyyf+3ZQ= =be8O -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:

For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:

https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

  1. JIRA issues fixed (https://issues.jboss.org/):

LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable

The References section of this erratum contains a download link for the update. You must be logged in to download the update. ========================================================================= Ubuntu Security Notice USN-5192-2 December 17, 2021

apache-log4j2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 ESM

Summary:

Apache Log4j 2 could be made to crash or run programs as an administrator if it received a specially crafted input. This update provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 ESM: liblog4j2-java 2.4-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

2021-12-11: VMSA-2021-0028.1 Updated advisory with workaround information for multiple products including vCenter Server Appliance, vRealize Operations, Horizon, vRealize Log Insight, Unified Access Gateway.

2021-12-13: VMSA-2021-0028.2 Revised advisory with updates to multiple products. \x95 VMware HCX \x95 VMware NSX-T Data Center \x95 VMware WorkspaceOne Access \x95 VMware Identity Manager \x95 VMware vRealize Operations Cloud Proxy \x95 VMware vRealize Lifecycle Manager \x95 VMware Site Recovery Manager, vSphere Replication \x95 VMware Carbon Black Cloud Workload Appliance \x95 VMware Carbon Black EDR Server \x95 VMware Tanzu GemFire \x95 VMware Tanzu Greenplum \x95 VMware Tanzu Operations Manager \x95 VMware Tanzu Application Service for VMs \x95 VMware Tanzu Kubernetes Grid Integrated Edition \x95 VMware Tanzu Observability by Wavefront Nozzle \x95 Healthwatch for Tanzu Application Service \x95 Spring Cloud Services for VMware Tanzu \x95 API Portal for VMware Tanzu \x95 Single Sign-On for VMware Tanzu Application Service \x95 App Metrics \x95 VMware vCenter Cloud Gateway \x95 VMware Cloud Foundation \x95 VMware Workspace ONE Access Connector \x95 VMware Horizon DaaS \x95 VMware Horizon Cloud Connector \x95 VMware NSX Data Center for vSphere \x95 VMware AppDefense Appliance \x95 VMware Cloud Director Object Storage Extension

You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce. Description:

Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.

Security Fix(es):

  • log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)

  • jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)

  • kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148)

  • xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141)

  • xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146)

  • xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154)

  • xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144)

  • xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139)

  • xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153)

  • xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140)

  • xstream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505)

  • xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150)

  • xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Bugs fixed (https://bugzilla.redhat.com/):

1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1997763 - CVE-2021-39139 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997765 - CVE-2021-39140 xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler 1997769 - CVE-2021-39141 xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei. 1997772 - CVE-2021-39144 xstream: Arbitrary code execution via unsafe deserialization of sun.tracing. 1997775 - CVE-2021-39145 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997777 - CVE-2021-39146 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue 1997779 - CVE-2021-39147 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration 1997781 - CVE-2021-39148 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator 1997784 - CVE-2021-39149 xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba. 1997786 - CVE-2021-39150 xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei. 1997791 - CVE-2021-39151 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997793 - CVE-2021-39152 xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData 1997795 - CVE-2021-39153 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997801 - CVE-2021-39154 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

This update also fixes CVE-2020-9488 in the oldstable distribution (buster). Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.

For the oldstable distribution (buster), this problem has been fixed in version 2.15.0-1~deb10u1.

For the stable distribution (bullseye), this problem has been fixed in version 2.15.0-1~deb11u1.

We recommend that you upgrade your apache-log4j2 packages.

For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG0+YVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQvXA/+LIMVC0X80Qc6No564VodtTN3Ci0NyaUcQyZG8Gyo2tPuwKEpOUpmom7f wcZvQgKvwxs3Ad1M5Zt/6Ql3v0KbwzBah0v8KUV86B6g4yb+Wno7iKQR1mN47bpz 2SJPzf6IECwtmz3zYI3fLuJJ/dvAMRlQ+nhPsC8/zJGJgfFHFmDyfG8TtlrYLUHS Pjpov4C/VllQGJ5MjyVF93OqTCy4V7WxH/RgT1YBOs71KNCq5yPoch35geytSQoM Kk59qFLQgST2kYhLVxRRbdQAAhbA7W5XythKqphon6nRmlJPHSGkXMf9s0N3cm6K Zkmvo2/A29FiceZj/bSM4/qw7gqbsJfpSMcTKmxhReolsXAJVj4mGu9cZZTAP7Tb g8fl8kGljFd01ka0208eFyILHCR2bAF2xgS1nG6TCc170azDkvW38fZHHkLQIPbF TOwxoNv8dHgyT6pfI+BDYKy9pNvrLk/jqXkOpry6nY+Ji/RcjGBDIR3VP25VsMk8 6zwERE1LX0IvwiaSFBg6oyWW4siINZzFyVXryLvRr/YBIAYKGv+Y1Wn8ageACItW 2SZjLbK4uBTOHyvPITBgOZSYD7kYcTPxdbb8ntw7Uo489hYXzjYlloTBoUPg1G3o gyZnRfW0yYf2bA63I7vVBDTITt8K4H1UkUDEOIUjXGekFLqDnGw= =BY2+ -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0566",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cloudcenter cost optimizer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5.2"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(001.002\\)"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.0\\(1\\)"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.6"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.4\\(1\\)"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "automated subsea tuning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "02.01.00"
      },
      {
        "model": "log4j",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "log4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.15.0"
      },
      {
        "model": "enterprise chat and email",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "captial",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.5.0"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1c\\)"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.4"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.3.2.1"
      },
      {
        "model": "broadworks",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloudcenter suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4\\(1\\)"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "dna center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.3.4"
      },
      {
        "model": "contact center management portal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.22900.28\\)"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.5"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.7"
      },
      {
        "model": "vm access proxy",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "snowsoftware",
        "version": "3.6"
      },
      {
        "model": "mendix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "006.005.000.000"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "006.008\\(001.000\\)"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.0"
      },
      {
        "model": "dna center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1.2.8"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(4.65000.14\\)"
      },
      {
        "model": "operation scheduler",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.3"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1b\\)"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1.0"
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "virtual topology system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.6.6"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(001.001\\)"
      },
      {
        "model": "captial",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.10000.6\\)"
      },
      {
        "model": "e-car operation center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "crosswork network automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.0"
      },
      {
        "model": "intersight virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.0.9-343"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1k\\)"
      },
      {
        "model": "oneapi sample browser",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.010\\(000.000\\)"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "003.001\\(000.518\\)"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0"
      },
      {
        "model": "sppa-t3000 ses3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "intersight virtual appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.0.9-361"
      },
      {
        "model": "business process automation",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.000.115"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "008.000.000.000.004"
      },
      {
        "model": "crosswork zero touch provisioning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.0"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "nx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "dna spaces\\: connector",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "mobility services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.3.2.0"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3.0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.4\\(1\\)"
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.3\\(1\\)"
      },
      {
        "model": "xpedition package integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "log4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.1"
      },
      {
        "model": "xpedition enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "dna center",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.3.0"
      },
      {
        "model": "dna center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.2.8"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(000.001\\)"
      },
      {
        "model": "business process automation",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.000.009"
      },
      {
        "model": "gma-manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.6.2j-398"
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.0\\(1\\)"
      },
      {
        "model": "common services platform collector",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.10.0.1"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.6"
      },
      {
        "model": "video surveillance manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.14\\(2.26\\)"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "optical network controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.8"
      },
      {
        "model": "unified contact center express",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(2\\)"
      },
      {
        "model": "industrial edge management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "cloud secure agent",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "network services orchestrator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.7.0"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1a\\)"
      },
      {
        "model": "log4j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.004\\(000.914\\)"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "synchro 4d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "bentley",
        "version": "6.2.4.2"
      },
      {
        "model": "sentron powermanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "fog director",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "video surveillance manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.14\\(1.26\\)"
      },
      {
        "model": "comos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "crosswork network automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1.0"
      },
      {
        "model": "network services orchestrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5.4.1"
      },
      {
        "model": "navigator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "data center manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5.1"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6\\(1\\)"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.4"
      },
      {
        "model": "optical network controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.1.0"
      },
      {
        "model": "crosswork zero touch provisioning",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.1"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "automated subsea tuning",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1.0"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "broadworks",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2021.11_1.162"
      },
      {
        "model": "identity services engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.4.0"
      },
      {
        "model": "energyip prepay",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.8"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0.0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(001.000\\)"
      },
      {
        "model": "cloud connect",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "006.004.000.003"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "contact center domain manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "cloudcenter suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.10\\(0.15\\)"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.7"
      },
      {
        "model": "cloudcenter suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3\\(0\\)"
      },
      {
        "model": "workload optimization manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.1"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.5\\(1\\)"
      },
      {
        "model": "nexus insights",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.2"
      },
      {
        "model": "sentron powermanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.17900.52\\)"
      },
      {
        "model": "unity connection",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "network insights for data center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(2.1914\\)"
      },
      {
        "model": "emergency responder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(4\\)"
      },
      {
        "model": "system debugger",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "enterprise chat and email",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "mindsphere",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-11"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.0\\(2\\)"
      },
      {
        "model": "ontap tools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "log4j",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.13.0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "unified communications manager im \\\u0026 presence service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.22900.6\\)"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "unified communications manager im \\\u0026 presence service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.6.1"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1d\\)"
      },
      {
        "model": "unified communications manager im and presence service",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(3\\)"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(000.002\\)"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "010.002\\(001\\)"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.4.0"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "003.002\\(000.116\\)"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.3"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.003.001.001"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.3.4.1"
      },
      {
        "model": "synchro",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "bentley",
        "version": "6.1"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "network services orchestrator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.6"
      },
      {
        "model": "unified communications manager im and presence service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "log4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.12.2"
      },
      {
        "model": "cloudcenter suite admin",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.1"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6\\(2\\)"
      },
      {
        "model": "finesse",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "business process automation",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.000.000"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(2\\)"
      },
      {
        "model": "teamcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "customer experience cloud agent",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.12.1"
      },
      {
        "model": "crosswork network controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.0"
      },
      {
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "dna center",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.2.0"
      },
      {
        "model": "network services orchestrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "crosswork platform infrastructure",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "crosswork data gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.2"
      },
      {
        "model": "cloudcenter suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5\\(1\\)"
      },
      {
        "model": "snow commander",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "snowsoftware",
        "version": "8.10.0"
      },
      {
        "model": "solid edge harness design",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2020"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.4.2.1"
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.002.000"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "cloudcenter suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5\\(0\\)"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1l\\)"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.6.0"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2.1"
      },
      {
        "model": "email security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "10.0.12"
      },
      {
        "model": "crosswork optimization engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.0"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.2"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.4"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "solid edge cam pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.7.0"
      },
      {
        "model": "prime service catalog",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1"
      },
      {
        "model": "snapcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "spectrum power 4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.70"
      },
      {
        "model": "cyber vision",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "010.002\\(000\\)"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(000.000\\)"
      },
      {
        "model": "cyber vision sensor management extension",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "data center network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.3\\(1\\)"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.003.003"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(2\\)"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.6.2.1"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "common services platform collector",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.10.0"
      },
      {
        "model": "cyber vision sensor management extension",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1h\\)"
      },
      {
        "model": "opcenter intelligence",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "cx cloud agent",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "001.012"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.80"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.000.001"
      },
      {
        "model": "genomics kernel library",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(2\\)"
      },
      {
        "model": "video surveillance manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.14\\(3.025\\)"
      },
      {
        "model": "energy engage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "siveillance command",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.16.2.1"
      },
      {
        "model": "siveillance viewpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "vesys",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "desigo cc info center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "14.0\\(1\\)"
      },
      {
        "model": "crosswork data gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.0"
      },
      {
        "model": "secure device onboard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "006.005.000."
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0.0"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "smart phy",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.1"
      },
      {
        "model": "data center network manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.3\\(1\\)"
      },
      {
        "model": "dna center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.2.8"
      },
      {
        "model": "unified sip proxy",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.2.1v2"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5"
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "nexus dashboard",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "9.0"
      },
      {
        "model": "desigo cc info center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0"
      },
      {
        "model": "crosswork network controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.1"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.4.0"
      },
      {
        "model": "rhythmyx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "percussion",
        "version": "7.3.2"
      },
      {
        "model": "cloudcenter workload manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5.2"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1g\\)"
      },
      {
        "model": "virtualized infrastructure manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.0"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "010.000\\(001\\)"
      },
      {
        "model": "vesys",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "iot operations dashboard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "spectrum power 7",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.30"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.5"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.5.0"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.1"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "010.000\\(000\\)"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "virtual topology system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.6.7"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.2\\(1\\)"
      },
      {
        "model": "enterprise chat and email",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)"
      },
      {
        "model": "spectrum power 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.30"
      },
      {
        "model": "unified customer voice portal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.003.000"
      },
      {
        "model": "industrial edge management hub",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.001.000"
      },
      {
        "model": "solid edge harness design",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2020"
      },
      {
        "model": "computer vision annotation tool",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "cloudcenter",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.10.0.16"
      },
      {
        "model": "ucs central",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1p\\)"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.003\\(002.000\\)"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "network assurance engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(2.1912\\)"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.6.0"
      },
      {
        "model": "crosswork network automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "dna spaces",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1.3"
      },
      {
        "model": "unified intelligence center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "003.000\\(000.458\\)"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1.0"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2.2"
      },
      {
        "model": "webex meetings server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "network assurance engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.2"
      },
      {
        "model": "head-end system universal device integration system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "virtualized voice browser",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "unified workforce optimization",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "dna spaces connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified contact center management portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "enterprise chat and email",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.3"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0"
      },
      {
        "model": "siveillance vantage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.5"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.18900.97\\)"
      },
      {
        "model": "common services platform collector",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.9.1.3"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)su3"
      },
      {
        "model": "cloud insights",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "spectrum power 4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.70"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.1\\(1\\)"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1e\\)"
      },
      {
        "model": "advanced malware protection virtual private cloud appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5.4"
      },
      {
        "model": "video surveillance manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.14\\(4.018\\)"
      },
      {
        "model": "sensor solution development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "business process automation",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.000.044"
      },
      {
        "model": "virtualized infrastructure manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.4"
      },
      {
        "model": "crosswork network automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1.1"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.21900.40\\)"
      },
      {
        "model": "crosswork optimization engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.1"
      },
      {
        "model": "crosswork platform infrastructure",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1.0"
      },
      {
        "model": "network services orchestrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.5.2"
      },
      {
        "model": "network services orchestrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.6.3.1"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.006\\(000.156\\)"
      },
      {
        "model": "logo\\! soft comfort",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "business process automation",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.000.000"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.1\\(1\\)"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6\\(2\\)"
      },
      {
        "model": "video surveillance operations manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.14.4"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1.1"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3.0"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "008.000.000"
      },
      {
        "model": "virtualized infrastructure manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.0"
      },
      {
        "model": "wan automation engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.3.0.2"
      },
      {
        "model": "ucs director",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.8.2.0"
      },
      {
        "model": "system studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1f\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.3\\(1\\)"
      },
      {
        "model": "network services orchestrator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5"
      },
      {
        "model": "synchro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "bentley",
        "version": "6.4.3.2"
      },
      {
        "model": "prime service catalog",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.5"
      },
      {
        "model": "crosswork network automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.0"
      },
      {
        "model": "log4j",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.4.0"
      },
      {
        "model": "audio development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.007\\(000.356\\)"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.5.1.1"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.6"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "connected mobile experiences",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "paging server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "14.4.1"
      },
      {
        "model": "energyip prepay",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.7"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.18119.2\\)"
      },
      {
        "model": "network services orchestrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.5.1"
      },
      {
        "model": "siveillance control pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.85"
      },
      {
        "model": "oncommand insight",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(4.66000.14\\)"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6\\(1\\)"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(2\\)"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.15.0",
                "versionStartIncluding": "2.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.1",
                "versionStartIncluding": "2.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.12.2",
                "versionStartIncluding": "2.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.70",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.16.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.6.2j-398",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021-12-13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021-12-13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021-12-11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021-12-13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.3\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.5\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:data_center_network_manager:11.3\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.6\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.3.1",
                "versionStartIncluding": "5.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.4.1",
                "versionStartIncluding": "5.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.9-361",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.4.5.2",
                "versionStartIncluding": "5.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:dna_spaces\\:_connector:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.10.0.1",
                "versionStartIncluding": "2.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.9.1.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.10.0.16",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.000.009",
                "versionStartIncluding": "3.2.000.000",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.1.000.044",
                "versionStartIncluding": "3.1.000.000",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.000.115",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0\\(1p\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.8.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.3.4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.3.4",
                "versionStartIncluding": "2.2.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.4.2.1",
                "versionStartIncluding": "20.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.4",
                "versionStartIncluding": "3.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.5.1.1",
                "versionStartIncluding": "20.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.2.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.6.2.1",
                "versionStartIncluding": "20.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.6.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.2.8",
                "versionStartIncluding": "2.2.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.5\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:unified_workforce_optimization:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:unified_sip_proxy:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.2.1v2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.6\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.6\\(2\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.0\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5\\(4\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.5\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.5\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.6\\(1\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.11_1.162",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:fxos:6.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:fxos:7.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:fxos:7.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(001\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(000\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(001\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(000\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es02:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es01:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):su1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1.22900.6\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.22900.28\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.21900.40\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18900.97\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18119.2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.17900.52\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:paging_server:9.1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:paging_server:9.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:paging_server:9.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:paging_server:8.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:paging_server:8.4\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:paging_server:8.3\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:paging_server:14.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:paging_server:12.5\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.66000.14\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.65000.14\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:006.008\\(001.000\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1l\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1k\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1h\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1g\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1f\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1e\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1d\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1c\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\\(002.000\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_assurance_engine:6.0\\(2.1912\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(4.018\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(3.025\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(2.26\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(1.26\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_workforce_optimization:11.5\\(1\\):sr7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unity_connection:11.5\\(1.10000.6\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(0\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.4\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:003.002\\(000.116\\):-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:003.001\\(000.518\\):-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:003.000\\(000.458\\):-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:002.007\\(000.356\\):-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:002.006\\(000.156\\):-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:002.004\\(000.914\\):-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:network_insights_for_data_center:6.0\\(2.1914\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.010\\(000.000\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.002\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.001\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.000\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.002\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.001\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.000\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.10.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.4.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.3.2",
                "versionStartIncluding": "6.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2021-44228",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-407408",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-44228",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202112-799",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-407408",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 AffectedCVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 Affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Critical: Red Hat Data Grid 8.2.2 security update\nAdvisory ID:       RHSA-2021:5132-01\nProduct:           Red Hat JBoss Data Grid\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:5132\nIssue date:        2021-12-14\nCVE Names:         CVE-2021-44228 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.2.2 replaces Data Grid 8.2.1 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.2.2 in the Release Notes [3]. \n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.2.2 server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.2.2 server patch. Refer to the 8.2.2 Release\nNotes[\u00b3] for patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44228\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=8.2\u0026downloadType=patches\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYblI0NzjgjWX9erEAQj7mw//TtZnFmrLI6Ts7uC19MnLA/vVPXT1i2Qz\nR1CZ4T7QCZkiJCNXvwYHj7iQgOm5o/seXRE38qGtJWqiyrZMGHVQnDl1Vuhm31jg\n6lxhpjn0kKKZanznosCxF3U2ovLhrEx+5in4piNiyV6CKkkgBV7UvESGWlIKiumq\n1r79DAQ7WdYPoOk+m+b5p/okFJXyD0FcEbrqZcgJQCmR9zyJ6DGAy4N9+cgEgGaC\nQoVZaXa+pUEVjiAOAg0XNcb+GyYSMFwkPUR14NI0V2OHIo97aBg9AG1HrOj3QmSG\n5LR/8zWQbfSbtTIzR67gBGF8F8nvnEeBARYje97Cx2FcHGDFisLHM8OGqFNjU5+I\nHepIdPjwcoy3kPDSfQ9WXx7Iz03tMCbhMWUhH9MRYuUAzCHgsAryZ4AnTBa+Hn7B\n7WHuVf24eFcoJysoWGsbQZDzN5oxqIRXP2mA5k7MVemHV5L+7KV15KyJWaDqTdI+\nDTpw8kP/WboloegmZmaqbPLlfvl91G8LjU5yfLaa+rNHkbyT4G1c3iQm5yLWlsYW\nyfGf+XiZPoF5S6862qdx7YPZG0yTkaUYU0Spnr8eV9wt9uUIp57jczrBzgBKYlN0\nBdNv9DgqbGvhmdz/k95gRZUpdYAvF6J4+Y4h9uXgxqfdGZjFCSlegOG8gleCnvEw\ndfFqyyf+3ZQ=\n=be8O\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. =========================================================================\nUbuntu Security Notice USN-5192-2\nDecember 17, 2021\n\napache-log4j2 vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nApache Log4j 2 could be made to crash or run programs as an administrator\nif it received a specially crafted input. This update provides\nthe corresponding update for Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run\n programs via a special crafted input. An attacker could use this vulnerability\n to cause a denial of service or possibly execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n  liblog4j2-java                  2.4-2ubuntu0.1~esm1\n\nIn general, a standard system update will make all the necessary changes. \n\n2021-12-11: VMSA-2021-0028.1\nUpdated advisory with workaround information for multiple products including vCenter Server Appliance, vRealize Operations, Horizon, vRealize Log Insight, Unified Access Gateway. \n\n2021-12-13: VMSA-2021-0028.2\nRevised advisory with updates to multiple products. \n\\x95\tVMware HCX\n\\x95\tVMware NSX-T Data Center\n\\x95\tVMware WorkspaceOne Access\n\\x95\tVMware Identity Manager \n\\x95\tVMware vRealize Operations Cloud Proxy\n\\x95\tVMware vRealize Lifecycle Manager\n\\x95\tVMware Site Recovery Manager, vSphere Replication\n\\x95\tVMware Carbon Black Cloud Workload Appliance\n\\x95\tVMware Carbon Black EDR Server\n\\x95\tVMware Tanzu GemFire\n\\x95\tVMware Tanzu Greenplum\n\\x95\tVMware Tanzu Operations Manager\n\\x95\tVMware Tanzu Application Service for VMs\n\\x95\tVMware Tanzu Kubernetes Grid Integrated Edition\n\\x95\tVMware Tanzu Observability by Wavefront Nozzle\n\\x95\tHealthwatch for Tanzu Application Service\n\\x95\tSpring Cloud Services for VMware Tanzu\n\\x95\tAPI Portal for VMware Tanzu\n\\x95\tSingle Sign-On for VMware Tanzu Application Service\n\\x95\tApp Metrics\n\\x95\tVMware vCenter Cloud Gateway\n\\x95\tVMware Cloud Foundation\n\\x95\tVMware Workspace ONE Access Connector\n\\x95\tVMware Horizon DaaS\n\\x95\tVMware Horizon Cloud Connector\n\\x95\tVMware NSX Data Center for vSphere\n\\x95\tVMware AppDefense Appliance\n\\x95\tVMware Cloud Director Object Storage Extension\n\nYou are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\n* jackson-dataformat-cbor:  Unchecked allocation of byte buffer can cause a\njava.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* kubernetes-client: fabric8-kubernetes-client: vulnerable to a path\ntraversal leading to integrity and availability compromise (CVE-2021-20218)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.corba.* (CVE-2021-39149)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\ncom.sun.xml.internal.ws.client.sei.* (CVE-2021-39141)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\njavax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\njavax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154)\n\n* xstream: Arbitrary code execution via unsafe deserialization of\nsun.tracing.* (CVE-2021-39144)\n\n* xstream: Arbitrary code execution via unsafe deserialization of Xalan\nxsltc.trax.TemplatesImpl (CVE-2021-39139)\n\n* xstream: Arbitrary code execution via unsafe deserialization of Xalan\nxsltc.trax.TemplatesImpl (CVE-2021-39153)\n\n* xstream: Infinite loop DoS via unsafe deserialization of\nsun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140)\n\n* xstream: remote command execution attack by manipulating the processed\ninput stream (CVE-2021-29505)\n\n* xstream: Server-side request forgery (SSRF) via unsafe deserialization of\ncom.sun.xml.internal.ws.client.sei.* (CVE-2021-39150)\n\n* xstream: Server-side request forgery (SSRF) via unsafe deserialization of\njdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. Bugs fixed (https://bugzilla.redhat.com/):\n\n1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise\n1930423 - CVE-2020-28491 jackson-dataformat-cbor:  Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception\n1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream\n1997763 - CVE-2021-39139 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl\n1997765 - CVE-2021-39140 xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler\n1997769 - CVE-2021-39141 xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*\n1997772 - CVE-2021-39144 xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.*\n1997775 - CVE-2021-39145 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration\n1997777 - CVE-2021-39146 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue\n1997779 - CVE-2021-39147 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration\n1997781 - CVE-2021-39148 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator\n1997784 - CVE-2021-39149 xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.*\n1997786 - CVE-2021-39150 xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*\n1997791 - CVE-2021-39151 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration\n1997793 - CVE-2021-39152 xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData\n1997795 - CVE-2021-39153 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl\n1997801 - CVE-2021-39154 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. \n\nThis update also fixes CVE-2020-9488 in the oldstable distribution\n(buster). Improper validation of certificate with host mismatch in Apache Log4j\nSMTP appender. This could allow an SMTPS connection to be intercepted by a\nman-in-the-middle attack which could leak any log messages sent through that\nappender. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 2.15.0-1~deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.15.0-1~deb11u1. \n\nWe recommend that you upgrade your apache-log4j2 packages. \n\nFor the detailed security status of apache-log4j2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache-log4j2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG0+YVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeQvXA/+LIMVC0X80Qc6No564VodtTN3Ci0NyaUcQyZG8Gyo2tPuwKEpOUpmom7f\nwcZvQgKvwxs3Ad1M5Zt/6Ql3v0KbwzBah0v8KUV86B6g4yb+Wno7iKQR1mN47bpz\n2SJPzf6IECwtmz3zYI3fLuJJ/dvAMRlQ+nhPsC8/zJGJgfFHFmDyfG8TtlrYLUHS\nPjpov4C/VllQGJ5MjyVF93OqTCy4V7WxH/RgT1YBOs71KNCq5yPoch35geytSQoM\nKk59qFLQgST2kYhLVxRRbdQAAhbA7W5XythKqphon6nRmlJPHSGkXMf9s0N3cm6K\nZkmvo2/A29FiceZj/bSM4/qw7gqbsJfpSMcTKmxhReolsXAJVj4mGu9cZZTAP7Tb\ng8fl8kGljFd01ka0208eFyILHCR2bAF2xgS1nG6TCc170azDkvW38fZHHkLQIPbF\nTOwxoNv8dHgyT6pfI+BDYKy9pNvrLk/jqXkOpry6nY+Ji/RcjGBDIR3VP25VsMk8\n6zwERE1LX0IvwiaSFBg6oyWW4siINZzFyVXryLvRr/YBIAYKGv+Y1Wn8ageACItW\n2SZjLbK4uBTOHyvPITBgOZSYD7kYcTPxdbb8ntw7Uo489hYXzjYlloTBoUPg1G3o\ngyZnRfW0yYf2bA63I7vVBDTITt8K4H1UkUDEOIUjXGekFLqDnGw=\n=BY2+\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      },
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "PACKETSTORM",
        "id": "165293"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165290"
      },
      {
        "db": "PACKETSTORM",
        "id": "165291"
      },
      {
        "db": "PACKETSTORM",
        "id": "165324"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "db": "PACKETSTORM",
        "id": "165260"
      },
      {
        "db": "PACKETSTORM",
        "id": "165733"
      },
      {
        "db": "PACKETSTORM",
        "id": "169172"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-407408",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-44228",
        "trust": 3.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#930724",
        "trust": 2.5
      },
      {
        "db": "PACKETSTORM",
        "id": "165260",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165311",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165225",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165532",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165281",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165306",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165673",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165282",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165371",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167794",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167917",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165270",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165261",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165642",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165307",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-479842",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-714170",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-661247",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-397453",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/13/1",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/14/4",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/10/3",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/13/2",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/10/2",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/15/3",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/10/1",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "171626",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165324",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165733",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165348",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "166313",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165279",
        "trust": 0.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "50592",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060708",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012045",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010629",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072076",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022021428",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071316",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062001",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122212",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010908",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122403",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121720",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021123016",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010421",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031501",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122907",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012732",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121652",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121492",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010522",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121201",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121535",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122721",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122018",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022032006",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060808",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022011732",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122401",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121350",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022030923",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122811",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022020607",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012439",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022011042",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022021807",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010322",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122122",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0090",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0492",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4211",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4187.6",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0237",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4236",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0332",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0080",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4186.4",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4269",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4198",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4316",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4274",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0247",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1188",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4302.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4256.2",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2022120027",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2021120069",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2022080025",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2022010065",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-76573",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-357-02",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-034-01",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "51183",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165293",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165329",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165333",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165290",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165291",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165343",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165520",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165295",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165297",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165298",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165326",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165289",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165264",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165632",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "50590",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-407408",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165286",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169172",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "PACKETSTORM",
        "id": "165293"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165290"
      },
      {
        "db": "PACKETSTORM",
        "id": "165291"
      },
      {
        "db": "PACKETSTORM",
        "id": "165324"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "db": "PACKETSTORM",
        "id": "165260"
      },
      {
        "db": "PACKETSTORM",
        "id": "165733"
      },
      {
        "db": "PACKETSTORM",
        "id": "169172"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "id": "VAR-202112-0566",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      }
    ],
    "trust": 0.7309832957142857
  },
  "last_update_date": "2024-07-23T21:58:00.289000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apache Log4j Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=174249"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-400",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-502",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-917",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/167917/mobileiron-log4shell-remote-command-execution.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165225/apache-log4j2-2.14.1-remote-code-execution.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165311/log4j-scan-extensive-scanner.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165371/vmware-security-advisory-2021-0028.4.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165532/log4shell-http-header-injection.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165642/vmware-vcenter-server-unauthenticated-log4shell-jndi-injection-remote-code-execution.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165673/unifi-network-application-unauthenticated-log4shell-remote-code-execution.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.kb.cert.org/vuls/id/930724"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213189"
      },
      {
        "trust": 1.7,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2021/dsa-5020"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/mar/23"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/jul/11"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/dec/2"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/167794/open-xchange-app-suite-7.10.x-cross-site-scripting-command-injection.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/nu11secur1ty/cve-mitre/tree/main/cve-2021-44228"
      },
      {
        "trust": 1.7,
        "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165260/vmware-security-advisory-2021-0028.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165261/apache-log4j2-2.14.1-information-disclosure.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165270/apache-log4j2-2.14.1-remote-code-execution.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165281/log4j2-log4shell-regexes.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165282/log4j-payload-generator.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165306/l4sh-log4j-remote-code-execution.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165307/log4j-remote-code-execution-word-bypassing.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/software-list.md"
      },
      {
        "trust": 1.7,
        "url": "https://logging.apache.org/log4j/2.x/security.html"
      },
      {
        "trust": 1.7,
        "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
      },
      {
        "trust": 1.7,
        "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
      },
      {
        "trust": 1.7,
        "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228"
      },
      {
        "trust": 1.6,
        "url": "http://packetstormsecurity.com/files/171626/ad-manager-plus-7122-remote-code-execution.html"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-44228"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/cisagov/log4j-affected-db"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/"
      },
      {
        "trust": 0.8,
        "url": "cve-2021-4104  "
      },
      {
        "trust": 0.8,
        "url": "cve-2021-44228  "
      },
      {
        "trust": 0.8,
        "url": "cve-2021-45046  "
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/"
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010908"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060808"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010629"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072076"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165733/red-hat-security-advisory-2022-0296-03.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6527216"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.4"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4316"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0080"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-44228"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6528268"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122212"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012732"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121201"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4302.3"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/50592"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2022080025"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022011042"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121720"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122018"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0237"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122811"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2022010065"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122401"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022011732"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022021807"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165324/ubuntu-security-notice-usn-5197-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021123016"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121350"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4211"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122122"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062001"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122403"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122721"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010522"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010322"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2022120027"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6525816"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-357-02"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122907"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060708"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/51183"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022021428"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6526220"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apache-log4j-code-execution-via-jndi-remote-class-injection-37049"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4269"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213189"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012439"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022020607"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4256.2"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071316"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022032006"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0332"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022030923"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1188"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0492"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6526754"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2021120069"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0090"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4236"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121652"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6527330"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4198"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121492"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4187.6"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031501"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165279/ubuntu-security-notice-usn-5192-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165348/ubuntu-security-notice-usn-5192-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4274"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/product_security/len-76573"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012045"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121535"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010421"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0247"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01"
      },
      {
        "trust": 0.3,
        "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-45046"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5132"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/softwaredetail.html?softwareid=70381\u0026product=data.grid\u0026version=8.2\u0026downloadtype=patches"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3200"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35522"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35524"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27645"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33574"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13435"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5827"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24370"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-43527"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14145"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25014"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19603"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35521"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-35942"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17594"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3572"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36086"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22898"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-16135"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36084"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37136"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-17541"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36087"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36331"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3712"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31535"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23841"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3445"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5128"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36330"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20266"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36332"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14155"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36085"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-21409"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33560"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17595"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3481"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-42574"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25009"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-25010"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28153"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3426"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18218"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3580"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3796"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5093"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.eclipse.vertx\u0026version=4.1.5.sp1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5108"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5197-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4104"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5148"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5106"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5192-1"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5192-2"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/security/advisories/vmsa-2021-0028.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://lists.vmware.com/mailman/listinfo/security-announce."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39154"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29505"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39145"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0296"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39144"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39149"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39150"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39151"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39140"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29505"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39151"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39153"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39152"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39150"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39153"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39144"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39146"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39152"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28491"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39146"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39140"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39149"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39147"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39145"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39154"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28491"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-39141"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/apache-log4j2"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "PACKETSTORM",
        "id": "165293"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165290"
      },
      {
        "db": "PACKETSTORM",
        "id": "165291"
      },
      {
        "db": "PACKETSTORM",
        "id": "165324"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "db": "PACKETSTORM",
        "id": "165260"
      },
      {
        "db": "PACKETSTORM",
        "id": "165733"
      },
      {
        "db": "PACKETSTORM",
        "id": "169172"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "PACKETSTORM",
        "id": "165293"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165290"
      },
      {
        "db": "PACKETSTORM",
        "id": "165291"
      },
      {
        "db": "PACKETSTORM",
        "id": "165324"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "db": "PACKETSTORM",
        "id": "165260"
      },
      {
        "db": "PACKETSTORM",
        "id": "165733"
      },
      {
        "db": "PACKETSTORM",
        "id": "169172"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "date": "2021-12-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "date": "2021-12-15T15:24:58",
        "db": "PACKETSTORM",
        "id": "165293"
      },
      {
        "date": "2021-12-15T15:20:33",
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "date": "2021-12-15T15:23:24",
        "db": "PACKETSTORM",
        "id": "165290"
      },
      {
        "date": "2021-12-15T15:23:37",
        "db": "PACKETSTORM",
        "id": "165291"
      },
      {
        "date": "2021-12-16T15:20:38",
        "db": "PACKETSTORM",
        "id": "165324"
      },
      {
        "date": "2021-12-16T15:25:46",
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "date": "2021-12-16T15:34:27",
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "date": "2021-12-17T14:06:52",
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "date": "2021-12-14T15:27:58",
        "db": "PACKETSTORM",
        "id": "165260"
      },
      {
        "date": "2022-01-27T14:23:56",
        "db": "PACKETSTORM",
        "id": "165733"
      },
      {
        "date": "2021-12-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "169172"
      },
      {
        "date": "2021-12-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "date": "2021-12-10T10:15:09.143000",
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-02-07T00:00:00",
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "date": "2023-02-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "date": "2023-04-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "date": "2023-11-07T03:39:36.897000",
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "db": "PACKETSTORM",
        "id": "165260"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Log4j allows insecure JNDI lookups",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165293"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165290"
      },
      {
        "db": "PACKETSTORM",
        "id": "165291"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165260"
      },
      {
        "db": "PACKETSTORM",
        "id": "165733"
      }
    ],
    "trust": 0.8
  }
}

var-202203-1506
Vulnerability from variot

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:

A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Installation instructions are available from the Fuse 7.10 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Low: Red Hat Decision Manager 7.12.1 security update Advisory ID: RHSA-2022:1379-01 Product: Red Hat Decision Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:1379 Issue date: 2022-04-14 CVE Names: CVE-2022-22965 ==================================================================== 1. Summary:

An update is now available for Red Hat Decision Manager.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and business optimization for solving planning problems. It automates business decisions and makes that logic available to the entire business.

This asynchronous security patch is an update to Red Hat Decision Manager 7.

Security Fix(es):

  • spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes the Spring MVC and WebFlux jars.

For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.

The References section of this erratum contains a download link (you must log in to download the update).

  1. Bugs fixed (https://bugzilla.redhat.com/):

2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+

  1. References:

https://access.redhat.com/security/cve/CVE-2022-22965 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/security/vulnerabilities/RHSB-2022-003 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=rhdm&version=7.12.1

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2 /Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW RY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB CZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU aFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM Cbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa 7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv zP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2 EC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD Bw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6 DCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD Pjhf0e6lKl4=xaz4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1506",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "communications cloud native core network function cloud native environment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "retail merchandising system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.1"
      },
      {
        "model": "communications cloud native core console",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.9.0"
      },
      {
        "model": "communications cloud native core network slice selection function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.15.0"
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.6.0.0.0"
      },
      {
        "model": "financial services enterprise case management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.1.1"
      },
      {
        "model": "financial services behavior detection platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.1.0"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.5.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.1"
      },
      {
        "model": "flex appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "2.0.2"
      },
      {
        "model": "access appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "7.4.3.200"
      },
      {
        "model": "spring framework",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "5.3.18"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4.2"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3.1"
      },
      {
        "model": "communications cloud native core security edge protection proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.7.0"
      },
      {
        "model": "netbackup appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.0"
      },
      {
        "model": "netbackup flex scale appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "3.0"
      },
      {
        "model": "communications cloud native core policy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.1"
      },
      {
        "model": "communications cloud native core unified data repository",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "financial services enterprise case management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.2.0"
      },
      {
        "model": "commerce platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3.2"
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.0.0"
      },
      {
        "model": "communications cloud native core network function cloud native environment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.10.0"
      },
      {
        "model": "cx cloud agent",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1.0"
      },
      {
        "model": "communications unified inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4.1"
      },
      {
        "model": "spring framework",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "5.3.0"
      },
      {
        "model": "flex appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "2.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "access appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "7.4.3"
      },
      {
        "model": "operation scheduler",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0.4"
      },
      {
        "model": "netbackup appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.1"
      },
      {
        "model": "netbackup appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.0.0.1"
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0"
      },
      {
        "model": "product lifecycle analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.6.1"
      },
      {
        "model": "financial services enterprise case management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.1.0"
      },
      {
        "model": "communications cloud native core network repository function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "netbackup virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.1.0.1"
      },
      {
        "model": "communications cloud native core network repository function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.15.0"
      },
      {
        "model": "flex appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "2.1"
      },
      {
        "model": "communications cloud native core binding support function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.3"
      },
      {
        "model": "communications cloud native core automated test suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.9.0"
      },
      {
        "model": "netbackup flex scale appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "2.1"
      },
      {
        "model": "sd-wan edge",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.0"
      },
      {
        "model": "communications cloud native core security edge protection proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3.1"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "access appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "7.4.3.100"
      },
      {
        "model": "communications cloud native core network slice selection function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.80"
      },
      {
        "model": "retail customer management and segmentation foundation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.0"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.1.0.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.0.1"
      },
      {
        "model": "sd-wan edge",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "communications cloud native core network exposure function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "spring framework",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "5.2.20"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3.2"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.2.0"
      },
      {
        "model": "communications cloud native core policy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.15.0"
      },
      {
        "model": "communications cloud native core unified data repository",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.15.0"
      },
      {
        "model": "financial services behavior detection platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.1.1"
      },
      {
        "model": "sinec network management system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.3"
      },
      {
        "model": "netbackup virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.0"
      },
      {
        "model": "retail merchandising system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "communications cloud native core automated test suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.1"
      },
      {
        "model": "communications cloud native core console",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "22.1.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "netbackup appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.1.0.1"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.29"
      },
      {
        "model": "flex appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "2.0.1"
      },
      {
        "model": "financial services behavior detection platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.2.0"
      },
      {
        "model": "flex appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "1.3"
      },
      {
        "model": "netbackup virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.1"
      },
      {
        "model": "netbackup virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "veritas",
        "version": "4.0.0.1"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.85"
      },
      {
        "model": "communications cloud native core network slice selection function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.8.0"
      },
      {
        "model": "simatic speech assistant for machines",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.2.1"
      },
      {
        "model": "retail bulk data integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3.2"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.18",
                "versionStartIncluding": "5.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.2.20",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.29",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.2.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This document was written by Will DormannWe have not received a statement from the vendor.",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#970766"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2022-22965",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-411825",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-22965",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-22965",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202203-2642",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202203-2514",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-411825",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22965",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. The purpose of this text-only errata is to inform you\nabout the security issues fixed in this release. Description:\n\nA micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat\nCamel K that includes CVE fixes in the base images, which are documented in\nthe Release Notes document linked in the References section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. \n\nInstallation instructions are available from the Fuse 7.10 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Low: Red Hat Decision Manager 7.12.1 security update\nAdvisory ID:       RHSA-2022:1379-01\nProduct:           Red Hat Decision Manager\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1379\nIssue date:        2022-04-14\nCVE Names:         CVE-2022-22965\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Decision Manager. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and business optimization for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nThis asynchronous security patch is an update to Red Hat Decision Manager\n7. \n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+\n(CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. \n\nThis release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes\nthe Spring MVC and WebFlux jars. \n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-22965\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2022-003\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=rhdm\u0026version=7.12.1\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2\n/Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW\nRY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB\nCZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU\naFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM\nCbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa\n7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv\nzP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2\nEC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD\nBw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6\nDCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD\nPjhf0e6lKl4=xaz4\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      },
      {
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "db": "PACKETSTORM",
        "id": "166706"
      },
      {
        "db": "PACKETSTORM",
        "id": "166715"
      },
      {
        "db": "PACKETSTORM",
        "id": "166731"
      },
      {
        "db": "PACKETSTORM",
        "id": "166732"
      },
      {
        "db": "PACKETSTORM",
        "id": "166874"
      },
      {
        "db": "PACKETSTORM",
        "id": "166872"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-411825",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22965",
        "trust": 3.9
      },
      {
        "db": "PACKETSTORM",
        "id": "166713",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167011",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-254054",
        "trust": 1.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022040109",
        "trust": 1.2
      },
      {
        "db": "CS-HELP",
        "id": "SB2022033109",
        "trust": 1.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#970766",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "166691",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166732",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166874",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060811",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070602",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060716",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042734",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042546",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060304",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072038",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071213",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022052302",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042277",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072087",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022041951",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042126",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3155",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5097",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1844",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1636",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1593",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1444.8",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1674",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-286-05",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-411825",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22965",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166706",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166715",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166731",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166872",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "db": "PACKETSTORM",
        "id": "166706"
      },
      {
        "db": "PACKETSTORM",
        "id": "166715"
      },
      {
        "db": "PACKETSTORM",
        "id": "166731"
      },
      {
        "db": "PACKETSTORM",
        "id": "166732"
      },
      {
        "db": "PACKETSTORM",
        "id": "166874"
      },
      {
        "db": "PACKETSTORM",
        "id": "166872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "id": "VAR-202203-1506",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      }
    ],
    "trust": 0.6314393799999999
  },
  "last_update_date": "2024-01-25T20:10:56.055000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Spring Framework Fixes for code injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=187595"
      },
      {
        "title": "Red Hat: Low: Red Hat Process Automation Manager 7.12.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221378 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat Decision Manager 7.12.1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221379 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat AMQ Broker 7.9.4 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221627 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat Fuse 7.10.2 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221360 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat Integration Camel-K 1.6.5 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221333 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat Integration Camel Extensions for Quarkus 2.2.1-1 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221306 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat AMQ Broker 7.8.6 release and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221626 - security advisory"
      },
      {
        "title": "IBM: Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e6cbc0e97f1832a63f66e10869253ecf"
      },
      {
        "title": "Cisco: Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-java-spring-rce-zx9guc67"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/coffeehb/spring4shell "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.5,
        "url": "https://tanzu.vmware.com/security/cve-2022-22965"
      },
      {
        "trust": 2.9,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-java-spring-rce-zx9guc67"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/166713/spring4shell-code-execution.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/167011/spring4shell-spring-framework-class-property-remote-code-execution.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/security/cve/cve-2022-22965"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0005"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022040109"
      },
      {
        "trust": 1.2,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022033109"
      },
      {
        "trust": 0.8,
        "url": "cve-2022-22965  "
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2022-003"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22965"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1674"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072038"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1593"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042126"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22965/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166874/red-hat-security-advisory-2022-1626-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022041951"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042546"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060304"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166691/red-hat-security-advisory-2022-1306-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1844"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166732/red-hat-security-advisory-2022-1379-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070602"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071213"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072087"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060716"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042277"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1444.8"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042734"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060811"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5097"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-286-05"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3155"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1636"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022052302"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1333"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.10.2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1360"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=rhpam\u0026downloadtype=securitypatches\u0026version=7.12.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1378"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1379"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=rhdm\u0026version=7.12.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.8.6"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1626"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.9.4"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "db": "PACKETSTORM",
        "id": "166706"
      },
      {
        "db": "PACKETSTORM",
        "id": "166715"
      },
      {
        "db": "PACKETSTORM",
        "id": "166731"
      },
      {
        "db": "PACKETSTORM",
        "id": "166732"
      },
      {
        "db": "PACKETSTORM",
        "id": "166874"
      },
      {
        "db": "PACKETSTORM",
        "id": "166872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "db": "PACKETSTORM",
        "id": "166706"
      },
      {
        "db": "PACKETSTORM",
        "id": "166715"
      },
      {
        "db": "PACKETSTORM",
        "id": "166731"
      },
      {
        "db": "PACKETSTORM",
        "id": "166732"
      },
      {
        "db": "PACKETSTORM",
        "id": "166874"
      },
      {
        "db": "PACKETSTORM",
        "id": "166872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-03-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "date": "2022-04-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "date": "2022-04-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "date": "2022-04-11T17:36:49",
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "date": "2022-04-13T15:01:19",
        "db": "PACKETSTORM",
        "id": "166706"
      },
      {
        "date": "2022-04-13T22:20:55",
        "db": "PACKETSTORM",
        "id": "166715"
      },
      {
        "date": "2022-04-15T15:24:03",
        "db": "PACKETSTORM",
        "id": "166731"
      },
      {
        "date": "2022-04-15T15:24:12",
        "db": "PACKETSTORM",
        "id": "166732"
      },
      {
        "date": "2022-04-27T18:19:24",
        "db": "PACKETSTORM",
        "id": "166874"
      },
      {
        "date": "2022-04-27T18:18:11",
        "db": "PACKETSTORM",
        "id": "166872"
      },
      {
        "date": "2022-03-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "date": "2022-03-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "date": "2022-04-01T23:15:13.870000",
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#970766"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411825"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22965"
      },
      {
        "date": "2022-04-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "date": "2023-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      },
      {
        "date": "2023-02-09T02:07:02.263000",
        "db": "NVD",
        "id": "CVE-2022-22965"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "166691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Spring Framework Code injection vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-2514"
      }
    ],
    "trust": 1.2
  }
}

var-202109-0743
Vulnerability from variot

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. Several Siemens products include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Desigo CC is an open building management platform from Siemens (Siemens) in Germany. GMA Manager allows the functional combination of different safety and security systems, such as fire detection systems and video surveillance, on a common platform. Operation Scheduler is a tool that enables security operators to intelligently perform routine tasks. Siveillance Control is a Physical Security Information Management System (PSIM). Siveillance Control Pro is a command and control solution. Siveillance Open Interface Services (OIS) is an interface and integration platform for integrating subsystems into management stations. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0743",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "siveillance control pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "operation scheduler",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "gma-manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siveillance control",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "desigo cc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siveillance control",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "siveillance control pro",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "desigo cc",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "operation scheduler",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "gma-manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "desigo cc",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "gma-manager",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "operation scheduler",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siveillance control",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siveillance control pro",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012333"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-31891"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:siemens:siveillance_control:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.0",
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-31891"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens reported this vulnerability to CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-931"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-31891",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2021-31891",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-71442",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 10.0,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-31891",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-31891",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-71442",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-931",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-31891",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71442"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-31891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012333"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-31891"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-931"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. Several Siemens products include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Desigo CC is an open building management platform from Siemens (Siemens) in Germany. GMA Manager allows the functional combination of different safety and security systems, such as fire detection systems and video surveillance, on a common platform. Operation Scheduler is a tool that enables security operators to intelligently perform routine tasks. Siveillance Control is a Physical Security Information Management System (PSIM). Siveillance Control Pro is a command and control solution. Siveillance Open Interface Services (OIS) is an interface and integration platform for integrating subsystems into management stations. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-31891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012333"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-71442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-31891"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-31891",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-535380",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-257-18",
        "trust": 1.4
      },
      {
        "db": "JVN",
        "id": "JVNVU96712416",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012333",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-71442",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021091605",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-931",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-31891",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71442"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-31891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012333"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-31891"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-931"
      }
    ]
  },
  "id": "VAR-202109-0743",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71442"
      }
    ],
    "trust": 1.25833334
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71442"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:09:20.814000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-535380",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
      },
      {
        "title": "Patch for Siemens Siveillance OIS Operating System Command Injection Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/291001"
      },
      {
        "title": "Siemens Desigo CC Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=162466"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=272f30a8fc81104e9158fca291f370ba"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71442"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-31891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012333"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-931"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.0
      },
      {
        "problemtype": "OS Command injection (CWE-78) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012333"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-31891"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31891"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu96712416/"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-257-18"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021091605"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-257-18"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-535380.txt"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71442"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-31891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012333"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-31891"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-931"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71442"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-31891"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012333"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-31891"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-931"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-71442"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-31891"
      },
      {
        "date": "2022-08-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-012333"
      },
      {
        "date": "2021-09-14T11:15:24.023000",
        "db": "NVD",
        "id": "CVE-2021-31891"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-931"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-71442"
      },
      {
        "date": "2021-09-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-31891"
      },
      {
        "date": "2022-08-30T02:02:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-012333"
      },
      {
        "date": "2021-09-28T16:48:53.480000",
        "db": "NVD",
        "id": "CVE-2021-31891"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2022-07-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-931"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-931"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "in multiple Siemens products \u00a0OS\u00a0 Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012333"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-202112-0562
Vulnerability from variot

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. Solution:

For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html

The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update Advisory ID: RHSA-2022:1297-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1297 Issue date: 2022-04-11 CVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 =====================================================================

  1. Summary:

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64

  1. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.

  1. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - GSS Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - GSS WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002

  1. Package List:

Red Hat JBoss EAP 7.4 for RHEL 8:

Source: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm

noarch: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm

x86_64: eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK HU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K khbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ rZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo P1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e sPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R IwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt l3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0 U8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp zhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca dcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe UnHI/WwB37w= =eCh2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For the oldstable distribution (buster), this problem has been fixed in version 2.16.0-1~deb10u1.

For the stable distribution (bullseye), this problem has been fixed in version 2.16.0-1~deb11u1.

We recommend that you upgrade your apache-log4j2 packages.

For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG7FI5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSqOg//XOye7T/8PKOrrUtHFhH+w2dOC0GujwcIS2mhofVuZQTPYvM5uTZxDTuz rQN+T505t9QaP3sF05gXK6VI675HhgmF3d+vDEnhp8QpZX5HeJrmmX44FewZQAqP yMysAuwG1RJ0Qgs7NmppU/XJBnmhJLsqsW99kcDnNXS67D23e1nUqAEDME5baSoF VPc50Up/yh4DE28Jcs8Mh2cM8UqmeLEQJ8XC3IojQLhmOF1UBJuL4K0sEUqWtJeN TytHya2XdfIIZcRolHe6AUeiLP5JpitbqkVP+hEeruAvk8nTGsLi0HMbWxA9LLcB bB9KKJjf6xndRa/t/IXGMzwr883t5/YLdxbCFcGj9M4Bfj7SAhGdgnJHZaRt1quX Vcqnu1pDHpdFuRX4t6oqF9R0uiBGeupZmGdb1y7os+FU2EbTRYU0rlnhfOsou0ex Vh5sFKFDhgWUQoyuVUMh6eOZ7p92GTzbw5kPkvboa7Xdrs02m7ChLlh8f5ajRFrK WbAcwsBj6RK4dmtdvfO2sVEuRTpFQ3qtecwZUR0pqUIjJ+rfurSGmpPr3iOrBu2s ROol/vLfW5uZd6RxSNbt3twPcwBaZagFQCcDY27Yz0sH6DlQUmWed1KJjbRaZ7fn cqjFisSZxu8d5VoAtjMSP8l95FoAm53r9Q1HCZvXqRhBjFNoYqE= =TNnt -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-16


                                       https://security.gentoo.org/

Severity: High Title: Ubiquiti UniFi: remote code execution via bundled log4j Date: October 26, 2023 Bugs: #828853 ID: 202310-16


Synopsis

A vulnerability has been discovered in unifi where bundled log4j can facilitate a remote code execution

Background

Ubiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi APs. Please review the CVE identifier referenced below for details.

Impact

An attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code.

Workaround

There is no known workaround at this time.

Resolution

All Ubiquity UniFi users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/unifi-6.5.55"

References

[ 1 ] CVE-2021-4104 https://nvd.nist.gov/vuln/detail/CVE-2021-4104 [ 2 ] CVE-2021-45046 https://nvd.nist.gov/vuln/detail/CVE-2021-45046

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202310-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0562",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "log4j",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.13.0"
      },
      {
        "model": "navigator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "genomics kernel library",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "industrial edge management hub",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "log4j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "solid edge harness design",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2020"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0"
      },
      {
        "model": "captial",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "operation scheduler",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.3"
      },
      {
        "model": "solid edge cam pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "spectrum power 4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.70"
      },
      {
        "model": "logo\\! soft comfort",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "xpedition package integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sensor solution development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "mindsphere",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-11"
      },
      {
        "model": "system studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "e-car operation center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.85"
      },
      {
        "model": "energyip prepay",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.8"
      },
      {
        "model": "system debugger",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "audio development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "computer vision annotation tool",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "log4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.16.0"
      },
      {
        "model": "siveillance vantage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "6bk1602-0aa12-0tp0",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7.0"
      },
      {
        "model": "6bk1602-0aa22-0tp0",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7.0"
      },
      {
        "model": "6bk1602-0aa52-0tp0",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7.0"
      },
      {
        "model": "6bk1602-0aa32-0tp0",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7.0"
      },
      {
        "model": "industrial edge management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.5"
      },
      {
        "model": "energy engage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "siveillance viewpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.7"
      },
      {
        "model": "opcenter intelligence",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2"
      },
      {
        "model": "spectrum power 7",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.30"
      },
      {
        "model": "solid edge harness design",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2020"
      },
      {
        "model": "siveillance control pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "captial",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "spectrum power 4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.70"
      },
      {
        "model": "teamcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.80"
      },
      {
        "model": "log4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.12.2"
      },
      {
        "model": "nx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sppa-t3000 ses3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "gma-manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.6.2j-398"
      },
      {
        "model": "siveillance command",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.16.2.1"
      },
      {
        "model": "vesys",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "log4j",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "sentron powermanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "spectrum power 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.30"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.6"
      },
      {
        "model": "vesys",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "mendix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "datacenter manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "desigo cc info center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "6bk1602-0aa42-0tp0",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7.0"
      },
      {
        "model": "desigo cc info center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.0"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "9.0"
      },
      {
        "model": "email security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "10.0.12"
      },
      {
        "model": "sentron powermanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "tracealertserverplus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "xpedition enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "oneapi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "comos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "head-end system universal device integration system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "energyip prepay",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.7"
      },
      {
        "model": "secure device onboard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.12.2",
                "versionStartIncluding": "2.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.16.0",
                "versionStartIncluding": "2.13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:oneapi:-:*:*:*:*:eclipse:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:datacenter_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.70",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.16.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.6.2j-398",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021-12-13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021-12-13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021-12-11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021-12-13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:tracealertserverplus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2021-45046",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-45046",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202112-1065",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 AffectedCVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 Affected. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html\n\n4. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update\nAdvisory ID:       RHSA-2022:1297-01\nProduct:           Red Hat JBoss Enterprise Application Platform\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1297\nIssue date:        2022-04-11\nCVE Names:         CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 \n                   CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 \n                   CVE-2022-23307 \n=====================================================================\n\n1. Summary:\n\nA security update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.4 for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7\nJBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1\nJBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034\nJBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)\nJBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console\nJBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001\nJBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001\nJBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8\nJBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002\nJBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001\nJBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001\nJBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001\nJBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002\nJBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final\nJBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final\nJBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001\nJBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final\nJBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001\nJBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26\nJBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001\nJBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend\nJBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\nJBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001\nJBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\n\n7. Package List:\n\nRed Hat JBoss EAP 7.4 for RHEL 8:\n\nSource:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm\n\nx86_64:\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\neap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-4104\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/cve/CVE-2022-23302\nhttps://access.redhat.com/security/cve/CVE-2022-23305\nhttps://access.redhat.com/security/cve/CVE-2022-23307\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK\nHU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K\nkhbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ\nrZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo\nP1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e\nsPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R\nIwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt\nl3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0\nU8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp\nzhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca\ndcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe\nUnHI/WwB37w=\n=eCh2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. The purpose of this text-only\nerrata is to inform you about the security issues fixed in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 2.16.0-1~deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.16.0-1~deb11u1. \n\nWe recommend that you upgrade your apache-log4j2 packages. \n\nFor the detailed security status of apache-log4j2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache-log4j2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG7FI5fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeSqOg//XOye7T/8PKOrrUtHFhH+w2dOC0GujwcIS2mhofVuZQTPYvM5uTZxDTuz\nrQN+T505t9QaP3sF05gXK6VI675HhgmF3d+vDEnhp8QpZX5HeJrmmX44FewZQAqP\nyMysAuwG1RJ0Qgs7NmppU/XJBnmhJLsqsW99kcDnNXS67D23e1nUqAEDME5baSoF\nVPc50Up/yh4DE28Jcs8Mh2cM8UqmeLEQJ8XC3IojQLhmOF1UBJuL4K0sEUqWtJeN\nTytHya2XdfIIZcRolHe6AUeiLP5JpitbqkVP+hEeruAvk8nTGsLi0HMbWxA9LLcB\nbB9KKJjf6xndRa/t/IXGMzwr883t5/YLdxbCFcGj9M4Bfj7SAhGdgnJHZaRt1quX\nVcqnu1pDHpdFuRX4t6oqF9R0uiBGeupZmGdb1y7os+FU2EbTRYU0rlnhfOsou0ex\nVh5sFKFDhgWUQoyuVUMh6eOZ7p92GTzbw5kPkvboa7Xdrs02m7ChLlh8f5ajRFrK\nWbAcwsBj6RK4dmtdvfO2sVEuRTpFQ3qtecwZUR0pqUIjJ+rfurSGmpPr3iOrBu2s\nROol/vLfW5uZd6RxSNbt3twPcwBaZagFQCcDY27Yz0sH6DlQUmWed1KJjbRaZ7fn\ncqjFisSZxu8d5VoAtjMSP8l95FoAm53r9Q1HCZvXqRhBjFNoYqE=\n=TNnt\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202310-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Ubiquiti UniFi: remote code execution via bundled log4j\n     Date: October 26, 2023\n     Bugs: #828853\n       ID: 202310-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nA vulnerability has been discovered in unifi where bundled log4j can\nfacilitate a remote code execution\n\nBackground\n=========\nUbiquiti UniFi is a Management Controller for Ubiquiti Networks UniFi\nAPs. \nPlease review the CVE identifier referenced below for details. \n\nImpact\n=====\nAn attacker with permission to modify the logging configuration file can\nconstruct a malicious configuration using a JDBC Appender with a data\nsource referencing a JNDI URI which can execute remote code. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Ubiquity UniFi users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-wireless/unifi-6.5.55\"\n\nReferences\n=========\n[ 1 ] CVE-2021-4104\n      https://nvd.nist.gov/vuln/detail/CVE-2021-4104\n[ 2 ] CVE-2021-45046\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45046\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-16\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      },
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "PACKETSTORM",
        "id": "165326"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165636"
      },
      {
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "db": "PACKETSTORM",
        "id": "166676"
      },
      {
        "db": "PACKETSTORM",
        "id": "166677"
      },
      {
        "db": "PACKETSTORM",
        "id": "165650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169180"
      },
      {
        "db": "PACKETSTORM",
        "id": "175367"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-45046",
        "trust": 3.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#930724",
        "trust": 2.4
      },
      {
        "db": "SIEMENS",
        "id": "SSA-714170",
        "trust": 1.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-397453",
        "trust": 1.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-479842",
        "trust": 1.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-661247",
        "trust": 1.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/15/3",
        "trust": 1.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/14/4",
        "trust": 1.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/18/1",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165333",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165649",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166676",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166677",
        "trust": 0.7
      },
      {
        "db": "LENOVO",
        "id": "LEN-76573",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122212",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042115",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022020815",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010517",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012731",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012443",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121651",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122726",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060708",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122119",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012730",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122018",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010632",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122814",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062006",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022032405",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022022126",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121516",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012501",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021123016",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010325",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012045",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022020602",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010421",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022011034",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022011226",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121720",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072076",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022021429",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060808",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022030923",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122307",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122908",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165343",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165645",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0332",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4257",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0086",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4187.6",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4295",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4186.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0247",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0199",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0240",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4186.4",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4302.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4198.4",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0090",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165326",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165636",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165650",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169180",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "175367",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "PACKETSTORM",
        "id": "165326"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165636"
      },
      {
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "db": "PACKETSTORM",
        "id": "166676"
      },
      {
        "db": "PACKETSTORM",
        "id": "166677"
      },
      {
        "db": "PACKETSTORM",
        "id": "165650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169180"
      },
      {
        "db": "PACKETSTORM",
        "id": "175367"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "id": "VAR-202112-0562",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.6654401050000001
  },
  "last_update_date": "2024-07-23T21:05:01.160000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apache Log4j Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=175394"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-917",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.cve.org/cverecord?id=cve-2021-44228"
      },
      {
        "trust": 1.6,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/"
      },
      {
        "trust": 1.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/"
      },
      {
        "trust": 1.6,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 1.6,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032"
      },
      {
        "trust": 1.6,
        "url": "https://www.kb.cert.org/vuls/id/930724"
      },
      {
        "trust": 1.6,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1"
      },
      {
        "trust": 1.6,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
      },
      {
        "trust": 1.6,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
      },
      {
        "trust": 1.6,
        "url": "https://logging.apache.org/log4j/2.x/security.html"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.debian.org/security/2021/dsa-5022"
      },
      {
        "trust": 1.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
      },
      {
        "trust": 1.6,
        "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-45046"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/202310-16"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
      },
      {
        "trust": 0.8,
        "url": "cve-2021-4104  "
      },
      {
        "trust": 0.8,
        "url": "cve-2021-44228  "
      },
      {
        "trust": 0.8,
        "url": "cve-2021-45046  "
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060808"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072076"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0086"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0240"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.4"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.3"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122212"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012731"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4302.3"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165649/red-hat-security-advisory-2022-0222-02.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122814"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165645/red-hat-security-advisory-2022-0205-02.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121720"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122018"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010632"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012730"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166676/red-hat-security-advisory-2022-1297-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0199"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010517"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022020602"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apache-log4j-denial-of-service-via-thread-context-message-pattern-37075"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4257"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165333/red-hat-security-advisory-2021-5106-04.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012501"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062006"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021123016"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165343/red-hat-security-advisory-2021-5107-06.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122726"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121516"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4295"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010325"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122908"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060708"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6527436"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022011226"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6528374"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022032405"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122119"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0332"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022030923"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4198.4"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6527886"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042115"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0090"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6526750"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022022126"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121651"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022021429"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4187.6"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022020815"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122307"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/product_security/len-76573"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012045"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166677/red-hat-security-advisory-2022-1296-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022011034"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012443"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010421"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0247"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-44832"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-45105"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-4104"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-44228"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-23302"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-23305"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-23307"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/solutions/6577421"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0222"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1297"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1296"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0223"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/apache-log4j2"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "PACKETSTORM",
        "id": "165326"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165636"
      },
      {
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "db": "PACKETSTORM",
        "id": "166676"
      },
      {
        "db": "PACKETSTORM",
        "id": "166677"
      },
      {
        "db": "PACKETSTORM",
        "id": "165650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169180"
      },
      {
        "db": "PACKETSTORM",
        "id": "175367"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "PACKETSTORM",
        "id": "165326"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165636"
      },
      {
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "db": "PACKETSTORM",
        "id": "166676"
      },
      {
        "db": "PACKETSTORM",
        "id": "166677"
      },
      {
        "db": "PACKETSTORM",
        "id": "165650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169180"
      },
      {
        "db": "PACKETSTORM",
        "id": "175367"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "date": "2021-12-16T15:22:54",
        "db": "PACKETSTORM",
        "id": "165326"
      },
      {
        "date": "2021-12-16T15:34:27",
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "date": "2022-01-20T17:49:52",
        "db": "PACKETSTORM",
        "id": "165636"
      },
      {
        "date": "2022-01-21T15:29:08",
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "date": "2022-04-11T17:14:49",
        "db": "PACKETSTORM",
        "id": "166676"
      },
      {
        "date": "2022-04-11T17:15:55",
        "db": "PACKETSTORM",
        "id": "166677"
      },
      {
        "date": "2022-01-21T15:29:54",
        "db": "PACKETSTORM",
        "id": "165650"
      },
      {
        "date": "2021-12-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "169180"
      },
      {
        "date": "2023-10-26T14:46:58",
        "db": "PACKETSTORM",
        "id": "175367"
      },
      {
        "date": "2021-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "date": "2021-12-14T19:15:07.733000",
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-02-07T00:00:00",
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "date": "2023-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "date": "2024-06-27T19:24:09.027000",
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "166676"
      },
      {
        "db": "PACKETSTORM",
        "id": "166677"
      },
      {
        "db": "PACKETSTORM",
        "id": "175367"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Log4j allows insecure JNDI lookups",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165326"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165636"
      },
      {
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "db": "PACKETSTORM",
        "id": "165650"
      },
      {
        "db": "PACKETSTORM",
        "id": "175367"
      }
    ],
    "trust": 0.6
  }
}

cve-2021-31891
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-03 23:10
Severity ?
Summary
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:10:30.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Desigo CC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions with OIS Extension Module"
            }
          ]
        },
        {
          "product": "GMA-Manager",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions with OIS running on Debian 9 or earlier"
            }
          ]
        },
        {
          "product": "Operation Scheduler",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions with OIS running on Debian 9 or earlier"
            }
          ]
        },
        {
          "product": "Siveillance Control",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions with OIS running on Debian 9 or earlier"
            }
          ]
        },
        {
          "product": "Siveillance Control Pro",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-14T10:47:31",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-31891",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Desigo CC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions with OIS Extension Module"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GMA-Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions with OIS running on Debian 9 or earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Operation Scheduler",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions with OIS running on Debian 9 or earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Siveillance Control",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions with OIS running on Debian 9 or earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Siveillance Control Pro",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-31891",
    "datePublished": "2021-09-14T10:47:31",
    "dateReserved": "2021-04-29T00:00:00",
    "dateUpdated": "2024-08-03T23:10:30.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}