WID-SEC-W-2022-0197
Vulnerability from csaf_certbund
Published
2021-12-28 23:00
Modified
2022-12-11 23:00
Summary
Apache log4j: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- CISCO Appliance
- Sonstiges
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Programmcode auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- CISCO Appliance\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0197 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0197.json" }, { "category": "self", "summary": "WID-SEC-2022-0197 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0197" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-225 vom 2022-12-09", "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-225.html" }, { "category": "external", "summary": "Apache Log4j 2 Website vom 2021-12-28", "url": "https://logging.apache.org/log4j/2.x/" }, { "category": "external", "summary": "Debian Security Advisory DLA-2870 vom 2021-12-30", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "category": "external", "summary": "Apache Struts Announcement", "url": "https://struts.apache.org/announce-2022" }, { "category": "external", "summary": "IBM Security Bulletin 6538148 vom 2022-01-05", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affect-ibm-websphere-application-server-cve-2021-45105-cve-2021-44832/" }, { "category": "external", "summary": "Cisco Security Advisory cisco-sa-apache-log4j-qRuKNEbd vom 2022-01-06", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "category": "external", "summary": "JobScheduler Vulnerability Release 1.13.11 vom 2022-01-10", "url": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.11" }, { "category": "external", "summary": "HPE Security Bulletin HPESBGN04215 rev.10 vom 2022-01-08", "url": "https://support.hpe.com/hpesc/public/docDisplay?elq_mid=17739\u0026elq_cid=67018031\u0026docId=hpesbgn04215en_us" }, { "category": "external", "summary": "IBM Security Bulletin 6539408 vom 2022-01-11", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affect-the-ibm-websphere-application-server-and-ibm-security-guardium-key-lifecycle-manager-cve-2021-4104-cve-2021-45046-cve-2021-45105/" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5222-1 vom 2022-01-11", "url": "https://ubuntu.com/security/notices/USN-5222-1" }, { "category": "external", "summary": "JobScheduler Vulnerability Release 2.2.1 vom 2022-01-11", "url": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+2.2.1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0138 vom 2022-01-13", "url": "https://access.redhat.com/errata/RHSA-2022:0138" }, { "category": "external", "summary": "IBM Security Bulletin 6540676 vom 2022-01-15", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-snapshot-on-windows-cve-2021-44832/" }, { "category": "external", "summary": "IBM Security Bulletin 6540560 vom 2022-01-15", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-operations-center-cve-2021-44832/" }, { "category": "external", "summary": "IBM Security Bulletin 6540846 vom 2022-01-15", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-for-space-management-cve-2021-44832/" }, { "category": "external", "summary": "IBM Security Bulletin 6540692 vom 2022-01-15", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-impacts-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments-cve-2021-44832/" }, { "category": "external", "summary": "IBM Security Bulletin 6540874 vom 2022-01-15", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2021-44832/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0203 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0203" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0226 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0226" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0227 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0227" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0083 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0083" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0225 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0225" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0216 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0216" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0222 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0222" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0205 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0205" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0223 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0223" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0230 vom 2022-01-22", "url": "https://access.redhat.com/errata/RHSA-2022:0230" }, { "category": "external", "summary": "IBM Security Bulletin 6549888 vom 2022-01-25", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0236 vom 2022-01-25", "url": "https://access.redhat.com/errata/RHSA-2022:0236" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0181 vom 2022-01-27", "url": "https://access.redhat.com/errata/RHSA-2022:0181" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-011 vom 2022-01-27", "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-011.html" }, { "category": "external", "summary": "IBM Security Bulletin 6551310 vom 2022-01-28", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-omnibus-common-integration-libraries-is-vulnerable-to-arbitrary-code-execution-and-denial-of-service-due-to-apache-log4j-cve-2021-44228-cve-2021-45046-cve-2021/" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-1734 vom 2022-01-27", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1734.html" }, { "category": "external", "summary": "IBM Security Bulletin 6552546 vom 2022-02-02", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-tivoli-netcool-omnibus-installation-contains-vulnerable-apache-log4j-code-cve-2021-44832-cve-2021-45046-cve-2021-45105/" }, { "category": "external", "summary": "IBM Security Bulletin 6553026 vom 2022-02-05", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44832/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0467 vom 2022-02-08", "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0485 vom 2022-02-16", "url": "https://access.redhat.com/errata/RHSA-2022:0485" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0493 vom 2022-02-16", "url": "https://access.redhat.com/errata/RHSA-2022:0493" }, { "category": "external", "summary": "HCL Article KB0097299 vom 2022-03-23", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097299" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1296 vom 2022-04-11", "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1297 vom 2022-04-11", "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1299 vom 2022-04-11", "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "category": "external", "summary": "IBM Security Bulletin 6593439 vom 2022-06-09", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-software-architect-realtime-edition-rsa-rt-is-vulnerable-to-apache-log4j2-cve-2021-44832/" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2022-001 vom 2022-04-25", "url": "https://downloads.avaya.com/css/P8/documents/101081576" }, { "category": "external", "summary": "IBM Security Bulletin 6832160 vom 2022-10-27", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-apache-log4j-ibm-qradar-siem-is-vulnerable-to-arbitrary-code-execution-cve-2019-17571-cve-2021-44832-cve-2021-4104/" } ], "source_lang": "en-US", "title": "Apache log4j: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung", "tracking": { "current_release_date": "2022-12-11T23:00:00.000+00:00", "generator": { "date": "2024-02-15T16:47:04.010+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0197", "initial_release_date": "2021-12-28T23:00:00.000+00:00", "revision_history": [ { "date": "2021-12-28T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2021-12-29T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2022-01-02T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Apache aufgenommen" }, { "date": "2022-01-04T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-05T23:00:00.000+00:00", "number": "5", "summary": "Referenz(en) aufgenommen: PH38929" }, { "date": "2022-01-06T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Cisco aufgenommen" }, { "date": "2022-01-09T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SOS GmbH und HPE aufgenommen" }, { "date": "2022-01-10T23:00:00.000+00:00", "number": "8", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-11T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-01-12T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates aufgenommen" }, { "date": "2022-01-13T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-16T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-19T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-20T23:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-23T23:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-24T23:00:00.000+00:00", "number": "16", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-25T23:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-26T23:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-27T23:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Amazon und IBM aufgenommen" }, { "date": "2022-02-01T23:00:00.000+00:00", "number": "20", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-02-06T23:00:00.000+00:00", "number": "21", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-02-08T23:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-02-16T23:00:00.000+00:00", "number": "23", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-03-22T23:00:00.000+00:00", "number": "24", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-04-11T22:00:00.000+00:00", "number": "25", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-04-26T22:00:00.000+00:00", "number": "26", "summary": "Neue Updates von AVAYA aufgenommen" }, { "date": "2022-06-08T22:00:00.000+00:00", "number": "27", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-10-26T22:00:00.000+00:00", "number": "28", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-12-11T23:00:00.000+00:00", "number": "29", "summary": "Neue Updates von Amazon aufgenommen" } ], "status": "final", "version": "29" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Apache Struts", "product": { "name": "Apache Struts", "product_id": "642", "product_identification_helper": { "cpe": "cpe:/a:apache:struts:-" } } }, { "branches": [ { "category": "product_name", "name": "Apache log4j \u003c 2.3.2", "product": { "name": "Apache log4j \u003c 2.3.2", "product_id": "T021443", "product_identification_helper": { "cpe": "cpe:/a:apache:log4j:2.3.2" } } }, { "category": "product_name", "name": "Apache log4j \u003c 2.12.4", "product": { "name": "Apache log4j \u003c 2.12.4", "product_id": "T021444", "product_identification_helper": { "cpe": "cpe:/a:apache:log4j:2.12.4" } } }, { "category": "product_name", "name": "Apache log4j \u003c 2.17.1", "product": { "name": "Apache log4j \u003c 2.17.1", "product_id": "T021445", "product_identification_helper": { "cpe": "cpe:/a:apache:log4j:2.17.1" } } } ], "category": "product_name", "name": "log4j" } ], "category": "vendor", "name": "Apache" }, { "branches": [ { "category": "product_name", "name": "Avaya Aura Application Enablement Services", "product": { "name": "Avaya Aura Application Enablement Services", "product_id": "T015516", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_application_enablement_services:-" } } }, { "category": "product_name", "name": "Avaya Aura Experience Portal", "product": { "name": "Avaya Aura Experience Portal", "product_id": "T015519", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_experience_portal:-" } } }, { "category": "product_name", "name": "Avaya one-X", "product": { "name": "Avaya one-X", "product_id": "1024", "product_identification_helper": { "cpe": "cpe:/a:avaya:one-x:-" } } } ], "category": "vendor", "name": "Avaya" }, { "branches": [ { "category": "product_name", "name": "Cisco Application Policy Infrastructure Controller", "product": { "name": "Cisco Application Policy Infrastructure Controller", "product_id": "778219", "product_identification_helper": { "cpe": "cpe:/a:cisco:application_policy_infrastructure_controller:-" } } }, { "category": "product_name", "name": "Cisco Emergency Responder (ER) Director", "product": { "name": "Cisco Emergency Responder (ER) Director", "product_id": "2040", "product_identification_helper": { "cpe": "cpe:/a:cisco:emergency_responder:-" } } }, { "category": "product_name", "name": "Cisco Finesse Director", "product": { "name": "Cisco Finesse Director", "product_id": "199167", "product_identification_helper": { "cpe": "cpe:/a:cisco:finesse:-" } } }, { "category": "product_name", "name": "Cisco Firepower", "product": { "name": "Cisco Firepower", "product_id": "T011337", "product_identification_helper": { "cpe": "cpe:/a:cisco:firepower:-" } } }, { "category": "product_name", "name": "Cisco Identity Services Engine (ISE)", "product": { "name": "Cisco Identity Services Engine (ISE)", "product_id": "T000612", "product_identification_helper": { "cpe": "cpe:/a:cisco:identity_services_engine_software:-" } } }, { "category": "product_name", "name": "Cisco Integrated Management Controller Supervisor", "product": { "name": "Cisco Integrated Management Controller Supervisor", "product_id": "T021487", "product_identification_helper": { "cpe": "cpe:/a:cisco:integrated_management_controller:::supervisor" } } }, { "category": "product_name", "name": "Cisco Network Services Orchestrator", "product": { "name": "Cisco Network Services Orchestrator", "product_id": "T021358", "product_identification_helper": { "cpe": "cpe:/a:cisco:network_services_orchestrator:-" } } }, { "branches": [ { "category": "product_name", "name": "Cisco Nexus Dashboard", "product": { "name": "Cisco Nexus Dashboard", "product_id": "T021249", "product_identification_helper": { "cpe": "cpe:/h:cisco:nexus:::dashboard" } } }, { "category": "product_name", "name": "Cisco Nexus Insights", "product": { "name": "Cisco Nexus Insights", "product_id": "T021357", "product_identification_helper": { "cpe": "cpe:/h:cisco:nexus:insights" } } } ], "category": "product_name", "name": "Nexus" }, { "category": "product_name", "name": "Cisco SD-WAN vManage", "product": { "name": "Cisco SD-WAN vManage", "product_id": "T018812", "product_identification_helper": { "cpe": "cpe:/a:cisco:sd_wan:vmanage" } } }, { "category": "product_name", "name": "Cisco Unified Communications Manager (CUCM) Director", "product": { "name": "Cisco Unified Communications Manager (CUCM) Director", "product_id": "2142", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_communications_manager:-" } } }, { "category": "product_name", "name": "Cisco Unified Communications Manager IM \u0026 Presence Service Director", "product": { "name": "Cisco Unified Communications Manager IM \u0026 Presence Service Director", "product_id": "915287", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:-" } } }, { "branches": [ { "category": "product_name", "name": "Cisco Unified Computing System (UCS)", "product": { "name": "Cisco Unified Computing System (UCS)", "product_id": "163824", "product_identification_helper": { "cpe": "cpe:/h:cisco:unified_computing_system:-" } } }, { "category": "product_name", "name": "Cisco Unified Computing System (UCS) Director", "product": { "name": "Cisco Unified Computing System (UCS) Director", "product_id": "T017032", "product_identification_helper": { "cpe": "cpe:/h:cisco:unified_computing_system:director_6.7.4.1" } } } ], "category": "product_name", "name": "Unified Computing System (UCS)" }, { "category": "product_name", "name": "Cisco Unified Contact Center Enterprise Director", "product": { "name": "Cisco Unified Contact Center Enterprise Director", "product_id": "2143", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_contact_center_enterprise:-" } } }, { "category": "product_name", "name": "Cisco Unified Contact Center Express (UCCX) Director", "product": { "name": "Cisco Unified Contact Center Express (UCCX) Director", "product_id": "915286", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_contact_center_express:-" } } }, { "category": "product_name", "name": "Cisco Unified Intelligence Center Director", "product": { "name": "Cisco Unified Intelligence Center Director", "product_id": "T018811", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_intelligence_center:-" } } }, { "category": "product_name", "name": "Cisco Unity Connection Director", "product": { "name": "Cisco Unity Connection Director", "product_id": "T002044", "product_identification_helper": { "cpe": "cpe:/a:cisco:unity_connection:-" } } }, { "category": "product_name", "name": "Cisco Video Surveillance Operations Manager Director", "product": { "name": "Cisco Video Surveillance Operations Manager Director", "product_id": "196088", "product_identification_helper": { "cpe": "cpe:/a:cisco:video_surveillance_operations_manager:-" } } }, { "category": "product_name", "name": "Cisco WebEx Meetings Server", "product": { "name": "Cisco WebEx Meetings Server", "product_id": "T001160", "product_identification_helper": { "cpe": "cpe:/a:cisco:webex_meetings_server:-" } } } ], "category": "vendor", "name": "Cisco" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "HPE Intelligent Management Center (IMC)", "product": { "name": "HPE Intelligent Management Center (IMC)", "product_id": "T001888", "product_identification_helper": { "cpe": "cpe:/a:hp:intelligent_management_center:-" } } } ], "category": "vendor", "name": "HPE" }, { "branches": [ { "category": "product_name", "name": "IBM DB2", "product": { "name": "IBM DB2", "product_id": "5104", "product_identification_helper": { "cpe": "cpe:/a:ibm:db2:-" } } }, { "branches": [ { "category": "product_name", "name": "IBM QRadar SIEM 7.5", "product": { "name": "IBM QRadar SIEM 7.5", "product_id": "T022954", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:7.5" } } }, { "category": "product_name", "name": "IBM QRadar SIEM 7.4", "product": { "name": "IBM QRadar SIEM 7.4", "product_id": "T024775", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:7.4" } } } ], "category": "product_name", "name": "QRadar SIEM" }, { "category": "product_name", "name": "IBM Rational Software Architect", "product": { "name": "IBM Rational Software Architect", "product_id": "T005181", "product_identification_helper": { "cpe": "cpe:/a:ibm:rational_software_architect:-" } } }, { "category": "product_name", "name": "IBM Security Guardium", "product": { "name": "IBM Security Guardium", "product_id": "T021345", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:-" } } }, { "category": "product_name", "name": "IBM Tivoli Netcool/OMNIbus", "product": { "name": "IBM Tivoli Netcool/OMNIbus", "product_id": "T004181", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:-" } } }, { "category": "product_name", "name": "IBM WebSphere Application Server", "product": { "name": "IBM WebSphere Application Server", "product_id": "5198", "product_identification_helper": { "cpe": "cpe:/a:ibm:websphere_application_server:-" } } } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SOS GmbH JobScheduler", "product": { "name": "SOS GmbH JobScheduler", "product_id": "T021263", "product_identification_helper": { "cpe": "cpe:/a:sos_gmbh:jobscheduler:-" } } } ], "category": "vendor", "name": "SOS GmbH" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44832", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Apache log4j. Bestimmte Nutzer-Eingaben werden nur ungen\u00fcgend validiert. Ein entfernter authentisierter Angreifer mit der Berechtigung zum \u00c4ndern der Protokollierungskonfigurationsdatei kann eine b\u00f6sartige Konfiguration mit einem JDBC-Appender mit einer Datenquelle erstellen, die auf einen JNDI-URI verweist. In der Folge kann Code zur Ausf\u00fchrung gebracht werden." } ], "product_status": { "known_affected": [ "T001160", "67646", "T017032", "T021358", "T021357", "T000612", "T001888", "T005181", "199167", "398363", "163824", "T015519", "5198", "T015516", "T011337", "2143", "2142", "2040", "T022954", "T021345", "T021487", "642", "2951", "T018811", "1024", "T000126", "T018812", "T021249", "5104", "778219", "T004181", "T024775", "196088", "915287", "915286", "T002044", "T021263" ] }, "release_date": "2021-12-28T23:00:00Z", "title": "CVE-2021-44832" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.