WID-SEC-W-2022-0352
Vulnerability from csaf_certbund
Published
2021-12-14 23:00
Modified
2022-12-11 23:00
Summary
Apache log4j: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Code auszuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- CISCO Appliance
- Juniper Appliance
- NetApp Appliance
- Native Hypervisor
- Applicance
- Sonstiges
- Hardware Appliance
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Code auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- CISCO Appliance\n- Juniper Appliance\n- NetApp Appliance\n- Native Hypervisor\n- Applicance\n- Sonstiges\n- Hardware Appliance", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0352 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0352.json" }, { "category": "self", "summary": "WID-SEC-2022-0352 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0352" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-225 vom 2022-12-09", "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-225.html" }, { "category": "external", "summary": "Apache Log4j Security Vulnerabilities vom 2021-12-13", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "Lunasec Blog \"Log4Shell Update\" vom 2021-12-14", "url": "https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/" }, { "category": "external", "summary": "HCL Article KB0095516 vom 2021-12-16", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0095516" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:5148 vom 2021-12-16", "url": "https://access.redhat.com/errata/RHSA-2021:5148" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5197-1 vom 2021-12-15", "url": "https://ubuntu.com/security/notices/USN-5197-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:5106 vom 2021-12-16", "url": "https://access.redhat.com/errata/RHSA-2021:5106" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2021-1730 vom 2021-12-16", "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1730.html" }, { "category": "external", "summary": "IBM Security Bulletin 6526750 vom 2021-12-16", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affect-the-ibm-websphere-application-server-and-ibm-websphere-application-server-liberty-cve-2021-4104-cve-2021-45046/" }, { "category": "external", "summary": "Debian Security Advisory DSA-5022 vom 2021-12-16", "url": "https://lists.debian.org/debian-security-announce/2021/msg00208.html" }, { "category": "external", "summary": "CloudFlare Blog vom 2021-12-16", "url": "https://blog.cloudflare.com/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:5186 vom 2021-12-17", "url": "https://access.redhat.com/errata/RHSA-2021:5186" }, { "category": "external", "summary": "Cisco Security Advisory CISCO-SA-APACHE-LOG4J-QRUKNEBD vom 2021-12-17", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:5183 vom 2021-12-17", "url": "https://access.redhat.com/errata/RHSA-2021:5183" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:5184 vom 2021-12-17", "url": "https://access.redhat.com/errata/RHSA-2021:5184" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:5141 vom 2021-12-16", "url": "https://access.redhat.com/errata/RHSA-2021:5141" }, { "category": "external", "summary": "Siemens Security Advisory SSA-714170 vom 2021-12-16", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:5107 vom 2021-12-16", "url": "https://access.redhat.com/errata/RHSA-2021:5107" }, { "category": "external", "summary": "Log4j Vulnerabilities Impact On Oracle E-Business Suite Analysis", "url": "https://www.integrigy.com/security-resources/log4j-vulnerabilities-impact-oracle-e-business-suite-analysis" }, { "category": "external", "summary": "Apache Log4j Security Vulnerabilities vom 2021-12-16", "url": "https://logging.apache.org/log4j/2.x/security" }, { "category": "external", "summary": "Apache Log4j Security Vulnerabilities vom 2021-12-16", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "category": "external", "summary": "Tibco Apache Log4J Vulnerability Daily Update", "url": "https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update-archive-6" }, { "category": "external", "summary": "Atos Security Advisory Report - OBSO-2112-01", "url": "https://networks.unify.com/security/advisories/OBSO-2112-01.pdf" }, { "category": "external", "summary": "Avaya Product Security Apache Log4J Vulnerability vom 2021-12-17", "url": "https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2021-1553 vom 2021-12-18", "url": "https://alas.aws.amazon.com/ALAS-2021-1553.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASCORRETTO8-2021-001 vom 2021-12-20", "url": "https://alas.aws.amazon.com/AL2/ALASCORRETTO8-2021-001.html" }, { "category": "external", "summary": "IBM Security Bulletin 6527924 vom 2021-12-17", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-blockchain-bridge-dependencies-are-vulnerable-to-an-issue-in-apache-log4j-cve-2021-45046/" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASJAVA-OPENJDK11-2021-001 vom 2021-12-20", "url": "https://alas.aws.amazon.com/AL2/ALASJAVA-OPENJDK11-2021-001.html" }, { "category": "external", "summary": "HCL Article KB0095587 vom 2021-12-17", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0095587" }, { "category": "external", "summary": "Citrix Security Advisory CTX335705 vom 2021-12-20", "url": "https://support.citrix.com/article/CTX335705" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2021-1731 vom 2021-12-18", "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1731.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2021-004 vom 2021-12-18", "url": "https://alas.aws.amazon.com/AL2022/ALAS-2021-004.html" }, { "category": "external", "summary": "IBM Security Bulletin 6528372 vom 2021-12-21", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-log4shell-vulnerability-affects-ibm-spss-statistics-cve-2021-45046/" }, { "category": "external", "summary": "NetApp Security Advisory NTAP-20211215-0001 vom 2021-12-20", "url": "https://security.netapp.com/advisory/ntap-20211215-0001/" }, { "category": "external", "summary": "Apache Log4j 2 Release Notes", "url": "https://logging.apache.org/log4j/log4j-2.12.3/index.html" }, { "category": "external", "summary": "IBM Security Bulletin 6528672 vom 2021-12-22", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-45046-cve-2021-45105/" }, { "category": "external", "summary": "Incident Report for F-Secure services", "url": "https://status.f-secure.com/incidents/sk8vmr0h34pd" }, { "category": "external", "summary": "Apache Log4j2 Advisory", "url": "https://logging.apache.org/log4j/log4j-2.3.1/index.html" }, { "category": "external", "summary": "IBM Security Bulletin 6529162 vom 2021-12-22", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-cve-2021-45046-impacts-ibm-qradar-user-behavior-analytics-add-on-to-ibm-qradar-siem/" }, { "category": "external", "summary": "IBM Security Bulletin 6536704 vom 2021-12-23", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affects-spss-collaboration-and-deployment-services/" }, { "category": "external", "summary": "IBM Security Bulletin 6536870 vom 2021-12-23", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-ibm-spss-analytic-server-cve-2021-45105-and-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6536868 vom 2021-12-23", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-apache-log4j-shipped-with-ibm-tivoli-netcool-omnibus-common-integration-libraries-cve-2021-4104-cve-2021-45046-cve-2021-44228/" }, { "category": "external", "summary": "WIBU Security Advisory WIBU-211215-01 vom 2021-12-23", "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211215-01.pdf" }, { "category": "external", "summary": "IBM Security Bulletin 6537184 vom 2021-12-27", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-cve-2021-45105-affecting-v2-16-and-cve-2021-45046-affecting-v2-15-affect-ibm-spss-statistics-server/" }, { "category": "external", "summary": "IBM Security Bulletin 6537182 vom 2021-12-27", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-cve-2021-45105-affecting-v2-16-and-cve-2021-45046-affecting-v2-15-affect-ibm-spss-statistics-desktop/" }, { "category": "external", "summary": "IBM Security Bulletin 6537186 vom 2021-12-27", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-cve-2021-45105-affecting-v2-16-and-cve-2021-45046-affecting-v2-15-affect-ibm-spss-statistics-subscription/" }, { "category": "external", "summary": "IBM Security Bulletin 6537142 vom 2021-12-25", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-vulnerable-to-a-denial-of-service-vulnerability-in-apache-log4j2-component-cve-2021-45105-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6537180 vom 2021-12-27", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spss-statistics-is-vulnerable-to-denial-of-service-due-to-apache-log4j-cve-2021-45105-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6537212 vom 2021-12-28", "url": "https://www.ibm.com/blogs/psirt/security-bulletinibm-spss-modeler-is-vulnerable-to-denial-of-service-due-to-apache-log4j-cve-2021-45105-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6537240 vom 2021-12-28", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-protect-operations-center-cve-2021-45105-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6537748 vom 2021-12-31", "url": "https://www.ibm.com/support/pages/node/6537748" }, { "category": "external", "summary": "IBM Security Bulletin 6537636 vom 2022-01-04", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-protect-plus-container-backup-and-restore-for-kubernetes-and-openshift-cve-2021-45105-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6537634 vom 2022-01-04", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-impact-ibm-spectrum-protect-plus-cve-2021-45105-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6538396 vom 2022-01-06", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-impacts-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-for-virtual-environments-cve-2021-45105-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6537642 vom 2022-01-06", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-protect-snapshot-on-windows-cve-2021-45105-and-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6537640 vom 2022-01-06", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-protect-for-space-management-cve-2021-45105-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6537644 vom 2022-01-07", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2021-45105-and-cve-2021-45046/" }, { "category": "external", "summary": "EMC Security Advisory DSA-2021-274 vom 2022-01-09", "url": "https://www.dell.com/support/kbdoc/de-de/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228" }, { "category": "external", "summary": "EMC Security Advisory DSA-2021-309 vom 2022-01-09", "url": "https://www.dell.com/support/kbdoc/de-de/000194651/dsa-2021-309-dell-emc-dpa-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228" }, { "category": "external", "summary": "EMC Security Advisory DSA-2021-277 vom 2022-01-09", "url": "https://www.dell.com/support/kbdoc/de-de/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228" }, { "category": "external", "summary": "HPE Security Bulletin HPESBGN04215 rev.10 vom 2022-01-08", "url": "https://support.hpe.com/hpesc/public/docDisplay?elq_mid=17739\u0026elq_cid=67018031\u0026docId=hpesbgn04215en_us" }, { "category": "external", "summary": "IBM Security Bulletin 6539408 vom 2022-01-11", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affect-the-ibm-websphere-application-server-and-ibm-security-guardium-key-lifecycle-manager-cve-2021-4104-cve-2021-45046-cve-2021-45105/" }, { "category": "external", "summary": "IBM Security Bulletin 6538896 vom 2022-01-12", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-blockchain-bridge-dependencies-are-vulnerable-to-an-issue-in-apache-log4j-cve-2021-45105/" }, { "category": "external", "summary": "Juniper Security Bulletin JSA11287 vom 2022-01-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11287\u0026cat=SIRT_1" }, { "category": "external", "summary": "SoapUI Release 5.6.1", "url": "https://www.soapui.org/downloads/latest-release/release-history/" }, { "category": "external", "summary": "JobScheduler Vulnerability Release 2.2.1 vom 2022-01-11", "url": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+2.2.1" }, { "category": "external", "summary": "IBM Security Bulletin 6540542 vom 2022-01-14", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-business-automation-workflow-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-and-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Advisory", "url": "https://www.ibm.com/support/pages/node/6541182" }, { "category": "external", "summary": "IBM Security Bulletin 6541258 vom 2022-01-18", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rational-software-architect-realtime-edition-rsa-rt-is-is-vulnerable-to-arbitrary-code-execution-and-denial-of-service-due-to-apache-log4j-cve-2021-44228-cve-2021-45046-and/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0203 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0203" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0223 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0223" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0083 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0083" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0205 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0205" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0216 vom 2022-01-20", "url": "https://access.redhat.com/errata/RHSA-2022:0216" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0222 vom 2022-01-21", "url": "https://access.redhat.com/errata/RHSA-2022:0222" }, { "category": "external", "summary": "IBM Security Bulletin 6549764 vom 2022-01-22", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6550462 vom 2022-01-25", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6551118 vom 2022-01-27", "url": "https://www.ibm.com/blogs/psirt/security-bulletinibm-db2-on-openshift-and-ibm-db2-and-db2-warehouse-on-cloud-pak-for-data-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache/" }, { "category": "external", "summary": "IBM Security Bulletin 6551310 vom 2022-01-28", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-omnibus-common-integration-libraries-is-vulnerable-to-arbitrary-code-execution-and-denial-of-service-due-to-apache-log4j-cve-2021-44228-cve-2021-45046-cve-2021/" }, { "category": "external", "summary": "EMC Security Advisory DSA-2019-079 vom 2022-01-28", "url": "https://www.dell.com/support/kbdoc/de-de/000194054/dsa-2019-079" }, { "category": "external", "summary": "IBM Security Bulletin 6551390 vom 2022-01-28", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-network-manager-ip-edition-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-and-cve-2021-45046/" }, { "category": "external", "summary": "IBM Security Bulletin 6552546 vom 2022-02-02", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-tivoli-netcool-omnibus-installation-contains-vulnerable-apache-log4j-code-cve-2021-44832-cve-2021-45046-cve-2021-45105/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0431 vom 2022-02-03", "url": "https://access.redhat.com/errata/RHSA-2022:0431" }, { "category": "external", "summary": "HCL Article KB0097471 vom 2022-05-18", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097471" }, { "category": "external", "summary": "IBM Security Bulletin 6565401 vom 2022-03-23", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-big-sql-is-vulnerable-to-arbitrary-code-execution-and-denial-of-service-due-to-apache-log4j-cve-2021-45046-cve-2021-45105/" }, { "category": "external", "summary": "HCL Article KB0097299 vom 2022-03-23", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097299" }, { "category": "external", "summary": "HCL Article KB0097470 vom 2022-03-25", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097470" }, { "category": "external", "summary": "HCL Article KB0096807 vom 2022-03-29", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0096807" }, { "category": "external", "summary": "IBM Security Bulletin 6568843 vom 2022-04-02", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-informix-dynamic-server-in-cloud-pak-for-data-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1299 vom 2022-04-11", "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1296 vom 2022-04-11", "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1297 vom 2022-04-11", "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "category": "external", "summary": "IBM Security Bulletin 6572685 vom 2022-04-16", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-informix-dynamic-server-is-vulnerable-to-denial-of-service-cve-2021-45105-and-remote-code-execution-cve-2021-45046-due-to-apache-log4j/" }, { "category": "external", "summary": "HCL Article KB0097650 vom 2022-04-23", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097650" }, { "category": "external", "summary": "HCL Article KB0097639 vom 2022-04-23", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097639" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2022-001 vom 2022-04-25", "url": "https://downloads.avaya.com/css/P8/documents/101081576" }, { "category": "external", "summary": "HCL Article KB0097787 vom 2022-04-28", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097787" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-1601 vom 2022-06-15", "url": "https://alas.aws.amazon.com/ALAS-2022-1601.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-1806 vom 2022-06-15", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1806.html" }, { "category": "external", "summary": "HCL Article KB0099131 vom 2022-07-24", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0099131" }, { "category": "external", "summary": "HCL Article KB0099671 vom 2022-07-24", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0099671" }, { "category": "external", "summary": "HCL Article KB0099128 vom 2022-07-24", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0099128" }, { "category": "external", "summary": "HCL Article KB0099667 vom 2022-08-13", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0099667" }, { "category": "external", "summary": "HCL Article KB0099669 vom 2022-08-13", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0099669" }, { "category": "external", "summary": "HCL Article KB0100505 vom 2022-09-21", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100505" } ], "source_lang": "en-US", "title": "Apache log4j: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung", "tracking": { "current_release_date": "2022-12-11T23:00:00.000+00:00", "generator": { "date": "2024-02-15T16:48:51.756+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0352", "initial_release_date": "2021-12-14T23:00:00.000+00:00", "revision_history": [ { "date": "2021-12-14T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2021-12-15T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von HCL, Red Hat, Ubuntu, Amazon und IBM aufgenommen" }, { "date": "2021-12-16T23:00:00.000+00:00", "number": "3", "summary": "Anpassung auf Codeausf\u00fchrung, Hinweis auf Ausnutzung, neue Updates und betroffene Produkte aufgenommen" }, { "date": "2021-12-19T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Amazon, IBM, HCL und Citrix aufgenommen" }, { "date": "2021-12-20T23:00:00.000+00:00", "number": "5", "summary": "Neue Updates von IBM und NetApp aufgenommen" }, { "date": "2021-12-21T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2021-12-22T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2021-12-23T23:00:00.000+00:00", "number": "8", "summary": "Neue Updates von WIBU-SYSTEMS aufgenommen" }, { "date": "2021-12-26T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2021-12-27T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-02T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-03T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-05T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-06T23:00:00.000+00:00", "number": "14", "summary": "Neue Updates von IBM und Cisco aufgenommen" }, { "date": "2022-01-09T23:00:00.000+00:00", "number": "15", "summary": "Neue Updates von EMC und HP aufgenommen" }, { "date": "2022-01-10T23:00:00.000+00:00", "number": "16", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-11T23:00:00.000+00:00", "number": "17", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-12T23:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Juniper, SmartBear und SOS GmbH aufgenommen" }, { "date": "2022-01-13T23:00:00.000+00:00", "number": "19", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-16T23:00:00.000+00:00", "number": "20", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-17T23:00:00.000+00:00", "number": "21", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-19T23:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-20T23:00:00.000+00:00", "number": "23", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-01-23T23:00:00.000+00:00", "number": "24", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-24T23:00:00.000+00:00", "number": "25", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-26T23:00:00.000+00:00", "number": "26", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-01-27T23:00:00.000+00:00", "number": "27", "summary": "Neue Updates von IBM und EMC aufgenommen" }, { "date": "2022-02-01T23:00:00.000+00:00", "number": "28", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-02-03T23:00:00.000+00:00", "number": "29", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-03-22T23:00:00.000+00:00", "number": "30", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-03-24T23:00:00.000+00:00", "number": "31", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-03-29T22:00:00.000+00:00", "number": "32", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-04-03T22:00:00.000+00:00", "number": "33", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-04-11T22:00:00.000+00:00", "number": "34", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-04-18T22:00:00.000+00:00", "number": "35", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-04-24T22:00:00.000+00:00", "number": "36", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-04-26T22:00:00.000+00:00", "number": "37", "summary": "Neue Updates von AVAYA aufgenommen" }, { "date": "2022-04-27T22:00:00.000+00:00", "number": "38", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-05-17T22:00:00.000+00:00", "number": "39", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-06-16T22:00:00.000+00:00", "number": "40", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2022-07-24T22:00:00.000+00:00", "number": "41", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-08-14T22:00:00.000+00:00", "number": "42", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-09-20T22:00:00.000+00:00", "number": "43", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-12-11T23:00:00.000+00:00", "number": "44", "summary": "Neue Updates von Amazon aufgenommen" } ], "status": "final", "version": "44" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Apache Solr", "product": { "name": "Apache Solr", "product_id": "T021248", "product_identification_helper": { "cpe": "cpe:/a:apache:solr:-" } } }, { "branches": [ { "category": "product_name", "name": "Apache log4j \u003c 2.12.2", "product": { "name": "Apache log4j \u003c 2.12.2", "product_id": "T021307", "product_identification_helper": { "cpe": "cpe:/a:apache:log4j:2.12.2" } } }, { "category": "product_name", "name": "Apache log4j \u003c 2.16.0", "product": { "name": "Apache log4j \u003c 2.16.0", "product_id": "T021308", "product_identification_helper": { "cpe": "cpe:/a:apache:log4j:2.16.0" } } }, { "category": "product_name", "name": "Apache log4j \u003c 2.3.1", "product": { "name": "Apache log4j \u003c 2.3.1", "product_id": "T021413", "product_identification_helper": { "cpe": "cpe:/a:apache:log4j:2.3.1" } } }, { "category": "product_name", "name": "Apache log4j \u003c 2.12.3", "product": { "name": "Apache log4j \u003c 2.12.3", "product_id": "T021414", "product_identification_helper": { "cpe": "cpe:/a:apache:log4j:2.12.3" } } } ], "category": "product_name", "name": "log4j" } ], "category": "vendor", "name": "Apache" }, { "branches": [ { "category": "product_name", "name": "Avaya Analytics", "product": { "name": "Avaya Analytics", "product_id": "T021375", "product_identification_helper": { "cpe": "cpe:/a:avaya:analytics:-" } } }, { "category": "product_name", "name": "Avaya Aura Application Enablement Services", "product": { "name": "Avaya Aura Application Enablement Services", "product_id": "T015516", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_application_enablement_services:-" } } }, { "category": "product_name", "name": "Avaya Aura Device Services", "product": { "name": "Avaya Aura Device Services", "product_id": "T015517", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_device_services:-" } } }, { "category": "product_name", "name": "Avaya Aura Media Server", "product": { "name": "Avaya Aura Media Server", "product_id": "1017", "product_identification_helper": { "cpe": "cpe:/a:avaya:media_server:-" } } }, { "category": "product_name", "name": "Avaya Aura Session Manager", "product": { "name": "Avaya Aura Session Manager", "product_id": "T015127", "product_identification_helper": { "cpe": "cpe:/a:avaya:session_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura System Manager", "product": { "name": "Avaya Aura System Manager", "product_id": "T015518", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_system_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura Web Gateway", "product": { "name": "Avaya Aura Web Gateway", "product_id": "T021376", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_web_gateway:-" } } }, { "category": "product_name", "name": "Avaya Breeze Platform", "product": { "name": "Avaya Breeze Platform", "product_id": "T015823", "product_identification_helper": { "cpe": "cpe:/a:avaya:breeze_platform:-" } } }, { "category": "product_name", "name": "Avaya Oceana", "product": { "name": "Avaya Oceana", "product_id": "T016589", "product_identification_helper": { "cpe": "cpe:/a:avaya:oceana:-" } } }, { "category": "product_name", "name": "Avaya Session Border Controller", "product": { "name": "Avaya Session Border Controller", "product_id": "T015520", "product_identification_helper": { "cpe": "cpe:/h:avaya:session_border_controller:-" } } } ], "category": "vendor", "name": "Avaya" }, { "branches": [ { "category": "product_name", "name": "Cisco Application Policy Infrastructure Controller", "product": { "name": "Cisco Application Policy Infrastructure Controller", "product_id": "778219", "product_identification_helper": { "cpe": "cpe:/a:cisco:application_policy_infrastructure_controller:-" } } }, { "category": "product_name", "name": "Cisco Emergency Responder (ER)", "product": { "name": "Cisco Emergency Responder (ER)", "product_id": "2040", "product_identification_helper": { "cpe": "cpe:/a:cisco:emergency_responder:-" } } }, { "category": "product_name", "name": "Cisco Finesse", "product": { "name": "Cisco Finesse", "product_id": "199167", "product_identification_helper": { "cpe": "cpe:/a:cisco:finesse:-" } } }, { "category": "product_name", "name": "Cisco Firepower", "product": { "name": "Cisco Firepower", "product_id": "T011337", "product_identification_helper": { "cpe": "cpe:/a:cisco:firepower:-" } } }, { "category": "product_name", "name": "Cisco Identity Services Engine (ISE)", "product": { "name": "Cisco Identity Services Engine (ISE)", "product_id": "T000612", "product_identification_helper": { "cpe": "cpe:/a:cisco:identity_services_engine_software:-" } } }, { "category": "product_name", "name": "Cisco Integrated Management Controller", "product": { "name": "Cisco Integrated Management Controller", "product_id": "T014392", "product_identification_helper": { "cpe": "cpe:/a:cisco:integrated_management_controller:-" } } }, { "category": "product_name", "name": "Cisco Network Services Orchestrator", "product": { "name": "Cisco Network Services Orchestrator", "product_id": "T021358", "product_identification_helper": { "cpe": "cpe:/a:cisco:network_services_orchestrator:-" } } }, { "category": "product_name", "name": "Cisco Nexus", "product": { "name": "Cisco Nexus", "product_id": "T013714", "product_identification_helper": { "cpe": "cpe:/h:cisco:nexus:-" } } }, { "category": "product_name", "name": "Cisco SD-WAN", "product": { "name": "Cisco SD-WAN", "product_id": "T015770", "product_identification_helper": { "cpe": "cpe:/a:cisco:sd_wan:-" } } }, { "branches": [ { "category": "product_name", "name": "Cisco Unified Communications Manager (CUCM)", "product": { "name": "Cisco Unified Communications Manager (CUCM)", "product_id": "2142", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_communications_manager:-" } } }, { "category": "product_name", "name": "Cisco Unified Communications Manager (CUCM) Session Management Edition", "product": { "name": "Cisco Unified Communications Manager (CUCM) Session Management Edition", "product_id": "T016315", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_communications_manager:session_management_edition" } } } ], "category": "product_name", "name": "Unified Communications Manager (CUCM)" }, { "category": "product_name", "name": "Cisco Unified Communications Manager IM \u0026 Presence Service", "product": { "name": "Cisco Unified Communications Manager IM \u0026 Presence Service", "product_id": "915287", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:-" } } }, { "category": "product_name", "name": "Cisco Unified Computing System (UCS)", "product": { "name": "Cisco Unified Computing System (UCS)", "product_id": "163824", "product_identification_helper": { "cpe": "cpe:/h:cisco:unified_computing_system:-" } } }, { "category": "product_name", "name": "Cisco Unified Contact Center Enterprise", "product": { "name": "Cisco Unified Contact Center Enterprise", "product_id": "2143", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_contact_center_enterprise:-" } } }, { "category": "product_name", "name": "Cisco Unified Contact Center Express (UCCX)", "product": { "name": "Cisco Unified Contact Center Express (UCCX)", "product_id": "915286", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_contact_center_express:-" } } }, { "category": "product_name", "name": "Cisco Unified Intelligence Center", "product": { "name": "Cisco Unified Intelligence Center", "product_id": "T018811", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_intelligence_center:-" } } }, { "category": "product_name", "name": "Cisco Unity Connection", "product": { "name": "Cisco Unity Connection", "product_id": "T002044", "product_identification_helper": { "cpe": "cpe:/a:cisco:unity_connection:-" } } }, { "category": "product_name", "name": "Cisco Video Surveillance Operations Manager", "product": { "name": "Cisco Video Surveillance Operations Manager", "product_id": "196088", "product_identification_helper": { "cpe": "cpe:/a:cisco:video_surveillance_operations_manager:-" } } }, { "category": "product_name", "name": "Cisco WebEx Meetings Server", "product": { "name": "Cisco WebEx Meetings Server", "product_id": "T001160", "product_identification_helper": { "cpe": "cpe:/a:cisco:webex_meetings_server:-" } } } ], "category": "vendor", "name": "Cisco" }, { "branches": [ { "category": "product_name", "name": "Citrix Systems Virtual Apps and Desktops", "product": { "name": "Citrix Systems Virtual Apps and Desktops", "product_id": "876876", "product_identification_helper": { "cpe": "cpe:/a:citrix:virtual_apps_and_desktops:-::~~-~~~" } } } ], "category": "vendor", "name": "Citrix Systems" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Dell Data Protection Advisor", "product": { "name": "Dell Data Protection Advisor", "product_id": "T021498", "product_identification_helper": { "cpe": "cpe:/a:dell:data_protection_advisor:-" } } } ], "category": "vendor", "name": "Dell" }, { "branches": [ { "category": "product_name", "name": "EMC Avamar", "product": { "name": "EMC Avamar", "product_id": "T014381", "product_identification_helper": { "cpe": "cpe:/a:emc:avamar:-" } } }, { "category": "product_name", "name": "EMC Data Domain", "product": { "name": "EMC Data Domain", "product_id": "T021496", "product_identification_helper": { "cpe": "cpe:/o:emc:data_domain:-" } } }, { "category": "product_name", "name": "EMC Data Domain OS", "product": { "name": "EMC Data Domain OS", "product_id": "T006099", "product_identification_helper": { "cpe": "cpe:/o:emc:data_domain_os:-" } } } ], "category": "vendor", "name": "EMC" }, { "branches": [ { "category": "product_name", "name": "F-Secure Policy Manager", "product": { "name": "F-Secure Policy Manager", "product_id": "T021242", "product_identification_helper": { "cpe": "cpe:/a:f-secure:policy_manager:-" } } } ], "category": "vendor", "name": "F-Secure" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "HCL Commerce", "product": { "name": "HCL Commerce", "product_id": "T019293", "product_identification_helper": { "cpe": "cpe:/a:hcltechsw:commerce:-" } } }, { "category": "product_name", "name": "HCL Commerce Big SQL", "product": { "name": "HCL Commerce Big SQL", "product_id": "T019294", "product_identification_helper": { "cpe": "cpe:/a:hcltechsw:commerce:-" } } } ], "category": "product_name", "name": "Commerce" }, { "category": "product_name", "name": "HCL Domino", "product": { "name": "HCL Domino", "product_id": "777623", "product_identification_helper": { "cpe": "cpe:/a:hcltech:domino:-" } } }, { "category": "product_name", "name": "HCL Notes", "product": { "name": "HCL Notes", "product_id": "763192", "product_identification_helper": { "cpe": "cpe:/a:hcltech:notes:9.0" } } } ], "category": "vendor", "name": "HCL" }, { "branches": [ { "category": "product_name", "name": "IBM Business Automation Workflow", "product": { "name": "IBM Business Automation Workflow", "product_id": "T019704", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_automation_workflow:-" } } }, { "branches": [ { "category": "product_name", "name": "IBM DB2", "product": { "name": "IBM DB2", "product_id": "5104", "product_identification_helper": { "cpe": "cpe:/a:ibm:db2:-" } } }, { "category": "product_name", "name": "IBM DB2 Big SQL", "product": { "name": "IBM DB2 Big SQL", "product_id": "T022379", "product_identification_helper": { "cpe": "cpe:/a:ibm:db2:big_sql" } } } ], "category": "product_name", "name": "DB2" }, { "branches": [ { "category": "product_name", "name": "IBM MQ", "product": { "name": "IBM MQ", "product_id": "T021398", "product_identification_helper": { "cpe": "cpe:/a:ibm:mq:-" } } }, { "category": "product_name", "name": "IBM MQ Blockchain Bridge", "product": { "name": "IBM MQ Blockchain Bridge", "product_id": "T021543", "product_identification_helper": { "cpe": "cpe:/a:ibm:mq:::blockchain_bridge" } } } ], "category": "product_name", "name": "MQ" }, { "category": "product_name", "name": "IBM QRadar SIEM", "product": { "name": "IBM QRadar SIEM", "product_id": "T021415", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:-" } } }, { "category": "product_name", "name": "IBM Rational Software Architect", "product": { "name": "IBM Rational Software Architect", "product_id": "T005181", "product_identification_helper": { "cpe": "cpe:/a:ibm:rational_software_architect:-" } } }, { "category": "product_name", "name": "IBM SPSS", "product": { "name": "IBM SPSS", "product_id": "T013570", "product_identification_helper": { "cpe": "cpe:/a:ibm:spss:-" } } }, { "branches": [ { "category": "product_name", "name": "IBM Security Guardium", "product": { "name": "IBM Security Guardium", "product_id": "T021345", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:-" } } }, { "category": "product_name", "name": "IBM Security Guardium Insights", "product": { "name": "IBM Security Guardium Insights", "product_id": "T021405", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:::insights" } } } ], "category": "product_name", "name": "Security Guardium" }, { "category": "product_name", "name": "IBM Spectrum Protect", "product": { "name": "IBM Spectrum Protect", "product_id": "T013661", "product_identification_helper": { "cpe": "cpe:/a:ibm:spectrum_protect:-" } } }, { "category": "product_name", "name": "IBM Spectrum Scale", "product": { "name": "IBM Spectrum Scale", "product_id": "T019402", "product_identification_helper": { "cpe": "cpe:/a:ibm:spectrum_scale:-" } } }, { "category": "product_name", "name": "IBM Tivoli Netcool/OMNIbus", "product": { "name": "IBM Tivoli Netcool/OMNIbus", "product_id": "T004181", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:-" } } }, { "category": "product_name", "name": "IBM WebSphere Application Server", "product": { "name": "IBM WebSphere Application Server", "product_id": "5198", "product_identification_helper": { "cpe": "cpe:/a:ibm:websphere_application_server:-" } } } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "Juniper Junos Space", "product": { "name": "Juniper Junos Space", "product_id": "T003343", "product_identification_helper": { "cpe": "cpe:/a:juniper:junos_space:-" } } } ], "category": "vendor", "name": "Juniper" }, { "branches": [ { "category": "product_name", "name": "NetApp ActiveIQ Unified Manager", "product": { "name": "NetApp ActiveIQ Unified Manager", "product_id": "T016960", "product_identification_helper": { "cpe": "cpe:/a:netapp:active_iq_unified_manager:-" } } } ], "category": "vendor", "name": "NetApp" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SOS GmbH JobScheduler", "product": { "name": "SOS GmbH JobScheduler", "product_id": "T021263", "product_identification_helper": { "cpe": "cpe:/a:sos_gmbh:jobscheduler:-" } } } ], "category": "vendor", "name": "SOS GmbH" }, { "branches": [ { "category": "product_name", "name": "SmartBear SoapUI", "product": { "name": "SmartBear SoapUI", "product_id": "T021577", "product_identification_helper": { "cpe": "cpe:/a:smartbear:soapui:-" } } } ], "category": "vendor", "name": "SmartBear" }, { "branches": [ { "category": "product_name", "name": "TIBCO Spotfire", "product": { "name": "TIBCO Spotfire", "product_id": "T009185", "product_identification_helper": { "cpe": "cpe:/a:tibco:spotfire:-" } } }, { "category": "product_name", "name": "TIBCO Spotfire Statistics Services", "product": { "name": "TIBCO Spotfire Statistics Services", "product_id": "T021366", "product_identification_helper": { "cpe": "cpe:/a:tibco:spotfire_statistics_services:-" } } } ], "category": "vendor", "name": "TIBCO" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" }, { "branches": [ { "category": "product_name", "name": "Unify OpenScape Contact Center", "product": { "name": "Unify OpenScape Contact Center", "product_id": "T008876", "product_identification_helper": { "cpe": "cpe:/a:unify:openscape_contact_center:-" } } }, { "category": "product_name", "name": "Unify OpenScape Mediaserver", "product": { "name": "Unify OpenScape Mediaserver", "product_id": "T018253", "product_identification_helper": { "cpe": "cpe:/a:unify:openscape_mediaserver:-" } } }, { "category": "product_name", "name": "Unify OpenScape UC Application", "product": { "name": "Unify OpenScape UC Application", "product_id": "T015712", "product_identification_helper": { "cpe": "cpe:/a:unify:openscape_uc_application:-" } } }, { "category": "product_name", "name": "Unify OpenScape Voice", "product": { "name": "Unify OpenScape Voice", "product_id": "T008873", "product_identification_helper": { "cpe": "cpe:/a:unify:openscape_voice:-" } } } ], "category": "vendor", "name": "Unify" }, { "branches": [ { "category": "product_name", "name": "VMware Carbon Black Cloud Workload", "product": { "name": "VMware Carbon Black Cloud Workload", "product_id": "950382", "product_identification_helper": { "cpe": "cpe:/a:vmware:carbon_black_cloud_workload:-" } } }, { "category": "product_name", "name": "VMware Cloud Director Object Storage Extension", "product": { "name": "VMware Cloud Director Object Storage Extension", "product_id": "T021402", "product_identification_helper": { "cpe": "cpe:/a:vmware:cloud_director:object_storage_extension" } } }, { "category": "product_name", "name": "VMware Cloud Foundation", "product": { "name": "VMware Cloud Foundation", "product_id": "658718", "product_identification_helper": { "cpe": "cpe:/a:vmware:cloud_foundation:-" } } }, { "category": "product_name", "name": "VMware Horizon", "product": { "name": "VMware Horizon", "product_id": "T021252", "product_identification_helper": { "cpe": "cpe:/a:vmware:horizon:-" } } }, { "category": "product_name", "name": "VMware Identity Manager", "product": { "name": "VMware Identity Manager", "product_id": "T021253", "product_identification_helper": { "cpe": "cpe:/a:vmware:identity_manger:-" } } }, { "category": "product_name", "name": "VMware NSX Data Center for vSphere", "product": { "name": "VMware NSX Data Center for vSphere", "product_id": "393634", "product_identification_helper": { "cpe": "cpe:/a:vmware:nsx_data_center:-" } } }, { "category": "product_name", "name": "VMware SD-WAN by VeloCloud", "product": { "name": "VMware SD-WAN by VeloCloud", "product_id": "T021403", "product_identification_helper": { "cpe": "cpe:/a:vmware:sd-wan_by_velocloud:-" } } }, { "branches": [ { "category": "product_name", "name": "VMware Workspace One Access Connector", "product": { "name": "VMware Workspace One Access Connector", "product_id": "T021254", "product_identification_helper": { "cpe": "cpe:/a:vmware:workspace_one_access:::connector" } } }, { "category": "product_name", "name": "VMware Workspace One Access", "product": { "name": "VMware Workspace One Access", "product_id": "T021255", "product_identification_helper": { "cpe": "cpe:/a:vmware:workspace_one_access:-" } } } ], "category": "product_name", "name": "Workspace One Access" }, { "category": "product_name", "name": "VMware vCenter Server", "product": { "name": "VMware vCenter Server", "product_id": "T012302", "product_identification_helper": { "cpe": "cpe:/a:vmware:vcenter_server:-" } } }, { "category": "product_name", "name": "VMware vRealize Log Insight", "product": { "name": "VMware vRealize Log Insight", "product_id": "T021256", "product_identification_helper": { "cpe": "cpe:/a:vmware:vcenter_log_insight:-" } } }, { "branches": [ { "category": "product_name", "name": "VMware vRealize Operations", "product": { "name": "VMware vRealize Operations", "product_id": "T021257", "product_identification_helper": { "cpe": "cpe:/a:vmware:vrealize_operations:-" } } }, { "category": "product_name", "name": "VMware vRealize Operations Cloud Proxy", "product": { "name": "VMware vRealize Operations Cloud Proxy", "product_id": "T021404", "product_identification_helper": { "cpe": "cpe:/a:vmware:vrealize_operations:::cloud_proxy" } } } ], "category": "product_name", "name": "vRealize Operations" } ], "category": "vendor", "name": "VMware" }, { "branches": [ { "category": "product_name", "name": "Wibu-Systems CodeMeter", "product": { "name": "Wibu-Systems CodeMeter", "product_id": "812997", "product_identification_helper": { "cpe": "cpe:/a:wibu:codemeter:-" } } } ], "category": "vendor", "name": "Wibu-Systems" }, { "branches": [ { "category": "product_name", "name": "TIBCO Managed File Transfer", "product": { "name": "TIBCO Managed File Transfer", "product_id": "T021367", "product_identification_helper": { "cpe": "cpe:/a:tibco:managed_file_transfer_internet_server:-" } } } ], "category": "vendor", "name": "tibco" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-45046", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Apache log4j, da die \"Log4Shell\" Schwachstelle (CVE-2021-44228) nicht vollst\u00e4ndig behoben wurde. JNDI Lookups sind weiterhin m\u00f6glich. Es sind bestimmte Konfigurationen betroffen, die nicht im Auslieferungszustand bestehen. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um Code auszuf\u00fchren." } ], "product_status": { "known_affected": [ "T001160", "T008876", "T008873", "T003343", "T019294", "T015127", "T019293", "T015520", "T013661", "658718", "876876", "T021577", "1017", "T021257", "T014392", "T021256", "T021498", "T021415", "398363", "950382", "T021255", "T021376", "T021254", "T021375", "T021496", "T021253", "T006099", "T021252", "163824", "5198", "T015518", "T015517", "T015516", "T015712", "393634", "2040", "T016960", "T018253", "T013570", "T021345", "T021543", "T014381", "2951", "T018811", "T019704", "5104", "T004181", "196088", "777623", "T002044", "763192", "T021263", "67646", "T015823", "812997", "T016315", "T021358", "T000612", "T005181", "199167", "T009185", "T021398", "T013714", "T011337", "T012302", "2143", "2142", "T016589", "T015770", "T021248", "T021402", "T021367", "T019402", "T021366", "T021405", "T022379", "T000126", "T021404", "T021403", "778219", "915287", "915286", "T021242" ] }, "release_date": "2021-12-14T23:00:00Z", "title": "CVE-2021-45046" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.