gsd-2021-45046
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
Aliases
Aliases
{ "GSD": { "affected_component": "unspecified", "alias": "CVE-2021-45046", "attack_vector": "network", "credit": "", "description": "The vulnerability reported in GSD-2021-1002352 (CVE-2021-44228) was not correctly fixed \"in certain non-default configuration\" and a new vulnerability and patch have been released, as such Apache log4js 2.15 is vulnerable. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 restricts JNDI LDAP lookups to localhost by default. Note that previous mitigations involving configuration such as to set the system property `log4j2.noFormatMsgLookup` to `true` do NOT mitigate this specific vulnerability. Log4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default. This issue can be mitigated in prior releases (\u003c2.16.0) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "id": "GSD-2021-45046", "impact": "remote code execution", "modified": "2022-09-03T22:57:05Z", "notes": "", "product_name": [ "Log4j", "Log4j2" ], "product_version": "\u003c2.16.0", "references": [ { "name": "https://github.com/logpresso/CVE-2021-44228-Scanner", "type": "EVIDENCE", "url": "https://github.com/logpresso/CVE-2021-44228-Scanner" }, { "content": "Further development of this tool will continue at corretto/hotpatch-for-apache-log4j2.", "name": "https://github.com/simonis/Log4jPatch", "type": "EVIDENCE", "url": "https://github.com/simonis/Log4jPatch" }, { "content": "This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup() method of all loaded org.apache.logging.log4j.core.lookup.JndiLookup instances to unconditionally return the string \"Patched JndiLookup::lookup()\". It is designed to address the CVE-2021-44228 remote code execution vulnerability in Log4j without restarting the Java process.", "name": "Log4jHotPatch", "type": "EVIDENCE", "url": "https://github.com/corretto/hotpatch-for-apache-log4j2" }, { "content": "A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x \"JNDI LDAP\" vulnerability.\n\nIt does three things:\n\n* Disables the internal method handler for jndi: format strings (\"lookups\").\n* Logs a message to System.err (i.e stderr) indicating that a log4j JNDI attempt has been made (including the format string attempted, with any ${} characters sanitized to prevent transitive injections).\n* Resolves the format string to \"(log4j jndi disabled)\" in the log message (to prevent transitive injections).", "name": "log4j-jndi-be-gone", "type": "EVIDENCE", "url": "https://github.com/nccgroup/log4j-jndi-be-gone" }, { "type": "ADVISORY", "url": "https://www.suse.com/security/cve/CVE-2021-45046.html" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2021/dsa-5022" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2022:0223" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2022:0222" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2022:0216" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2022:0205" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2022:0203" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2022:0083" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2021:5148" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2021:5141" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2021:5137" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2021:5129" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2021:5128" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2021:5127" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2021:5108" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2021:5107" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2021:5106" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2021:5094" }, { "type": "ADVISORY", "url": "https://ubuntu.com/security/CVE-2021-45046" }, { "type": "ADVISORY", "url": "https://advisories.mageia.org/CVE-2021-45046.html" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "type": "ADVISORY", "url": "https://alas.aws.amazon.com/cve/html/CVE-2021-45046.html" }, "https://access.redhat.com/errata/RHSA-2022:0083" ], "reporter": "kurtseifried", "reporter_id": 582211, "vendor_name": "Apache", "vulnerability_type": "CWE-502 Deserialization of Untrusted Data" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-45046" ], "details": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.", "id": "GSD-2021-45046", "modified": "2023-12-13T01:23:19.942088Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-45046", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Log4j", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "Apache Log4j2", "version_value": "2.16.0" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-917", "lang": "eng", "value": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", "refsource": "MISC", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" }, { "name": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" }, { "name": "https://www.cve.org/CVERecord?id=CVE-2021-44228", "refsource": "MISC", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" }, { "name": "http://www.openwall.com/lists/oss-security/2021/12/14/4", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "name": "https://logging.apache.org/log4j/2.x/security.html", "refsource": "MISC", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "name": "https://www.kb.cert.org/vuls/id/930724", "refsource": "MISC", "url": "https://www.kb.cert.org/vuls/id/930724" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" }, { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" }, { "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", "refsource": "MISC", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "http://www.openwall.com/lists/oss-security/2021/12/15/3", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "name": "https://www.debian.org/security/2021/dsa-5022", "refsource": "MISC", "url": "https://www.debian.org/security/2021/dsa-5022" }, { "name": "http://www.openwall.com/lists/oss-security/2021/12/18/1", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://security.gentoo.org/glsa/202310-16", "refsource": "MISC", "url": "https://security.gentoo.org/glsa/202310-16" } ] }, "source": { "discovery": "UNKNOWN" } }, "gitlab.com": { "advisories": [ { "affected_range": "[2.0,2.3.1),[2.4,2.12.3),[2.13,2.16.0)", "affected_versions": "All versions starting from 2.0 before 2.3.1, all versions starting from 2.4 before 2.12.3, all versions starting from 2.13 before 2.16.0", "cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-917", "CWE-937" ], "date": "2023-06-27", "description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, `$${ctx:loginId})` or a Thread Context Map pattern (`%X`, `%mdc`, or `%MDC`) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j restricts JNDI LDAP lookups to localhost by default. Note that previous mitigations involving configuration such as to set the system property `log4j2.noFormatMsgLookup` to `true` do NOT mitigate this specific vulnerability. Log4j fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default. This issue can be mitigated in prior releases (\u003c2.16.0) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "fixed_versions": [ "2.3.1", "2.12.3", "2.16.0" ], "identifier": "CVE-2021-45046", "identifiers": [ "CVE-2021-45046" ], "not_impacted": "All versions before 2.0, all versions starting from 2.3.1 before 2.4, all versions starting from 2.12.3 before 2.13, all versions starting from 2.16.0", "package_slug": "maven/log4j/log4j", "pubdate": "2021-12-14", "solution": "Upgrade to versions 2.3.1, 2.12.3, 2.16.0 or above.", "title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "http://www.openwall.com/lists/oss-security/2021/12/14/4", "https://logging.apache.org/log4j/2.x/security.html" ], "uuid": "bdefae49-1896-4c8e-bba8-f2234bec5d78" }, { "affected_range": "(,0)", "affected_versions": "None", "cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-502", "CWE-78", "CWE-937" ], "date": "2022-02-08", "description": "This CVE has been marked as a False Positive and has been removed. Programs using log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", "fixed_versions": [], "identifier": "CVE-2021-45046", "identifiers": [ "GHSA-7rjr-3q55-vv33", "CVE-2021-45046" ], "package_slug": "maven/org.apache.logging.log4j/log4j-api", "pubdate": "2021-12-14", "solution": "Nothing to be done.", "title": "Deserialization of Untrusted Data", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q", "https://logging.apache.org/log4j/2.x/security.html" ], "uuid": "a78ef337-2b3d-475c-9c66-a226d17bc057" }, { "affected_range": "[2.0,2.3.1),[2.4,2.12.3),[2.13,2.17.0)", "affected_versions": "All versions starting from 2.0 before 2.3.1, all versions starting from 2.4 before 2.12.3, all versions starting from 2.13 before 2.17.0", "cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-917", "CWE-937" ], "date": "2023-06-27", "description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, `$${ctx:loginId})` or a Thread Context Map pattern (`%X`, `%mdc`, or `%MDC`) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j restricts JNDI LDAP lookups to localhost by default. Note that previous mitigations involving configuration such as to set the system property `log4j2.noFormatMsgLookup` to `true` do NOT mitigate this specific vulnerability. Log4j fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default. This issue can be mitigated in prior releases (\u003c2.16.0) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).", "fixed_versions": [ "2.3.1", "2.12.3", "2.17.0" ], "identifier": "CVE-2021-45046", "identifiers": [ "CVE-2021-45046" ], "not_impacted": "All versions before 2.0, all versions starting from 2.3.1 before 2.4, all versions starting from 2.12.3 before 2.13, all versions starting from 2.17.0", "package_slug": "maven/org.apache.logging.log4j/log4j-core", "pubdate": "2021-12-14", "solution": "Upgrade to versions 2.3.1, 2.12.3, 2.17.0 or above.", "title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "http://www.openwall.com/lists/oss-security/2021/12/14/4", "https://logging.apache.org/log4j/2.x/security.html" ], "uuid": "788f3d07-b01c-41d3-b9f0-56693bb21ec8" }, { "affected_range": "[2.0,2.3.1),[2.4,2.12.3),[2.13,2.17.0)", "affected_versions": "All versions starting from 2.0 before 2.3.1, all versions starting from 2.4 before 2.12.3, all versions starting from 2.13 before 2.17.0", "cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-917", "CWE-937" ], "date": "2023-06-27", "description": "It was found that the fix to address CVE-2021-44228 in Apache Log4j was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, `$${ctx:loginId})` or a Thread Context Map pattern (`%X`, `%mdc`, or `%MDC`) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j restricts JNDI LDAP lookups to localhost by default. Note that previous mitigations involving configuration such as to set the system property `log4j2.noFormatMsgLookup` to `true` do NOT mitigate this specific vulnerability. Log4j fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.", "fixed_versions": [ "2.3.1", "2.12.3", "2.17.0" ], "identifier": "CVE-2021-45046", "identifiers": [ "CVE-2021-45046" ], "not_impacted": "All versions before 2.0, all versions starting from 2.3.1 before 2.4, all versions starting from 2.12.3 before 2.13, all versions starting from 2.17.0", "package_slug": "maven/org.apache.logging.log4j/log4j", "pubdate": "2021-12-14", "solution": "Upgrade to versions 2.3.1, 2.12.3, 2.17.0 or above.", "title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-45046", "http://www.openwall.com/lists/oss-security/2021/12/14/4", "https://logging.apache.org/log4j/2.x/security.html" ], "uuid": "8cdf1573-c3e8-41dc-b775-f58e278f6da1" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.12.2", "versionStartIncluding": "2.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.16.0", "versionStartIncluding": "2.13.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:intel:oneapi:-:*:*:*:*:eclipse:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:datacenter_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.70", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.16.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.6.2j-398", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-13", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-13", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2019.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.30", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2020", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-11", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021-12-13", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2019.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:tracealertserverplus:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.12", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-45046" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-917" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "refsource": "MLIST", "tags": [ "Mailing List", "Mitigation", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "name": "https://logging.apache.org/log4j/2.x/security.html", "refsource": "MISC", "tags": [ "Mitigation", "Release Notes", "Vendor Advisory" ], "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "name": "https://www.cve.org/CVERecord?id=CVE-2021-44228", "refsource": "MISC", "tags": [ "Not Applicable" ], "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" }, { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" }, { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "refsource": "CISCO", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" }, { "name": "VU#930724", "refsource": "CERT-VN", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/930724" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "name": "DSA-5022", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-5022" }, { "name": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" }, { "name": "[oss-security] 20211218 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/", "refsource": "MISC", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/", "refsource": "MISC", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/" }, { "name": "https://security.gentoo.org/glsa/202310-16", "refsource": "MISC", "tags": [], "url": "https://security.gentoo.org/glsa/202310-16" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 6.0 } }, "lastModifiedDate": "2023-10-26T07:15Z", "publishedDate": "2021-12-14T19:15Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.