All the vulnerabilites related to Siemens - NX
var-202112-0562
Vulnerability from variot

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache log4j2 has a denial of service vulnerability. When improperly configured, an attacker can exploit this vulnerability to cause a denial of service attack.

For the oldstable distribution (buster), this problem has been fixed in version 2.16.0-1~deb10u1.

For the stable distribution (bullseye), this problem has been fixed in version 2.16.0-1~deb11u1.

We recommend that you upgrade your apache-log4j2 packages.

For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG7FI5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSqOg//XOye7T/8PKOrrUtHFhH+w2dOC0GujwcIS2mhofVuZQTPYvM5uTZxDTuz rQN+T505t9QaP3sF05gXK6VI675HhgmF3d+vDEnhp8QpZX5HeJrmmX44FewZQAqP yMysAuwG1RJ0Qgs7NmppU/XJBnmhJLsqsW99kcDnNXS67D23e1nUqAEDME5baSoF VPc50Up/yh4DE28Jcs8Mh2cM8UqmeLEQJ8XC3IojQLhmOF1UBJuL4K0sEUqWtJeN TytHya2XdfIIZcRolHe6AUeiLP5JpitbqkVP+hEeruAvk8nTGsLi0HMbWxA9LLcB bB9KKJjf6xndRa/t/IXGMzwr883t5/YLdxbCFcGj9M4Bfj7SAhGdgnJHZaRt1quX Vcqnu1pDHpdFuRX4t6oqF9R0uiBGeupZmGdb1y7os+FU2EbTRYU0rlnhfOsou0ex Vh5sFKFDhgWUQoyuVUMh6eOZ7p92GTzbw5kPkvboa7Xdrs02m7ChLlh8f5ajRFrK WbAcwsBj6RK4dmtdvfO2sVEuRTpFQ3qtecwZUR0pqUIjJ+rfurSGmpPr3iOrBu2s ROol/vLfW5uZd6RxSNbt3twPcwBaZagFQCcDY27Yz0sH6DlQUmWed1KJjbRaZ7fn cqjFisSZxu8d5VoAtjMSP8l95FoAm53r9Q1HCZvXqRhBjFNoYqE= =TNnt -----END PGP SIGNATURE----- . Solution:

For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html

  1. The purpose of this text-only errata is to inform you about the security issues fixed in this release.

Installation instructions are available from the Fuse product documentation pages:

Fuse 7.8: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications

Fuse 7.9: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications

Fuse 7.10: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications

The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: Red Hat Data Grid 8.2.3 security update Advisory ID: RHSA-2022:0205-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:0205 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 =====================================================================

  1. Summary:

An update for Red Hat Data Grid is now available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.

Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3].

  1. Solution:

To install this update, do the following:

  1. Download the Data Grid 8.2.3 server patch from the customer portal[²].
  2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
  3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release Notes[³] for patching instructions.
  4. Restart Data Grid to ensure the changes take effect.

  5. References:

https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=data.grid&version=8.2 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL bJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI QBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa 5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk N+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9 /WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9 B/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6 EblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y iy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD FX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K LpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd QiLGYFSmmLk= =y5SE -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0562",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "energyip prepay",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.8"
      },
      {
        "model": "nx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "datacenter manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "model": "vesys",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "head-end system universal device integration system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "email security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "10.0.12"
      },
      {
        "model": "sentron powermanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "6bk1602-0aa52-0tp0",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7.0"
      },
      {
        "model": "industrial edge management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "spectrum power 7",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.30"
      },
      {
        "model": "navigator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "industrial edge management hub",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "tracealertserverplus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "spectrum power 4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.70"
      },
      {
        "model": "operation scheduler",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.3"
      },
      {
        "model": "comos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "xpedition enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "log4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.12.2"
      },
      {
        "model": "sentron powermanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "sppa-t3000 ses3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "9.0"
      },
      {
        "model": "opcenter intelligence",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2"
      },
      {
        "model": "system debugger",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "mendix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "logo\\! soft comfort",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "siveillance control pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "log4j",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.13.0"
      },
      {
        "model": "system studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "siveillance viewpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "6bk1602-0aa12-0tp0",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7.0"
      },
      {
        "model": "siveillance vantage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "teamcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "captial",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "secure device onboard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "energy engage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "solid edge cam pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "energyip prepay",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.7"
      },
      {
        "model": "audio development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "genomics kernel library",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "xpedition package integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "mindsphere",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-11"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.6"
      },
      {
        "model": "spectrum power 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.30"
      },
      {
        "model": "oneapi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "log4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.16.0"
      },
      {
        "model": "log4j",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "e-car operation center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "spectrum power 4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.70"
      },
      {
        "model": "desigo cc info center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0"
      },
      {
        "model": "desigo cc info center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "6bk1602-0aa22-0tp0",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7.0"
      },
      {
        "model": "computer vision annotation tool",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cvat",
        "version": null
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.0"
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "6bk1602-0aa32-0tp0",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7.0"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.5"
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "6bk1602-0aa42-0tp0",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.7.0"
      },
      {
        "model": "captial",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "solid edge harness design",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2020"
      },
      {
        "model": "solid edge harness design",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2020"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0"
      },
      {
        "model": "log4j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0"
      },
      {
        "model": "sensor solution development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.85"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.7"
      },
      {
        "model": "gma-manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.6.2j-398"
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4"
      },
      {
        "model": "vesys",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "siveillance command",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.16.2.1"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.80"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2021-45046",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "CVE-2021-45046",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "VHN-408570",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2021-45046",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-45046",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202112-1065",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-408570",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-45046",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-408570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-45046"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 AffectedCVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 Affected. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache log4j2 has a denial of service vulnerability. When improperly configured, an attacker can exploit this vulnerability to cause a denial of service attack. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 2.16.0-1~deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.16.0-1~deb11u1. \n\nWe recommend that you upgrade your apache-log4j2 packages. \n\nFor the detailed security status of apache-log4j2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache-log4j2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG7FI5fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeSqOg//XOye7T/8PKOrrUtHFhH+w2dOC0GujwcIS2mhofVuZQTPYvM5uTZxDTuz\nrQN+T505t9QaP3sF05gXK6VI675HhgmF3d+vDEnhp8QpZX5HeJrmmX44FewZQAqP\nyMysAuwG1RJ0Qgs7NmppU/XJBnmhJLsqsW99kcDnNXS67D23e1nUqAEDME5baSoF\nVPc50Up/yh4DE28Jcs8Mh2cM8UqmeLEQJ8XC3IojQLhmOF1UBJuL4K0sEUqWtJeN\nTytHya2XdfIIZcRolHe6AUeiLP5JpitbqkVP+hEeruAvk8nTGsLi0HMbWxA9LLcB\nbB9KKJjf6xndRa/t/IXGMzwr883t5/YLdxbCFcGj9M4Bfj7SAhGdgnJHZaRt1quX\nVcqnu1pDHpdFuRX4t6oqF9R0uiBGeupZmGdb1y7os+FU2EbTRYU0rlnhfOsou0ex\nVh5sFKFDhgWUQoyuVUMh6eOZ7p92GTzbw5kPkvboa7Xdrs02m7ChLlh8f5ajRFrK\nWbAcwsBj6RK4dmtdvfO2sVEuRTpFQ3qtecwZUR0pqUIjJ+rfurSGmpPr3iOrBu2s\nROol/vLfW5uZd6RxSNbt3twPcwBaZagFQCcDY27Yz0sH6DlQUmWed1KJjbRaZ7fn\ncqjFisSZxu8d5VoAtjMSP8l95FoAm53r9Q1HCZvXqRhBjFNoYqE=\n=TNnt\n-----END PGP SIGNATURE-----\n. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html\n\n4. The purpose of this\ntext-only errata is to inform you about the security issues fixed in this\nrelease. \n\nInstallation instructions are available from the Fuse product documentation\npages:\n\nFuse 7.8:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.9:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.10:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\n4. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat Data Grid 8.2.3 security update\nAdvisory ID:       RHSA-2022:0205-01\nProduct:           Red Hat JBoss Data Grid\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0205\nIssue date:        2022-01-20\nCVE Names:         CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3]. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.2.3 server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release\nNotes[\u00b3] for patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=data.grid\u0026version=8.2\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL\nbJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI\nQBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa\n5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk\nN+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9\n/WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9\nB/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6\nEblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y\niy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD\nFX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K\nLpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd\nQiLGYFSmmLk=\n=y5SE\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      },
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "VULHUB",
        "id": "VHN-408570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-45046"
      },
      {
        "db": "PACKETSTORM",
        "id": "169180"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "db": "PACKETSTORM",
        "id": "165637"
      },
      {
        "db": "PACKETSTORM",
        "id": "165645"
      },
      {
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "db": "PACKETSTORM",
        "id": "165650"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-45046",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#930724",
        "trust": 2.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-661247",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-397453",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-479842",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-714170",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/14/4",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/18/1",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/15/3",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165333",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165649",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165645",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165343",
        "trust": 0.7
      },
      {
        "db": "LENOVO",
        "id": "LEN-76573",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122212",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042115",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022020815",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010517",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012731",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012443",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121651",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122726",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060708",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122119",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012730",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122018",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010632",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122814",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062006",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022032405",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022022126",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121516",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012501",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021123016",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010325",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012045",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022020602",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010421",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022011034",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022011226",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121720",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072076",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022021429",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060808",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022030923",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122307",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122908",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "166676",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "166677",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0332",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4257",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0086",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4187.6",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4295",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4186.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0247",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0199",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0240",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4186.4",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4302.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4198.4",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0090",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165637",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165329",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165650",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165632",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165636",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165326",
        "trust": 0.1
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-01776",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-408570",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-45046",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169180",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "VULHUB",
        "id": "VHN-408570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-45046"
      },
      {
        "db": "PACKETSTORM",
        "id": "169180"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "db": "PACKETSTORM",
        "id": "165637"
      },
      {
        "db": "PACKETSTORM",
        "id": "165645"
      },
      {
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "db": "PACKETSTORM",
        "id": "165650"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "id": "VAR-202112-0562",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-408570"
      }
    ],
    "trust": 0.74432915
  },
  "last_update_date": "2024-11-29T22:35:35.830000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apache Log4j Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=175394"
      },
      {
        "title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b88a8ce4fc53c3a45830bc6bbde8b01c"
      },
      {
        "title": "Debian Security Advisories: DSA-5022-1 apache-log4j2 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5ba53229ef5f408ed29126bd4f624def"
      },
      {
        "title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221296 - Security Advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221299 - Security Advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221297 - Security Advisory"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2021-1553",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1553"
      },
      {
        "title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c8b40ff47e1d31bee8b0fbdbdd4fe212"
      },
      {
        "title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=654a4f5a7bd1fdfd229558535923710b"
      },
      {
        "title": "IBM: Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization \u00e2\u20ac\u201c Apache Log4j \u00e2\u20ac\u201c [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1239b8de81ba381055ce95c571a45bea"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1731",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1731"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1730",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1730"
      },
      {
        "title": "Omada-Ansible",
        "trust": 0.1,
        "url": "https://github.com/kdpuvvadi/Omada-Ansible "
      },
      {
        "title": "CVE-2021-45046",
        "trust": 0.1,
        "url": "https://github.com/tejas-nagchandi/CVE-2021-45046 "
      },
      {
        "title": "Log4Shell",
        "trust": 0.1,
        "url": "https://github.com/r00thunter/Log4Shell "
      },
      {
        "title": "log4j-exploit-server",
        "trust": 0.1,
        "url": "https://github.com/lwollan/log4j-exploit-server "
      },
      {
        "title": "log4j2-intranet-scan",
        "trust": 0.1,
        "url": "https://github.com/k3rwin/log4j2-intranet-scan "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-45046"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-917",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-502",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-408570"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.kb.cert.org/vuls/id/930724"
      },
      {
        "trust": 1.7,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://logging.apache.org/log4j/2.x/security.html"
      },
      {
        "trust": 1.7,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032"
      },
      {
        "trust": 1.7,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2021/dsa-5022"
      },
      {
        "trust": 1.7,
        "url": "https://www.cve.org/cverecord?id=cve-2021-44228"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1"
      },
      {
        "trust": 1.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/"
      },
      {
        "trust": 1.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-45046"
      },
      {
        "trust": 1.0,
        "url": "https://security.gentoo.org/glsa/202310-16"
      },
      {
        "trust": 0.8,
        "url": "cve-2021-4104  "
      },
      {
        "trust": 0.8,
        "url": "cve-2021-44228  "
      },
      {
        "trust": 0.8,
        "url": "cve-2021-45046  "
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/"
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060808"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072076"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0086"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0240"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.4"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.3"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122212"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012731"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4302.3"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165649/red-hat-security-advisory-2022-0222-02.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122814"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165645/red-hat-security-advisory-2022-0205-02.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121720"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122018"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010632"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012730"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166676/red-hat-security-advisory-2022-1297-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0199"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010517"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022020602"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apache-log4j-denial-of-service-via-thread-context-message-pattern-37075"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4257"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165333/red-hat-security-advisory-2021-5106-04.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012501"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062006"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021123016"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165343/red-hat-security-advisory-2021-5107-06.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122726"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121516"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4295"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010325"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122908"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060708"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6527436"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022011226"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6528374"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022032405"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122119"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0332"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022030923"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4198.4"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6527886"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042115"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0090"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6526750"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022022126"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121651"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022021429"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4187.6"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022020815"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122307"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/product_security/len-76573"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012045"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166677/red-hat-security-advisory-2022-1296-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022011034"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012443"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010421"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0247"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-45105"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-44832"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-44228"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/apache-log4j2"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4104"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5148"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5106"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.09.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.10.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0203"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.08.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0083"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.eclipse.vertx\u0026version=4.1.8"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=data.grid\u0026version=8.2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0205"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0222"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0223"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "VULHUB",
        "id": "VHN-408570"
      },
      {
        "db": "PACKETSTORM",
        "id": "169180"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "db": "PACKETSTORM",
        "id": "165637"
      },
      {
        "db": "PACKETSTORM",
        "id": "165645"
      },
      {
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "db": "PACKETSTORM",
        "id": "165650"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "db": "VULHUB",
        "id": "VHN-408570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-45046"
      },
      {
        "db": "PACKETSTORM",
        "id": "169180"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "db": "PACKETSTORM",
        "id": "165637"
      },
      {
        "db": "PACKETSTORM",
        "id": "165645"
      },
      {
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "db": "PACKETSTORM",
        "id": "165650"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "date": "2021-12-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-408570"
      },
      {
        "date": "2021-12-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-45046"
      },
      {
        "date": "2021-12-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "169180"
      },
      {
        "date": "2021-12-16T15:25:46",
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "date": "2021-12-16T15:34:27",
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "date": "2022-01-20T17:49:05",
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "date": "2022-01-20T17:50:03",
        "db": "PACKETSTORM",
        "id": "165637"
      },
      {
        "date": "2022-01-20T18:11:03",
        "db": "PACKETSTORM",
        "id": "165645"
      },
      {
        "date": "2022-01-21T15:29:08",
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "date": "2022-01-21T15:29:54",
        "db": "PACKETSTORM",
        "id": "165650"
      },
      {
        "date": "2021-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "date": "2021-12-14T19:15:07.733000",
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-02-07T00:00:00",
        "db": "CERT/CC",
        "id": "VU#930724"
      },
      {
        "date": "2022-10-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-408570"
      },
      {
        "date": "2023-10-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-45046"
      },
      {
        "date": "2023-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      },
      {
        "date": "2024-11-21T06:31:51.470000",
        "db": "NVD",
        "id": "CVE-2021-45046"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1065"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Log4j allows insecure JNDI lookups",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#930724"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165333"
      },
      {
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "db": "PACKETSTORM",
        "id": "165637"
      },
      {
        "db": "PACKETSTORM",
        "id": "165645"
      },
      {
        "db": "PACKETSTORM",
        "id": "165649"
      },
      {
        "db": "PACKETSTORM",
        "id": "165650"
      }
    ],
    "trust": 0.7
  }
}

var-202112-0566
Vulnerability from variot

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. JIRA issues fixed (https://issues.jboss.org/):

LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Critical: Red Hat AMQ Streams 1.6.5 release and security update Advisory ID: RHSA-2021:5133-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:5133 Issue date: 2021-12-14 CVE Names: CVE-2021-44228 ==================================================================== 1. Summary:

Red Hat AMQ Streams 1.6.5 is now available from the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.

This release of Red Hat AMQ Streams 1.6.5 serves as a replacement for Red Hat AMQ Streams 1.6.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

  • log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link (you must log in to download the update).

  1. Bugs fixed (https://bugzilla.redhat.com/):

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

  1. References:

https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.streams&version=1.6.5 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYblJBNzjgjWX9erEAQgrQQ//cpcYDzrhPXM4+U+DMgmqnuVhobliJIZt dwIgEyX3jYfLfXZgzkDCnHdwUjJsVub12ielI3JkHsOnGU8faFmp1kEKBvub0Xdh EhjmyDGVSTvdcQyCn9+1z8BDddxLM8UjUBrqF6FrLe6OJcrZi5ICOlZB9sBJ9TKj s4HH3NWW/PSUM96X20TZXl2ah9rkWy+MBoa+jxhOX5Fzyil2Dhcv2LNPA8SfVIme hqN+pSCiQ4Ik1FKJ2wPUItPtTGdQQKVIVhh/RHvGQrIqNWFXWCQkyq4R2Ho2+Eip b5+XW/X0Mt5AkJo5Lz8TZEIjPSeILOy6ucf3fOVDSDUIA2wtdmBA/QV8XvNPtRzy zIUMMdKmuKfR6IF2N+05G6sJ0BWisMmz8hYVD/nBh4FF9HmUGP8wBaLrBMDpGhPE Qu59Ysh0/cdtCGY0O75QSa6RbDn6WyE56groY0i0JSSzrlA94ygSuNJ71nG5wz5I 9TdZqceCDDmR9/FsFgvtzNRaJXqq92/fJdHwTJ/qToutYRsBgEYPmCpNqMXBz59W oXs+VKtt2muYCe9WNDRO/1l9WAs6SO8FekvxcEripg8s1gofkvB4Xa7VkSkbrROZ qCyI4Rz1JSYX287LsQ+Z5E7f4ZchsAIggxOw6ovrnuXbT+rS4IVpwu6Os2AOYQHo 9Sch0c3lbGw=Ervs -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. ========================================================================= Ubuntu Security Notice USN-5192-2 December 17, 2021

apache-log4j2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 ESM

Summary:

Apache Log4j 2 could be made to crash or run programs as an administrator if it received a specially crafted input. This update provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 ESM: liblog4j2-java 2.4-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes. The purpose of this text-only errata is to inform you about the security issues fixed in this release.

Installation instructions are available from the Fuse product documentation pages:

Fuse 7.8: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications

Fuse 7.9: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications

Fuse 7.10: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications

VMware Unified Access Gateway VMware Carbon Black Workload Appliance VMware Site Recovery Manager, vSphere Replication VMware Tanzu GemFire VMware Tanzu GemFire for VMs VMware Tanzu Operations Manager VMware Tanzu Application Service for VMs VMware Horizon Agents Installer

You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0566",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "prime service catalog",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(2\\)"
      },
      {
        "model": "vesys",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.5.0"
      },
      {
        "model": "spectrum power 7",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.30"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.5\\(1\\)"
      },
      {
        "model": "network services orchestrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5.4.1"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "crosswork data gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.2"
      },
      {
        "model": "network services orchestrator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5"
      },
      {
        "model": "ucs director",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.8.2.0"
      },
      {
        "model": "crosswork optimization engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6\\(2\\)"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "webex meetings server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "xpedition enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2.3"
      },
      {
        "model": "log4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.12.2"
      },
      {
        "model": "video surveillance manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.14\\(3.025\\)"
      },
      {
        "model": "optical network controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.1.0"
      },
      {
        "model": "system debugger",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "unified workforce optimization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(000.001\\)"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.3\\(1\\)"
      },
      {
        "model": "siveillance vantage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.6"
      },
      {
        "model": "network services orchestrator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.6"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1.1"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "crosswork zero touch provisioning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.0"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(4.65000.14\\)"
      },
      {
        "model": "unified contact center express",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "dna center",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.2.0"
      },
      {
        "model": "crosswork network automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3.0"
      },
      {
        "model": "cloudcenter suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4\\(1\\)"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6\\(1\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.18900.97\\)"
      },
      {
        "model": "data center network manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.3\\(1\\)"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(4.66000.14\\)"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.5"
      },
      {
        "model": "customer experience cloud agent",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.12.1"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.2"
      },
      {
        "model": "network services orchestrator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.7.0"
      },
      {
        "model": "network services orchestrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.5.2"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1l\\)"
      },
      {
        "model": "cyber vision sensor management extension",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.3"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "snapcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.4.0"
      },
      {
        "model": "unified communications manager im \\\u0026 presence service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.0\\(1\\)"
      },
      {
        "model": "e-car operation center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.7"
      },
      {
        "model": "desigo cc info center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "virtualized infrastructure manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.4"
      },
      {
        "model": "intersight virtual appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.0.9-361"
      },
      {
        "model": "network insights for data center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(2.1914\\)"
      },
      {
        "model": "vm access proxy",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "snowsoftware",
        "version": "3.6"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1c\\)"
      },
      {
        "model": "virtualized infrastructure manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.0"
      },
      {
        "model": "wan automation engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.3.0.2"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6\\(2\\)"
      },
      {
        "model": "packaged contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6\\(1\\)"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.003.003"
      },
      {
        "model": "crosswork platform infrastructure",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.5"
      },
      {
        "model": "cloudcenter cost optimizer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5.2"
      },
      {
        "model": "virtualized infrastructure manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.4.0"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(2\\)"
      },
      {
        "model": "captial",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1.0"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.85"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.5.1.1"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "003.001\\(000.518\\)"
      },
      {
        "model": "oncommand insight",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "optical network controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(2\\)"
      },
      {
        "model": "video surveillance manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.14\\(4.018\\)"
      },
      {
        "model": "paging server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "14.4.1"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.3.2.1"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.3\\(1\\)"
      },
      {
        "model": "nx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "network assurance engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(2.1912\\)"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "log4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.15.0"
      },
      {
        "model": "virtual topology system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.6.6"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.0\\(1\\)"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.4.0"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "010.002\\(000\\)"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "unified communications manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "navigator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.5"
      },
      {
        "model": "mobility services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)"
      },
      {
        "model": "unified communications manager im and presence service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.2\\(1\\)"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.4"
      },
      {
        "model": "virtual topology system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.6.7"
      },
      {
        "model": "cyber vision sensor management extension",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "sppa-t3000 ses3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.000.001"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "9.0"
      },
      {
        "model": "opcenter intelligence",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2"
      },
      {
        "model": "business process automation",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.000.000"
      },
      {
        "model": "broadworks",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1.3"
      },
      {
        "model": "cloud secure agent",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "008.000.000"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2.1"
      },
      {
        "model": "unified intelligence center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "contact center domain manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "active iq unified manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(000.000\\)"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.1\\(1\\)"
      },
      {
        "model": "energy engage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "enterprise chat and email",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "crosswork network automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.0"
      },
      {
        "model": "dna center",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.3.0"
      },
      {
        "model": "rhythmyx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "percussion",
        "version": "7.3.2"
      },
      {
        "model": "cx cloud agent",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "001.012"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.007\\(000.356\\)"
      },
      {
        "model": "common services platform collector",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.9.1.3"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3.0"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.4"
      },
      {
        "model": "computer vision annotation tool",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.6"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "crosswork zero touch provisioning",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.1"
      },
      {
        "model": "cloudcenter suite admin",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.1"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "008.000.000.000.004"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0"
      },
      {
        "model": "nexus insights",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.2"
      },
      {
        "model": "unified sip proxy",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.2.1v2"
      },
      {
        "model": "desigo cc info center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0"
      },
      {
        "model": "finesse",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.4.0"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "006.005.000."
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.6.2.1"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.1"
      },
      {
        "model": "unified workforce optimization",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.1"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.0"
      },
      {
        "model": "business process automation",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.000.009"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1e\\)"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.0\\(2\\)"
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1d\\)"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1a\\)"
      },
      {
        "model": "solid edge harness design",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2020"
      },
      {
        "model": "solid edge harness design",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2020"
      },
      {
        "model": "cloud insights",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "log4j",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0"
      },
      {
        "model": "sensor solution development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "crosswork network controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.1"
      },
      {
        "model": "gma-manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.6.2j-398"
      },
      {
        "model": "business process automation",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.000.044"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "003.000\\(000.458\\)"
      },
      {
        "model": "prime service catalog",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1"
      },
      {
        "model": "crosswork optimization engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0.1"
      },
      {
        "model": "vesys",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "siveillance viewpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.5"
      },
      {
        "model": "automated subsea tuning",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1.0"
      },
      {
        "model": "log4j",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.4.0"
      },
      {
        "model": "crosswork data gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "14.0\\(1\\)"
      },
      {
        "model": "dna center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.3.4"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.4"
      },
      {
        "model": "ucs central",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1p\\)"
      },
      {
        "model": "email security",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "10.0.12"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.3"
      },
      {
        "model": "synchro",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "bentley",
        "version": "6.1"
      },
      {
        "model": "sentron powermanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "dna spaces",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "crosswork network automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.0"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "spectrum power 4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.70"
      },
      {
        "model": "automated subsea tuning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "02.01.00"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.6.1"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "010.000\\(001\\)"
      },
      {
        "model": "comos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1b\\)"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.6.0"
      },
      {
        "model": "unity connection",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "sentron powermanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1"
      },
      {
        "model": "logo\\! soft comfort",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "evolved programmable network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.18119.2\\)"
      },
      {
        "model": "network assurance engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.2"
      },
      {
        "model": "emergency responder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(4\\)"
      },
      {
        "model": "log4j",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.13.0"
      },
      {
        "model": "cloudcenter suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.10\\(0.15\\)"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2.2"
      },
      {
        "model": "dna center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.2.8"
      },
      {
        "model": "secure device onboard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "solid edge cam pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0.0"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "010.002\\(001\\)"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(2\\)"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.3.4.1"
      },
      {
        "model": "log4j",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.1"
      },
      {
        "model": "energyip prepay",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.7"
      },
      {
        "model": "audio development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(001.001\\)"
      },
      {
        "model": "video surveillance manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.14\\(1.26\\)"
      },
      {
        "model": "xpedition package integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "genomics kernel library",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.003.001.001"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1g\\)"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "003.002\\(000.116\\)"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1h\\)"
      },
      {
        "model": "business process automation",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.000.115"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.2"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "connected mobile experiences",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cloudcenter workload manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5.2"
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.10000.6\\)"
      },
      {
        "model": "spectrum power 7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.30"
      },
      {
        "model": "fog director",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "network services orchestrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.6.3.1"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(001.002\\)"
      },
      {
        "model": "log4j",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "006.005.000.000"
      },
      {
        "model": "enterprise chat and email",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "smart phy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "21.3"
      },
      {
        "model": "contact center management portal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "crosswork network automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1.0"
      },
      {
        "model": "unified customer voice portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "data center manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5.1"
      },
      {
        "model": "crosswork platform infrastructure",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1.0"
      },
      {
        "model": "cloudcenter suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5\\(0\\)"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.001.000"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.22900.28\\)"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "dna spaces connector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0"
      },
      {
        "model": "synchro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "bentley",
        "version": "6.4.3.2"
      },
      {
        "model": "energyip",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.7"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(000.002\\)"
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.4"
      },
      {
        "model": "business process automation",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.000.000"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.006\\(000.156\\)"
      },
      {
        "model": "snow commander",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "snowsoftware",
        "version": "8.10.0"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.4\\(1\\)"
      },
      {
        "model": "network services orchestrator",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.5.1"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.5.0"
      },
      {
        "model": "energyip prepay",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.8"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "unified communications manager im \\\u0026 presence service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.22900.6\\)"
      },
      {
        "model": "head-end system universal device integration system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)su3"
      },
      {
        "model": "unified sip proxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "010.000\\(000\\)"
      },
      {
        "model": "industrial edge management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "cloudcenter suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3\\(0\\)"
      },
      {
        "model": "industrial edge management hub",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-13"
      },
      {
        "model": "oneapi sample browser",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "virtualized voice browser",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "operation scheduler",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.3"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.4.2.1"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(1\\)"
      },
      {
        "model": "advanced malware protection virtual private cloud appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.5.4"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.003\\(002.000\\)"
      },
      {
        "model": "synchro 4d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "bentley",
        "version": "6.2.4.2"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "mendix",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.6.0"
      },
      {
        "model": "siveillance identity",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "unified customer voice portal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.6"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.4\\(1\\)"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.21900.40\\)"
      },
      {
        "model": "common services platform collector",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.10.0"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.004\\(000.914\\)"
      },
      {
        "model": "wan automation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "siveillance control pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "system studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "integrated management controller supervisor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.3.2.0"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.3"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1f\\)"
      },
      {
        "model": "intersight virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.0.9-343"
      },
      {
        "model": "teamcenter",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "captial",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2019.1"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "dna spaces\\: connector",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.5"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "006.004.000.003"
      },
      {
        "model": "video surveillance operations manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.14.4"
      },
      {
        "model": "enterprise chat and email",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0\\(1\\)"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5"
      },
      {
        "model": "firepower threat defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0.0"
      },
      {
        "model": "ontap tools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "sd-wan vmanage",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.6"
      },
      {
        "model": "dna center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1.2.8"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.7.0"
      },
      {
        "model": "sd-wan vmanage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "20.8"
      },
      {
        "model": "mindsphere",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2021-12-11"
      },
      {
        "model": "cloudcenter",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.10.0.16"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "cloudcenter suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.5\\(1\\)"
      },
      {
        "model": "identity services engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.4.0"
      },
      {
        "model": "unified contact center management portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "crosswork network automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1.1"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1.17900.52\\)"
      },
      {
        "model": "spectrum power 4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.70"
      },
      {
        "model": "unified communications manager im and presence service",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(1\\)"
      },
      {
        "model": "crosswork network controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.0.0"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.010\\(000.000\\)"
      },
      {
        "model": "video surveillance manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.14\\(2.26\\)"
      },
      {
        "model": "network services orchestrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "broadworks",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2021.11_1.162"
      },
      {
        "model": "smart phy",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.1"
      },
      {
        "model": "cyber vision",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.2"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.002.000"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.5\\(2\\)"
      },
      {
        "model": "iot operations dashboard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus dashboard",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.1.2"
      },
      {
        "model": "siguard dsa",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.3"
      },
      {
        "model": "ucs central software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1k\\)"
      },
      {
        "model": "common services platform collector",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.10.0.1"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.1.0"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.1\\(1\\)"
      },
      {
        "model": "network dashboard fabric controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.5\\(3\\)"
      },
      {
        "model": "cloud connect",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "desigo cc advanced reports",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.1"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "002.009\\(001.000\\)"
      },
      {
        "model": "xcode",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.3"
      },
      {
        "model": "data center network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.3\\(1\\)"
      },
      {
        "model": "dna center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.2.8"
      },
      {
        "model": "enterprise chat and email",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6\\(1\\)"
      },
      {
        "model": "connected analytics for network deployment",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "007.003.000"
      },
      {
        "model": "workload optimization manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.2.1"
      },
      {
        "model": "siveillance command",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.16.2.1"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "006.008\\(001.000\\)"
      },
      {
        "model": "fxos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2.3"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.80"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165295"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "db": "PACKETSTORM",
        "id": "165289"
      },
      {
        "db": "PACKETSTORM",
        "id": "165297"
      },
      {
        "db": "PACKETSTORM",
        "id": "165298"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165632"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2021-44228",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-44228",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-407408",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-44228",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-44228",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202112-799",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-407408",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-44228",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-44228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Critical: Red Hat AMQ Streams 1.6.5 release and security update\nAdvisory ID:       RHSA-2021:5133-01\nProduct:           Red Hat JBoss AMQ\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:5133\nIssue date:        2021-12-14\nCVE Names:         CVE-2021-44228\n====================================================================\n1. Summary:\n\nRed Hat AMQ Streams 1.6.5 is now available from the Red Hat Customer\nPortal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.6.5 serves as a replacement for Red\nHat AMQ Streams 1.6.4, and includes security and bug fixes, and\nenhancements. For further information, refer to the release notes linked to\nin the References section. \n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44228\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.6.5\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYblJBNzjgjWX9erEAQgrQQ//cpcYDzrhPXM4+U+DMgmqnuVhobliJIZt\ndwIgEyX3jYfLfXZgzkDCnHdwUjJsVub12ielI3JkHsOnGU8faFmp1kEKBvub0Xdh\nEhjmyDGVSTvdcQyCn9+1z8BDddxLM8UjUBrqF6FrLe6OJcrZi5ICOlZB9sBJ9TKj\ns4HH3NWW/PSUM96X20TZXl2ah9rkWy+MBoa+jxhOX5Fzyil2Dhcv2LNPA8SfVIme\nhqN+pSCiQ4Ik1FKJ2wPUItPtTGdQQKVIVhh/RHvGQrIqNWFXWCQkyq4R2Ho2+Eip\nb5+XW/X0Mt5AkJo5Lz8TZEIjPSeILOy6ucf3fOVDSDUIA2wtdmBA/QV8XvNPtRzy\nzIUMMdKmuKfR6IF2N+05G6sJ0BWisMmz8hYVD/nBh4FF9HmUGP8wBaLrBMDpGhPE\nQu59Ysh0/cdtCGY0O75QSa6RbDn6WyE56groY0i0JSSzrlA94ygSuNJ71nG5wz5I\n9TdZqceCDDmR9/FsFgvtzNRaJXqq92/fJdHwTJ/qToutYRsBgEYPmCpNqMXBz59W\noXs+VKtt2muYCe9WNDRO/1l9WAs6SO8FekvxcEripg8s1gofkvB4Xa7VkSkbrROZ\nqCyI4Rz1JSYX287LsQ+Z5E7f4ZchsAIggxOw6ovrnuXbT+rS4IVpwu6Os2AOYQHo\n9Sch0c3lbGw=Ervs\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. =========================================================================\nUbuntu Security Notice USN-5192-2\nDecember 17, 2021\n\napache-log4j2 vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nApache Log4j 2 could be made to crash or run programs as an administrator\nif it received a specially crafted input. This update provides\nthe corresponding update for Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run\n programs via a special crafted input. An attacker could use this vulnerability\n to cause a denial of service or possibly execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n  liblog4j2-java                  2.4-2ubuntu0.1~esm1\n\nIn general, a standard system update will make all the necessary changes. The purpose of this\ntext-only errata is to inform you about the security issues fixed in this\nrelease. \n\nInstallation instructions are available from the Fuse product documentation\npages:\n\nFuse 7.8:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.9:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.10:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\n4. \n\nVMware Unified Access Gateway\nVMware Carbon Black Workload Appliance\nVMware Site Recovery Manager, vSphere Replication\nVMware Tanzu GemFire\nVMware Tanzu GemFire for VMs\nVMware Tanzu Operations Manager\nVMware Tanzu Application Service for VMs\nVMware Horizon Agents Installer\n\nYou are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      },
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-44228"
      },
      {
        "db": "PACKETSTORM",
        "id": "165295"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "db": "PACKETSTORM",
        "id": "165289"
      },
      {
        "db": "PACKETSTORM",
        "id": "165297"
      },
      {
        "db": "PACKETSTORM",
        "id": "165298"
      },
      {
        "db": "PACKETSTORM",
        "id": "165324"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "db": "PACKETSTORM",
        "id": "165371"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-407408",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-44228",
        "trust": 3.0
      },
      {
        "db": "PACKETSTORM",
        "id": "165371",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165311",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165225",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165532",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165281",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165306",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165260",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165673",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165282",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167794",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167917",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165270",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165261",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165642",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165307",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-479842",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-714170",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-661247",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-397453",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/13/1",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/14/4",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/10/3",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/13/2",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/10/2",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/15/3",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/12/10/1",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#930724",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "171626",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165324",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165348",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165733",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166313",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "165279",
        "trust": 0.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "50592",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060708",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012045",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010629",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072076",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022021428",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071316",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022062001",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122212",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010908",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122403",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121720",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021123016",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010421",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031501",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122907",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012732",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121652",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121492",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010522",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121201",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121535",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122721",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122018",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022032006",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060808",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022011732",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122401",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121350",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022030923",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122811",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022020607",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022012439",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022011042",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022021807",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022010322",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122122",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0090",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0492",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4211",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4187.6",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0237",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4236",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0332",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0080",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4186.4",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4269",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4198",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4316",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4274",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0247",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1188",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4302.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4256.2",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2022120027",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2021120069",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2022080025",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2022010065",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-76573",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-357-02",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-034-01",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "51183",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165329",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165295",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165297",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165298",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165289",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165632",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165293",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165343",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165333",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165520",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165290",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165291",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165326",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165264",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "50590",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-407408",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-44228",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165286",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165287",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165288",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-44228"
      },
      {
        "db": "PACKETSTORM",
        "id": "165295"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "db": "PACKETSTORM",
        "id": "165289"
      },
      {
        "db": "PACKETSTORM",
        "id": "165297"
      },
      {
        "db": "PACKETSTORM",
        "id": "165298"
      },
      {
        "db": "PACKETSTORM",
        "id": "165324"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "db": "PACKETSTORM",
        "id": "165371"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "id": "VAR-202112-0566",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      }
    ],
    "trust": 0.7188405714285715
  },
  "last_update_date": "2024-11-29T19:32:10.142000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apache Log4j Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=174249"
      },
      {
        "title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-44228: Remote code injection via crafted log messages",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4eae9b09b97da57f4ca6103cc85ed4da"
      },
      {
        "title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b88a8ce4fc53c3a45830bc6bbde8b01c"
      },
      {
        "title": "Debian Security Advisories: DSA-5020-1 apache-log4j2 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=24c79c59809a2c5bcddc81889b23a6bc"
      },
      {
        "title": "Debian Security Advisories: DSA-5022-1 apache-log4j2 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5ba53229ef5f408ed29126bd4f624def"
      },
      {
        "title": "IBM: Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dbdfcf9d51b60adf542d500e515b9ba8"
      },
      {
        "title": "Red Hat: CVE-2021-44228",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-44228"
      },
      {
        "title": "IBM: An update on the Apache Log4j 2.x vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0648a3f00f067d373b069c4f2acd5db4"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2021-1553",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1553"
      },
      {
        "title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c8b40ff47e1d31bee8b0fbdbdd4fe212"
      },
      {
        "title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=654a4f5a7bd1fdfd229558535923710b"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1731",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1731"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1730",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1730"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-44228 log"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/canarieids/Zeek-Ubuntu-22.04 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/f5devcentral/f5-professional-services "
      },
      {
        "title": "Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet",
        "trust": 0.1,
        "url": "https://github.com/thedevappsecguy/Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet "
      },
      {
        "title": "spring-on-k8s",
        "trust": 0.1,
        "url": "https://github.com/AndriyKalashnykov/spring-on-k8s "
      },
      {
        "title": "jaygooby",
        "trust": 0.1,
        "url": "https://github.com/jaygooby/jaygooby "
      },
      {
        "title": "log4j-log4shell-playground",
        "trust": 0.1,
        "url": "https://github.com/rgl/log4j-log4shell-playground "
      },
      {
        "title": "Log4j",
        "trust": 0.1,
        "url": "https://github.com/kaganoglu/Log4j "
      },
      {
        "title": "trivy-cve-scan",
        "trust": 0.1,
        "url": "https://github.com/broadinstitute/trivy-cve-scan "
      },
      {
        "title": "test-44228",
        "trust": 0.1,
        "url": "https://github.com/datadavev/test-44228 "
      },
      {
        "title": "cve-2021-44228-helpers",
        "trust": 0.1,
        "url": "https://github.com/uint0/cve-2021-44228-helpers "
      },
      {
        "title": "log4j-vendor-list",
        "trust": 0.1,
        "url": "https://github.com/bizzarecontacts/log4j-vendor-list "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2021-44228 "
      },
      {
        "title": "log4shell",
        "trust": 0.1,
        "url": "https://github.com/0xsyr0/log4shell "
      },
      {
        "title": "cve-2021-44228-qingteng-online-patch",
        "trust": 0.1,
        "url": "https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch "
      },
      {
        "title": "cve-2021-44228",
        "trust": 0.1,
        "url": "https://github.com/corelight/cve-2021-44228 "
      },
      {
        "title": "Log4Shell-IOCs",
        "trust": 0.1,
        "url": "https://github.com/curated-intel/Log4Shell-IOCs "
      },
      {
        "title": "Sitecore.Solr-log4j-mitigation",
        "trust": 0.1,
        "url": "https://github.com/avwolferen/Sitecore.Solr-log4j-mitigation "
      },
      {
        "title": "check-log4j",
        "trust": 0.1,
        "url": "https://github.com/yahoo/check-log4j "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-44228"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-400",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-502",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-917",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/167917/mobileiron-log4shell-remote-command-execution.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165225/apache-log4j2-2.14.1-remote-code-execution.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165311/log4j-scan-extensive-scanner.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165371/vmware-security-advisory-2021-0028.4.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165532/log4shell-http-header-injection.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165642/vmware-vcenter-server-unauthenticated-log4shell-jndi-injection-remote-code-execution.html"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/165673/unifi-network-application-unauthenticated-log4shell-remote-code-execution.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.kb.cert.org/vuls/id/930724"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213189"
      },
      {
        "trust": 1.7,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2021/dsa-5020"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/mar/23"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/jul/11"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2022/dec/2"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/167794/open-xchange-app-suite-7.10.x-cross-site-scripting-command-injection.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/nu11secur1ty/cve-mitre/tree/main/cve-2021-44228"
      },
      {
        "trust": 1.7,
        "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165260/vmware-security-advisory-2021-0028.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165261/apache-log4j2-2.14.1-information-disclosure.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165270/apache-log4j2-2.14.1-remote-code-execution.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165281/log4j2-log4shell-regexes.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165282/log4j-payload-generator.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165306/l4sh-log4j-remote-code-execution.html"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/165307/log4j-remote-code-execution-word-bypassing.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/software-list.md"
      },
      {
        "trust": 1.7,
        "url": "https://logging.apache.org/log4j/2.x/security.html"
      },
      {
        "trust": 1.7,
        "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
      },
      {
        "trust": 1.7,
        "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
      },
      {
        "trust": 1.7,
        "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
      },
      {
        "trust": 1.6,
        "url": "http://packetstormsecurity.com/files/171626/ad-manager-plus-7122-remote-code-execution.html"
      },
      {
        "trust": 1.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-44228"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/cisagov/log4j-affected-db"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
      },
      {
        "trust": 0.9,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.9,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010908"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060808"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010629"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072076"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165733/red-hat-security-advisory-2022-0296-03.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6527216"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.4"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4316"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0080"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-44228"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6528268"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122212"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012732"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121201"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4302.3"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/50592"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2022080025"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022011042"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121720"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122018"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0237"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122811"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2022010065"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122401"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022011732"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022021807"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165324/ubuntu-security-notice-usn-5197-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021123016"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121350"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4211"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122122"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022062001"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122403"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122721"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010522"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010322"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2022120027"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6525816"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-357-02"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122907"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060708"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploit-db.com/exploits/51183"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022021428"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6526220"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apache-log4j-code-execution-via-jndi-remote-class-injection-37049"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4269"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213189"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012439"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022020607"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4256.2"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071316"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022032006"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0332"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022030923"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1188"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0492"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6526754"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2021120069"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0090"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4236"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121652"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6527330"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4198"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121492"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4187.6"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031501"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165279/ubuntu-security-notice-usn-5192-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165348/ubuntu-security-notice-usn-5192-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4274"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/product_security/len-76573"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022012045"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121535"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022010421"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0247"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3200"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-25013"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-35522"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-35524"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-27645"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-33574"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-13435"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-5827"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-24370"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-43527"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-14145"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-13751"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-25014"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-19603"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-25012"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-35521"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-35942"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-17594"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3572"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-12762"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-36086"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-22898"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-16135"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-36084"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-37136"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-17541"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3800"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-36087"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-36331"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3712"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-31535"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3445"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-22925"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-36330"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-20232"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-20266"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20838"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-22876"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-20231"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-36332"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-14155"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-36085"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-37137"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-21409"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-33560"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-17595"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3481"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-42574"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-25009"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-25010"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-35523"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-28153"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-13750"
      },
      {
        "trust": 0.3,
        "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3426"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-18218"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3580"
      },
      {
        "trust": 0.3,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-20317"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-43267"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-45046"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=1.8.4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5138"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3778"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23841"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5128"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23840"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3796"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5127"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5129"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=1.6.5"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5133"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5140"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/solutions/6577421"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5197-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-4104"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:5148"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5192-1"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5192-2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.09.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.10.0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-45105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0203"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.08.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44832"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/security/advisories/vmsa-2021-0028.html"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://lists.vmware.com/mailman/listinfo/security-announce."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "PACKETSTORM",
        "id": "165295"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "db": "PACKETSTORM",
        "id": "165289"
      },
      {
        "db": "PACKETSTORM",
        "id": "165297"
      },
      {
        "db": "PACKETSTORM",
        "id": "165298"
      },
      {
        "db": "PACKETSTORM",
        "id": "165324"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "db": "PACKETSTORM",
        "id": "165371"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-44228"
      },
      {
        "db": "PACKETSTORM",
        "id": "165295"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "db": "PACKETSTORM",
        "id": "165289"
      },
      {
        "db": "PACKETSTORM",
        "id": "165297"
      },
      {
        "db": "PACKETSTORM",
        "id": "165298"
      },
      {
        "db": "PACKETSTORM",
        "id": "165324"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "db": "PACKETSTORM",
        "id": "165371"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "date": "2021-12-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-44228"
      },
      {
        "date": "2021-12-15T15:26:54",
        "db": "PACKETSTORM",
        "id": "165295"
      },
      {
        "date": "2021-12-15T15:20:33",
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "date": "2021-12-15T15:20:43",
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "date": "2021-12-15T15:22:36",
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "date": "2021-12-15T15:23:16",
        "db": "PACKETSTORM",
        "id": "165289"
      },
      {
        "date": "2021-12-15T15:27:51",
        "db": "PACKETSTORM",
        "id": "165297"
      },
      {
        "date": "2021-12-15T15:28:00",
        "db": "PACKETSTORM",
        "id": "165298"
      },
      {
        "date": "2021-12-16T15:20:38",
        "db": "PACKETSTORM",
        "id": "165324"
      },
      {
        "date": "2021-12-16T15:25:46",
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "date": "2021-12-17T14:06:52",
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "date": "2022-01-20T17:49:05",
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "date": "2021-12-20T16:19:51",
        "db": "PACKETSTORM",
        "id": "165371"
      },
      {
        "date": "2021-12-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "date": "2021-12-10T10:15:09.143000",
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-407408"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-44228"
      },
      {
        "date": "2023-04-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      },
      {
        "date": "2024-11-21T06:30:38.047000",
        "db": "NVD",
        "id": "CVE-2021-44228"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165289"
      },
      {
        "db": "PACKETSTORM",
        "id": "165348"
      },
      {
        "db": "PACKETSTORM",
        "id": "165371"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Log4j Code problem vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-799"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165295"
      },
      {
        "db": "PACKETSTORM",
        "id": "165286"
      },
      {
        "db": "PACKETSTORM",
        "id": "165287"
      },
      {
        "db": "PACKETSTORM",
        "id": "165288"
      },
      {
        "db": "PACKETSTORM",
        "id": "165289"
      },
      {
        "db": "PACKETSTORM",
        "id": "165297"
      },
      {
        "db": "PACKETSTORM",
        "id": "165298"
      },
      {
        "db": "PACKETSTORM",
        "id": "165329"
      },
      {
        "db": "PACKETSTORM",
        "id": "165632"
      },
      {
        "db": "PACKETSTORM",
        "id": "165371"
      }
    ],
    "trust": 1.0
  }
}

cve-2024-41908
Vulnerability from cvelistv5
Published
2024-08-13 07:54
Modified
2024-08-13 13:49
Summary
A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:siemens:nx_1957_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:siemens:nx_1961_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:siemens:nx_1965_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:siemens:nx_1969_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:siemens:nx_1984_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:siemens:nx_1988_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nx_1988_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2406.3000",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41908",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T13:29:47.094197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T13:49:49.818Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "NX",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2406.3000",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in NX (All versions \u003c V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T07:54:28.985Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-357412.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-41908",
    "datePublished": "2024-08-13T07:54:28.985Z",
    "dateReserved": "2024-07-23T12:40:56.886Z",
    "dateUpdated": "2024-08-13T13:49:49.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-45046
Vulnerability from cvelistv5
Published
2021-12-14 16:55
Modified
2024-08-04 04:32
Severity ?
Summary
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032x_refsource_CONFIRM
https://www.oracle.com/security-alerts/alert-cve-2021-44228.htmlx_refsource_CONFIRM
https://www.cve.org/CVERecord?id=CVE-2021-44228x_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/12/14/4mailing-list, x_refsource_MLIST
https://logging.apache.org/log4j/2.x/security.htmlx_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/930724third-party-advisory, x_refsource_CERT-VN
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfx_refsource_CONFIRM
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.htmlx_refsource_CONFIRM
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdvendor-advisory, x_refsource_CISCO
http://www.openwall.com/lists/oss-security/2021/12/15/3mailing-list, x_refsource_MLIST
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdfx_refsource_CONFIRM
https://www.debian.org/security/2021/dsa-5022vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2021/12/18/1mailing-list, x_refsource_MLIST
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdfx_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfx_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/vendor-advisory, x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
https://security.gentoo.org/glsa/202310-16
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:13.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
          },
          {
            "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://logging.apache.org/log4j/2.x/security.html"
          },
          {
            "name": "VU#930724",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/930724"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
          },
          {
            "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
          },
          {
            "name": "DSA-5022",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5022"
          },
          {
            "name": "[oss-security] 20211218 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
          },
          {
            "name": "FEDORA-2021-5c9d12a93e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/"
          },
          {
            "name": "FEDORA-2021-abbe24e41c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202310-16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Log4j",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.16.0",
              "status": "affected",
              "version": "Apache Log4j2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "moderate (CVSS: 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-917",
              "description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-27T13:04:30.812Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
        },
        {
          "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "name": "VU#930724",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/930724"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
        },
        {
          "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
        },
        {
          "name": "DSA-5022",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5022"
        },
        {
          "name": "[oss-security] 20211218 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
        },
        {
          "name": "FEDORA-2021-5c9d12a93e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/"
        },
        {
          "name": "FEDORA-2021-abbe24e41c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://security.gentoo.org/glsa/202310-16"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-45046",
          "STATE": "PUBLIC",
          "TITLE": "Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Log4j",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Log4j2",
                            "version_value": "2.16.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "moderate (CVSS: 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
            },
            {
              "name": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
            },
            {
              "name": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
              "refsource": "MISC",
              "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
            },
            {
              "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
            },
            {
              "name": "https://logging.apache.org/log4j/2.x/security.html",
              "refsource": "CONFIRM",
              "url": "https://logging.apache.org/log4j/2.x/security.html"
            },
            {
              "name": "VU#930724",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
            },
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
            },
            {
              "name": "DSA-5022",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5022"
            },
            {
              "name": "[oss-security] 20211218 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
            },
            {
              "name": "FEDORA-2021-5c9d12a93e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/"
            },
            {
              "name": "FEDORA-2021-abbe24e41c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-45046",
    "datePublished": "2021-12-14T16:55:09",
    "dateReserved": "2021-12-14T00:00:00",
    "dateUpdated": "2024-08-04T04:32:13.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-44228
Vulnerability from cvelistv5
Published
2021-12-10 00:00
Modified
2024-08-04 04:17
Severity ?
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
https://logging.apache.org/log4j/2.x/security.html
http://www.openwall.com/lists/oss-security/2021/12/10/1mailing-list
http://www.openwall.com/lists/oss-security/2021/12/10/2mailing-list
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdvendor-advisory
http://www.openwall.com/lists/oss-security/2021/12/10/3mailing-list
https://security.netapp.com/advisory/ntap-20211210-0007/
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
https://www.debian.org/security/2021/dsa-5020vendor-advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/vendor-advisory
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/vendor-advisory
http://www.openwall.com/lists/oss-security/2021/12/13/2mailing-list
http://www.openwall.com/lists/oss-security/2021/12/13/1mailing-list
http://www.openwall.com/lists/oss-security/2021/12/14/4mailing-list
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdvendor-advisory
https://www.kb.cert.org/vuls/id/930724third-party-advisory
https://twitter.com/kurtseifried/status/1469345530182455296
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdvendor-advisory
http://www.openwall.com/lists/oss-security/2021/12/15/3mailing-list
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/vendor-advisory
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
https://www.oracle.com/security-alerts/cpujan2022.html
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2022/Mar/23mailing-list
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001
https://github.com/cisagov/log4j-affected-db
https://support.apple.com/kb/HT213189
https://www.oracle.com/security-alerts/cpuapr2022.html
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html
http://seclists.org/fulldisclosure/2022/Jul/11mailing-list
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html
http://seclists.org/fulldisclosure/2022/Dec/2mailing-list
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:17:24.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://logging.apache.org/log4j/2.x/security.html"
          },
          {
            "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
          },
          {
            "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
          },
          {
            "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
          },
          {
            "name": "DSA-5020",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5020"
          },
          {
            "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
          },
          {
            "name": "FEDORA-2021-f0f501d01f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
          },
          {
            "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
          },
          {
            "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
          },
          {
            "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
          },
          {
            "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
          },
          {
            "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "VU#930724",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/930724"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
          },
          {
            "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
          },
          {
            "name": "FEDORA-2021-66d6c484f3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
          },
          {
            "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cisagov/log4j-affected-db"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213189"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
          },
          {
            "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
          },
          {
            "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Log4j2",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.3.1",
                  "status": "unaffected"
                },
                {
                  "at": "2.4",
                  "status": "affected"
                },
                {
                  "at": "2.12.2",
                  "status": "unaffected"
                },
                {
                  "at": "2.13.0",
                  "status": "affected"
                },
                {
                  "at": "2.15.0",
                  "status": "unaffected"
                }
              ],
              "lessThan": "log4j-core*",
              "status": "affected",
              "version": "2.0-beta9",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "critical"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-03T00:00:00",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
        },
        {
          "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
        },
        {
          "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
        },
        {
          "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
        },
        {
          "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
        },
        {
          "name": "DSA-5020",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5020"
        },
        {
          "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
        },
        {
          "name": "FEDORA-2021-f0f501d01f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
        },
        {
          "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
        },
        {
          "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
        },
        {
          "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
        },
        {
          "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "VU#930724",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/930724"
        },
        {
          "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
        },
        {
          "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
        },
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
        },
        {
          "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
        },
        {
          "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
        },
        {
          "name": "FEDORA-2021-66d6c484f3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
        },
        {
          "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
        },
        {
          "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
        },
        {
          "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
        },
        {
          "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
        },
        {
          "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
        },
        {
          "url": "https://github.com/cisagov/log4j-affected-db"
        },
        {
          "url": "https://support.apple.com/kb/HT213189"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
        },
        {
          "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
        },
        {
          "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
        },
        {
          "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
        },
        {
          "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
        },
        {
          "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-44228",
    "datePublished": "2021-12-10T00:00:00",
    "dateReserved": "2021-11-26T00:00:00",
    "dateUpdated": "2024-08-04T04:17:24.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}