All the vulnerabilites related to Siemens - Opcenter Intelligence
var-202112-0566
Vulnerability from variot
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. JIRA issues fixed (https://issues.jboss.org/):
LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: Red Hat AMQ Streams 1.6.5 release and security update Advisory ID: RHSA-2021:5133-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:5133 Issue date: 2021-12-14 CVE Names: CVE-2021-44228 ==================================================================== 1. Summary:
Red Hat AMQ Streams 1.6.5 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 1.6.5 serves as a replacement for Red Hat AMQ Streams 1.6.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
- log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- References:
https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.streams&version=1.6.5 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYblJBNzjgjWX9erEAQgrQQ//cpcYDzrhPXM4+U+DMgmqnuVhobliJIZt dwIgEyX3jYfLfXZgzkDCnHdwUjJsVub12ielI3JkHsOnGU8faFmp1kEKBvub0Xdh EhjmyDGVSTvdcQyCn9+1z8BDddxLM8UjUBrqF6FrLe6OJcrZi5ICOlZB9sBJ9TKj s4HH3NWW/PSUM96X20TZXl2ah9rkWy+MBoa+jxhOX5Fzyil2Dhcv2LNPA8SfVIme hqN+pSCiQ4Ik1FKJ2wPUItPtTGdQQKVIVhh/RHvGQrIqNWFXWCQkyq4R2Ho2+Eip b5+XW/X0Mt5AkJo5Lz8TZEIjPSeILOy6ucf3fOVDSDUIA2wtdmBA/QV8XvNPtRzy zIUMMdKmuKfR6IF2N+05G6sJ0BWisMmz8hYVD/nBh4FF9HmUGP8wBaLrBMDpGhPE Qu59Ysh0/cdtCGY0O75QSa6RbDn6WyE56groY0i0JSSzrlA94ygSuNJ71nG5wz5I 9TdZqceCDDmR9/FsFgvtzNRaJXqq92/fJdHwTJ/qToutYRsBgEYPmCpNqMXBz59W oXs+VKtt2muYCe9WNDRO/1l9WAs6SO8FekvxcEripg8s1gofkvB4Xa7VkSkbrROZ qCyI4Rz1JSYX287LsQ+Z5E7f4ZchsAIggxOw6ovrnuXbT+rS4IVpwu6Os2AOYQHo 9Sch0c3lbGw=Ervs -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. ========================================================================= Ubuntu Security Notice USN-5192-2 December 17, 2021
apache-log4j2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Apache Log4j 2 could be made to crash or run programs as an administrator if it received a specially crafted input. This update provides the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: liblog4j2-java 2.4-2ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse product documentation pages:
Fuse 7.8: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
Fuse 7.9: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
Fuse 7.10: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
VMware Unified Access Gateway VMware Carbon Black Workload Appliance VMware Site Recovery Manager, vSphere Replication VMware Tanzu GemFire VMware Tanzu GemFire for VMs VMware Tanzu Operations Manager VMware Tanzu Application Service for VMs VMware Horizon Agents Installer
You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0566", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "prime service catalog", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.1" }, { "model": "unified intelligence center", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(2\\)" }, { "model": "vesys", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.5.0" }, { "model": "spectrum power 7", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.30" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "8.5\\(1\\)" }, { "model": "network services orchestrator", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.5.4.1" }, { "model": "packaged contact center enterprise", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.6" }, { "model": "crosswork data gateway", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.0.2" }, { "model": "network services orchestrator", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "5.5" }, { "model": "ucs director", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.8.2.0" }, { "model": "crosswork optimization engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0.0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.6\\(2\\)" }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.0" }, { "model": "webex meetings server", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.0" }, { "model": "xpedition enterprise", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.2.3" }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.12.2" }, { "model": "video surveillance manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.14\\(3.025\\)" }, { "model": "optical network controller", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "1.1.0" }, { "model": "system debugger", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "unified workforce optimization", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(000.001\\)" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.3\\(1\\)" }, { "model": "siveillance vantage", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.6" }, { "model": "network services orchestrator", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "5.6" }, { "model": "evolved programmable network manager", "scope": "lte", "trust": 1.0, "vendor": "cisco", "version": "4.1.1" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "crosswork zero touch provisioning", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0.0" }, { "model": "emergency responder", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(4.65000.14\\)" }, { "model": "unified contact center express", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "dna center", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "2.2.2.0" }, { "model": "crosswork network automation", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.3.0" }, { "model": "cloudcenter suite", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.4\\(1\\)" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.6\\(1\\)" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.18900.97\\)" }, { "model": "data center network manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.3\\(1\\)" }, { "model": "emergency responder", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(4.66000.14\\)" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.1.5" }, { "model": "customer experience cloud agent", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "1.12.1" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.1.2" }, { "model": "network services orchestrator", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "5.4" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.7.0" }, { "model": "network services orchestrator", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.4.5.2" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1l\\)" }, { "model": "cyber vision sensor management extension", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "4.0.3" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.3" }, { "model": "snapcenter", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.4.0" }, { "model": "unified communications manager im \\\u0026 presence service", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.0\\(1\\)" }, { "model": "e-car operation center", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.7" }, { "model": "desigo cc info center", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "virtualized infrastructure manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.4.4" }, { "model": "intersight virtual appliance", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "1.0.9-361" }, { "model": "network insights for data center", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(2.1914\\)" }, { "model": "vm access proxy", "scope": "lt", "trust": 1.0, "vendor": "snowsoftware", "version": "3.6" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1c\\)" }, { "model": "virtualized infrastructure manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.2.0" }, { "model": "wan automation engine", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.3.0.2" }, { "model": "unified contact center enterprise", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.6\\(2\\)" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.6\\(1\\)" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.003.003" }, { "model": "crosswork platform infrastructure", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "4.0.1" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.5" }, { "model": "cloudcenter cost optimizer", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.5.2" }, { "model": "virtualized infrastructure manager", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "3.4.0" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(2\\)" }, { "model": "captial", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "unity connection", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.1.0" }, { "model": "sipass integrated", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.85" }, { "model": "sd-wan vmanage", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "20.5.1.1" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "003.001\\(000.518\\)" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "optical network controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "1.1" }, { "model": "unified contact center express", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(2\\)" }, { "model": "video surveillance manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.14\\(4.018\\)" }, { "model": "paging server", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "14.4.1" }, { "model": "integrated management controller supervisor", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.3.2.1" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "8.3\\(1\\)" }, { "model": "nx", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "network assurance engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(2.1912\\)" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.0\\(1\\)" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.2.3" }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.15.0" }, { "model": "virtual topology system", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.6.6" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "9.0\\(1\\)" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.4.0" }, { "model": "unified sip proxy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "010.002\\(000\\)" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.6" }, { "model": "unified communications manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "navigator", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "sd-wan vmanage", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "20.5" }, { "model": "mobility services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.0\\(1\\)" }, { "model": "unified communications manager im and presence service", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.2\\(1\\)" }, { "model": "sd-wan vmanage", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "20.4" }, { "model": "virtual topology system", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.6.7" }, { "model": "cyber vision sensor management extension", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.0.2" }, { "model": "sppa-t3000 ses3000", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.000.001" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "9.0" }, { "model": "opcenter intelligence", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "business process automation", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "3.2.000.000" }, { "model": "broadworks", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.0" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.1.3" }, { "model": "cloud secure agent", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "siveillance identity", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.6" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "008.000.000" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.2.1" }, { "model": "unified intelligence center", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "contact center domain manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(000.000\\)" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.1\\(1\\)" }, { "model": "energy engage", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "enterprise chat and email", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.0\\(1\\)" }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.1" }, { "model": "crosswork network automation", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0.0" }, { "model": "dna center", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "2.2.3.0" }, { "model": "rhythmyx", "scope": "lte", "trust": 1.0, "vendor": "percussion", "version": "7.3.2" }, { "model": "cx cloud agent", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "001.012" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.007\\(000.356\\)" }, { "model": "common services platform collector", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.9.1.3" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.3.0" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.1.4" }, { "model": "computer vision annotation tool", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.6" }, { "model": "unified contact center express", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "crosswork zero touch provisioning", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.0.1" }, { "model": "cloudcenter suite admin", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.3.1" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "008.000.000.000.004" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.0" }, { "model": "nexus insights", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.0.2" }, { "model": "unified sip proxy", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "10.2.1v2" }, { "model": "desigo cc info center", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "finesse", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.3" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.4.0" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "006.005.000." }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.6" }, { "model": "sd-wan vmanage", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "20.6.2.1" }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.1" }, { "model": "unified workforce optimization", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.2.1" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "business process automation", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.2.000.009" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1e\\)" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "9.0\\(2\\)" }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1d\\)" }, { "model": "finesse", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1a\\)" }, { "model": "solid edge harness design", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2020" }, { "model": "solid edge harness design", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2020" }, { "model": "cloud insights", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "log4j", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0" }, { "model": "sensor solution development kit", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "crosswork network controller", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.0.1" }, { "model": "gma-manager", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "8.6.2j-398" }, { "model": "business process automation", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.1.000.044" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "003.000\\(000.458\\)" }, { "model": "prime service catalog", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.1" }, { "model": "crosswork optimization engine", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.0.1" }, { "model": "vesys", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "siveillance viewpoint", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.5" }, { "model": "automated subsea tuning", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.1.0" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.4.0" }, { "model": "crosswork data gateway", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "14.0\\(1\\)" }, { "model": "dna center", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.2.3.4" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.4" }, { "model": "ucs central", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1p\\)" }, { "model": "email security", "scope": "lt", "trust": 1.0, "vendor": "sonicwall", "version": "10.0.12" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.1.3" }, { "model": "synchro", "scope": "gte", "trust": 1.0, "vendor": "bentley", "version": "6.1" }, { "model": "sentron powermanager", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "dna spaces", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "crosswork network automation", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0.0" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.5" }, { "model": "spectrum power 4", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.70" }, { "model": "automated subsea tuning", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "02.01.00" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.6.1" }, { "model": "unified sip proxy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "010.000\\(001\\)" }, { "model": "comos", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1b\\)" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.6.0" }, { "model": "unity connection", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "sentron powermanager", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0" }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.1" }, { "model": "logo\\! soft comfort", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "evolved programmable network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.18119.2\\)" }, { "model": "network assurance engine", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.0.2" }, { "model": "emergency responder", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(4\\)" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.13.0" }, { "model": "cloudcenter suite", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.10\\(0.15\\)" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.2.2" }, { "model": "dna center", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.2.2.8" }, { "model": "secure device onboard", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "solid edge cam pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.0.0" }, { "model": "unified sip proxy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "010.002\\(001\\)" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(2\\)" }, { "model": "sd-wan vmanage", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "20.3.4.1" }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.3.1" }, { "model": "energyip prepay", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.7" }, { "model": "audio development kit", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(001.001\\)" }, { "model": "video surveillance manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.14\\(1.26\\)" }, { "model": "xpedition package integrator", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "genomics kernel library", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.003.001.001" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1g\\)" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "003.002\\(000.116\\)" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1h\\)" }, { "model": "business process automation", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.0.000.115" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "connected mobile experiences", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "cloudcenter workload manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.5.2" }, { "model": "unity connection", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.10000.6\\)" }, { "model": "spectrum power 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.30" }, { "model": "fog director", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "network services orchestrator", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.6.3.1" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(001.002\\)" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "006.005.000.000" }, { "model": "enterprise chat and email", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "smart phy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "21.3" }, { "model": "contact center management portal", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "crosswork network automation", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.1.0" }, { "model": "unified customer voice portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "data center manager", "scope": "lt", "trust": 1.0, "vendor": "intel", "version": "5.1" }, { "model": "crosswork platform infrastructure", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.1.0" }, { "model": "cloudcenter suite", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.5\\(0\\)" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.001.000" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.22900.28\\)" }, { "model": "unified contact center express", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "dna spaces connector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "synchro", "scope": "lt", "trust": 1.0, "vendor": "bentley", "version": "6.4.3.2" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.7" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(000.002\\)" }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4" }, { "model": "business process automation", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "3.1.000.000" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.006\\(000.156\\)" }, { "model": "snow commander", "scope": "lt", "trust": 1.0, "vendor": "snowsoftware", "version": "8.10.0" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "8.4\\(1\\)" }, { "model": "network services orchestrator", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "5.3.5.1" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.5.0" }, { "model": "energyip prepay", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.8" }, { "model": "cloud manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "unified communications manager im \\\u0026 presence service", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.22900.6\\)" }, { "model": "head-end system universal device integration system", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)su3" }, { "model": "unified sip proxy", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "010.000\\(000\\)" }, { "model": "industrial edge management", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "webex meetings server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.0" }, { "model": "cloudcenter suite", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.3\\(0\\)" }, { "model": "industrial edge management hub", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "oneapi sample browser", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "virtualized voice browser", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "operation scheduler", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "1.1.3" }, { "model": "sd-wan vmanage", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "20.4.2.1" }, { "model": "finesse", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(1\\)" }, { "model": "advanced malware protection virtual private cloud appliance", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.5.4" }, { "model": "integrated management controller supervisor", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.003\\(002.000\\)" }, { "model": "synchro 4d", "scope": "lt", "trust": 1.0, "vendor": "bentley", "version": "6.2.4.2" }, { "model": "unified intelligence center", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "mendix", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.6.0" }, { "model": "siveillance identity", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "unified customer voice portal", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.6" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.4\\(1\\)" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.21900.40\\)" }, { "model": "common services platform collector", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "2.10.0" }, { "model": "identity services engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.004\\(000.914\\)" }, { "model": "wan automation engine", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.4" }, { "model": "siveillance control pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "system studio", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "integrated management controller supervisor", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.3.2.0" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.3" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1f\\)" }, { "model": "intersight virtual appliance", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "1.0.9-343" }, { "model": "teamcenter", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "captial", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "dna spaces\\: connector", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.5" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "006.004.000.003" }, { "model": "video surveillance operations manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.14.4" }, { "model": "enterprise chat and email", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.0\\(1\\)" }, { "model": "emergency responder", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5" }, { "model": "firepower threat defense", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.0.0" }, { "model": "ontap tools", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "sd-wan vmanage", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "20.6" }, { "model": "dna center", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.1.2.8" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.7.0" }, { "model": "sd-wan vmanage", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "20.8" }, { "model": "mindsphere", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-11" }, { "model": "cloudcenter", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "4.10.0.16" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "cloudcenter suite", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.5\\(1\\)" }, { "model": "identity services engine", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.4.0" }, { "model": "unified contact center management portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "crosswork network automation", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.1.1" }, { "model": "unified communications manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1.17900.52\\)" }, { "model": "spectrum power 4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.70" }, { "model": "unified communications manager im and presence service", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(1\\)" }, { "model": "crosswork network controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "3.0.0" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.010\\(000.000\\)" }, { "model": "video surveillance manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.14\\(2.26\\)" }, { "model": "network services orchestrator", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "broadworks", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2021.11_1.162" }, { "model": "smart phy", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.2.1" }, { "model": "cyber vision", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "4.0.2" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.002.000" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.5\\(2\\)" }, { "model": "iot operations dashboard", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "nexus dashboard", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.1.2" }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "ucs central software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2.0\\(1k\\)" }, { "model": "common services platform collector", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.10.0.1" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "7.1.0" }, { "model": "paging server", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "9.1\\(1\\)" }, { "model": "network dashboard fabric controller", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.5\\(3\\)" }, { "model": "cloud connect", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "common services platform collector", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "002.009\\(001.000\\)" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.3" }, { "model": "data center network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "11.3\\(1\\)" }, { "model": "dna center", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.2.2.8" }, { "model": "enterprise chat and email", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "12.6\\(1\\)" }, { "model": "connected analytics for network deployment", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "007.003.000" }, { "model": "workload optimization manager", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.2.1" }, { "model": "siveillance command", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.16.2.1" }, { "model": "unified computing system", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "006.008\\(001.000\\)" }, { "model": "fxos", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.2.3" }, { "model": "sipass integrated", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.80" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-44228" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "165295" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165287" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "165289" }, { "db": "PACKETSTORM", "id": "165297" }, { "db": "PACKETSTORM", "id": "165298" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165632" } ], "trust": 0.9 }, "cve": "CVE-2021-44228", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2021-44228", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-407408", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-44228", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-44228", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202112-799", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-407408", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-44228", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-407408" }, { "db": "VULMON", "id": "CVE-2021-44228" }, { "db": "CNNVD", "id": "CNNVD-202112-799" }, { "db": "NVD", "id": "CVE-2021-44228" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Critical: Red Hat AMQ Streams 1.6.5 release and security update\nAdvisory ID: RHSA-2021:5133-01\nProduct: Red Hat JBoss AMQ\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:5133\nIssue date: 2021-12-14\nCVE Names: CVE-2021-44228\n====================================================================\n1. Summary:\n\nRed Hat AMQ Streams 1.6.5 is now available from the Red Hat Customer\nPortal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.6.5 serves as a replacement for Red\nHat AMQ Streams 1.6.4, and includes security and bug fixes, and\nenhancements. For further information, refer to the release notes linked to\nin the References section. \n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44228\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.6.5\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYblJBNzjgjWX9erEAQgrQQ//cpcYDzrhPXM4+U+DMgmqnuVhobliJIZt\ndwIgEyX3jYfLfXZgzkDCnHdwUjJsVub12ielI3JkHsOnGU8faFmp1kEKBvub0Xdh\nEhjmyDGVSTvdcQyCn9+1z8BDddxLM8UjUBrqF6FrLe6OJcrZi5ICOlZB9sBJ9TKj\ns4HH3NWW/PSUM96X20TZXl2ah9rkWy+MBoa+jxhOX5Fzyil2Dhcv2LNPA8SfVIme\nhqN+pSCiQ4Ik1FKJ2wPUItPtTGdQQKVIVhh/RHvGQrIqNWFXWCQkyq4R2Ho2+Eip\nb5+XW/X0Mt5AkJo5Lz8TZEIjPSeILOy6ucf3fOVDSDUIA2wtdmBA/QV8XvNPtRzy\nzIUMMdKmuKfR6IF2N+05G6sJ0BWisMmz8hYVD/nBh4FF9HmUGP8wBaLrBMDpGhPE\nQu59Ysh0/cdtCGY0O75QSa6RbDn6WyE56groY0i0JSSzrlA94ygSuNJ71nG5wz5I\n9TdZqceCDDmR9/FsFgvtzNRaJXqq92/fJdHwTJ/qToutYRsBgEYPmCpNqMXBz59W\noXs+VKtt2muYCe9WNDRO/1l9WAs6SO8FekvxcEripg8s1gofkvB4Xa7VkSkbrROZ\nqCyI4Rz1JSYX287LsQ+Z5E7f4ZchsAIggxOw6ovrnuXbT+rS4IVpwu6Os2AOYQHo\n9Sch0c3lbGw=Ervs\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. =========================================================================\nUbuntu Security Notice USN-5192-2\nDecember 17, 2021\n\napache-log4j2 vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nApache Log4j 2 could be made to crash or run programs as an administrator\nif it received a specially crafted input. This update provides\nthe corresponding update for Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run\n programs via a special crafted input. An attacker could use this vulnerability\n to cause a denial of service or possibly execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n liblog4j2-java 2.4-2ubuntu0.1~esm1\n\nIn general, a standard system update will make all the necessary changes. The purpose of this\ntext-only errata is to inform you about the security issues fixed in this\nrelease. \n\nInstallation instructions are available from the Fuse product documentation\npages:\n\nFuse 7.8:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.9:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.10:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\n4. \n\nVMware Unified Access Gateway\nVMware Carbon Black Workload Appliance\nVMware Site Recovery Manager, vSphere Replication\nVMware Tanzu GemFire\nVMware Tanzu GemFire for VMs\nVMware Tanzu Operations Manager\nVMware Tanzu Application Service for VMs\nVMware Horizon Agents Installer\n\nYou are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce", "sources": [ { "db": "NVD", "id": "CVE-2021-44228" }, { "db": "VULHUB", "id": "VHN-407408" }, { "db": "VULMON", "id": "CVE-2021-44228" }, { "db": "PACKETSTORM", "id": "165295" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165287" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "165289" }, { "db": "PACKETSTORM", "id": "165297" }, { "db": "PACKETSTORM", "id": "165298" }, { "db": "PACKETSTORM", "id": "165324" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165348" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165371" } ], "trust": 2.16 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-407408", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-407408" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44228", "trust": 3.0 }, { "db": "PACKETSTORM", "id": "165371", "trust": 1.8 }, { "db": "PACKETSTORM", "id": "165311", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165225", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165532", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165281", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165306", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165260", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165673", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165282", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "167794", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "167917", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165270", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165261", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165642", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165307", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-479842", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-714170", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-661247", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-397453", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/13/1", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/14/4", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/10/3", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/13/2", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/10/2", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/15/3", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/10/1", "trust": 1.7 }, { "db": "CERT/CC", "id": "VU#930724", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "171626", "trust": 1.6 }, { "db": "PACKETSTORM", "id": "165324", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "165348", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "165733", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166313", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "165279", "trust": 0.7 }, { "db": "EXPLOIT-DB", "id": "50592", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022060708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012045", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010629", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022072076", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022021428", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071316", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022062001", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122212", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010908", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122403", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121720", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021123016", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010421", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031501", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122907", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012732", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121652", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121492", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010522", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121201", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121535", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122721", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122018", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022032006", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060808", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011732", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122401", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121350", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022030923", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122811", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022020607", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012439", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011042", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022021807", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010322", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122122", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0090", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0492", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4211", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4187.6", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0237", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4236", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0332", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0080", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4186.4", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4269", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4198", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4316", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4274", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0247", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1188", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4302.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4256.2", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022120027", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2021120069", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022080025", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022010065", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-76573", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-357-02", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-034-01", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "51183", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-799", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165329", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165295", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165297", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165298", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165289", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165632", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165293", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165343", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165333", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165285", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165290", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165291", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165326", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165264", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "50590", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-407408", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-44228", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165286", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165287", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165288", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-407408" }, { "db": "VULMON", "id": "CVE-2021-44228" }, { "db": "PACKETSTORM", "id": "165295" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165287" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "165289" }, { "db": "PACKETSTORM", "id": "165297" }, { "db": "PACKETSTORM", "id": "165298" }, { "db": "PACKETSTORM", "id": "165324" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165348" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165371" }, { "db": "CNNVD", "id": "CNNVD-202112-799" }, { "db": "NVD", "id": "CVE-2021-44228" } ] }, "id": "VAR-202112-0566", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-407408" } ], "trust": 0.7188405714285715 }, "last_update_date": "2024-11-29T19:32:10.142000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apache Log4j Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=174249" }, { "title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-44228: Remote code injection via crafted log messages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4eae9b09b97da57f4ca6103cc85ed4da" }, { "title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b88a8ce4fc53c3a45830bc6bbde8b01c" }, { "title": "Debian Security Advisories: DSA-5020-1 apache-log4j2 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=24c79c59809a2c5bcddc81889b23a6bc" }, { "title": "Debian Security Advisories: DSA-5022-1 apache-log4j2 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5ba53229ef5f408ed29126bd4f624def" }, { "title": "IBM: Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dbdfcf9d51b60adf542d500e515b9ba8" }, { "title": "Red Hat: CVE-2021-44228", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-44228" }, { "title": "IBM: An update on the Apache Log4j 2.x vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0648a3f00f067d373b069c4f2acd5db4" }, { "title": "Amazon Linux AMI: ALAS-2021-1553", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1553" }, { "title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c8b40ff47e1d31bee8b0fbdbdd4fe212" }, { "title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=654a4f5a7bd1fdfd229558535923710b" }, { "title": "Amazon Linux 2: ALAS2-2021-1731", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1731" }, { "title": "Amazon Linux 2: ALAS2-2021-1730", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1730" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-44228 log" }, { "title": "", "trust": 0.1, "url": "https://github.com/canarieids/Zeek-Ubuntu-22.04 " }, { "title": "", "trust": 0.1, "url": "https://github.com/f5devcentral/f5-professional-services " }, { "title": "Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet", "trust": 0.1, "url": "https://github.com/thedevappsecguy/Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet " }, { "title": "spring-on-k8s", "trust": 0.1, "url": "https://github.com/AndriyKalashnykov/spring-on-k8s " }, { "title": "jaygooby", "trust": 0.1, "url": "https://github.com/jaygooby/jaygooby " }, { "title": "log4j-log4shell-playground", "trust": 0.1, "url": "https://github.com/rgl/log4j-log4shell-playground " }, { "title": "Log4j", "trust": 0.1, "url": "https://github.com/kaganoglu/Log4j " }, { "title": "trivy-cve-scan", "trust": 0.1, "url": "https://github.com/broadinstitute/trivy-cve-scan " }, { "title": "test-44228", "trust": 0.1, "url": "https://github.com/datadavev/test-44228 " }, { "title": "cve-2021-44228-helpers", "trust": 0.1, "url": "https://github.com/uint0/cve-2021-44228-helpers " }, { "title": "log4j-vendor-list", "trust": 0.1, "url": "https://github.com/bizzarecontacts/log4j-vendor-list " }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2021-44228 " }, { "title": "log4shell", "trust": 0.1, "url": "https://github.com/0xsyr0/log4shell " }, { "title": "cve-2021-44228-qingteng-online-patch", "trust": 0.1, "url": "https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch " }, { "title": "cve-2021-44228", "trust": 0.1, "url": "https://github.com/corelight/cve-2021-44228 " }, { "title": "Log4Shell-IOCs", "trust": 0.1, "url": "https://github.com/curated-intel/Log4Shell-IOCs " }, { "title": "Sitecore.Solr-log4j-mitigation", "trust": 0.1, "url": "https://github.com/avwolferen/Sitecore.Solr-log4j-mitigation " }, { "title": "check-log4j", "trust": 0.1, "url": "https://github.com/yahoo/check-log4j " } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-44228" }, { "db": "CNNVD", "id": "CNNVD-202112-799" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.1 }, { "problemtype": "CWE-400", "trust": 1.1 }, { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "CWE-917", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-407408" }, { "db": "NVD", "id": "CVE-2021-44228" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/167917/mobileiron-log4shell-remote-command-execution.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165225/apache-log4j2-2.14.1-remote-code-execution.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165311/log4j-scan-extensive-scanner.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165371/vmware-security-advisory-2021-0028.4.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165532/log4shell-http-header-injection.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165642/vmware-vcenter-server-unauthenticated-log4shell-jndi-injection-remote-code-execution.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/165673/unifi-network-application-unauthenticated-log4shell-remote-code-execution.html" }, { "trust": 1.7, "url": "https://www.kb.cert.org/vuls/id/930724" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "trust": 1.7, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20211210-0007/" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht213189" }, { "trust": 1.7, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" }, { "trust": 1.7, "url": "https://www.debian.org/security/2021/dsa-5020" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2022/mar/23" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2022/jul/11" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2022/dec/2" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/167794/open-xchange-app-suite-7.10.x-cross-site-scripting-command-injection.html" }, { "trust": 1.7, "url": "https://github.com/nu11secur1ty/cve-mitre/tree/main/cve-2021-44228" }, { "trust": 1.7, "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165260/vmware-security-advisory-2021-0028.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165261/apache-log4j2-2.14.1-information-disclosure.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165270/apache-log4j2-2.14.1-remote-code-execution.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165281/log4j2-log4shell-regexes.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165282/log4j-payload-generator.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165306/l4sh-log4j-remote-code-execution.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/165307/log4j-remote-code-execution-word-bypassing.html" }, { "trust": 1.7, "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/software-list.md" }, { "trust": 1.7, "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "trust": 1.7, "url": "https://twitter.com/kurtseifried/status/1469345530182455296" }, { "trust": 1.7, "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" }, { "trust": 1.7, "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/" }, { "trust": 1.6, "url": "http://packetstormsecurity.com/files/171626/ad-manager-plus-7122-remote-code-execution.html" }, { "trust": 1.5, "url": "https://access.redhat.com/security/cve/cve-2021-44228" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228" }, { "trust": 1.1, "url": "https://github.com/cisagov/log4j-affected-db" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/" }, { "trust": 0.9, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009" }, { "trust": 0.9, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.9, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010908" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060808" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010629" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022072076" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165733/red-hat-security-advisory-2022-0296-03.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6527216" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.4" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4316" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0080" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-44228" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528268" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122212" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012732" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121201" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4302.3" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/50592" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022080025" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011042" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121720" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122018" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0237" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122811" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022010065" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122401" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011732" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021807" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165324/ubuntu-security-notice-usn-5197-1.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021123016" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121350" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4211" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122122" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022062001" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122403" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122721" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010522" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010322" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022120027" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525816" }, { "trust": 0.6, "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-357-02" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122907" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060708" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/51183" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021428" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6526220" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apache-log4j-code-execution-via-jndi-remote-class-injection-37049" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4269" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht213189" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012439" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022020607" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4256.2" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071316" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022032006" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0332" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022030923" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1188" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0492" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6526754" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2021120069" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0090" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4236" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121652" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6527330" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4198" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121492" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4187.6" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031501" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165279/ubuntu-security-notice-usn-5192-1.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165348/ubuntu-security-notice-usn-5192-2.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4274" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/product_security/len-76573" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012045" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121535" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010421" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0247" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3200" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25013" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35522" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35524" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-27645" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-33574" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-13435" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-5827" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-24370" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-43527" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14145" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-13751" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25014" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-19603" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25012" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35521" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-35942" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17594" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3572" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-12762" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-36086" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22898" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-16135" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-36084" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-37136" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-17541" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3800" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-36087" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36331" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3712" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-31535" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3445" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22925" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36330" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-20232" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-20266" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20838" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22876" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-20231" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36332" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14155" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-36085" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-37137" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-21409" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-33560" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17595" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3481" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-42574" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25009" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25010" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35523" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-28153" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-13750" }, { "trust": 0.3, "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3426" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-18218" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3580" }, { "trust": 0.3, "url": "https://issues.jboss.org/):" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20317" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-43267" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-45046" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=1.8.4" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5138" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3778" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23841" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5128" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20673" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23840" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3796" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5127" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5129" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5126" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=1.6.5" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5133" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5140" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4" }, { "trust": 0.1, "url": "https://access.redhat.com/solutions/6577421" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.10.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.20.04.1" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5197-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.04.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4104" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5148" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5192-1" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5192-2" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.09.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.10.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-45105" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0203" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.08.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44832" }, { "trust": 0.1, "url": "https://www.vmware.com/security/advisories/vmsa-2021-0028.html" }, { "trust": 0.1, "url": "http://lists.vmware.com/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://lists.vmware.com/mailman/listinfo/security-announce." } ], "sources": [ { "db": "VULHUB", "id": "VHN-407408" }, { "db": "PACKETSTORM", "id": "165295" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165287" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "165289" }, { "db": "PACKETSTORM", "id": "165297" }, { "db": "PACKETSTORM", "id": "165298" }, { "db": "PACKETSTORM", "id": "165324" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165348" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165371" }, { "db": "CNNVD", "id": "CNNVD-202112-799" }, { "db": "NVD", "id": "CVE-2021-44228" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-407408" }, { "db": "VULMON", "id": "CVE-2021-44228" }, { "db": "PACKETSTORM", "id": "165295" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165287" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "165289" }, { "db": "PACKETSTORM", "id": "165297" }, { "db": "PACKETSTORM", "id": "165298" }, { "db": "PACKETSTORM", "id": "165324" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165348" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165371" }, { "db": "CNNVD", "id": "CNNVD-202112-799" }, { "db": "NVD", "id": "CVE-2021-44228" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-10T00:00:00", "db": "VULHUB", "id": "VHN-407408" }, { "date": "2021-12-10T00:00:00", "db": "VULMON", "id": "CVE-2021-44228" }, { "date": "2021-12-15T15:26:54", "db": "PACKETSTORM", "id": "165295" }, { "date": "2021-12-15T15:20:33", "db": "PACKETSTORM", "id": "165286" }, { "date": "2021-12-15T15:20:43", "db": "PACKETSTORM", "id": "165287" }, { "date": "2021-12-15T15:22:36", "db": "PACKETSTORM", "id": "165288" }, { "date": "2021-12-15T15:23:16", "db": "PACKETSTORM", "id": "165289" }, { "date": "2021-12-15T15:27:51", "db": "PACKETSTORM", "id": "165297" }, { "date": "2021-12-15T15:28:00", "db": "PACKETSTORM", "id": "165298" }, { "date": "2021-12-16T15:20:38", "db": "PACKETSTORM", "id": "165324" }, { "date": "2021-12-16T15:25:46", "db": "PACKETSTORM", "id": "165329" }, { "date": "2021-12-17T14:06:52", "db": "PACKETSTORM", "id": "165348" }, { "date": "2022-01-20T17:49:05", "db": "PACKETSTORM", "id": "165632" }, { "date": "2021-12-20T16:19:51", "db": "PACKETSTORM", "id": "165371" }, { "date": "2021-12-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-799" }, { "date": "2021-12-10T10:15:09.143000", "db": "NVD", "id": "CVE-2021-44228" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-06T00:00:00", "db": "VULHUB", "id": "VHN-407408" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2021-44228" }, { "date": "2023-04-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-799" }, { "date": "2024-11-21T06:30:38.047000", "db": "NVD", "id": "CVE-2021-44228" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "165289" }, { "db": "PACKETSTORM", "id": "165348" }, { "db": "PACKETSTORM", "id": "165371" }, { "db": "CNNVD", "id": "CNNVD-202112-799" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Log4j Code problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-799" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "165295" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165287" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "165289" }, { "db": "PACKETSTORM", "id": "165297" }, { "db": "PACKETSTORM", "id": "165298" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165371" } ], "trust": 1.0 } }
var-202007-1249
Vulnerability from variot
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges. Multiple Siemens products contain vulnerabilities in unquoted search paths or elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A code issue vulnerability exists in Siemens. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1249", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opcenter intelligence", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic step 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "16" }, { "model": "opcenter execution discrete", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution process", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "simatic step 7", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "16" }, { "model": "opcenter rd\\\u0026l", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.0" }, { "model": "opcenter quality", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "11.3" }, { "model": "soft starter es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simocode es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opcenter execution foundation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "simatic notifier server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opcenter execution discrete", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution foundation", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution process", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter intelligence", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "opcenter quality", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "11.3" }, { "model": "opcenter rd\u002626l", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "8.0" }, { "model": "simatic notifier server", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic pcs neo", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0 sp1" }, { "model": "simatic step 7", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "15.1 update 5" }, { "model": "simatic step 7", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "16 update 2" }, { "model": "simocode es", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "NVD", "id": "CVE-2020-7581" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:siemens:opcenter_execution_discrete", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:opcenter_execution_foundation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:opcenter_execution_process", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:opcenter_intelligence", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:opcenter_quality", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:opcenter_rd%26l", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:simatic_notifier_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:simatic_pcs_neo", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:simatic_step_7", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:simocode_es", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008611" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-574" } ], "trust": 0.6 }, "cve": "CVE-2020-7581", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2020-7581", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "JVNDB-2020-008611", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-185706", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "id": "CVE-2020-7581", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.7, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-008611", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-7581", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-008611", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202007-574", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-185706", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-7581", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-185706" }, { "db": "VULMON", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "CNNVD", "id": "CNNVD-202007-574" }, { "db": "NVD", "id": "CVE-2020-7581" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges. Multiple Siemens products contain vulnerabilities in unquoted search paths or elements.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A code issue vulnerability exists in Siemens. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products", "sources": [ { "db": "NVD", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "VULHUB", "id": "VHN-185706" }, { "db": "VULMON", "id": "CVE-2020-7581" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-7581", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-841348", "trust": 1.8 }, { "db": "ICS CERT", "id": "ICSA-20-196-05", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU97872642", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-008611", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202007-574", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.2393.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2393", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-185706", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-7581", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185706" }, { "db": "VULMON", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "CNNVD", "id": "CNNVD-202007-574" }, { "db": "NVD", "id": "CVE-2020-7581" } ] }, "id": "VAR-202007-1249", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-185706" } ], "trust": 0.7299154 }, "last_update_date": "2024-11-23T21:35:25.820000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-841348", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2c5193074a957cb3ecdc0e93e2ad86b5" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2020-7581 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-428", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185706" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "NVD", "id": "CVE-2020-7581" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7581" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7581" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97872642/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/428.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2020-7581" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt" } ], "sources": [ { "db": "VULHUB", "id": "VHN-185706" }, { "db": "VULMON", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "CNNVD", "id": "CNNVD-202007-574" }, { "db": "NVD", "id": "CVE-2020-7581" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-185706" }, { "db": "VULMON", "id": "CVE-2020-7581" }, { "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "db": "CNNVD", "id": "CNNVD-202007-574" }, { "db": "NVD", "id": "CVE-2020-7581" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-14T00:00:00", "db": "VULHUB", "id": "VHN-185706" }, { "date": "2020-07-14T00:00:00", "db": "VULMON", "id": "CVE-2020-7581" }, { "date": "2020-09-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "date": "2020-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-574" }, { "date": "2020-07-14T14:15:18.587000", "db": "NVD", "id": "CVE-2020-7581" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-30T00:00:00", "db": "VULHUB", "id": "VHN-185706" }, { "date": "2023-01-30T00:00:00", "db": "VULMON", "id": "CVE-2020-7581" }, { "date": "2020-09-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008611" }, { "date": "2022-08-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-574" }, { "date": "2024-11-21T05:37:24.977000", "db": "NVD", "id": "CVE-2020-7581" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-574" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities in unquoted search paths or elements in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008611" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-574" } ], "trust": 0.6 } }
var-202007-1236
Vulnerability from variot
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. Several Siemens products contain resource exhaustion vulnerabilities.Information is obtained and denial of service (DoS) It may be put in a state. A resource management error vulnerability exists in . This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected:
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1236", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic step 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "16" }, { "model": "opcenter execution discrete", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution process", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "simatic it production suite", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "8.0" }, { "model": "simatic it lms", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.6" }, { "model": "opcenter quality", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "11.3" }, { "model": "simocode es", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "opcenter execution foundation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "simatic notifier server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simocode es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic pcs neo", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "opcenter intelligence", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "soft starter es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "soft starter es", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic step 7", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "15" }, { "model": "simatic step 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "opcenter rd\\\u0026l", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.0" }, { "model": "simatic step 7", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simocode es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "16" }, { "model": "opcenter execution discrete", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter execution foundation", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter execution process", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter intelligence", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "opcenter quality", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "11.3" }, { "model": "opcenter rd\u002626l", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "8.0" }, { "model": "simatic it lms", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic it production suite", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic notifier server", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic pcs neo", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.0 sp1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "NVD", "id": "CVE-2020-7587" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-573" } ], "trust": 0.6 }, "cve": "CVE-2020-7587", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-7587", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-185712", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-7587", "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 8.2, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-7587", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-7587", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-7587", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202007-573", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-185712", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-7587", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-185712" }, { "db": "VULMON", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "CNNVD", "id": "CNNVD-202007-573" }, { "db": "NVD", "id": "CVE-2020-7587" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. Several Siemens products contain resource exhaustion vulnerabilities.Information is obtained and denial of service (DoS) It may be put in a state. A resource management error vulnerability exists in . This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected:", "sources": [ { "db": "NVD", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "VULHUB", "id": "VHN-185712" }, { "db": "VULMON", "id": "CVE-2020-7587" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-7587", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-841348", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU97872642", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-008064", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202007-573", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-20-196-05", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2393.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2393", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2021-54362", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-185712", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-7587", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185712" }, { "db": "VULMON", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "CNNVD", "id": "CNNVD-202007-573" }, { "db": "NVD", "id": "CVE-2020-7587" } ] }, "id": "VAR-202007-1236", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-185712" } ], "trust": 0.7199436 }, "last_update_date": "2024-11-23T21:35:25.939000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-841348", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2c5193074a957cb3ecdc0e93e2ad86b5" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2020-7587 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.1 }, { "problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185712" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "NVD", "id": "CVE-2020-7587" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7587" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97872642/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2020-7587" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt" } ], "sources": [ { "db": "VULHUB", "id": "VHN-185712" }, { "db": "VULMON", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "CNNVD", "id": "CNNVD-202007-573" }, { "db": "NVD", "id": "CVE-2020-7587" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-185712" }, { "db": "VULMON", "id": "CVE-2020-7587" }, { "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "db": "CNNVD", "id": "CNNVD-202007-573" }, { "db": "NVD", "id": "CVE-2020-7587" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-14T00:00:00", "db": "VULHUB", "id": "VHN-185712" }, { "date": "2020-07-14T00:00:00", "db": "VULMON", "id": "CVE-2020-7587" }, { "date": "2020-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "date": "2020-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-573" }, { "date": "2020-07-14T14:15:18.930000", "db": "NVD", "id": "CVE-2020-7587" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-30T00:00:00", "db": "VULHUB", "id": "VHN-185712" }, { "date": "2023-01-30T00:00:00", "db": "VULMON", "id": "CVE-2020-7587" }, { "date": "2020-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008064" }, { "date": "2022-08-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-573" }, { "date": "2024-11-21T05:37:25.533000", "db": "NVD", "id": "CVE-2020-7587" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-573" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource exhaustion vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008064" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-573" } ], "trust": 0.6 } }
var-202007-1237
Vulnerability from variot
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. Multiple Siemens products contain input validation vulnerabilities.Denial of service (DoS) It may be put in a state. An input validation error vulnerability exists in . The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected:
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1237", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opcenter intelligence", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic it production suite", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic step 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "16" }, { "model": "opcenter execution discrete", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "opcenter execution process", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "simatic step 7", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "15" }, { "model": "simatic step 7", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "opcenter rd\\\u0026l", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.0" }, { "model": "opcenter quality", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "11.3" }, { "model": "soft starter es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simocode es", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opcenter execution foundation", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "simatic notifier server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic it lms", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opcenter execution discrete", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter execution foundation", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter execution process", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.2" }, { "model": "opcenter intelligence", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "opcenter quality", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "11.3" }, { "model": "opcenter rd\u002626l", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "8.0" }, { "model": "simatic it lms", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic it production suite", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic notifier server", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic pcs neo", "scope": "lt", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "3.0 sp1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "NVD", "id": "CVE-2020-7588" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Victor Fidalgo of INCIBE and Reid Wightman of Dragos reported these vulnerabilities to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-580" } ], "trust": 0.6 }, "cve": "CVE-2020-7588", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2020-7588", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-185713", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2020-7588", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-7588", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-7588", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2020-7588", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202007-580", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-185713", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-7588", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-185713" }, { "db": "VULMON", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "CNNVD", "id": "CNNVD-202007-580" }, { "db": "NVD", "id": "CVE-2020-7588" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. Multiple Siemens products contain input validation vulnerabilities.Denial of service (DoS) It may be put in a state. An input validation error vulnerability exists in . The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected:", "sources": [ { "db": "NVD", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "VULHUB", "id": "VHN-185713" }, { "db": "VULMON", "id": "CVE-2020-7588" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-7588", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-841348", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU97872642", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-008065", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202007-580", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-20-196-05", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2393.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2393", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2021-54361", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-185713", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-7588", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185713" }, { "db": "VULMON", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "CNNVD", "id": "CNNVD-202007-580" }, { "db": "NVD", "id": "CVE-2020-7588" } ] }, "id": "VAR-202007-1237", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-185713" } ], "trust": 0.7199436 }, "last_update_date": "2024-11-23T21:35:25.905000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-841348", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2c5193074a957cb3ecdc0e93e2ad86b5" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2020-7588 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.1 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-185713" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "NVD", "id": "CVE-2020-7588" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7588" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu97872642/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2393/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-multiple-vulnerabilities-via-umc-stack-32813" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2020-7588" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-841348.txt" } ], "sources": [ { "db": "VULHUB", "id": "VHN-185713" }, { "db": "VULMON", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "CNNVD", "id": "CNNVD-202007-580" }, { "db": "NVD", "id": "CVE-2020-7588" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-185713" }, { "db": "VULMON", "id": "CVE-2020-7588" }, { "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "db": "CNNVD", "id": "CNNVD-202007-580" }, { "db": "NVD", "id": "CVE-2020-7588" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-14T00:00:00", "db": "VULHUB", "id": "VHN-185713" }, { "date": "2020-07-14T00:00:00", "db": "VULMON", "id": "CVE-2020-7588" }, { "date": "2020-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "date": "2020-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-580" }, { "date": "2020-07-14T14:15:18.993000", "db": "NVD", "id": "CVE-2020-7588" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-30T00:00:00", "db": "VULHUB", "id": "VHN-185713" }, { "date": "2023-01-30T00:00:00", "db": "VULMON", "id": "CVE-2020-7588" }, { "date": "2020-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008065" }, { "date": "2022-08-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-580" }, { "date": "2024-11-21T05:37:25.660000", "db": "NVD", "id": "CVE-2020-7588" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-580" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008065" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-580" } ], "trust": 0.6 } }
var-202112-0562
Vulnerability from variot
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache log4j2 has a denial of service vulnerability. When improperly configured, an attacker can exploit this vulnerability to cause a denial of service attack.
For the oldstable distribution (buster), this problem has been fixed in version 2.16.0-1~deb10u1.
For the stable distribution (bullseye), this problem has been fixed in version 2.16.0-1~deb11u1.
We recommend that you upgrade your apache-log4j2 packages.
For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG7FI5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSqOg//XOye7T/8PKOrrUtHFhH+w2dOC0GujwcIS2mhofVuZQTPYvM5uTZxDTuz rQN+T505t9QaP3sF05gXK6VI675HhgmF3d+vDEnhp8QpZX5HeJrmmX44FewZQAqP yMysAuwG1RJ0Qgs7NmppU/XJBnmhJLsqsW99kcDnNXS67D23e1nUqAEDME5baSoF VPc50Up/yh4DE28Jcs8Mh2cM8UqmeLEQJ8XC3IojQLhmOF1UBJuL4K0sEUqWtJeN TytHya2XdfIIZcRolHe6AUeiLP5JpitbqkVP+hEeruAvk8nTGsLi0HMbWxA9LLcB bB9KKJjf6xndRa/t/IXGMzwr883t5/YLdxbCFcGj9M4Bfj7SAhGdgnJHZaRt1quX Vcqnu1pDHpdFuRX4t6oqF9R0uiBGeupZmGdb1y7os+FU2EbTRYU0rlnhfOsou0ex Vh5sFKFDhgWUQoyuVUMh6eOZ7p92GTzbw5kPkvboa7Xdrs02m7ChLlh8f5ajRFrK WbAcwsBj6RK4dmtdvfO2sVEuRTpFQ3qtecwZUR0pqUIjJ+rfurSGmpPr3iOrBu2s ROol/vLfW5uZd6RxSNbt3twPcwBaZagFQCcDY27Yz0sH6DlQUmWed1KJjbRaZ7fn cqjFisSZxu8d5VoAtjMSP8l95FoAm53r9Q1HCZvXqRhBjFNoYqE= =TNnt -----END PGP SIGNATURE----- . Solution:
For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html
- The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse product documentation pages:
Fuse 7.8: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
Fuse 7.9: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
Fuse 7.10: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Data Grid 8.2.3 security update Advisory ID: RHSA-2022:0205-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:0205 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 =====================================================================
- Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.
Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3].
- Solution:
To install this update, do the following:
- Download the Data Grid 8.2.3 server patch from the customer portal[²].
- Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
- Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release Notes[³] for patching instructions.
-
Restart Data Grid to ensure the changes take effect.
-
References:
https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=data.grid&version=8.2 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL bJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI QBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa 5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk N+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9 /WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9 B/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6 EblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y iy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD FX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K LpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd QiLGYFSmmLk= =y5SE -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
4
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0562", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "energyip prepay", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.8" }, { "model": "nx", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "datacenter manager", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "vesys", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "head-end system universal device integration system", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "email security", "scope": "lt", "trust": 1.0, "vendor": "sonicwall", "version": "10.0.12" }, { "model": "sentron powermanager", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "6bk1602-0aa52-0tp0", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7.0" }, { "model": "industrial edge management", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "spectrum power 7", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.30" }, { "model": "navigator", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "industrial edge management hub", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "tracealertserverplus", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "spectrum power 4", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.70" }, { "model": "operation scheduler", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "1.1.3" }, { "model": "comos", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "xpedition enterprise", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.12.2" }, { "model": "sentron powermanager", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "sppa-t3000 ses3000", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "9.0" }, { "model": "opcenter intelligence", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "system debugger", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "mendix", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "logo\\! soft comfort", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siveillance identity", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "siveillance control pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siveillance identity", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.6" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.13.0" }, { "model": "system studio", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "siveillance viewpoint", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "6bk1602-0aa12-0tp0", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7.0" }, { "model": "siveillance vantage", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "teamcenter", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "captial", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "secure device onboard", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "energy engage", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "solid edge cam pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "energyip prepay", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.7" }, { "model": "audio development kit", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "genomics kernel library", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xpedition package integrator", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "mindsphere", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-11" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.6" }, { "model": "spectrum power 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.30" }, { "model": "oneapi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "log4j", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.16.0" }, { "model": "log4j", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "e-car operation center", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2021-12-13" }, { "model": "spectrum power 4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.70" }, { "model": "desigo cc info center", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "desigo cc info center", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "6bk1602-0aa22-0tp0", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7.0" }, { "model": "computer vision annotation tool", "scope": "eq", "trust": 1.0, "vendor": "cvat", "version": null }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "6bk1602-0aa32-0tp0", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7.0" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.5" }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "6bk1602-0aa42-0tp0", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7.0" }, { "model": "captial", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "solid edge harness design", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2020" }, { "model": "solid edge harness design", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2020" }, { "model": "desigo cc advanced reports", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "log4j", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0" }, { "model": "sensor solution development kit", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "sipass integrated", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.85" }, { "model": "energyip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "8.7" }, { "model": "gma-manager", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "8.6.2j-398" }, { "model": "siguard dsa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4" }, { "model": "vesys", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2019.1" }, { "model": "siveillance command", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "4.16.2.1" }, { "model": "sipass integrated", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.80" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-45046" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.", "sources": [ { "db": "CERT/CC", "id": "VU#930724" } ], "trust": 0.8 }, "cve": "CVE-2021-45046", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "CVE-2021-45046", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "VHN-408570", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "id": "CVE-2021-45046", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-45046", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202112-1065", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-408570", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-45046", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-408570" }, { "db": "VULMON", "id": "CVE-2021-45046" }, { "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "db": "NVD", "id": "CVE-2021-45046" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 AffectedCVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 Affected. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache log4j2 has a denial of service vulnerability. When improperly configured, an attacker can exploit this vulnerability to cause a denial of service attack. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 2.16.0-1~deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.16.0-1~deb11u1. \n\nWe recommend that you upgrade your apache-log4j2 packages. \n\nFor the detailed security status of apache-log4j2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache-log4j2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG7FI5fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeSqOg//XOye7T/8PKOrrUtHFhH+w2dOC0GujwcIS2mhofVuZQTPYvM5uTZxDTuz\nrQN+T505t9QaP3sF05gXK6VI675HhgmF3d+vDEnhp8QpZX5HeJrmmX44FewZQAqP\nyMysAuwG1RJ0Qgs7NmppU/XJBnmhJLsqsW99kcDnNXS67D23e1nUqAEDME5baSoF\nVPc50Up/yh4DE28Jcs8Mh2cM8UqmeLEQJ8XC3IojQLhmOF1UBJuL4K0sEUqWtJeN\nTytHya2XdfIIZcRolHe6AUeiLP5JpitbqkVP+hEeruAvk8nTGsLi0HMbWxA9LLcB\nbB9KKJjf6xndRa/t/IXGMzwr883t5/YLdxbCFcGj9M4Bfj7SAhGdgnJHZaRt1quX\nVcqnu1pDHpdFuRX4t6oqF9R0uiBGeupZmGdb1y7os+FU2EbTRYU0rlnhfOsou0ex\nVh5sFKFDhgWUQoyuVUMh6eOZ7p92GTzbw5kPkvboa7Xdrs02m7ChLlh8f5ajRFrK\nWbAcwsBj6RK4dmtdvfO2sVEuRTpFQ3qtecwZUR0pqUIjJ+rfurSGmpPr3iOrBu2s\nROol/vLfW5uZd6RxSNbt3twPcwBaZagFQCcDY27Yz0sH6DlQUmWed1KJjbRaZ7fn\ncqjFisSZxu8d5VoAtjMSP8l95FoAm53r9Q1HCZvXqRhBjFNoYqE=\n=TNnt\n-----END PGP SIGNATURE-----\n. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html\n\n4. The purpose of this\ntext-only errata is to inform you about the security issues fixed in this\nrelease. \n\nInstallation instructions are available from the Fuse product documentation\npages:\n\nFuse 7.8:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.9:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\nFuse 7.10:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications\n\n4. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Data Grid 8.2.3 security update\nAdvisory ID: RHSA-2022:0205-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0205\nIssue date: 2022-01-20\nCVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3]. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.2.3 server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release\nNotes[\u00b3] for patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=data.grid\u0026version=8.2\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL\nbJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI\nQBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa\n5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk\nN+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9\n/WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9\nB/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6\nEblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y\niy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD\nFX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K\nLpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd\nQiLGYFSmmLk=\n=y5SE\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4", "sources": [ { "db": "NVD", "id": "CVE-2021-45046" }, { "db": "CERT/CC", "id": "VU#930724" }, { "db": "VULHUB", "id": "VHN-408570" }, { "db": "VULMON", "id": "CVE-2021-45046" }, { "db": "PACKETSTORM", "id": "169180" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165637" }, { "db": "PACKETSTORM", "id": "165645" }, { "db": "PACKETSTORM", "id": "165649" }, { "db": "PACKETSTORM", "id": "165650" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-45046", "trust": 3.4 }, { "db": "CERT/CC", "id": "VU#930724", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-661247", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-397453", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-479842", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-714170", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/14/4", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/18/1", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/12/15/3", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "165333", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "165649", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "165645", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "165343", "trust": 0.7 }, { "db": "LENOVO", "id": "LEN-76573", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122212", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042115", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022020815", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010517", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012731", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012443", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121651", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122726", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122119", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012730", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122018", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010632", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122814", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022062006", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022032405", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022022126", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121516", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012501", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021123016", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010325", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022012045", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022020602", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010421", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011034", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011226", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121720", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022072076", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022021429", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060808", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022030923", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122307", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122908", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "166676", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "166677", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0332", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4257", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0086", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4187.6", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4295", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4186.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0247", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0199", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0240", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4186.4", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4302.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4198.4", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0090", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202112-1065", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165637", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165329", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165650", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165632", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165636", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165326", "trust": 0.1 }, { "db": "CNVD", "id": "CNVD-2022-01776", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-408570", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-45046", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169180", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#930724" }, { "db": "VULHUB", "id": "VHN-408570" }, { "db": "VULMON", "id": "CVE-2021-45046" }, { "db": "PACKETSTORM", "id": "169180" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165637" }, { "db": "PACKETSTORM", "id": "165645" }, { "db": "PACKETSTORM", "id": "165649" }, { "db": "PACKETSTORM", "id": "165650" }, { "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "db": "NVD", "id": "CVE-2021-45046" } ] }, "id": "VAR-202112-0562", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-408570" } ], "trust": 0.74432915 }, "last_update_date": "2024-11-29T22:35:35.830000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apache Log4j Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=175394" }, { "title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b88a8ce4fc53c3a45830bc6bbde8b01c" }, { "title": "Debian Security Advisories: DSA-5022-1 apache-log4j2 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5ba53229ef5f408ed29126bd4f624def" }, { "title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221296 - Security Advisory" }, { "title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221299 - Security Advisory" }, { "title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221297 - Security Advisory" }, { "title": "Amazon Linux AMI: ALAS-2021-1553", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1553" }, { "title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c8b40ff47e1d31bee8b0fbdbdd4fe212" }, { "title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=654a4f5a7bd1fdfd229558535923710b" }, { "title": "IBM: Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization \u00e2\u20ac\u201c Apache Log4j \u00e2\u20ac\u201c [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1239b8de81ba381055ce95c571a45bea" }, { "title": "Amazon Linux 2: ALAS2-2021-1731", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1731" }, { "title": "Amazon Linux 2: ALAS2-2021-1730", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1730" }, { "title": "Omada-Ansible", "trust": 0.1, "url": "https://github.com/kdpuvvadi/Omada-Ansible " }, { "title": "CVE-2021-45046", "trust": 0.1, "url": "https://github.com/tejas-nagchandi/CVE-2021-45046 " }, { "title": "Log4Shell", "trust": 0.1, "url": "https://github.com/r00thunter/Log4Shell " }, { "title": "log4j-exploit-server", "trust": 0.1, "url": "https://github.com/lwollan/log4j-exploit-server " }, { "title": "log4j2-intranet-scan", "trust": 0.1, "url": "https://github.com/k3rwin/log4j2-intranet-scan " } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-45046" }, { "db": "CNNVD", "id": "CNNVD-202112-1065" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-917", "trust": 1.0 }, { "problemtype": "CWE-502", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-408570" }, { "db": "NVD", "id": "CVE-2021-45046" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.kb.cert.org/vuls/id/930724" }, { "trust": 1.7, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "trust": 1.7, "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "trust": 1.7, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032" }, { "trust": 1.7, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" }, { "trust": 1.7, "url": "https://www.debian.org/security/2021/dsa-5022" }, { "trust": 1.7, "url": "https://www.cve.org/cverecord?id=cve-2021-44228" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1" }, { "trust": 1.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/" }, { "trust": 1.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/" }, { "trust": 1.3, "url": "https://access.redhat.com/security/cve/cve-2021-45046" }, { "trust": 1.0, "url": "https://security.gentoo.org/glsa/202310-16" }, { "trust": 0.8, "url": "cve-2021-4104 " }, { "trust": 0.8, "url": "cve-2021-44228 " }, { "trust": 0.8, "url": "cve-2021-45046 " }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/" }, { "trust": 0.7, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060808" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022072076" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0086" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0240" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.4" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4186.3" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122212" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012731" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4302.3" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165649/red-hat-security-advisory-2022-0222-02.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122814" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165645/red-hat-security-advisory-2022-0205-02.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121720" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122018" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010632" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012730" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166676/red-hat-security-advisory-2022-1297-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0199" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010517" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022020602" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apache-log4j-denial-of-service-via-thread-context-message-pattern-37075" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4257" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165333/red-hat-security-advisory-2021-5106-04.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012501" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022062006" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021123016" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165343/red-hat-security-advisory-2021-5107-06.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122726" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121516" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4295" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010325" }, { "trust": 0.6, "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122908" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060708" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6527436" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011226" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528374" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022032405" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122119" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0332" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022030923" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4198.4" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6527886" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042115" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0090" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6526750" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022022126" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121651" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022021429" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4187.6" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022020815" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122307" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/product_security/len-76573" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012045" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166677/red-hat-security-advisory-2022-1296-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011034" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022012443" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010421" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0247" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-45105" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-44832" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-44228" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/apache-log4j2" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4104" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5148" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5106" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.09.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.10.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0203" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=jboss.fuse\u0026version=7.08.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0083" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.eclipse.vertx\u0026version=4.1.8" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=data.grid\u0026version=8.2" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0205" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0222" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0223" } ], "sources": [ { "db": "CERT/CC", "id": "VU#930724" }, { "db": "VULHUB", "id": "VHN-408570" }, { "db": "PACKETSTORM", "id": "169180" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165637" }, { "db": "PACKETSTORM", "id": "165645" }, { "db": "PACKETSTORM", "id": "165649" }, { "db": "PACKETSTORM", "id": "165650" }, { "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "db": "NVD", "id": "CVE-2021-45046" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#930724" }, { "db": "VULHUB", "id": "VHN-408570" }, { "db": "VULMON", "id": "CVE-2021-45046" }, { "db": "PACKETSTORM", "id": "169180" }, { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165637" }, { "db": "PACKETSTORM", "id": "165645" }, { "db": "PACKETSTORM", "id": "165649" }, { "db": "PACKETSTORM", "id": "165650" }, { "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "db": "NVD", "id": "CVE-2021-45046" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-12-15T00:00:00", "db": "CERT/CC", "id": "VU#930724" }, { "date": "2021-12-14T00:00:00", "db": "VULHUB", "id": "VHN-408570" }, { "date": "2021-12-14T00:00:00", "db": "VULMON", "id": "CVE-2021-45046" }, { "date": "2021-12-28T20:12:00", "db": "PACKETSTORM", "id": "169180" }, { "date": "2021-12-16T15:25:46", "db": "PACKETSTORM", "id": "165329" }, { "date": "2021-12-16T15:34:27", "db": "PACKETSTORM", "id": "165333" }, { "date": "2022-01-20T17:49:05", "db": "PACKETSTORM", "id": "165632" }, { "date": "2022-01-20T17:50:03", "db": "PACKETSTORM", "id": "165637" }, { "date": "2022-01-20T18:11:03", "db": "PACKETSTORM", "id": "165645" }, { "date": "2022-01-21T15:29:08", "db": "PACKETSTORM", "id": "165649" }, { "date": "2022-01-21T15:29:54", "db": "PACKETSTORM", "id": "165650" }, { "date": "2021-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "date": "2021-12-14T19:15:07.733000", "db": "NVD", "id": "CVE-2021-45046" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-07T00:00:00", "db": "CERT/CC", "id": "VU#930724" }, { "date": "2022-10-06T00:00:00", "db": "VULHUB", "id": "VHN-408570" }, { "date": "2023-10-26T00:00:00", "db": "VULMON", "id": "CVE-2021-45046" }, { "date": "2023-06-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202112-1065" }, { "date": "2024-11-21T06:31:51.470000", "db": "NVD", "id": "CVE-2021-45046" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202112-1065" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Log4j allows insecure JNDI lookups", "sources": [ { "db": "CERT/CC", "id": "VU#930724" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "165329" }, { "db": "PACKETSTORM", "id": "165333" }, { "db": "PACKETSTORM", "id": "165632" }, { "db": "PACKETSTORM", "id": "165637" }, { "db": "PACKETSTORM", "id": "165645" }, { "db": "PACKETSTORM", "id": "165649" }, { "db": "PACKETSTORM", "id": "165650" } ], "trust": 0.7 } }
cve-2020-7588
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | Opcenter Execution Discrete |
Version: All versions < V3.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:33:19.850Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Opcenter Execution Discrete", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Foundation", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Process", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Intelligence", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "product": "Opcenter Quality", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V11.3" } ] }, { "product": "Opcenter RD\u0026L", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "V8.0" } ] }, { "product": "SIMATIC IT LMS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.6" } ] }, { "product": "SIMATIC IT Production Suite", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V8.0" } ] }, { "product": "SIMATIC Notifier Server for Windows", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC PCS neo", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0 SP1" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V15", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 5" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 2" } ] }, { "product": "SIMOCODE ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 4" } ] }, { "product": "SIMOCODE ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] }, { "product": "Soft Starter ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 3" } ] }, { "product": "Soft Starter ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-10T11:16:56", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-7588", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Opcenter Execution Discrete", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Foundation", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Process", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Intelligence", "version": { "version_data": [ { "version_value": "All versions \u003c V3.3" } ] } }, { "product_name": "Opcenter Quality", "version": { "version_data": [ { "version_value": "All versions \u003c V11.3" } ] } }, { "product_name": "Opcenter RD\u0026L", "version": { "version_data": [ { "version_value": "V8.0" } ] } }, { "product_name": "SIMATIC IT LMS", "version": { "version_data": [ { "version_value": "All versions \u003c V2.6" } ] } }, { "product_name": "SIMATIC IT Production Suite", "version": { "version_data": [ { "version_value": "All versions \u003c V8.0" } ] } }, { "product_name": "SIMATIC Notifier Server for Windows", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC PCS neo", "version": { "version_data": [ { "version_value": "All versions \u003c V3.0 SP1" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V15", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 5" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 2" } ] } }, { "product_name": "SIMOCODE ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 4" } ] } }, { "product_name": "SIMOCODE ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } }, { "product_name": "Soft Starter ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 3" } ] } }, { "product_name": "Soft Starter ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20: Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-7588", "datePublished": "2020-07-14T13:18:05", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.850Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-7581
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | Opcenter Execution Discrete |
Version: All versions < V3.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:33:19.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Opcenter Execution Discrete", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Foundation", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Process", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Intelligence", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "product": "Opcenter Quality", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V11.3" } ] }, { "product": "Opcenter RD\u0026L", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "V8.0" } ] }, { "product": "SIMATIC Notifier Server for Windows", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC PCS neo", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0 SP1" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V15", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 5" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 2" } ] }, { "product": "SIMOCODE ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 4" } ] }, { "product": "SIMOCODE ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] }, { "product": "Soft Starter ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 3" } ] }, { "product": "Soft Starter ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-428", "description": "CWE-428: Unquoted Search Path or Element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-10T11:16:47", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-7581", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Opcenter Execution Discrete", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Foundation", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Process", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Intelligence", "version": { "version_data": [ { "version_value": "All versions \u003c V3.3" } ] } }, { "product_name": "Opcenter Quality", "version": { "version_data": [ { "version_value": "All versions \u003c V11.3" } ] } }, { "product_name": "Opcenter RD\u0026L", "version": { "version_data": [ { "version_value": "V8.0" } ] } }, { "product_name": "SIMATIC Notifier Server for Windows", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC PCS neo", "version": { "version_data": [ { "version_value": "All versions \u003c V3.0 SP1" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V15", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 5" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 2" } ] } }, { "product_name": "SIMOCODE ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 4" } ] } }, { "product_name": "SIMOCODE ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } }, { "product_name": "Soft Starter ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 3" } ] } }, { "product_name": "Soft Starter ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-428: Unquoted Search Path or Element" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-7581", "datePublished": "2020-07-14T13:18:05", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.617Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-7587
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | Opcenter Execution Discrete |
Version: All versions < V3.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:33:19.877Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Opcenter Execution Discrete", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Foundation", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Execution Process", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2" } ] }, { "product": "Opcenter Intelligence", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "product": "Opcenter Quality", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V11.3" } ] }, { "product": "Opcenter RD\u0026L", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "V8.0" } ] }, { "product": "SIMATIC IT LMS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.6" } ] }, { "product": "SIMATIC IT Production Suite", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V8.0" } ] }, { "product": "SIMATIC Notifier Server for Windows", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC PCS neo", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0 SP1" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V15", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 5" } ] }, { "product": "SIMATIC STEP 7 (TIA Portal) V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 2" } ] }, { "product": "SIMOCODE ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 4" } ] }, { "product": "SIMOCODE ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] }, { "product": "Soft Starter ES V15.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Update 3" } ] }, { "product": "Soft Starter ES V16", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V16 Update 1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-10T11:16:51", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-7587", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Opcenter Execution Discrete", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Foundation", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Execution Process", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2" } ] } }, { "product_name": "Opcenter Intelligence", "version": { "version_data": [ { "version_value": "All versions \u003c V3.3" } ] } }, { "product_name": "Opcenter Quality", "version": { "version_data": [ { "version_value": "All versions \u003c V11.3" } ] } }, { "product_name": "Opcenter RD\u0026L", "version": { "version_data": [ { "version_value": "V8.0" } ] } }, { "product_name": "SIMATIC IT LMS", "version": { "version_data": [ { "version_value": "All versions \u003c V2.6" } ] } }, { "product_name": "SIMATIC IT Production Suite", "version": { "version_data": [ { "version_value": "All versions \u003c V8.0" } ] } }, { "product_name": "SIMATIC Notifier Server for Windows", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC PCS neo", "version": { "version_data": [ { "version_value": "All versions \u003c V3.0 SP1" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V15", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 5" } ] } }, { "product_name": "SIMATIC STEP 7 (TIA Portal) V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 2" } ] } }, { "product_name": "SIMOCODE ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 4" } ] } }, { "product_name": "SIMOCODE ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } }, { "product_name": "Soft Starter ES V15.1", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Update 3" } ] } }, { "product_name": "Soft Starter ES V16", "version": { "version_data": [ { "version_value": "All versions \u003c V16 Update 1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions \u003c V3.2), Opcenter Execution Foundation (All versions \u003c V3.2), Opcenter Execution Process (All versions \u003c V3.2), Opcenter Intelligence (All versions \u003c V3.3), Opcenter Quality (All versions \u003c V11.3), Opcenter RD\u0026L (V8.0), SIMATIC IT LMS (All versions \u003c V2.6), SIMATIC IT Production Suite (All versions \u003c V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMOCODE ES V15.1 (All versions \u003c V15.1 Update 4), SIMOCODE ES V16 (All versions \u003c V16 Update 1), Soft Starter ES V15.1 (All versions \u003c V15.1 Update 3), Soft Starter ES V16 (All versions \u003c V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-7587", "datePublished": "2020-07-14T13:18:05", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.877Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }