Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2022-AVI-125
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
SAP | N/A | SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49 | ||
SAP | N/A | SAP Business Objects Web Intelligence (BI Launchpad) version 420 | ||
SAP | N/A | SAP S/4HANA versions 100, 101, 102, 103, 104, 105 et 106 | ||
SAP | N/A | SAP Content Server version 7.53 | ||
SAP | N/A | SAP 3D Visual Enterprise Viewer version 9.0 | ||
SAP | N/A | SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86 et 7.87 | ||
SAP | N/A | SAP NetWeaver and ABAP Platform versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49 | ||
SAP | N/A | SAP Solution Manager (Diagnostics Root Cause Analysis Tools) version 720 | ||
SAP | N/A | SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106 | ||
SAP | N/A | SAP Business Client version 6.5 | ||
SAP | N/A | SAP Commerce versions 1905, 2005, 2105 et 2011 | ||
SAP | N/A | SAP Adaptive Server Enterprise version 16.0 | ||
SAP | N/A | SAP Data Intelligence version 3 | ||
SAP | N/A | SAP NetWeaver AS ABAP (Workplace Server) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 787 | ||
SAP | N/A | Internet of Things Edge Platform version 4.0 | ||
SAP | N/A | SAP NetWeaver Application Server Java versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 et 7.53 | ||
SAP | N/A | SAP NetWeaver (ABAP and Java application Servers) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 756 | ||
SAP | N/A | SAP Dynamic Authorization Management version 9.1.0.0 et 2021.03 | ||
SAP | N/A | SAP ERP HCM (Portugal) versions 600, 604 et 608 | ||
SAP | N/A | SAP Customer Checkout version 2 |
References
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Business Objects Web Intelligence (BI Launchpad) version 420", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP S/4HANA versions 100, 101, 102, 103, 104, 105 et 106", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Content Server version 7.53", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP 3D Visual Enterprise Viewer version 9.0", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86 et 7.87", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP NetWeaver and ABAP Platform versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Solution Manager (Diagnostics Root Cause Analysis Tools) version 720", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Business Client version 6.5", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Commerce versions 1905, 2005, 2105 et 2011", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Adaptive Server Enterprise version 16.0", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Data Intelligence version 3", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP NetWeaver AS ABAP (Workplace Server) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 787", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Internet of Things Edge Platform version 4.0", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP NetWeaver Application Server Java versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 et 7.53", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP NetWeaver (ABAP and Java application Servers) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 756", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Dynamic Authorization Management version 9.1.0.0 et 2021.03", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP ERP HCM (Portugal) versions 600, 604 et 608", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Customer Checkout version 2", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2022-22544", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22544" }, { "name": "CVE-2022-22531", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22531" }, { "name": "CVE-2022-22543", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22543" }, { "name": "CVE-2022-22535", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22535" }, { "name": "CVE-2022-22536", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22536" }, { "name": "CVE-2021-45105", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105" }, { "name": "CVE-2022-22528", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22528" }, { "name": "CVE-2022-22539", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22539" }, { "name": "CVE-2022-22532", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22532" }, { "name": "CVE-2021-45046", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "name": "CVE-2022-22530", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22530" }, { "name": "CVE-2022-22546", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22546" }, { "name": "CVE-2022-22538", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22538" }, { "name": "CVE-2022-22540", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22540" }, { "name": "CVE-2021-44228", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" }, { "name": "CVE-2021-44832", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832" }, { "name": "CVE-2022-22537", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22537" }, { "name": "CVE-2022-22542", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22542" }, { "name": "CVE-2022-22534", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22534" } ], "initial_release_date": "2022-02-09T00:00:00", "last_revision_date": "2022-02-09T00:00:00", "links": [], "reference": "CERTFR-2022-AVI-125", "revisions": [ { "description": "Version initiale", "revision_date": "2022-02-09T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 SAP du 09 f\u00e9vrier 2022", "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022" } ] }
CVE-2021-45105 (GCVE-0-2021-45105)
Vulnerability from cvelistv5
Published
2021-12-18 11:55
Modified
2024-08-04 04:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Log4j2 |
Version: log4j-core < 2.17.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:39:20.295Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" }, { "name": "VU#930724", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/930724" }, { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1" }, { "name": "DSA-5024", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5024" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211218-0001/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Log4j2", "vendor": "Apache Software Foundation", "versions": [ { "changes": [ { "at": "2.13.0", "status": "affected" }, { "at": "2.12.3", "status": "unaffected" }, { "at": "2.4", "status": "affected" }, { "at": "2.3.1", "status": "unaffected" }, { "at": "2.0-alpha1", "status": "affected" } ], "lessThan": "2.17.0", "status": "affected", "version": "log4j-core", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher" } ], "descriptions": [ { "lang": "en", "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1." } ], "metrics": [ { "other": { "content": { "other": "high" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-674", "description": "CWE-674: Uncontrolled Recursion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-25T16:41:57", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" }, { "name": "VU#930724", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/930724" }, { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1" }, { "name": "DSA-5024", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5024" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211218-0001/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "source": { "defect": [ "LOG4J2-3230" ], "discovery": "UNKNOWN" }, "title": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", "workarounds": [ { "lang": "en", "value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-45105", "STATE": "PUBLIC", "TITLE": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Log4j2", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.17.0" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.13.0" }, { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.12.3" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.4" }, { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.3.1" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.0-alpha1" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "high" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] }, { "description": [ { "lang": "eng", "value": "CWE-674: Uncontrolled Recursion" } ] } ] }, "references": { "reference_data": [ { "name": "https://logging.apache.org/log4j/2.x/security.html", "refsource": "MISC", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" }, { "name": "VU#930724", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/930724" }, { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1" }, { "name": "DSA-5024", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5024" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "name": "https://security.netapp.com/advisory/ntap-20211218-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211218-0001/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, "source": { "defect": [ "LOG4J2-3230" ], "discovery": "UNKNOWN" }, "work_around": [ { "lang": "en", "value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input." } ] } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-45105", "datePublished": "2021-12-18T11:55:08", "dateReserved": "2021-12-16T00:00:00", "dateUpdated": "2024-08-04T04:39:20.295Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22534 (GCVE-0-2022-22534)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP NetWeaver (ABAP and Java application Servers) |
Version: 700 Version: 701 Version: 702 Version: 731 Version: 740 Version: 750 Version: 751 Version: 752 Version: 753 Version: 754 Version: 755 Version: 756 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3124994" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP NetWeaver (ABAP and Java application Servers)", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "700" }, { "status": "affected", "version": "701" }, { "status": "affected", "version": "702" }, { "status": "affected", "version": "731" }, { "status": "affected", "version": "740" }, { "status": "affected", "version": "750" }, { "status": "affected", "version": "751" }, { "status": "affected", "version": "752" }, { "status": "affected", "version": "753" }, { "status": "affected", "version": "754" }, { "status": "affected", "version": "755" }, { "status": "affected", "version": "756" } ] } ], "descriptions": [ { "lang": "en", "value": "Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:18:07", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3124994" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22534", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP NetWeaver (ABAP and Java application Servers)", "version": { "version_data": [ { "version_affected": "=", "version_value": "700" }, { "version_affected": "=", "version_value": "701" }, { "version_affected": "=", "version_value": "702" }, { "version_affected": "=", "version_value": "731" }, { "version_affected": "=", "version_value": "740" }, { "version_affected": "=", "version_value": "750" }, { "version_affected": "=", "version_value": "751" }, { "version_affected": "=", "version_value": "752" }, { "version_affected": "=", "version_value": "753" }, { "version_affected": "=", "version_value": "754" }, { "version_affected": "=", "version_value": "755" }, { "version_affected": "=", "version_value": "756" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3124994", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3124994" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22534", "datePublished": "2022-02-09T22:05:21", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22540 (GCVE-0-2022-22540)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP NetWeaver AS ABAP (Workplace Server) |
Version: 700 Version: 701 Version: 702 Version: 731 Version: 740 Version: 750 Version: 751 Version: 752 Version: 753 Version: 754 Version: 755 Version: 756 Version: 787 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.486Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3140587" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP NetWeaver AS ABAP (Workplace Server)", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "700" }, { "status": "affected", "version": "701" }, { "status": "affected", "version": "702" }, { "status": "affected", "version": "731" }, { "status": "affected", "version": "740" }, { "status": "affected", "version": "750" }, { "status": "affected", "version": "751" }, { "status": "affected", "version": "752" }, { "status": "affected", "version": "753" }, { "status": "affected", "version": "754" }, { "status": "affected", "version": "755" }, { "status": "affected", "version": "756" }, { "status": "affected", "version": "787" } ] } ], "descriptions": [ { "lang": "en", "value": "SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:18:50", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3140587" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22540", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP NetWeaver AS ABAP (Workplace Server)", "version": { "version_data": [ { "version_affected": "=", "version_value": "700" }, { "version_affected": "=", "version_value": "701" }, { "version_affected": "=", "version_value": "702" }, { "version_affected": "=", "version_value": "731" }, { "version_affected": "=", "version_value": "740" }, { "version_affected": "=", "version_value": "750" }, { "version_affected": "=", "version_value": "751" }, { "version_affected": "=", "version_value": "752" }, { "version_affected": "=", "version_value": "753" }, { "version_affected": "=", "version_value": "754" }, { "version_affected": "=", "version_value": "755" }, { "version_affected": "=", "version_value": "756" }, { "version_affected": "=", "version_value": "787" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-89" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3140587", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3140587" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22540", "datePublished": "2022-02-09T22:05:24", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.486Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22536 (GCVE-0-2022-22536)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Summary
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SAP SE | SAP NetWeaver and ABAP Platform |
Version: KERNEL 7.22 Version: 8.04 Version: 7.49 Version: 7.53 Version: 7.77 Version: 7.81 Version: 7.85 Version: 7.86 Version: 7.87 Version: KRNL64UC 8.04 Version: 7.22 Version: 7.22EXT Version: KRNL64NUC 7.22 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.457Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3123396" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-22536", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-29T20:20:36.420396Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2022-08-18", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2025-07-30T01:37:49.090Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "timeline": [ { "lang": "en", "time": "2022-08-18T00:00:00+00:00", "value": "CVE-2022-22536 added to CISA KEV" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SAP NetWeaver and ABAP Platform", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "KERNEL 7.22" }, { "status": "affected", "version": "8.04" }, { "status": "affected", "version": "7.49" }, { "status": "affected", "version": "7.53" }, { "status": "affected", "version": "7.77" }, { "status": "affected", "version": "7.81" }, { "status": "affected", "version": "7.85" }, { "status": "affected", "version": "7.86" }, { "status": "affected", "version": "7.87" }, { "status": "affected", "version": "KRNL64UC 8.04" }, { "status": "affected", "version": "7.22" }, { "status": "affected", "version": "7.22EXT" }, { "status": "affected", "version": "KRNL64NUC 7.22" } ] }, { "defaultStatus": "unaffected", "product": "SAP Web Dispatcher", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "7.49" }, { "status": "affected", "version": "7.53" }, { "status": "affected", "version": "7.77" }, { "status": "affected", "version": "7.81" }, { "status": "affected", "version": "7.85" }, { "status": "affected", "version": "7.22EXT" }, { "status": "affected", "version": "7.86" }, { "status": "affected", "version": "7.87" } ] }, { "defaultStatus": "unaffected", "product": "SAP Content Server", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "7.53" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eSAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.\u003c/p\u003e" } ], "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.\n\n" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-26T03:11:25.429Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3123396" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22536", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP NetWeaver and ABAP Platform", "version": { "version_data": [ { "version_affected": "=", "version_value": "KERNEL 7.22" }, { "version_affected": "=", "version_value": "8.04" }, { "version_affected": "=", "version_value": "7.49" }, { "version_affected": "=", "version_value": "7.53" }, { "version_affected": "=", "version_value": "7.77" }, { "version_affected": "=", "version_value": "7.81" }, { "version_affected": "=", "version_value": "7.85" }, { "version_affected": "=", "version_value": "7.86" }, { "version_affected": "=", "version_value": "7.87" }, { "version_affected": "=", "version_value": "KRNL64UC 8.04" }, { "version_affected": "=", "version_value": "7.22" }, { "version_affected": "=", "version_value": "7.22EXT" }, { "version_affected": "=", "version_value": "7.49" }, { "version_affected": "=", "version_value": "7.53" }, { "version_affected": "=", "version_value": "KRNL64NUC 7.22" }, { "version_affected": "=", "version_value": "7.22EXT" }, { "version_affected": "=", "version_value": "7.49" } ] } }, { "product_name": "SAP Web Dispatcher", "version": { "version_data": [ { "version_affected": "=", "version_value": "7.49" }, { "version_affected": "=", "version_value": "7.53" }, { "version_affected": "=", "version_value": "7.77" }, { "version_affected": "=", "version_value": "7.81" }, { "version_affected": "=", "version_value": "7.85" }, { "version_affected": "=", "version_value": "7.22EXT" }, { "version_affected": "=", "version_value": "7.86" }, { "version_affected": "=", "version_value": "7.87" } ] } }, { "product_name": "SAP Content Server", "version": { "version_data": [ { "version_affected": "=", "version_value": "7.53" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3123396", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3123396" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22536", "datePublished": "2022-02-09T22:05:24.000Z", "dateReserved": "2022-01-04T00:00:00.000Z", "dateUpdated": "2025-07-30T01:37:49.090Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22543 (GCVE-0-2022-22543)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) |
Version: KERNEL 7.22 Version: 8.04 Version: 7.49 Version: 7.53 Version: 7.77 Version: 7.81 Version: 7.85 Version: 7.86 Version: 7.87 Version: KRNL64UC 8.04 Version: 7.22 Version: 7.22EXT Version: KRNL64NUC 7.22 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.768Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3116223" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "KERNEL 7.22" }, { "status": "affected", "version": "8.04" }, { "status": "affected", "version": "7.49" }, { "status": "affected", "version": "7.53" }, { "status": "affected", "version": "7.77" }, { "status": "affected", "version": "7.81" }, { "status": "affected", "version": "7.85" }, { "status": "affected", "version": "7.86" }, { "status": "affected", "version": "7.87" }, { "status": "affected", "version": "KRNL64UC 8.04" }, { "status": "affected", "version": "7.22" }, { "status": "affected", "version": "7.22EXT" }, { "status": "affected", "version": "KRNL64NUC 7.22" } ] } ], "descriptions": [ { "lang": "en", "value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:19:34", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3116223" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22543", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)", "version": { "version_data": [ { "version_affected": "=", "version_value": "KERNEL 7.22" }, { "version_affected": "=", "version_value": "8.04" }, { "version_affected": "=", "version_value": "7.49" }, { "version_affected": "=", "version_value": "7.53" }, { "version_affected": "=", "version_value": "7.77" }, { "version_affected": "=", "version_value": "7.81" }, { "version_affected": "=", "version_value": "7.85" }, { "version_affected": "=", "version_value": "7.86" }, { "version_affected": "=", "version_value": "7.87" }, { "version_affected": "=", "version_value": "KRNL64UC 8.04" }, { "version_affected": "=", "version_value": "7.22" }, { "version_affected": "=", "version_value": "7.22EXT" }, { "version_affected": "=", "version_value": "7.49" }, { "version_affected": "=", "version_value": "7.53" }, { "version_affected": "=", "version_value": "KRNL64NUC 7.22" }, { "version_affected": "=", "version_value": "7.22EXT" }, { "version_affected": "=", "version_value": "7.49" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3116223", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3116223" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22543", "datePublished": "2022-02-09T22:05:27", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.768Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22530 (GCVE-0-2022-22530)
Vulnerability from cvelistv5
Published
2022-01-14 19:11
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Code Injection
Summary
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP S/4HANA |
Version: 100 Version: 101 Version: 102 Version: 103 Version: 104 Version: 105 Version: 106 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.426Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3112928" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SAP S/4HANA", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "100" }, { "status": "affected", "version": "101" }, { "status": "affected", "version": "102" }, { "status": "affected", "version": "103" }, { "status": "affected", "version": "104" }, { "status": "affected", "version": "105" }, { "status": "affected", "version": "106" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.\u003c/p\u003e" } ], "value": "The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.\n\n" } ], "problemTypes": [ { "descriptions": [ { "description": "Code Injection", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-10T18:08:30.733Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3112928" }, { "tags": [ "x_refsource_MISC" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22530", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP S/4HANA", "version": { "version_data": [ { "version_name": "\u003c", "version_value": "100" }, { "version_name": "\u003c", "version_value": "101" }, { "version_name": "\u003c", "version_value": "102" }, { "version_name": "\u003c", "version_value": "103" }, { "version_name": "\u003c", "version_value": "104" }, { "version_name": "\u003c", "version_value": "105" }, { "version_name": "\u003c", "version_value": "106" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Code Injection" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3112928", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3112928" }, { "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22530", "datePublished": "2022-01-14T19:11:26", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22528 (GCVE-0-2022-22528)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP Adaptive Server Enterprise |
Version: 16.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.465Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3140564" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SAP Adaptive Server Enterprise", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "16.0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eSAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.\u003c/p\u003e" } ], "value": "SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.\n\n" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-14T12:54:07.297Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3140564" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22528", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP Adaptive Server Enterprise", "version": { "version_data": [ { "version_affected": "=", "version_value": "16.0" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3140564", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3140564" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22528", "datePublished": "2022-02-09T22:05:19", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.465Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22544 (GCVE-0-2022-22544)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CW-653
Summary
Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP Solution Manager (Diagnostics Root Cause Analysis Tools) |
Version: 720 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.720Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3140940" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP Solution Manager (Diagnostics Root Cause Analysis Tools)", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "720" } ] } ], "descriptions": [ { "lang": "en", "value": "Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "CW-653", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:19:00", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3140940" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22544", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP Solution Manager (Diagnostics Root Cause Analysis Tools)", "version": { "version_data": [ { "version_affected": "=", "version_value": "720" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CW-653" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3140940", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3140940" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22544", "datePublished": "2022-02-09T22:05:29", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.720Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22537 (GCVE-0-2022-22537)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP 3D Visual Enterprise Viewer |
Version: 9.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.469Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3134684" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP 3D Visual Enterprise Viewer", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "9.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:17:56", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3134684" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22537", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP 3D Visual Enterprise Viewer", "version": { "version_data": [ { "version_affected": "=", "version_value": "9.0" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3134684", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3134684" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22537", "datePublished": "2022-02-09T22:05:22", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.469Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-44832 (GCVE-0-2021-44832)
Vulnerability from cvelistv5
Published
2021-12-28 19:35
Modified
2024-08-04 04:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Log4j2 |
Version: log4j-core < 2.17.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:32:13.076Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" }, { "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" }, { "name": "FEDORA-2021-c6f471ce0f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/" }, { "name": "FEDORA-2021-1bd9151bab", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220104-0001/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Log4j2", "vendor": "Apache Software Foundation", "versions": [ { "changes": [ { "at": "2.13.0", "status": "affected" }, { "at": "2.12.4", "status": "unaffected" }, { "at": "2.4", "status": "affected" }, { "at": "2.3.2", "status": "unaffected" }, { "at": "2.0-beta7", "status": "affected" } ], "lessThan": "2.17.1", "status": "affected", "version": "log4j-core", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2." } ], "metrics": [ { "other": { "content": { "other": "moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-25T16:41:33", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" }, { "tags": [ "x_refsource_MISC" ], "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" }, { "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" }, { "name": "FEDORA-2021-c6f471ce0f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/" }, { "name": "FEDORA-2021-1bd9151bab", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220104-0001/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "source": { "defect": [ "LOG4J2-3293", "" ], "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-12-27T00:00:00", "value": "reported" }, { "lang": "en", "time": "2021-12-27T00:00:00", "value": "patch proposed, 2.17.1-rc1" }, { "lang": "en", "time": "2021-12-28T00:00:00", "value": "fixed" }, { "lang": "en", "time": "2021-12-28T00:00:00", "value": "public" } ], "title": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-44832", "STATE": "PUBLIC", "TITLE": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Log4j2", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.17.1" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.13.0" }, { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.12.4" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.4" }, { "version_affected": "\u003c", "version_name": "log4j-core", "version_value": "2.3.2" }, { "version_affected": "\u003e=", "version_name": "log4j-core", "version_value": "2.0-beta7" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "moderate" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] }, { "description": [ { "lang": "eng", "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143", "refsource": "MISC", "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" }, { "name": "https://issues.apache.org/jira/browse/LOG4J2-3293", "refsource": "MISC", "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" }, { "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" }, { "name": "FEDORA-2021-c6f471ce0f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/" }, { "name": "FEDORA-2021-1bd9151bab", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220104-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220104-0001/" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, "source": { "defect": [ "LOG4J2-3293", "" ], "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2021-12-27T00:00:00", "value": "reported" }, { "lang": "en", "time": "2021-12-27T00:00:00", "value": "patch proposed, 2.17.1-rc1" }, { "lang": "en", "time": "2021-12-28T00:00:00", "value": "fixed" }, { "lang": "en", "time": "2021-12-28T00:00:00", "value": "public" } ] } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-44832", "datePublished": "2021-12-28T19:35:11", "dateReserved": "2021-12-11T00:00:00", "dateUpdated": "2024-08-04T04:32:13.076Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22542 (GCVE-0-2022-22542)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) |
Version: 104 Version: 105 Version: 106 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.572Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3142092" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "104" }, { "status": "affected", "version": "105" }, { "status": "affected", "version": "106" } ] } ], "descriptions": [ { "lang": "en", "value": "S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:18:33", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3142092" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22542", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)", "version": { "version_data": [ { "version_affected": "=", "version_value": "104" }, { "version_affected": "=", "version_value": "105" }, { "version_affected": "=", "version_value": "106" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3142092", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3142092" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22542", "datePublished": "2022-02-09T22:05:26", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.572Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22538 (GCVE-0-2022-22538)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP 3D Visual Enterprise Viewer |
Version: 9.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.437Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3134684" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP 3D Visual Enterprise Viewer", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "9.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:18:25", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3134684" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22538", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP 3D Visual Enterprise Viewer", "version": { "version_data": [ { "version_affected": "=", "version_value": "9.0" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3134684", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3134684" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22538", "datePublished": "2022-02-09T22:05:23", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.437Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-44228 (GCVE-0-2021-44228)
Vulnerability from cvelistv5
Published
2021-12-10 00:00
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Log4j2 |
Version: 2.0-beta9 < log4j-core* |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:17:24.696Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1" }, { "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2" }, { "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211210-0007/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" }, { "tags": [ "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" }, { "name": "DSA-5020", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5020" }, { "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html" }, { "name": "FEDORA-2021-f0f501d01f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/" }, { "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/" }, { "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2" }, { "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1" }, { "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "VU#930724", "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/930724" }, { "tags": [ "x_transferred" ], "url": "https://twitter.com/kurtseifried/status/1469345530182455296" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html" }, { "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" }, { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "name": "FEDORA-2021-66d6c484f3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html" }, { "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/23" }, { "tags": [ "x_transferred" ], "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001" }, { "tags": [ "x_transferred" ], "url": "https://github.com/cisagov/log4j-affected-db" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213189" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228" }, { "tags": [ "x_transferred" ], "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html" }, { "name": "20220721 Open-Xchange Security Advisory 2022-07-21", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/11" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html" }, { "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-44228", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-04T14:25:34.416117Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2021-12-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2025-07-30T01:37:52.215Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "timeline": [ { "lang": "en", "time": "2021-12-10T00:00:00+00:00", "value": "CVE-2021-44228 added to CISA KEV" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Apache Log4j2", "vendor": "Apache Software Foundation", "versions": [ { "changes": [ { "at": "2.3.1", "status": "unaffected" }, { "at": "2.4", "status": "affected" }, { "at": "2.12.2", "status": "unaffected" }, { "at": "2.13.0", "status": "affected" }, { "at": "2.15.0", "status": "unaffected" } ], "lessThan": "log4j-core*", "status": "affected", "version": "2.0-beta9", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team." } ], "descriptions": [ { "lang": "en", "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects." } ], "metrics": [ { "other": { "content": { "other": "critical" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-03T00:00:00.000Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1" }, { "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2" }, { "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3" }, { "url": "https://security.netapp.com/advisory/ntap-20211210-0007/" }, { "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" }, { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" }, { "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" }, { "name": "DSA-5020", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2021/dsa-5020" }, { "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html" }, { "name": "FEDORA-2021-f0f501d01f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/" }, { "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2", "tags": [ "vendor-advisory" ], "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/" }, { "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2" }, { "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1" }, { "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "VU#930724", "tags": [ "third-party-advisory" ], "url": "https://www.kb.cert.org/vuls/id/930724" }, { "url": "https://twitter.com/kurtseifried/status/1469345530182455296" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" }, { "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html" }, { "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html" }, { "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html" }, { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" }, { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" }, { "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html" }, { "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html" }, { "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html" }, { "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html" }, { "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "name": "FEDORA-2021-66d6c484f3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/" }, { "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html" }, { "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md" }, { "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html" }, { "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html" }, { "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Mar/23" }, { "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001" }, { "url": "https://github.com/cisagov/log4j-affected-db" }, { "url": "https://support.apple.com/kb/HT213189" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228" }, { "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html" }, { "name": "20220721 Open-Xchange Security Advisory 2022-07-21", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Jul/11" }, { "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html" }, { "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html" }, { "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/2" }, { "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-44228", "datePublished": "2021-12-10T00:00:00.000Z", "dateReserved": "2021-11-26T00:00:00.000Z", "dateUpdated": "2025-07-30T01:37:52.215Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-45046 (GCVE-0-2021-45046)
Vulnerability from cvelistv5
Published
2021-12-14 16:55
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Summary
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Log4j |
Version: Apache Log4j2 < 2.16.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:32:13.624Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" }, { "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "name": "VU#930724", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/930724" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" }, { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "name": "DSA-5022", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5022" }, { "name": "[oss-security] 20211218 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "name": "FEDORA-2021-5c9d12a93e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/" }, { "name": "FEDORA-2021-abbe24e41c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-16" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-45046", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-04T19:31:22.638704Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2023-05-01", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-45046" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2025-07-30T01:37:51.963Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "timeline": [ { "lang": "en", "time": "2023-05-01T00:00:00+00:00", "value": "CVE-2021-45046 added to CISA KEV" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Apache Log4j", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "2.16.0", "status": "affected", "version": "Apache Log4j2", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default." } ], "metrics": [ { "other": { "content": { "other": "moderate (CVSS: 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-917", "description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-26T06:06:18.017Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" }, { "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "name": "VU#930724", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/930724" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" }, { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "name": "DSA-5022", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5022" }, { "name": "[oss-security] 20211218 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "name": "FEDORA-2021-5c9d12a93e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/" }, { "name": "FEDORA-2021-abbe24e41c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://security.gentoo.org/glsa/202310-16" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-45046", "STATE": "PUBLIC", "TITLE": "Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Log4j", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "Apache Log4j2", "version_value": "2.16.0" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "moderate (CVSS: 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" }, { "name": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", "refsource": "CONFIRM", "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html" }, { "name": "https://www.cve.org/CVERecord?id=CVE-2021-44228", "refsource": "MISC", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" }, { "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "name": "https://logging.apache.org/log4j/2.x/security.html", "refsource": "CONFIRM", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "name": "VU#930724", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/930724" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" }, { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html" }, { "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf" }, { "name": "DSA-5022", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5022" }, { "name": "[oss-security] 20211218 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "name": "FEDORA-2021-5c9d12a93e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/" }, { "name": "FEDORA-2021-abbe24e41c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-45046", "datePublished": "2021-12-14T16:55:09.000Z", "dateReserved": "2021-12-14T00:00:00.000Z", "dateUpdated": "2025-07-30T01:37:51.963Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22539 (GCVE-0-2022-22539)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP 3D Visual Enterprise Viewer |
Version: 9.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.440Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3134684" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP 3D Visual Enterprise Viewer", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "9.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:18:42", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3134684" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22539", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP 3D Visual Enterprise Viewer", "version": { "version_data": [ { "version_affected": "=", "version_value": "9.0" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3134684", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3134684" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22539", "datePublished": "2022-02-09T22:05:25", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.440Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22535 (GCVE-0-2022-22535)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP ERP HCM (Portugal) |
Version: 600 Version: 604 Version: 608 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3126489" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP ERP HCM (Portugal)", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "600" }, { "status": "affected", "version": "604" }, { "status": "affected", "version": "608" } ] } ], "descriptions": [ { "lang": "en", "value": "SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:17:32", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3126489" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22535", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP ERP HCM (Portugal)", "version": { "version_data": [ { "version_affected": "=", "version_value": "600" }, { "version_affected": "=", "version_value": "604" }, { "version_affected": "=", "version_value": "608" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-862" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3126489", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3126489" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22535", "datePublished": "2022-02-09T22:05:21", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22532 (GCVE-0-2022-22532)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP NetWeaver Application Server Java |
Version: KRNL64NUC 7.22 Version: 7.22EXT Version: 7.49 Version: KRNL64UC Version: 7.22 Version: 7.53 Version: KERNEL 7.22 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.440Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3123427" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP NetWeaver Application Server Java", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "KRNL64NUC 7.22" }, { "status": "affected", "version": "7.22EXT" }, { "status": "affected", "version": "7.49" }, { "status": "affected", "version": "KRNL64UC" }, { "status": "affected", "version": "7.22" }, { "status": "affected", "version": "7.53" }, { "status": "affected", "version": "KERNEL 7.22" } ] } ], "descriptions": [ { "lang": "en", "value": "In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim\u0027s logon session." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:16:54", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3123427" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22532", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP NetWeaver Application Server Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "KRNL64NUC 7.22" }, { "version_affected": "=", "version_value": "7.22EXT" }, { "version_affected": "=", "version_value": "7.49" }, { "version_affected": "=", "version_value": "KRNL64UC" }, { "version_affected": "=", "version_value": "7.22" }, { "version_affected": "=", "version_value": "7.22EXT" }, { "version_affected": "=", "version_value": "7.49" }, { "version_affected": "=", "version_value": "7.53" }, { "version_affected": "=", "version_value": "KERNEL 7.22" }, { "version_affected": "=", "version_value": "7.49" }, { "version_affected": "=", "version_value": "7.53" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim\u0027s logon session." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3123427", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3123427" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22532", "datePublished": "2022-02-09T22:05:19", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.440Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22531 (GCVE-0-2022-22531)
Vulnerability from cvelistv5
Published
2022-01-14 19:11
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP S/4HANA |
Version: 100 Version: 101 Version: 102 Version: 103 Version: 104 Version: 105 Version: 106 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.412Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3112928" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SAP S/4HANA", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "100" }, { "status": "affected", "version": "101" }, { "status": "affected", "version": "102" }, { "status": "affected", "version": "103" }, { "status": "affected", "version": "104" }, { "status": "affected", "version": "105" }, { "status": "affected", "version": "106" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.\u003c/p\u003e" } ], "value": "The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.\n\n" } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-Site Scripting", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-10T18:07:38.847Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3112928" }, { "tags": [ "x_refsource_MISC" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22531", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP S/4HANA", "version": { "version_data": [ { "version_name": "\u003c", "version_value": "100" }, { "version_name": "\u003c", "version_value": "101" }, { "version_name": "\u003c", "version_value": "102" }, { "version_name": "\u003c", "version_value": "103" }, { "version_name": "\u003c", "version_value": "104" }, { "version_name": "\u003c", "version_value": "105" }, { "version_name": "\u003c", "version_value": "106" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3112928", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3112928" }, { "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22531", "datePublished": "2022-01-14T19:11:28", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.412Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22546 (GCVE-0-2022-22546)
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP Business Objects Web Intelligence (BI Launchpad) |
Version: 420 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:55.748Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3126748" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP Business Objects Web Intelligence (BI Launchpad)", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "420" } ] } ], "descriptions": [ { "lang": "en", "value": "Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:19:12", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3126748" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22546", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP Business Objects Web Intelligence (BI Launchpad)", "version": { "version_data": [ { "version_affected": "=", "version_value": "420" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79" } ] } ] }, "references": { "reference_data": [ { "name": "https://launchpad.support.sap.com/#/notes/3126748", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3126748" }, { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22546", "datePublished": "2022-02-09T22:05:28", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.748Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…