ID

VAR-202112-0562


CVE

CVE-2021-45046


TITLE

Apache Log4j Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-1065

DESCRIPTION

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache log4j2 has a denial of service vulnerability. When improperly configured, an attacker can exploit this vulnerability to cause a denial of service attack. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Data Grid 8.2.3 security update Advisory ID: RHSA-2022:0205-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:0205 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 ===================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3]. 3. Solution: To install this update, do the following: 1. Download the Data Grid 8.2.3 server patch from the customer portal[²]. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release Notes[³] for patching instructions. 4. Restart Data Grid to ensure the changes take effect. 4. References: https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=data.grid&version=8.2 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL bJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI QBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa 5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk N+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9 /WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9 B/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6 EblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y iy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD FX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K LpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd QiLGYFSmmLk= =y5SE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The References section of this erratum contains a download link (you must log in to download the update). Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. JIRA issues fixed (https://issues.jboss.org/): JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22899 - Tracker bug for the EAP 7.4.4 release for RHEL-7 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 7. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8

Trust: 1.71

sources: NVD: CVE-2021-45046 // VULHUB: VHN-408570 // VULMON: CVE-2021-45046 // PACKETSTORM: 165329 // PACKETSTORM: 165343 // PACKETSTORM: 165636 // PACKETSTORM: 165645 // PACKETSTORM: 165649 // PACKETSTORM: 166673 // PACKETSTORM: 166677

AFFECTED PRODUCTS

vendor:siemensmodel:energyipscope:eqversion:8.6

Trust: 1.0

vendor:intelmodel:system studioscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:navigatorscope:ltversion:2021-12-13

Trust: 1.0

vendor:intelmodel:audio development kitscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:gma-managerscope:ltversion:8.6.2j-398

Trust: 1.0

vendor:siemensmodel:spectrum power 7scope:ltversion:2.30

Trust: 1.0

vendor:siemensmodel:sppa-t3000 ses3000scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:mindspherescope:ltversion:2021-12-11

Trust: 1.0

vendor:siemensmodel:vesysscope:eqversion:2019.1

Trust: 1.0

vendor:siemensmodel:comosscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:6bk1602-0aa12-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:siemensmodel:energy engagescope:eqversion:3.1

Trust: 1.0

vendor:siemensmodel:6bk1602-0aa52-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:siemensmodel:energyip prepayscope:eqversion:3.8

Trust: 1.0

vendor:apachemodel:log4jscope:gteversion:2.13.0

Trust: 1.0

vendor:siemensmodel:siguard dsascope:eqversion:4.4

Trust: 1.0

vendor:siemensmodel:spectrum power 7scope:eqversion:2.30

Trust: 1.0

vendor:siemensmodel:desigo cc advanced reportsscope:eqversion:4.1

Trust: 1.0

vendor:siemensmodel:solid edge harness designscope:ltversion:2020

Trust: 1.0

vendor:siemensmodel:desigo cc info centerscope:eqversion:5.0

Trust: 1.0

vendor:siemensmodel:desigo cc info centerscope:eqversion:5.1

Trust: 1.0

vendor:siemensmodel:siveillance identityscope:eqversion:1.6

Trust: 1.0

vendor:siemensmodel:6bk1602-0aa42-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:apachemodel:log4jscope:gteversion:2.0.1

Trust: 1.0

vendor:siemensmodel:captialscope:ltversion:2019.1

Trust: 1.0

vendor:siemensmodel:siguard dsascope:eqversion:4.2

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.80

Trust: 1.0

vendor:intelmodel:oneapiscope:eqversion: -

Trust: 1.0

vendor:intelmodel:datacenter managerscope:eqversion: -

Trust: 1.0

vendor:apachemodel:log4jscope:ltversion:2.12.2

Trust: 1.0

vendor:siemensmodel:desigo cc advanced reportsscope:eqversion:4.2

Trust: 1.0

vendor:siemensmodel:e-car operation centerscope:ltversion:2021-12-13

Trust: 1.0

vendor:intelmodel:sensor solution development kitscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:6bk1602-0aa22-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:siemensmodel:solid edge harness designscope:eqversion:2020

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:siemensmodel:energyip prepayscope:eqversion:3.7

Trust: 1.0

vendor:siemensmodel:desigo cc advanced reportsscope:eqversion:5.0

Trust: 1.0

vendor:siemensmodel:captialscope:eqversion:2019.1

Trust: 1.0

vendor:siemensmodel:desigo cc advanced reportsscope:eqversion:5.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:siemensmodel:teamcenterscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:opcenter intelligencescope:lteversion:3.2

Trust: 1.0

vendor:sonicwallmodel:email securityscope:ltversion:10.0.12

Trust: 1.0

vendor:intelmodel:secure device onboardscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:xpedition enterprisescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siveillance identityscope:eqversion:1.5

Trust: 1.0

vendor:siemensmodel:industrial edge management hubscope:ltversion:2021-12-13

Trust: 1.0

vendor:apachemodel:log4jscope:ltversion:2.16.0

Trust: 1.0

vendor:siemensmodel:siveillance control proscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sentron powermanagerscope:eqversion:4.2

Trust: 1.0

vendor:siemensmodel:solid edge cam proscope:eqversion:*

Trust: 1.0

vendor:apachemodel:log4jscope:eqversion:2.0

Trust: 1.0

vendor:siemensmodel:industrial edge managementscope:eqversion:*

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:siemensmodel:tracealertserverplusscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:nxscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siguard dsascope:eqversion:4.3

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:siemensmodel:desigo cc advanced reportsscope:eqversion:4.0

Trust: 1.0

vendor:siemensmodel:siveillance vantagescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:spectrum power 4scope:ltversion:4.70

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.85

Trust: 1.0

vendor:intelmodel:genomics kernel libraryscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:operation schedulerscope:lteversion:1.1.3

Trust: 1.0

vendor:siemensmodel:xpedition package integratorscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siveillance viewpointscope:eqversion:*

Trust: 1.0

vendor:intelmodel:system debuggerscope:eqversion: -

Trust: 1.0

vendor:cvatmodel:computer vision annotation toolscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:energyipscope:eqversion:9.0

Trust: 1.0

vendor:siemensmodel:siveillance commandscope:lteversion:4.16.2.1

Trust: 1.0

vendor:siemensmodel:head-end system universal device integration systemscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:spectrum power 4scope:eqversion:4.70

Trust: 1.0

vendor:siemensmodel:energyipscope:eqversion:8.7

Trust: 1.0

vendor:siemensmodel:6bk1602-0aa32-0tp0scope:ltversion:2.7.0

Trust: 1.0

vendor:siemensmodel:logo\! soft comfortscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:energyipscope:eqversion:8.5

Trust: 1.0

vendor:siemensmodel:mendixscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:vesysscope:ltversion:2019.1

Trust: 1.0

vendor:siemensmodel:sentron powermanagerscope:eqversion:4.1

Trust: 1.0

sources: NVD: CVE-2021-45046

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-45046
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202112-1065
value: CRITICAL

Trust: 0.6

VULHUB: VHN-408570
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-45046
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-45046
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-408570
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-45046
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-408570 // VULMON: CVE-2021-45046 // CNNVD: CNNVD-202112-1065 // NVD: CVE-2021-45046

PROBLEMTYPE DATA

problemtype:CWE-917

Trust: 1.0

problemtype:CWE-502

Trust: 0.1

sources: VULHUB: VHN-408570 // NVD: CVE-2021-45046

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 166673 // PACKETSTORM: 166677 // CNNVD: CNNVD-202112-1065

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202112-1065

PATCH

title:Apache Log4j Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=175394

Trust: 0.6

title:Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurationsurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b88a8ce4fc53c3a45830bc6bbde8b01c

Trust: 0.1

title:Debian Security Advisories: DSA-5022-1 apache-log4j2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5ba53229ef5f408ed29126bd4f624def

Trust: 0.1

title:Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221296 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221299 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221297 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1553url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1553

Trust: 0.1

title:IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c8b40ff47e1d31bee8b0fbdbdd4fe212

Trust: 0.1

title:IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=654a4f5a7bd1fdfd229558535923710b

Trust: 0.1

title:IBM: Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization – Apache Log4j – [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1239b8de81ba381055ce95c571a45bea

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1731url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1731

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1730url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1730

Trust: 0.1

title:Omada-Ansibleurl:https://github.com/kdpuvvadi/Omada-Ansible

Trust: 0.1

title:CVE-2021-45046url:https://github.com/tejas-nagchandi/CVE-2021-45046

Trust: 0.1

title:Log4Shellurl:https://github.com/r00thunter/Log4Shell

Trust: 0.1

title:log4j-exploit-serverurl:https://github.com/lwollan/log4j-exploit-server

Trust: 0.1

title:log4j2-intranet-scanurl:https://github.com/k3rwin/log4j2-intranet-scan

Trust: 0.1

sources: VULMON: CVE-2021-45046 // CNNVD: CNNVD-202112-1065

EXTERNAL IDS

db:NVDid:CVE-2021-45046

Trust: 2.5

db:SIEMENSid:SSA-661247

Trust: 1.7

db:SIEMENSid:SSA-397453

Trust: 1.7

db:SIEMENSid:SSA-479842

Trust: 1.7

db:SIEMENSid:SSA-714170

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/12/14/4

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/12/18/1

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/12/15/3

Trust: 1.7

db:CERT/CCid:VU#930724

Trust: 1.7

db:PACKETSTORMid:165343

Trust: 0.8

db:PACKETSTORMid:165649

Trust: 0.8

db:PACKETSTORMid:165645

Trust: 0.8

db:PACKETSTORMid:165333

Trust: 0.7

db:PACKETSTORMid:166677

Trust: 0.7

db:LENOVOid:LEN-76573

Trust: 0.6

db:CS-HELPid:SB2021122212

Trust: 0.6

db:CS-HELPid:SB2022042115

Trust: 0.6

db:CS-HELPid:SB2022020815

Trust: 0.6

db:CS-HELPid:SB2022010517

Trust: 0.6

db:CS-HELPid:SB2022012731

Trust: 0.6

db:CS-HELPid:SB2022012443

Trust: 0.6

db:CS-HELPid:SB2021121651

Trust: 0.6

db:CS-HELPid:SB2021122726

Trust: 0.6

db:CS-HELPid:SB2022060708

Trust: 0.6

db:CS-HELPid:SB2021122119

Trust: 0.6

db:CS-HELPid:SB2022012730

Trust: 0.6

db:CS-HELPid:SB2021122018

Trust: 0.6

db:CS-HELPid:SB2022010632

Trust: 0.6

db:CS-HELPid:SB2021122814

Trust: 0.6

db:CS-HELPid:SB2022062006

Trust: 0.6

db:CS-HELPid:SB2022032405

Trust: 0.6

db:CS-HELPid:SB2022022126

Trust: 0.6

db:CS-HELPid:SB2021121516

Trust: 0.6

db:CS-HELPid:SB2022012501

Trust: 0.6

db:CS-HELPid:SB2021123016

Trust: 0.6

db:CS-HELPid:SB2022010325

Trust: 0.6

db:CS-HELPid:SB2022012045

Trust: 0.6

db:CS-HELPid:SB2022020602

Trust: 0.6

db:CS-HELPid:SB2022010421

Trust: 0.6

db:CS-HELPid:SB2022011034

Trust: 0.6

db:CS-HELPid:SB2022011226

Trust: 0.6

db:CS-HELPid:SB2021121720

Trust: 0.6

db:CS-HELPid:SB2022072076

Trust: 0.6

db:CS-HELPid:SB2022021429

Trust: 0.6

db:CS-HELPid:SB2022060808

Trust: 0.6

db:CS-HELPid:SB2022030923

Trust: 0.6

db:CS-HELPid:SB2021122307

Trust: 0.6

db:CS-HELPid:SB2021122908

Trust: 0.6

db:PACKETSTORMid:166676

Trust: 0.6

db:AUSCERTid:ESB-2022.0332

Trust: 0.6

db:AUSCERTid:ESB-2021.4257

Trust: 0.6

db:AUSCERTid:ESB-2022.0086

Trust: 0.6

db:AUSCERTid:ESB-2021.4187.6

Trust: 0.6

db:AUSCERTid:ESB-2021.4295

Trust: 0.6

db:AUSCERTid:ESB-2021.4186.3

Trust: 0.6

db:AUSCERTid:ESB-2022.0247

Trust: 0.6

db:AUSCERTid:ESB-2022.0199

Trust: 0.6

db:AUSCERTid:ESB-2022.0240

Trust: 0.6

db:AUSCERTid:ESB-2021.4186.4

Trust: 0.6

db:AUSCERTid:ESB-2021.4302.3

Trust: 0.6

db:AUSCERTid:ESB-2021.4198.4

Trust: 0.6

db:AUSCERTid:ESB-2022.0090

Trust: 0.6

db:CNNVDid:CNNVD-202112-1065

Trust: 0.6

db:PACKETSTORMid:165329

Trust: 0.2

db:PACKETSTORMid:165636

Trust: 0.2

db:PACKETSTORMid:165637

Trust: 0.1

db:PACKETSTORMid:165650

Trust: 0.1

db:PACKETSTORMid:165326

Trust: 0.1

db:PACKETSTORMid:165632

Trust: 0.1

db:CNVDid:CNVD-2022-01776

Trust: 0.1

db:VULHUBid:VHN-408570

Trust: 0.1

db:VULMONid:CVE-2021-45046

Trust: 0.1

db:PACKETSTORMid:166673

Trust: 0.1

sources: VULHUB: VHN-408570 // VULMON: CVE-2021-45046 // PACKETSTORM: 165329 // PACKETSTORM: 165343 // PACKETSTORM: 165636 // PACKETSTORM: 165645 // PACKETSTORM: 165649 // PACKETSTORM: 166673 // PACKETSTORM: 166677 // CNNVD: CNNVD-202112-1065 // NVD: CVE-2021-45046

REFERENCES

url:https://www.kb.cert.org/vuls/id/930724

Trust: 1.7

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf

Trust: 1.7

url:https://logging.apache.org/log4j/2.x/security.html

Trust: 1.7

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032

Trust: 1.7

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/alert-cve-2021-44228.html

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-5022

Trust: 1.7

url:https://www.cve.org/cverecord?id=cve-2021-44228

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/12/14/4

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/12/15/3

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/12/18/1

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/

Trust: 1.6

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/

Trust: 1.6

url:https://access.redhat.com/security/cve/cve-2021-45046

Trust: 1.3

url:https://security.gentoo.org/glsa/202310-16

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-45046

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2022060808

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072076

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0086

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0240

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4186.4

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4186.3

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122212

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012731

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4302.3

Trust: 0.6

url:https://packetstormsecurity.com/files/165649/red-hat-security-advisory-2022-0222-02.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122814

Trust: 0.6

url:https://packetstormsecurity.com/files/165645/red-hat-security-advisory-2022-0205-02.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021121720

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122018

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010632

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012730

Trust: 0.6

url:https://packetstormsecurity.com/files/166676/red-hat-security-advisory-2022-1297-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0199

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010517

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022020602

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-log4j-denial-of-service-via-thread-context-message-pattern-37075

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4257

Trust: 0.6

url:https://packetstormsecurity.com/files/165333/red-hat-security-advisory-2021-5106-04.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012501

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022062006

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021123016

Trust: 0.6

url:https://packetstormsecurity.com/files/165343/red-hat-security-advisory-2021-5107-06.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122726

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021121516

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4295

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010325

Trust: 0.6

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122908

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060708

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6527436

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011226

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6528374

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032405

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122119

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0332

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030923

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4198.4

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6527886

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042115

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0090

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6526750

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022126

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021121651

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022021429

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4187.6

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022020815

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122307

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-76573

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012045

Trust: 0.6

url:https://packetstormsecurity.com/files/166677/red-hat-security-advisory-2022-1296-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011034

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012443

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010421

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0247

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-44832

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-45105

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-45105

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-44832

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-4104

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4104

Trust: 0.4

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-44228

Trust: 0.2

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=appplatform&version=7.4

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23307

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23302

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23305

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23302

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23305

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23307

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5148

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43527

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5107

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0216

Trust: 0.1

url:https://access.redhat.com/solutions/6577421

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=data.grid&version=8.2

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0205

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0222

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=red.hat.integration&version

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1299

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1296

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

sources: VULHUB: VHN-408570 // PACKETSTORM: 165329 // PACKETSTORM: 165343 // PACKETSTORM: 165636 // PACKETSTORM: 165645 // PACKETSTORM: 165649 // PACKETSTORM: 166673 // PACKETSTORM: 166677 // CNNVD: CNNVD-202112-1065 // NVD: CVE-2021-45046

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 165329 // PACKETSTORM: 165343 // PACKETSTORM: 165636 // PACKETSTORM: 165645 // PACKETSTORM: 165649 // PACKETSTORM: 166673 // PACKETSTORM: 166677

SOURCES

db:VULHUBid:VHN-408570
db:VULMONid:CVE-2021-45046
db:PACKETSTORMid:165329
db:PACKETSTORMid:165343
db:PACKETSTORMid:165636
db:PACKETSTORMid:165645
db:PACKETSTORMid:165649
db:PACKETSTORMid:166673
db:PACKETSTORMid:166677
db:CNNVDid:CNNVD-202112-1065
db:NVDid:CVE-2021-45046

LAST UPDATE DATE

2024-11-20T19:38:45.550000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-408570date:2022-10-06T00:00:00
db:VULMONid:CVE-2021-45046date:2023-10-26T00:00:00
db:CNNVDid:CNNVD-202112-1065date:2023-06-28T00:00:00
db:NVDid:CVE-2021-45046date:2024-10-31T12:17:17.820

SOURCES RELEASE DATE

db:VULHUBid:VHN-408570date:2021-12-14T00:00:00
db:VULMONid:CVE-2021-45046date:2021-12-14T00:00:00
db:PACKETSTORMid:165329date:2021-12-16T15:25:46
db:PACKETSTORMid:165343date:2021-12-17T14:05:45
db:PACKETSTORMid:165636date:2022-01-20T17:49:52
db:PACKETSTORMid:165645date:2022-01-20T18:11:03
db:PACKETSTORMid:165649date:2022-01-21T15:29:08
db:PACKETSTORMid:166673date:2022-04-11T17:07:22
db:PACKETSTORMid:166677date:2022-04-11T17:15:55
db:CNNVDid:CNNVD-202112-1065date:2021-12-14T00:00:00
db:NVDid:CVE-2021-45046date:2021-12-14T19:15:07.733