Details of VAR-202112-0562

ID

VAR-202112-0562

CVE

CVE-2021-45046

TITLE

Apache Log4j Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-1065

DESCRIPTION

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. For the oldstable distribution (buster), this problem has been fixed in version 2.16.0-1~deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 2.16.0-1~deb11u1. We recommend that you upgrade your apache-log4j2 packages. For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG7FI5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSqOg//XOye7T/8PKOrrUtHFhH+w2dOC0GujwcIS2mhofVuZQTPYvM5uTZxDTuz rQN+T505t9QaP3sF05gXK6VI675HhgmF3d+vDEnhp8QpZX5HeJrmmX44FewZQAqP yMysAuwG1RJ0Qgs7NmppU/XJBnmhJLsqsW99kcDnNXS67D23e1nUqAEDME5baSoF VPc50Up/yh4DE28Jcs8Mh2cM8UqmeLEQJ8XC3IojQLhmOF1UBJuL4K0sEUqWtJeN TytHya2XdfIIZcRolHe6AUeiLP5JpitbqkVP+hEeruAvk8nTGsLi0HMbWxA9LLcB bB9KKJjf6xndRa/t/IXGMzwr883t5/YLdxbCFcGj9M4Bfj7SAhGdgnJHZaRt1quX Vcqnu1pDHpdFuRX4t6oqF9R0uiBGeupZmGdb1y7os+FU2EbTRYU0rlnhfOsou0ex Vh5sFKFDhgWUQoyuVUMh6eOZ7p92GTzbw5kPkvboa7Xdrs02m7ChLlh8f5ajRFrK WbAcwsBj6RK4dmtdvfO2sVEuRTpFQ3qtecwZUR0pqUIjJ+rfurSGmpPr3iOrBu2s ROol/vLfW5uZd6RxSNbt3twPcwBaZagFQCcDY27Yz0sH6DlQUmWed1KJjbRaZ7fn cqjFisSZxu8d5VoAtjMSP8l95FoAm53r9Q1HCZvXqRhBjFNoYqE= =TNnt -----END PGP SIGNATURE----- . Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 4. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse product documentation pages: Fuse 7.8: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications Fuse 7.9: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications Fuse 7.10: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications 4. The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update Advisory ID: RHSA-2022:1297-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1297 Issue date: 2022-04-11 CVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ===================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. JIRA issues fixed (https://issues.jboss.org/): JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 7. Package List: Red Hat JBoss EAP 7.4 for RHEL 8: Source: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm noarch: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm x86_64: eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK HU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K khbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ rZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo P1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e sPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R IwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt l3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0 U8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp zhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca dcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe UnHI/WwB37w= =eCh2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied

Trust: 1.71

sources: NVD: CVE-2021-45046 // VULMON: CVE-2021-45046 // PACKETSTORM: 169180 // PACKETSTORM: 165333 // PACKETSTORM: 165632 // PACKETSTORM: 165636 // PACKETSTORM: 165637 // PACKETSTORM: 166673 // PACKETSTORM: 166676 // PACKETSTORM: 165650

AFFECTED PRODUCTS

vendor:	siemens	model:	energyip prepay	scope:	eq	version:	3.8	Trust: 1.0
vendor:	siemens	model:	nx	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	datacenter manager	scope:	eq	version:	-	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	siemens	model:	vesys	scope:	lt	version:	2019.1	Trust: 1.0
vendor:	siemens	model:	head-end system universal device integration system	scope:	eq	version:	*	Trust: 1.0
vendor:	sonicwall	model:	email security	scope:	lt	version:	10.0.12	Trust: 1.0
vendor:	siemens	model:	sentron powermanager	scope:	eq	version:	4.1	Trust: 1.0
vendor:	siemens	model:	6bk1602-0aa52-0tp0	scope:	lt	version:	2.7.0	Trust: 1.0
vendor:	siemens	model:	industrial edge management	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	spectrum power 7	scope:	lt	version:	2.30	Trust: 1.0
vendor:	siemens	model:	navigator	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	siemens	model:	industrial edge management hub	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	siemens	model:	tracealertserverplus	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	spectrum power 4	scope:	eq	version:	4.70	Trust: 1.0
vendor:	siemens	model:	operation scheduler	scope:	lte	version:	1.1.3	Trust: 1.0
vendor:	siemens	model:	comos	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	xpedition enterprise	scope:	eq	version:	-	Trust: 1.0
vendor:	apache	model:	log4j	scope:	lt	version:	2.12.2	Trust: 1.0
vendor:	siemens	model:	sentron powermanager	scope:	eq	version:	4.2	Trust: 1.0
vendor:	siemens	model:	sppa-t3000 ses3000	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	9.0	Trust: 1.0
vendor:	siemens	model:	opcenter intelligence	scope:	lte	version:	3.2	Trust: 1.0
vendor:	intel	model:	system debugger	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	mendix	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	logo\! soft comfort	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siveillance identity	scope:	eq	version:	1.5	Trust: 1.0
vendor:	siemens	model:	siveillance control pro	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siveillance identity	scope:	eq	version:	1.6	Trust: 1.0
vendor:	apache	model:	log4j	scope:	gte	version:	2.13.0	Trust: 1.0
vendor:	intel	model:	system studio	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siveillance viewpoint	scope:	eq	version:	*	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	siemens	model:	6bk1602-0aa12-0tp0	scope:	lt	version:	2.7.0	Trust: 1.0
vendor:	siemens	model:	siveillance vantage	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	teamcenter	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	captial	scope:	eq	version:	2019.1	Trust: 1.0
vendor:	intel	model:	secure device onboard	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	5.1	Trust: 1.0
vendor:	siemens	model:	energy engage	scope:	eq	version:	3.1	Trust: 1.0
vendor:	siemens	model:	solid edge cam pro	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	energyip prepay	scope:	eq	version:	3.7	Trust: 1.0
vendor:	intel	model:	audio development kit	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	genomics kernel library	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	xpedition package integrator	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	siemens	model:	mindsphere	scope:	lt	version:	2021-12-11	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.6	Trust: 1.0
vendor:	siemens	model:	spectrum power 7	scope:	eq	version:	2.30	Trust: 1.0
vendor:	intel	model:	oneapi	scope:	eq	version:	-	Trust: 1.0
vendor:	apache	model:	log4j	scope:	lt	version:	2.16.0	Trust: 1.0
vendor:	apache	model:	log4j	scope:	gte	version:	2.0.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	siemens	model:	e-car operation center	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	siemens	model:	spectrum power 4	scope:	lt	version:	4.70	Trust: 1.0
vendor:	siemens	model:	desigo cc info center	scope:	eq	version:	5.0	Trust: 1.0
vendor:	siemens	model:	desigo cc info center	scope:	eq	version:	5.1	Trust: 1.0
vendor:	siemens	model:	6bk1602-0aa22-0tp0	scope:	lt	version:	2.7.0	Trust: 1.0
vendor:	cvat	model:	computer vision annotation tool	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.0	Trust: 1.0
vendor:	siemens	model:	siguard dsa	scope:	eq	version:	4.3	Trust: 1.0
vendor:	siemens	model:	6bk1602-0aa32-0tp0	scope:	lt	version:	2.7.0	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.5	Trust: 1.0
vendor:	siemens	model:	siguard dsa	scope:	eq	version:	4.2	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.1	Trust: 1.0
vendor:	siemens	model:	6bk1602-0aa42-0tp0	scope:	lt	version:	2.7.0	Trust: 1.0
vendor:	siemens	model:	captial	scope:	lt	version:	2019.1	Trust: 1.0
vendor:	siemens	model:	solid edge harness design	scope:	eq	version:	2020	Trust: 1.0
vendor:	siemens	model:	solid edge harness design	scope:	lt	version:	2020	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	5.0	Trust: 1.0
vendor:	apache	model:	log4j	scope:	eq	version:	2.0	Trust: 1.0
vendor:	intel	model:	sensor solution development kit	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	sipass integrated	scope:	eq	version:	2.85	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.7	Trust: 1.0
vendor:	siemens	model:	gma-manager	scope:	lt	version:	8.6.2j-398	Trust: 1.0
vendor:	siemens	model:	siguard dsa	scope:	eq	version:	4.4	Trust: 1.0
vendor:	siemens	model:	vesys	scope:	eq	version:	2019.1	Trust: 1.0
vendor:	siemens	model:	siveillance command	scope:	lte	version:	4.16.2.1	Trust: 1.0
vendor:	siemens	model:	sipass integrated	scope:	eq	version:	2.80	Trust: 1.0

sources: NVD: CVE-2021-45046

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45046
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202112-1065
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-45046
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-45046
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2021-45046
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2021-45046 // CNNVD: CNNVD-202112-1065 // NVD: CVE-2021-45046

PROBLEMTYPE DATA

problemtype:

CWE-917

Trust: 1.0

sources: NVD: CVE-2021-45046

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 166673 // PACKETSTORM: 166676 // CNNVD: CNNVD-202112-1065

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202112-1065

PATCH

title:	Apache Log4j Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=175394	Trust: 0.6
title:	Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b88a8ce4fc53c3a45830bc6bbde8b01c	Trust: 0.1
title:	Debian Security Advisories: DSA-5022-1 apache-log4j2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5ba53229ef5f408ed29126bd4f624def	Trust: 0.1
title:	Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221296 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221299 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221297 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1553	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1553	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c8b40ff47e1d31bee8b0fbdbdd4fe212	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=654a4f5a7bd1fdfd229558535923710b	Trust: 0.1
title:	IBM: Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization â€“ Apache Log4j â€“ [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1239b8de81ba381055ce95c571a45bea	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1731	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1731	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1730	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1730	Trust: 0.1
title:	Omada-Ansible	url:	https://github.com/kdpuvvadi/Omada-Ansible	Trust: 0.1
title:	CVE-2021-45046	url:	https://github.com/tejas-nagchandi/CVE-2021-45046	Trust: 0.1
title:	Log4Shell	url:	https://github.com/r00thunter/Log4Shell	Trust: 0.1
title:	log4j-exploit-server	url:	https://github.com/lwollan/log4j-exploit-server	Trust: 0.1
title:	log4j2-intranet-scan	url:	https://github.com/k3rwin/log4j2-intranet-scan	Trust: 0.1

sources: VULMON: CVE-2021-45046 // CNNVD: CNNVD-202112-1065

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45046	Trust: 2.5
db:	SIEMENS	id:	SSA-714170	Trust: 1.6
db:	SIEMENS	id:	SSA-397453	Trust: 1.6
db:	SIEMENS	id:	SSA-479842	Trust: 1.6
db:	SIEMENS	id:	SSA-661247	Trust: 1.6
db:	OPENWALL	id:	OSS-SECURITY/2021/12/15/3	Trust: 1.6
db:	OPENWALL	id:	OSS-SECURITY/2021/12/14/4	Trust: 1.6
db:	OPENWALL	id:	OSS-SECURITY/2021/12/18/1	Trust: 1.6
db:	CERT/CC	id:	VU#930724	Trust: 1.6
db:	PACKETSTORM	id:	165333	Trust: 0.7
db:	PACKETSTORM	id:	166676	Trust: 0.7
db:	LENOVO	id:	LEN-76573	Trust: 0.6
db:	CS-HELP	id:	SB2021122212	Trust: 0.6
db:	CS-HELP	id:	SB2022042115	Trust: 0.6
db:	CS-HELP	id:	SB2022020815	Trust: 0.6
db:	CS-HELP	id:	SB2022010517	Trust: 0.6
db:	CS-HELP	id:	SB2022012731	Trust: 0.6
db:	CS-HELP	id:	SB2022012443	Trust: 0.6
db:	CS-HELP	id:	SB2021121651	Trust: 0.6
db:	CS-HELP	id:	SB2021122726	Trust: 0.6
db:	CS-HELP	id:	SB2022060708	Trust: 0.6
db:	CS-HELP	id:	SB2021122119	Trust: 0.6
db:	CS-HELP	id:	SB2022012730	Trust: 0.6
db:	CS-HELP	id:	SB2021122018	Trust: 0.6
db:	CS-HELP	id:	SB2022010632	Trust: 0.6
db:	CS-HELP	id:	SB2021122814	Trust: 0.6
db:	CS-HELP	id:	SB2022062006	Trust: 0.6
db:	CS-HELP	id:	SB2022032405	Trust: 0.6
db:	CS-HELP	id:	SB2022022126	Trust: 0.6
db:	CS-HELP	id:	SB2021121516	Trust: 0.6
db:	CS-HELP	id:	SB2022012501	Trust: 0.6
db:	CS-HELP	id:	SB2021123016	Trust: 0.6
db:	CS-HELP	id:	SB2022010325	Trust: 0.6
db:	CS-HELP	id:	SB2022012045	Trust: 0.6
db:	CS-HELP	id:	SB2022020602	Trust: 0.6
db:	CS-HELP	id:	SB2022010421	Trust: 0.6
db:	CS-HELP	id:	SB2022011034	Trust: 0.6
db:	CS-HELP	id:	SB2022011226	Trust: 0.6
db:	CS-HELP	id:	SB2021121720	Trust: 0.6
db:	CS-HELP	id:	SB2022072076	Trust: 0.6
db:	CS-HELP	id:	SB2022021429	Trust: 0.6
db:	CS-HELP	id:	SB2022060808	Trust: 0.6
db:	CS-HELP	id:	SB2022030923	Trust: 0.6
db:	CS-HELP	id:	SB2021122307	Trust: 0.6
db:	CS-HELP	id:	SB2021122908	Trust: 0.6
db:	PACKETSTORM	id:	165343	Trust: 0.6
db:	PACKETSTORM	id:	165649	Trust: 0.6
db:	PACKETSTORM	id:	166677	Trust: 0.6
db:	PACKETSTORM	id:	165645	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0332	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4257	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0086	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4187.6	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4295	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4186.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0247	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0199	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0240	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4186.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4302.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4198.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0090	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-1065	Trust: 0.6
db:	VULMON	id:	CVE-2021-45046	Trust: 0.1
db:	PACKETSTORM	id:	169180	Trust: 0.1
db:	PACKETSTORM	id:	165632	Trust: 0.1
db:	PACKETSTORM	id:	165636	Trust: 0.1
db:	PACKETSTORM	id:	165637	Trust: 0.1
db:	PACKETSTORM	id:	166673	Trust: 0.1
db:	PACKETSTORM	id:	165650	Trust: 0.1

sources: VULMON: CVE-2021-45046 // PACKETSTORM: 169180 // PACKETSTORM: 165333 // PACKETSTORM: 165632 // PACKETSTORM: 165636 // PACKETSTORM: 165637 // PACKETSTORM: 166673 // PACKETSTORM: 166676 // PACKETSTORM: 165650 // CNNVD: CNNVD-202112-1065 // NVD: CVE-2021-45046

REFERENCES

url:	https://www.cve.org/cverecord?id=cve-2021-44228	Trust: 1.6
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.6
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/	Trust: 1.6
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/	Trust: 1.6
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.6
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032	Trust: 1.6
url:	https://www.kb.cert.org/vuls/id/930724	Trust: 1.6
url:	http://www.openwall.com/lists/oss-security/2021/12/18/1	Trust: 1.6
url:	http://www.openwall.com/lists/oss-security/2021/12/14/4	Trust: 1.6
url:	http://www.openwall.com/lists/oss-security/2021/12/15/3	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Trust: 1.6
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Trust: 1.6
url:	https://logging.apache.org/log4j/2.x/security.html	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Trust: 1.6
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.6
url:	https://www.debian.org/security/2021/dsa-5022	Trust: 1.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd	Trust: 1.6
url:	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Trust: 1.6
url:	https://access.redhat.com/security/cve/cve-2021-45046	Trust: 1.3
url:	https://security.gentoo.org/glsa/202310-16	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45046	Trust: 0.8
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44832	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45105	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-45105	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-44832	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060808	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072076	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0086	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0240	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4186.4	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4186.3	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122212	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012731	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4302.3	Trust: 0.6
url:	https://packetstormsecurity.com/files/165649/red-hat-security-advisory-2022-0222-02.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122814	Trust: 0.6
url:	https://packetstormsecurity.com/files/165645/red-hat-security-advisory-2022-0205-02.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121720	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122018	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010632	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012730	Trust: 0.6
url:	https://packetstormsecurity.com/files/166676/red-hat-security-advisory-2022-1297-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0199	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010517	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022020602	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-log4j-denial-of-service-via-thread-context-message-pattern-37075	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4257	Trust: 0.6
url:	https://packetstormsecurity.com/files/165333/red-hat-security-advisory-2021-5106-04.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012501	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022062006	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021123016	Trust: 0.6
url:	https://packetstormsecurity.com/files/165343/red-hat-security-advisory-2021-5107-06.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122726	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121516	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4295	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010325	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122908	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060708	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6527436	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011226	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6528374	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032405	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122119	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0332	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022030923	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4198.4	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6527886	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042115	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0090	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6526750	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022126	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121651	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021429	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4187.6	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022020815	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122307	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-76573	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012045	Trust: 0.6
url:	https://packetstormsecurity.com/files/166677/red-hat-security-advisory-2022-1296-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011034	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012443	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010421	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0247	Trust: 0.6
url:	https://access.redhat.com/security/vulnerabilities/rhsb-2021-009	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-44228	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44228	Trust: 0.2
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=appplatform&version=7.4	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23307	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23302	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23305	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-4104	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23302	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23305	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23307	Trust: 0.2
url:	https://issues.jboss.org/):	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4104	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/apache-log4j2	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5106	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=jboss.fuse&version=7.09.0	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=jboss.fuse&version=7.10.0	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0203	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=jboss.fuse&version=7.08.0	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0216	Trust: 0.1
url:	https://access.redhat.com/solutions/6577421	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0083	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xcatrhoar.eclipse.vertx&version=4.1.8	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1299	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1297	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=red.hat.integration&version	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0223	Trust: 0.1

sources: PACKETSTORM: 169180 // PACKETSTORM: 165333 // PACKETSTORM: 165632 // PACKETSTORM: 165636 // PACKETSTORM: 165637 // PACKETSTORM: 166673 // PACKETSTORM: 166676 // PACKETSTORM: 165650 // CNNVD: CNNVD-202112-1065 // NVD: CVE-2021-45046

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 165333 // PACKETSTORM: 165632 // PACKETSTORM: 165636 // PACKETSTORM: 165637 // PACKETSTORM: 166673 // PACKETSTORM: 166676 // PACKETSTORM: 165650

SOURCES

db:	VULMON	id:	CVE-2021-45046
db:	PACKETSTORM	id:	169180
db:	PACKETSTORM	id:	165333
db:	PACKETSTORM	id:	165632
db:	PACKETSTORM	id:	165636
db:	PACKETSTORM	id:	165637
db:	PACKETSTORM	id:	166673
db:	PACKETSTORM	id:	166676
db:	PACKETSTORM	id:	165650
db:	CNNVD	id:	CNNVD-202112-1065
db:	NVD	id:	CVE-2021-45046

LAST UPDATE DATE

2024-12-21T21:42:13.243000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45046	date:	2023-10-26T00:00:00
db:	CNNVD	id:	CNNVD-202112-1065	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2021-45046	date:	2024-11-21T06:31:51.470

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45046	date:	2021-12-14T00:00:00
db:	PACKETSTORM	id:	169180	date:	2021-12-28T20:12:00
db:	PACKETSTORM	id:	165333	date:	2021-12-16T15:34:27
db:	PACKETSTORM	id:	165632	date:	2022-01-20T17:49:05
db:	PACKETSTORM	id:	165636	date:	2022-01-20T17:49:52
db:	PACKETSTORM	id:	165637	date:	2022-01-20T17:50:03
db:	PACKETSTORM	id:	166673	date:	2022-04-11T17:07:22
db:	PACKETSTORM	id:	166676	date:	2022-04-11T17:14:49
db:	PACKETSTORM	id:	165650	date:	2022-01-21T15:29:54
db:	CNNVD	id:	CNNVD-202112-1065	date:	2021-12-14T00:00:00
db:	NVD	id:	CVE-2021-45046	date:	2021-12-14T19:15:07.733