Details of VAR-202112-0566

ID

VAR-202112-0566

CVE

CVE-2021-44228

TITLE

Apache Log4j allows insecure JNDI lookups

Trust: 0.8

sources: CERT/CC: VU#930724

DESCRIPTION

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache log4j2 has a denial of service vulnerability. When improperly configured, an attacker can exploit this vulnerability to cause a denial of service attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 3.11.z security update Advisory ID: RHSA-2021:5094-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:5094 Issue date: 2021-12-14 CVE Names: CVE-2021-44228 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 3.11.z is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: See the following documentation, which will be updated shortly for release 3.11.z, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258. 4. Bugs fixed (https://bugzilla.redhat.com/): 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. References: https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYbhLlNzjgjWX9erEAQjrlxAAj770a1W36/Z4tU0kuWsNKPln/JrIgHh3 HpAIie07f44TvOlbFZS9hPyKiCj218NFZJ/gK6mf7JSPdAoa1/Q8j8mDCqcgf5Dv DZx1MBpO5DTdZI32GMUSmCE6iMHVdeSKWV0uQUZATiM43ximiyu4ypdrKP0DYHP5 AMSCXwTzh6OnnMVyvGcO0+DHFj+Nw01oXPMp5a/aHM9FrJiWxl18Qmr87DuVXYij mr7U6eEL7feOSfJX7fbTJMqDvv86O7b+AmONf+1DSx/SSYjRkpxSSKXrMXPt0vzp 2rG6Mp6hktKtxInOKQ0jHz/7P/yn7UKQeXdkKbAwy4OI5qKPsrxwJntDKXzrXQQx AD63JddKt57Frvh4scseWorQGYrRPyXqiJli/RIsrrzWsH0sTrmgdOcgc5eLZUjQ VeuSCJY5yAsgkGtWPTVVeH42jimg6exK//hTkpov62baKR6l9emEOKEQJo7YTBLd k4irq3ScdJJdYKR3pO1qQV4Fur9nWDxdl6zmQVY7bwRbca8OZFgwmoczbbSncCkq 8wzG4WLQrwsQKu+BUfTK1w7/xtpBOiOyyyQ0NzxhuqiFVt7kIFIJkXPf6gZGJTWM a1OY1jbKqfiDdGTmrhR6Mh2hjhXFvnnkjPCRkfTJxBnI6KyfOstS5TzqxlGFpfX5 wBOlSXQ0hjw= =yn9v -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.89

sources: NVD: CVE-2021-44228 // CERT/CC: VU#930724 // VULHUB: VHN-407408 // VULHUB: VHN-408570 // PACKETSTORM: 165264

AFFECTED PRODUCTS

vendor:	siemens	model:	siveillance command	scope:	lte	version:	4.16.2.1	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	12.6\(1\)	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	lt	version:	14.4.1	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.4	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.5	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.6.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	lt	version:	2.9.1.3	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	006.005.000.000	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.7	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	eq	version:	12.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified contact center management portal	scope:	eq	version:	12.6\(1\)	Trust: 1.0
vendor:	bentley	model:	synchro	scope:	lt	version:	6.4.3.2	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	006.005.000.	Trust: 1.0
vendor:	cisco	model:	network insights for data center	scope:	eq	version:	6.0\(2.1914\)	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	sentron powermanager	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	2.2.2.8	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	2.2.3.4	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	siemens	model:	siguard dsa	scope:	eq	version:	4.4	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	crosswork platform infrastructure	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	siemens	model:	mindsphere	scope:	lt	version:	2021-12-11	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	9.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	vesys	scope:	lt	version:	2019.1	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	siemens	model:	siguard dsa	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	lt	version:	7.3.0.2	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	lt	version:	12.6\(1\)	Trust: 1.0
vendor:	cisco	model:	video surveillance operations manager	scope:	lt	version:	7.14.4	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	003.002\(000.116\)	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	cisco	model:	virtual topology system	scope:	eq	version:	2.6.6	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.3.5.1	Trust: 1.0
vendor:	cisco	model:	unified communications manager im and presence service	scope:	eq	version:	11.5\(1\)	Trust: 1.0
vendor:	cisco	model:	virtualized infrastructure manager	scope:	gte	version:	3.4.0	Trust: 1.0
vendor:	siemens	model:	teamcenter	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0\(1c\)	Trust: 1.0
vendor:	intel	model:	genomics kernel library	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite admin	scope:	lt	version:	5.3.1	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	eq	version:	2.3.2.0	Trust: 1.0
vendor:	cisco	model:	crosswork network controller	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	intersight virtual appliance	scope:	eq	version:	1.0.9-343	Trust: 1.0
vendor:	apache	model:	log4j	scope:	lt	version:	2.3.1	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	2.1.2.8	Trust: 1.0
vendor:	cisco	model:	crosswork optimization engine	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	network assurance engine	scope:	lt	version:	6.0.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.4.2.1	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	008.000.000.000.004	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	eq	version:	12.5\(1\)	Trust: 1.0
vendor:	siemens	model:	e-car operation center	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	netapp	model:	cloud manager	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	head-end system universal device integration system	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	xpedition enterprise	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	lt	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009\(000.001\)	Trust: 1.0
vendor:	sonicwall	model:	email security	scope:	lt	version:	10.0.12	Trust: 1.0
vendor:	cisco	model:	prime service catalog	scope:	lt	version:	12.1	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	9.0\(2\)	Trust: 1.0
vendor:	siemens	model:	captial	scope:	lt	version:	2019.1	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	lte	version:	4.1.1	Trust: 1.0
vendor:	cisco	model:	intersight virtual appliance	scope:	lt	version:	1.0.9-361	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	lt	version:	2.10.0.1	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	lt	version:	3.0.000.115	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	5.4	Trust: 1.0
vendor:	cisco	model:	dna spaces\: connector	scope:	lt	version:	2.5	Trust: 1.0
vendor:	apache	model:	log4j	scope:	gte	version:	2.0.1	Trust: 1.0
vendor:	siemens	model:	solid edge harness design	scope:	eq	version:	2020	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.5.1.1	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.002\(000\)	Trust: 1.0
vendor:	cisco	model:	crosswork zero touch provisioning	scope:	lt	version:	2.0.1	Trust: 1.0
vendor:	cisco	model:	enterprise chat and email	scope:	eq	version:	12.0\(1\)	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009\(000.002\)	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0\(1l\)	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.2.3	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	eq	version:	11.3\(1\)	Trust: 1.0
vendor:	intel	model:	audio development kit	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	12.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.17900.52\)	Trust: 1.0
vendor:	cisco	model:	dna spaces connector	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	lt	version:	11.6\(2\)	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager im and presence service	scope:	lt	version:	11.5\(1\)	Trust: 1.0
vendor:	apache	model:	log4j	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	network assurance engine	scope:	eq	version:	6.0\(2.1912\)	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0\(1h\)	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.3\(1\)	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.3\(0\)	Trust: 1.0
vendor:	cisco	model:	packaged contact center enterprise	scope:	lt	version:	11.6	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.4	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.6	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager im \& presence service	scope:	eq	version:	11.5\(1\)	Trust: 1.0
vendor:	cisco	model:	advanced malware protection virtual private cloud appliance	scope:	lt	version:	3.5.4	Trust: 1.0
vendor:	cisco	model:	cloudcenter cost optimizer	scope:	lt	version:	5.5.2	Trust: 1.0
vendor:	cisco	model:	virtualized infrastructure manager	scope:	lt	version:	3.4.4	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	lt	version:	10.2.1v2	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.5	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14\(2.26\)	Trust: 1.0
vendor:	cisco	model:	packaged contact center enterprise	scope:	eq	version:	11.6\(1\)	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	002.004\(000.914\)	Trust: 1.0
vendor:	cisco	model:	connected mobile experiences	scope:	eq	version:	-	Trust: 1.0
vendor:	apache	model:	log4j	scope:	gte	version:	2.13.0	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	9.1\(1\)	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.003.001.001	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	gte	version:	3.1.000.000	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	lt	version:	11.5\(4\)	Trust: 1.0
vendor:	siemens	model:	desigo cc info center	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	fog director	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.000\(001\)	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.1\(1\)	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	lt	version:	3.1.000.044	Trust: 1.0
vendor:	cisco	model:	enterprise chat and email	scope:	eq	version:	12.5\(1\)	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	12.5\(2\)	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.5	Trust: 1.0
vendor:	cisco	model:	cloudcenter	scope:	lt	version:	4.10.0.16	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	lt	version:	6.8.2.0	Trust: 1.0
vendor:	cisco	model:	workload optimization manager	scope:	lt	version:	3.2.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.5	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.6.1	Trust: 1.0
vendor:	siemens	model:	nx	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14\(1.26\)	Trust: 1.0
vendor:	siemens	model:	siveillance identity	scope:	eq	version:	1.5	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	003.000\(000.458\)	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	14.0\(1\)	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.3	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.5\(1\)	Trust: 1.0
vendor:	siemens	model:	sipass integrated	scope:	eq	version:	2.85	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	gte	version:	2.2.2.0	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.6\(1\)	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	002.006\(000.156\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	006.008\(001.000\)	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	12.5\(1\)	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	21.3	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.7	Trust: 1.0
vendor:	cisco	model:	enterprise chat and email	scope:	lt	version:	12.0\(1\)	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	lt	version:	3.2.1	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009\(001.000\)	Trust: 1.0
vendor:	bentley	model:	synchro	scope:	gte	version:	6.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3	Trust: 1.0
vendor:	siemens	model:	sentron powermanager	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	eq	version:	002.003\(002.000\)	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	gte	version:	3.2.000.000	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009\(000.000\)	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0\(1a\)	Trust: 1.0
vendor:	cisco	model:	nexus dashboard	scope:	lt	version:	2.1.2	Trust: 1.0
vendor:	cisco	model:	unified workforce optimization	scope:	eq	version:	11.5\(1\)	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	5.1	Trust: 1.0
vendor:	siemens	model:	spectrum power 7	scope:	eq	version:	2.30	Trust: 1.0
vendor:	siemens	model:	gma-manager	scope:	lt	version:	8.6.2j-398	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	netapp	model:	ontap tools	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	solid edge harness design	scope:	lt	version:	2020	Trust: 1.0
vendor:	cisco	model:	contact center domain manager	scope:	lt	version:	12.5\(1\)	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	virtualized voice browser	scope:	lt	version:	12.5\(1\)	Trust: 1.0
vendor:	intel	model:	system studio	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.010\(000.000\)	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.4.5.2	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	eq	version:	11.5\(4.66000.14\)	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.000\(000\)	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	eq	version:	2.2.2.8	Trust: 1.0
vendor:	intel	model:	system debugger	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.3.4.1	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	8.3\(1\)	Trust: 1.0
vendor:	netapp	model:	cloud insights	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0\(1k\)	Trust: 1.0
vendor:	siemens	model:	industrial edge management	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	lt	version:	12.6\(1\)	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009\(001.001\)	Trust: 1.0
vendor:	siemens	model:	desigo cc info center	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	gte	version:	2.2.3.0	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	cisco	model:	cyber vision	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	lt	version:	12.5\(1\)	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.002.000	Trust: 1.0
vendor:	siemens	model:	mendix	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.002\(001\)	Trust: 1.0
vendor:	intel	model:	sensor solution development kit	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	cyber vision sensor management extension	scope:	lt	version:	4.0.3	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14\(4.018\)	Trust: 1.0
vendor:	cisco	model:	crosswork network controller	scope:	lt	version:	2.0.1	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	7.3	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.0\(1\)	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	5.1	Trust: 1.0
vendor:	intel	model:	secure device onboard	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.6.2.1	Trust: 1.0
vendor:	siemens	model:	operation scheduler	scope:	lte	version:	1.1.3	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	11.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	lt	version:	11.5\(1\)	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0\(1g\)	Trust: 1.0
vendor:	cisco	model:	virtualized infrastructure manager	scope:	lt	version:	3.2.0	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.6	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	cisco	model:	crosswork data gateway	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	5.0	Trust: 1.0
vendor:	siemens	model:	siveillance control pro	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.5\(2\)	Trust: 1.0
vendor:	siemens	model:	comos	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.5	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	2.3.2.1	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.3	Trust: 1.0
vendor:	snowsoftware	model:	vm access proxy	scope:	lt	version:	3.6	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	unified workforce optimization	scope:	lt	version:	11.5\(1\)	Trust: 1.0
vendor:	siemens	model:	energy engage	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	lt	version:	11.6	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14\(3.025\)	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.4	Trust: 1.0
vendor:	siemens	model:	spectrum power 7	scope:	lt	version:	2.30	Trust: 1.0
vendor:	cisco	model:	crosswork data gateway	scope:	lt	version:	2.0.2	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	lt	version:	3.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.18900.97\)	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	cisco	model:	cloud connect	scope:	lt	version:	12.6\(1\)	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.2.3	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	8.4\(1\)	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.4\(1\)	Trust: 1.0
vendor:	apache	model:	log4j	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1\)	Trust: 1.0
vendor:	percussion	model:	rhythmyx	scope:	lte	version:	7.3.2	Trust: 1.0
vendor:	siemens	model:	xpedition package integrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.4\(1\)	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.6	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	intel	model:	computer vision annotation tool	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	customer experience cloud agent	scope:	lt	version:	1.12.1	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.1	Trust: 1.0
vendor:	siemens	model:	captial	scope:	eq	version:	2019.1	Trust: 1.0
vendor:	cisco	model:	optical network controller	scope:	lt	version:	1.1.0	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.6.3.1	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	4.10\(0.15\)	Trust: 1.0
vendor:	siemens	model:	energyip prepay	scope:	eq	version:	3.7	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	apple	model:	xcode	scope:	lt	version:	13.3	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	003.001\(000.518\)	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.000.001	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.0\(1\)	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.2	Trust: 1.0
vendor:	siemens	model:	siguard dsa	scope:	eq	version:	4.3	Trust: 1.0
vendor:	siemens	model:	sipass integrated	scope:	eq	version:	2.80	Trust: 1.0
vendor:	cisco	model:	crosswork optimization engine	scope:	lt	version:	2.0.1	Trust: 1.0
vendor:	siemens	model:	spectrum power 4	scope:	eq	version:	4.70	Trust: 1.0
vendor:	siemens	model:	navigator	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	eq	version:	11.5	Trust: 1.0
vendor:	cisco	model:	crosswork zero touch provisioning	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	snowsoftware	model:	snow commander	scope:	lt	version:	8.10.0	Trust: 1.0
vendor:	siemens	model:	opcenter intelligence	scope:	lte	version:	3.2	Trust: 1.0
vendor:	siemens	model:	sppa-t3000 ses3000	scope:	eq	version:	*	Trust: 1.0
vendor:	bentley	model:	synchro 4d	scope:	lt	version:	6.2.4.2	Trust: 1.0
vendor:	siemens	model:	siveillance vantage	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	cyber vision sensor management extension	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	5.6	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009\(001.002\)	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.6	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.5\(1\)	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	lt	version:	3.2.000.009	Trust: 1.0
vendor:	cisco	model:	crosswork platform infrastructure	scope:	lt	version:	4.0.1	Trust: 1.0
vendor:	cisco	model:	automated subsea tuning	scope:	eq	version:	02.01.00	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.5	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0\(1b\)	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	12.6\(2\)	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.3\(1\)	Trust: 1.0
vendor:	cisco	model:	cloudcenter workload manager	scope:	lt	version:	5.5.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	apache	model:	log4j	scope:	lt	version:	2.12.2	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0\(1e\)	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.6\(1\)	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.2.2	Trust: 1.0
vendor:	cisco	model:	contact center management portal	scope:	lt	version:	12.5\(1\)	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.5.4.1	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.5\(1.10000.6\)	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.3	Trust: 1.0
vendor:	intel	model:	data center manager	scope:	lt	version:	5.1	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.1.3	Trust: 1.0
vendor:	cisco	model:	automated subsea tuning	scope:	lt	version:	2.1.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager im \& presence service	scope:	eq	version:	11.5\(1.22900.6\)	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	002.007\(000.356\)	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	eq	version:	11.5\(4.65000.14\)	Trust: 1.0
vendor:	cisco	model:	virtual topology system	scope:	lt	version:	2.6.7	Trust: 1.0
vendor:	siemens	model:	industrial edge management hub	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	11.5\(1\)	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.18119.2\)	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.8	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.5\(1\)	Trust: 1.0
vendor:	apache	model:	log4j	scope:	lt	version:	2.15.0	Trust: 1.0
vendor:	siemens	model:	vesys	scope:	eq	version:	2019.1	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	008.000.000	Trust: 1.0
vendor:	cisco	model:	enterprise chat and email	scope:	eq	version:	12.6\(1\)	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	006.004.000.003	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.003.000	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0\(1d\)	Trust: 1.0
vendor:	cisco	model:	broadworks	scope:	lt	version:	2021.11_1.162	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.5\(0\)	Trust: 1.0
vendor:	siemens	model:	solid edge cam pro	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0\(1f\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.22900.28\)	Trust: 1.0
vendor:	siemens	model:	logo\! soft comfort	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	cx cloud agent	scope:	eq	version:	001.012	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.5\(3\)	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.21900.40\)	Trust: 1.0
vendor:	cisco	model:	iot operations dashboard	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	energyip prepay	scope:	eq	version:	3.8	Trust: 1.0
vendor:	cisco	model:	broadworks	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	12.6\(1\)	Trust: 1.0
vendor:	siemens	model:	spectrum power 4	scope:	lt	version:	4.70	Trust: 1.0
vendor:	cisco	model:	dna spaces	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	oneapi sample browser	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus insights	scope:	lt	version:	6.0.2	Trust: 1.0
vendor:	cisco	model:	optical network controller	scope:	eq	version:	1.1	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	siemens	model:	siveillance identity	scope:	eq	version:	1.6	Trust: 1.0
vendor:	cisco	model:	ucs central	scope:	lt	version:	2.0\(1p\)	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	gte	version:	2.10.0	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	5.5	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.001.000	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	prime service catalog	scope:	eq	version:	12.1	Trust: 1.0
vendor:	siemens	model:	siveillance viewpoint	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.003.003	Trust: 1.0
vendor:	netapp	model:	cloud secure agent	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.2\(1\)	Trust: 1.0

sources: NVD: CVE-2021-44228

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-44228
value:	CRITICAL
Trust: 1.0
VULHUB:	VHN-407408
value:	HIGH
Trust: 0.1
VULHUB:	VHN-408570
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-44228
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-407408
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-408570
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-44228
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-407408 // VULHUB: VHN-408570 // NVD: CVE-2021-44228

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.2
problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-917	Trust: 1.1

sources: VULHUB: VHN-407408 // VULHUB: VHN-408570 // NVD: CVE-2021-44228

TYPE

code execution

Trust: 0.1

sources: PACKETSTORM: 165264

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-407408

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44228	Trust: 2.1
db:	CERT/CC	id:	VU#930724	Trust: 2.0
db:	SIEMENS	id:	SSA-479842	Trust: 1.2
db:	SIEMENS	id:	SSA-714170	Trust: 1.2
db:	SIEMENS	id:	SSA-661247	Trust: 1.2
db:	SIEMENS	id:	SSA-397453	Trust: 1.2
db:	OPENWALL	id:	OSS-SECURITY/2021/12/14/4	Trust: 1.2
db:	OPENWALL	id:	OSS-SECURITY/2021/12/15/3	Trust: 1.2
db:	PACKETSTORM	id:	165311	Trust: 1.1
db:	PACKETSTORM	id:	165225	Trust: 1.1
db:	PACKETSTORM	id:	165532	Trust: 1.1
db:	PACKETSTORM	id:	165281	Trust: 1.1
db:	PACKETSTORM	id:	165306	Trust: 1.1
db:	PACKETSTORM	id:	165260	Trust: 1.1
db:	PACKETSTORM	id:	165673	Trust: 1.1
db:	PACKETSTORM	id:	165282	Trust: 1.1
db:	PACKETSTORM	id:	165371	Trust: 1.1
db:	PACKETSTORM	id:	167794	Trust: 1.1
db:	PACKETSTORM	id:	167917	Trust: 1.1
db:	PACKETSTORM	id:	165270	Trust: 1.1
db:	PACKETSTORM	id:	165261	Trust: 1.1
db:	PACKETSTORM	id:	165642	Trust: 1.1
db:	PACKETSTORM	id:	165307	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/13/1	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/10/3	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/13/2	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/10/2	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/10/1	Trust: 1.1
db:	PACKETSTORM	id:	171626	Trust: 1.0
db:	PACKETSTORM	id:	165329	Trust: 0.2
db:	PACKETSTORM	id:	165343	Trust: 0.2
db:	PACKETSTORM	id:	165333	Trust: 0.2
db:	PACKETSTORM	id:	165326	Trust: 0.2
db:	PACKETSTORM	id:	165264	Trust: 0.2
db:	PACKETSTORM	id:	165632	Trust: 0.2
db:	PACKETSTORM	id:	165293	Trust: 0.1
db:	PACKETSTORM	id:	165324	Trust: 0.1
db:	PACKETSTORM	id:	165520	Trust: 0.1
db:	PACKETSTORM	id:	165295	Trust: 0.1
db:	PACKETSTORM	id:	165285	Trust: 0.1
db:	PACKETSTORM	id:	165290	Trust: 0.1
db:	PACKETSTORM	id:	165291	Trust: 0.1
db:	PACKETSTORM	id:	165733	Trust: 0.1
db:	PACKETSTORM	id:	166313	Trust: 0.1
db:	PACKETSTORM	id:	165279	Trust: 0.1
db:	PACKETSTORM	id:	165297	Trust: 0.1
db:	PACKETSTORM	id:	165298	Trust: 0.1
db:	PACKETSTORM	id:	165289	Trust: 0.1
db:	PACKETSTORM	id:	165348	Trust: 0.1
db:	EXPLOIT-DB	id:	50592	Trust: 0.1
db:	EXPLOIT-DB	id:	50590	Trust: 0.1
db:	VULHUB	id:	VHN-407408	Trust: 0.1
db:	PACKETSTORM	id:	165637	Trust: 0.1
db:	PACKETSTORM	id:	165649	Trust: 0.1
db:	PACKETSTORM	id:	165636	Trust: 0.1
db:	PACKETSTORM	id:	165650	Trust: 0.1
db:	PACKETSTORM	id:	165645	Trust: 0.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/18/1	Trust: 0.1
db:	CNVD	id:	CNVD-2022-01776	Trust: 0.1
db:	VULHUB	id:	VHN-408570	Trust: 0.1

sources: CERT/CC: VU#930724 // VULHUB: VHN-407408 // VULHUB: VHN-408570 // PACKETSTORM: 165264 // NVD: CVE-2021-44228

REFERENCES

url:	https://www.kb.cert.org/vuls/id/930724	Trust: 1.2
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd	Trust: 1.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Trust: 1.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Trust: 1.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Trust: 1.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Trust: 1.2
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032	Trust: 1.2
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Trust: 1.2
url:	https://logging.apache.org/log4j/2.x/security.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.2
url:	http://www.openwall.com/lists/oss-security/2021/12/14/4	Trust: 1.2
url:	http://www.openwall.com/lists/oss-security/2021/12/15/3	Trust: 1.2
url:	https://security.netapp.com/advisory/ntap-20211210-0007/	Trust: 1.1
url:	https://support.apple.com/kb/ht213189	Trust: 1.1
url:	https://www.debian.org/security/2021/dsa-5020	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/mar/23	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/jul/11	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/dec/2	Trust: 1.1
url:	http://packetstormsecurity.com/files/167794/open-xchange-app-suite-7.10.x-cross-site-scripting-command-injection.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/167917/mobileiron-log4shell-remote-command-execution.html	Trust: 1.1
url:	https://github.com/nu11secur1ty/cve-mitre/tree/main/cve-2021-44228	Trust: 1.1
url:	https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165225/apache-log4j2-2.14.1-remote-code-execution.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165260/vmware-security-advisory-2021-0028.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165261/apache-log4j2-2.14.1-information-disclosure.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165270/apache-log4j2-2.14.1-remote-code-execution.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165281/log4j2-log4shell-regexes.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165282/log4j-payload-generator.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165306/l4sh-log4j-remote-code-execution.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165307/log4j-remote-code-execution-word-bypassing.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165311/log4j-scan-extensive-scanner.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165371/vmware-security-advisory-2021-0028.4.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165532/log4shell-http-header-injection.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165642/vmware-vcenter-server-unauthenticated-log4shell-jndi-injection-remote-code-execution.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165673/unifi-network-application-unauthenticated-log4shell-remote-code-execution.html	Trust: 1.1
url:	https://github.com/cisagov/log4j-affected-db	Trust: 1.1
url:	https://github.com/cisagov/log4j-affected-db/blob/develop/software-list.md	Trust: 1.1
url:	https://twitter.com/kurtseifried/status/1469345530182455296	Trust: 1.1
url:	https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/12/10/1	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/12/10/2	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/12/10/3	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/12/13/1	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/12/13/2	Trust: 1.1
url:	https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Trust: 1.1
url:	http://packetstormsecurity.com/files/171626/ad-manager-plus-7122-remote-code-execution.html	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/	Trust: 1.0
url:	cve-2021-4104	Trust: 0.8
url:	cve-2021-44228	Trust: 0.8
url:	cve-2021-45046	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/	Trust: 0.1
url:	https://www.debian.org/security/2021/dsa-5022	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/	Trust: 0.1
url:	https://www.cve.org/cverecord?id=cve-2021-44228	Trust: 0.1
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 0.1
url:	http://www.openwall.com/lists/oss-security/2021/12/18/1	Trust: 0.1
url:	https://access.redhat.com/security/vulnerabilities/rhsb-2021-009	Trust: 0.1
url:	https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5094	Trust: 0.1
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/articles/11258.	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44228	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44228	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1

sources: CERT/CC: VU#930724 // VULHUB: VHN-407408 // VULHUB: VHN-408570 // PACKETSTORM: 165264 // NVD: CVE-2021-44228

CREDITS

Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.

Trust: 0.8

sources: CERT/CC: VU#930724

SOURCES

db:	CERT/CC	id:	VU#930724
db:	VULHUB	id:	VHN-407408
db:	VULHUB	id:	VHN-408570
db:	PACKETSTORM	id:	165264
db:	NVD	id:	CVE-2021-44228

LAST UPDATE DATE

2024-11-20T19:26:38.528000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#930724	date:	2022-02-07T00:00:00
db:	VULHUB	id:	VHN-407408	date:	2023-02-06T00:00:00
db:	VULHUB	id:	VHN-408570	date:	2022-10-06T00:00:00
db:	NVD	id:	CVE-2021-44228	date:	2024-07-24T17:08:24.167

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#930724	date:	2021-12-15T00:00:00
db:	VULHUB	id:	VHN-407408	date:	2021-12-10T00:00:00
db:	VULHUB	id:	VHN-408570	date:	2021-12-14T00:00:00
db:	PACKETSTORM	id:	165264	date:	2021-12-14T15:34:14
db:	NVD	id:	CVE-2021-44228	date:	2021-12-10T10:15:09.143