Details of VAR-202112-0566

ID

VAR-202112-0566

CVE

CVE-2021-44228

TITLE

Apache Log4j allows insecure JNDI lookups

Trust: 0.8

sources: CERT/CC: VU#930724

DESCRIPTION

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties 1802531 - CVE-2019-12415 poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up 1898907 - CVE-2020-26217 XStream: remote code execution due to insecure XML deserialization when relying on blocklists 1901304 - CVE-2020-27782 undertow: special character in query results in server errors 1902826 - CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation 1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up 1905796 - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1922102 - CVE-2021-23926 xmlbeans: allowed malicious XML input may lead to XML Entity Expansion attack 1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure 1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 1933808 - CVE-2020-11987 batik: SSRF due to improper input validation by the NodePickerPanel 1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser 1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1939839 - CVE-2021-27568 json-smart: uncaught exception may lead to crash or information disclosure 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents 1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF 1946341 - CVE-2021-22696 cxf: OAuth 2 authorization service vulnerable to DDos attacks 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1962879 - CVE-2020-15522 bouncycastle: Timing issue within the EC math library 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS 1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory 1973392 - CVE-2021-30468 CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter 1974854 - CVE-2021-22118 spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application 1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981527 - CVE-2021-30129 mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS 1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html 4. JIRA issues fixed (https://issues.jboss.org/): LOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable LOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard LOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1] 6. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat AMQ Streams 1.6.5 release and security update Advisory ID: RHSA-2021:5133-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:5133 Issue date: 2021-12-14 CVE Names: CVE-2021-44228 ==================================================================== 1. Summary: Red Hat AMQ Streams 1.6.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.5 serves as a replacement for Red Hat AMQ Streams 1.6.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. References: https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.streams&version=1.6.5 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYblJBNzjgjWX9erEAQgrQQ//cpcYDzrhPXM4+U+DMgmqnuVhobliJIZt dwIgEyX3jYfLfXZgzkDCnHdwUjJsVub12ielI3JkHsOnGU8faFmp1kEKBvub0Xdh EhjmyDGVSTvdcQyCn9+1z8BDddxLM8UjUBrqF6FrLe6OJcrZi5ICOlZB9sBJ9TKj s4HH3NWW/PSUM96X20TZXl2ah9rkWy+MBoa+jxhOX5Fzyil2Dhcv2LNPA8SfVIme hqN+pSCiQ4Ik1FKJ2wPUItPtTGdQQKVIVhh/RHvGQrIqNWFXWCQkyq4R2Ho2+Eip b5+XW/X0Mt5AkJo5Lz8TZEIjPSeILOy6ucf3fOVDSDUIA2wtdmBA/QV8XvNPtRzy zIUMMdKmuKfR6IF2N+05G6sJ0BWisMmz8hYVD/nBh4FF9HmUGP8wBaLrBMDpGhPE Qu59Ysh0/cdtCGY0O75QSa6RbDn6WyE56groY0i0JSSzrlA94ygSuNJ71nG5wz5I 9TdZqceCDDmR9/FsFgvtzNRaJXqq92/fJdHwTJ/qToutYRsBgEYPmCpNqMXBz59W oXs+VKtt2muYCe9WNDRO/1l9WAs6SO8FekvxcEripg8s1gofkvB4Xa7VkSkbrROZ qCyI4Rz1JSYX287LsQ+Z5E7f4ZchsAIggxOw6ovrnuXbT+rS4IVpwu6Os2AOYQHo 9Sch0c3lbGw=Ervs -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-5192-2 December 17, 2021 apache-log4j2 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Apache Log4j 2 could be made to crash or run programs as an administrator if it received a specially crafted input. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: liblog4j2-java 2.4-2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. 2021-12-11: VMSA-2021-0028.1 Updated advisory with workaround information for multiple products including vCenter Server Appliance, vRealize Operations, Horizon, vRealize Log Insight, Unified Access Gateway. 2021-12-13: VMSA-2021-0028.2 Revised advisory with updates to multiple products. \x95 VMware HCX \x95 VMware NSX-T Data Center \x95 VMware WorkspaceOne Access \x95 VMware Identity Manager \x95 VMware vRealize Operations Cloud Proxy \x95 VMware vRealize Lifecycle Manager \x95 VMware Site Recovery Manager, vSphere Replication \x95 VMware Carbon Black Cloud Workload Appliance \x95 VMware Carbon Black EDR Server \x95 VMware Tanzu GemFire \x95 VMware Tanzu Greenplum \x95 VMware Tanzu Operations Manager \x95 VMware Tanzu Application Service for VMs \x95 VMware Tanzu Kubernetes Grid Integrated Edition \x95 VMware Tanzu Observability by Wavefront Nozzle \x95 Healthwatch for Tanzu Application Service \x95 Spring Cloud Services for VMware Tanzu \x95 API Portal for VMware Tanzu \x95 Single Sign-On for VMware Tanzu Application Service \x95 App Metrics \x95 VMware vCenter Cloud Gateway \x95 VMware Cloud Foundation \x95 VMware Workspace ONE Access Connector \x95 VMware Horizon DaaS \x95 VMware Horizon Cloud Connector \x95 VMware NSX Data Center for vSphere \x95 VMware AppDefense Appliance \x95 VMware Cloud Director Object Storage Extension You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491) * kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154) * xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153) * xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140) * xstream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Bugs fixed (https://bugzilla.redhat.com/): 1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1997763 - CVE-2021-39139 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997765 - CVE-2021-39140 xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler 1997769 - CVE-2021-39141 xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* 1997772 - CVE-2021-39144 xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* 1997775 - CVE-2021-39145 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997777 - CVE-2021-39146 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue 1997779 - CVE-2021-39147 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration 1997781 - CVE-2021-39148 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator 1997784 - CVE-2021-39149 xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* 1997786 - CVE-2021-39150 xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* 1997791 - CVE-2021-39151 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997793 - CVE-2021-39152 xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData 1997795 - CVE-2021-39153 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997801 - CVE-2021-39154 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5

Trust: 2.88

sources: NVD: CVE-2021-44228 // CERT/CC: VU#930724 // VULHUB: VHN-407408 // VULHUB: VHN-408570 // VULMON: CVE-2021-44228 // PACKETSTORM: 165294 // PACKETSTORM: 165295 // PACKETSTORM: 165296 // PACKETSTORM: 165288 // PACKETSTORM: 165285 // PACKETSTORM: 165297 // PACKETSTORM: 165324 // PACKETSTORM: 165348 // PACKETSTORM: 165260 // PACKETSTORM: 165733 // PACKETSTORM: 165520

AFFECTED PRODUCTS

vendor:	cisco	model:	enterprise chat and email	scope:	eq	version:	12.0$1$	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.000$000$	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	9.0$2$	Trust: 1.0
vendor:	siemens	model:	siveillance command	scope:	lte	version:	4.16.2.1	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	cisco	model:	prime service catalog	scope:	lt	version:	12.1	Trust: 1.0
vendor:	cisco	model:	crosswork data gateway	scope:	lt	version:	2.0.2	Trust: 1.0
vendor:	intel	model:	genomics kernel library	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	crosswork network controller	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1k$	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.4.5.2	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.003.003	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.0$1$	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.6$1$	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.003.000	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	21.3	Trust: 1.0
vendor:	siemens	model:	energyip prepay	scope:	eq	version:	3.7	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	gte	version:	3.2.000.000	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.6	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	8.4$1$	Trust: 1.0
vendor:	siemens	model:	sentron powermanager	scope:	eq	version:	4.1	Trust: 1.0
vendor:	siemens	model:	gma-manager	scope:	lt	version:	8.6.2j-398	Trust: 1.0
vendor:	siemens	model:	sipass integrated	scope:	eq	version:	2.85	Trust: 1.0
vendor:	cisco	model:	crosswork optimization engine	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.6.2.1	Trust: 1.0
vendor:	cisco	model:	ucs central	scope:	lt	version:	2.0$1p$	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	lt	version:	12.5$1$	Trust: 1.0
vendor:	cisco	model:	virtualized infrastructure manager	scope:	lt	version:	3.4.4	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.3$1$	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.3	Trust: 1.0
vendor:	siemens	model:	solid edge cam pro	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	secure device onboard	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.0$1$	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.5$2$	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.2.3	Trust: 1.0
vendor:	intel	model:	system studio	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	bentley	model:	synchro	scope:	lt	version:	6.4.3.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$001.002$	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	lt	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	lt	version:	3.1.000.044	Trust: 1.0
vendor:	cisco	model:	cloudcenter	scope:	lt	version:	4.10.0.16	Trust: 1.0
vendor:	apache	model:	log4j	scope:	lt	version:	2.15.0	Trust: 1.0
vendor:	cisco	model:	contact center domain manager	scope:	lt	version:	12.5$1$	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.3	Trust: 1.0
vendor:	cisco	model:	enterprise chat and email	scope:	lt	version:	12.0$1$	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	eq	version:	11.5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1.22900.28$	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	advanced malware protection virtual private cloud appliance	scope:	lt	version:	3.5.4	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	eq	version:	12.5$1$	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	gte	version:	2.10.0	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.000.001	Trust: 1.0
vendor:	cisco	model:	unified communications manager im \& presence service	scope:	eq	version:	11.5$1.22900.6$	Trust: 1.0
vendor:	cisco	model:	network assurance engine	scope:	eq	version:	6.0$2.1912$	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	12.6$2$	Trust: 1.0
vendor:	siemens	model:	sentron powermanager	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	7.3	Trust: 1.0
vendor:	siemens	model:	navigator	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	apache	model:	log4j	scope:	gte	version:	2.0.1	Trust: 1.0
vendor:	cisco	model:	intersight virtual appliance	scope:	lt	version:	1.0.9-361	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	lt	version:	10.2.1v2	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	2.3.2.1	Trust: 1.0
vendor:	siemens	model:	spectrum power 7	scope:	eq	version:	2.30	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.2$1$	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.5$1$	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.002$000$	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1e$	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.0	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	crosswork optimization engine	scope:	lt	version:	2.0.1	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	2.2.3.4	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	lt	version:	2.10.0.1	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	008.000.000	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.2.2	Trust: 1.0
vendor:	siemens	model:	nx	scope:	eq	version:	*	Trust: 1.0
vendor:	percussion	model:	rhythmyx	scope:	lte	version:	7.3.2	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1f$	Trust: 1.0
vendor:	siemens	model:	opcenter intelligence	scope:	lte	version:	3.2	Trust: 1.0
vendor:	siemens	model:	siveillance viewpoint	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siveillance identity	scope:	eq	version:	1.5	Trust: 1.0
vendor:	cisco	model:	iot operations dashboard	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.5$1.10000.6$	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$001.001$	Trust: 1.0
vendor:	cisco	model:	crosswork data gateway	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.1.3	Trust: 1.0
vendor:	siemens	model:	desigo cc info center	scope:	eq	version:	5.0	Trust: 1.0
vendor:	apache	model:	log4j	scope:	lt	version:	2.3.1	Trust: 1.0
vendor:	cisco	model:	virtual topology system	scope:	lt	version:	2.6.7	Trust: 1.0
vendor:	cisco	model:	virtualized infrastructure manager	scope:	lt	version:	3.2.0	Trust: 1.0
vendor:	siemens	model:	xpedition package integrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.6.0	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	8.5$1$	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14$4.018$	Trust: 1.0
vendor:	intel	model:	oneapi sample browser	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	003.002$000.116$	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.5	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	3.0	Trust: 1.0
vendor:	netapp	model:	ontap tools	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1h$	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	9.0$1$	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.5$0$	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	lt	version:	3.2.1	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.1$1$	Trust: 1.0
vendor:	siemens	model:	industrial edge management hub	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1.18119.2$	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.5	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1g$	Trust: 1.0
vendor:	siemens	model:	spectrum power 7	scope:	lt	version:	2.30	Trust: 1.0
vendor:	cisco	model:	connected mobile experiences	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.4	Trust: 1.0
vendor:	siemens	model:	mindsphere	scope:	lt	version:	2021-12-11	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.6	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	002.007$000.356$	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14$2.26$	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	5.0	Trust: 1.0
vendor:	intel	model:	system debugger	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	cyber vision sensor management extension	scope:	lt	version:	4.0.3	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager im and presence service	scope:	eq	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	eq	version:	2.3.2.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.7	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.5$1$	Trust: 1.0
vendor:	siemens	model:	xpedition enterprise	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	lt	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	customer experience cloud agent	scope:	lt	version:	1.12.1	Trust: 1.0
vendor:	siemens	model:	energy engage	scope:	eq	version:	3.1	Trust: 1.0
vendor:	siemens	model:	siguard dsa	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	5.6	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.5$1$	Trust: 1.0
vendor:	siemens	model:	spectrum power 4	scope:	eq	version:	4.70	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	003.001$000.518$	Trust: 1.0
vendor:	cisco	model:	virtual topology system	scope:	eq	version:	2.6.6	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	006.005.000.	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	lt	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.5.4.1	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	eq	version:	002.003$002.000$	Trust: 1.0
vendor:	siemens	model:	vesys	scope:	eq	version:	2019.1	Trust: 1.0
vendor:	siemens	model:	comos	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	packaged contact center enterprise	scope:	lt	version:	11.6	Trust: 1.0
vendor:	cisco	model:	dna spaces	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	energyip prepay	scope:	eq	version:	3.8	Trust: 1.0
vendor:	siemens	model:	industrial edge management	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite admin	scope:	lt	version:	5.3.1	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1c$	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	lt	version:	11.5$4$	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$000.000$	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	eq	version:	11.5$4.66000.14$	Trust: 1.0
vendor:	snowsoftware	model:	vm access proxy	scope:	lt	version:	3.6	Trust: 1.0
vendor:	siemens	model:	solid edge harness design	scope:	eq	version:	2020	Trust: 1.0
vendor:	apache	model:	log4j	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1d$	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.0	Trust: 1.0
vendor:	cisco	model:	dna spaces connector	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	unified contact center management portal	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	siemens	model:	e-car operation center	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$000.001$	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	12.6$2$	Trust: 1.0
vendor:	cisco	model:	enterprise chat and email	scope:	eq	version:	12.5$1$	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	5.0	Trust: 1.0
vendor:	intel	model:	computer vision annotation tool	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	lt	version:	11.6	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.5	Trust: 1.0
vendor:	cisco	model:	automated subsea tuning	scope:	eq	version:	02.01.00	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	003.000$000.458$	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	lt	version:	3.2.000.009	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	5.5	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.2.3	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	cisco	model:	optical network controller	scope:	eq	version:	1.1	Trust: 1.0
vendor:	siemens	model:	siveillance control pro	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	crosswork network controller	scope:	lt	version:	2.0.1	Trust: 1.0
vendor:	siemens	model:	spectrum power 4	scope:	lt	version:	4.70	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	eq	version:	11.3$1$	Trust: 1.0
vendor:	apache	model:	log4j	scope:	gte	version:	2.13.0	Trust: 1.0
vendor:	siemens	model:	vesys	scope:	lt	version:	2019.1	Trust: 1.0
vendor:	siemens	model:	teamcenter	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$001.000$	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	lte	version:	4.1.1	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	5.4	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	cisco	model:	enterprise chat and email	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	siemens	model:	mendix	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.4	Trust: 1.0
vendor:	cisco	model:	network insights for data center	scope:	eq	version:	6.0$2.1914$	Trust: 1.0
vendor:	cisco	model:	packaged contact center enterprise	scope:	eq	version:	11.6$1$	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	12.5$2$	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.5$1$	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.6.3.1	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	eq	version:	11.5$4.65000.14$	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.5$3$	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.000$001$	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	cyber vision	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	gte	version:	2.2.3.0	Trust: 1.0
vendor:	intel	model:	audio development kit	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	002.004$000.914$	Trust: 1.0
vendor:	cisco	model:	unified communications manager im and presence service	scope:	lt	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	8.3$1$	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	006.008$001.000$	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	eq	version:	2.2.2.8	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	intersight virtual appliance	scope:	eq	version:	1.0.9-343	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1.21900.40$	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.3.5.1	Trust: 1.0
vendor:	cisco	model:	unified communications manager im \& presence service	scope:	eq	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.001.000	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.003.001.001	Trust: 1.0
vendor:	cisco	model:	network assurance engine	scope:	lt	version:	6.0.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.4	Trust: 1.0
vendor:	cisco	model:	fog director	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	lt	version:	3.0	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	gte	version:	2.2.2.0	Trust: 1.0
vendor:	cisco	model:	optical network controller	scope:	lt	version:	1.1.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	virtualized infrastructure manager	scope:	gte	version:	3.4.0	Trust: 1.0
vendor:	cisco	model:	cloudcenter cost optimizer	scope:	lt	version:	5.5.2	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.002$001$	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.3$1$	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	solid edge harness design	scope:	lt	version:	2020	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	broadworks	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified workforce optimization	scope:	eq	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	cloud connect	scope:	lt	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	006.004.000.003	Trust: 1.0
vendor:	apache	model:	log4j	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	4.10$0.15$	Trust: 1.0
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$000.002$	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.5	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.5	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1b$	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.4$1$	Trust: 1.0
vendor:	cisco	model:	nexus insights	scope:	lt	version:	6.0.2	Trust: 1.0
vendor:	cisco	model:	nexus dashboard	scope:	lt	version:	2.1.2	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.6	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1a$	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	siemens	model:	desigo cc info center	scope:	eq	version:	5.1	Trust: 1.0
vendor:	siemens	model:	captial	scope:	eq	version:	2019.1	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	lt	version:	2.9.1.3	Trust: 1.0
vendor:	snowsoftware	model:	snow commander	scope:	lt	version:	8.10.0	Trust: 1.0
vendor:	siemens	model:	siveillance vantage	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	crosswork zero touch provisioning	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	11.6$2$	Trust: 1.0
vendor:	cisco	model:	dna spaces\: connector	scope:	lt	version:	2.5	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	lt	version:	7.3.0.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.6	Trust: 1.0
vendor:	cisco	model:	prime service catalog	scope:	eq	version:	12.1	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	2.2.2.8	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	lt	version:	3.0.000.115	Trust: 1.0
vendor:	siemens	model:	head-end system universal device integration system	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	14.0$1$	Trust: 1.0
vendor:	siemens	model:	sppa-t3000 ses3000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	workload optimization manager	scope:	lt	version:	3.2.1	Trust: 1.0
vendor:	cisco	model:	crosswork zero touch provisioning	scope:	lt	version:	2.0.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	netapp	model:	cloud insights	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.7	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	bentley	model:	synchro 4d	scope:	lt	version:	6.2.4.2	Trust: 1.0
vendor:	netapp	model:	cloud secure agent	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1$su3	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	9.1$1$	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	002.006$000.156$	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	lt	version:	6.8.2.0	Trust: 1.0
vendor:	cisco	model:	contact center management portal	scope:	lt	version:	12.5$1$	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	-	Trust: 1.0
vendor:	apache	model:	log4j	scope:	lt	version:	2.12.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.4.2.1	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.4	Trust: 1.0
vendor:	siemens	model:	siguard dsa	scope:	eq	version:	4.3	Trust: 1.0
vendor:	cisco	model:	crosswork platform infrastructure	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.5	Trust: 1.0
vendor:	siemens	model:	siveillance identity	scope:	eq	version:	1.6	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14$3.025$	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.3$0$	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1l$	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	9.0	Trust: 1.0
vendor:	netapp	model:	cloud manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	cyber vision sensor management extension	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.010$000.000$	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.5.1.1	Trust: 1.0
vendor:	siemens	model:	captial	scope:	lt	version:	2019.1	Trust: 1.0
vendor:	bentley	model:	synchro	scope:	gte	version:	6.1	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	gte	version:	3.1.000.000	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1.17900.52$	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.3.4.1	Trust: 1.0
vendor:	siemens	model:	siguard dsa	scope:	eq	version:	4.4	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.002.000	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	006.005.000.000	Trust: 1.0
vendor:	cisco	model:	crosswork platform infrastructure	scope:	lt	version:	4.0.1	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	lt	version:	11.6$2$	Trust: 1.0
vendor:	intel	model:	data center manager	scope:	lt	version:	5.1	Trust: 1.0
vendor:	intel	model:	sensor solution development kit	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.0$1$	Trust: 1.0
vendor:	siemens	model:	logo\! soft comfort	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	video surveillance operations manager	scope:	lt	version:	7.14.4	Trust: 1.0
vendor:	cisco	model:	automated subsea tuning	scope:	lt	version:	2.1.0	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.3	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	2.1.2.8	Trust: 1.0
vendor:	cisco	model:	virtualized voice browser	scope:	lt	version:	12.5$1$	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.6$2$	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	008.000.000.000.004	Trust: 1.0
vendor:	siemens	model:	sipass integrated	scope:	eq	version:	2.80	Trust: 1.0
vendor:	sonicwall	model:	email security	scope:	lt	version:	10.0.12	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	12.5$1$	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14$1.26$	Trust: 1.0
vendor:	cisco	model:	unified workforce optimization	scope:	lt	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.7.0	Trust: 1.0
vendor:	siemens	model:	operation scheduler	scope:	lte	version:	1.1.3	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.8	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	cloudcenter workload manager	scope:	lt	version:	5.5.2	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.4$1$	Trust: 1.0
vendor:	cisco	model:	cx cloud agent	scope:	eq	version:	001.012	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	lt	version:	14.4.1	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	xcode	scope:	lt	version:	13.3	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	lt	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1.18900.97$	Trust: 1.0
vendor:	cisco	model:	broadworks	scope:	lt	version:	2021.11_1.162	Trust: 1.0

sources: NVD: CVE-2021-44228

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-44228
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-44228
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202112-799
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-407408
value:	HIGH
Trust: 0.1
VULHUB:	VHN-408570
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-44228
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-44228
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-407408
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-408570
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-44228
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-407408 // VULHUB: VHN-408570 // VULMON: CVE-2021-44228 // CNNVD: CNNVD-202112-799 // NVD: CVE-2021-44228 // NVD: CVE-2021-44228

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.2
problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-917	Trust: 1.1

sources: VULHUB: VHN-407408 // VULHUB: VHN-408570 // NVD: CVE-2021-44228

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 165348 // PACKETSTORM: 165260 // CNNVD: CNNVD-202112-799

TYPE

code execution

Trust: 0.8

sources: PACKETSTORM: 165295 // PACKETSTORM: 165296 // PACKETSTORM: 165288 // PACKETSTORM: 165285 // PACKETSTORM: 165297 // PACKETSTORM: 165260 // PACKETSTORM: 165733 // PACKETSTORM: 165520

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-407408

PATCH

title:	Apache Log4j Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=174249	Trust: 0.6
title:	Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-44228: Remote code injection via crafted log messages	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=4eae9b09b97da57f4ca6103cc85ed4da	Trust: 0.1
title:	Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b88a8ce4fc53c3a45830bc6bbde8b01c	Trust: 0.1
title:	Debian Security Advisories: DSA-5020-1 apache-log4j2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=24c79c59809a2c5bcddc81889b23a6bc	Trust: 0.1
title:	Debian Security Advisories: DSA-5022-1 apache-log4j2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5ba53229ef5f408ed29126bd4f624def	Trust: 0.1
title:	IBM: Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=dbdfcf9d51b60adf542d500e515b9ba8	Trust: 0.1
title:	Red Hat: CVE-2021-44228	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-44228	Trust: 0.1
title:	IBM: An update on the Apache Log4j 2.x vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0648a3f00f067d373b069c4f2acd5db4	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1553	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1553	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c8b40ff47e1d31bee8b0fbdbdd4fe212	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=654a4f5a7bd1fdfd229558535923710b	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1731	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1731	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1730	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1730	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-44228 log	Trust: 0.1
title:	-	url:	https://github.com/canarieids/Zeek-Ubuntu-22.04	Trust: 0.1
title:	-	url:	https://github.com/f5devcentral/f5-professional-services	Trust: 0.1
title:	Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet	url:	https://github.com/thedevappsecguy/Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet	Trust: 0.1
title:	spring-on-k8s	url:	https://github.com/AndriyKalashnykov/spring-on-k8s	Trust: 0.1
title:	jaygooby	url:	https://github.com/jaygooby/jaygooby	Trust: 0.1
title:	log4j-log4shell-playground	url:	https://github.com/rgl/log4j-log4shell-playground	Trust: 0.1
title:	Log4j	url:	https://github.com/kaganoglu/Log4j	Trust: 0.1
title:	trivy-cve-scan	url:	https://github.com/broadinstitute/trivy-cve-scan	Trust: 0.1
title:	test-44228	url:	https://github.com/datadavev/test-44228	Trust: 0.1
title:	cve-2021-44228-helpers	url:	https://github.com/uint0/cve-2021-44228-helpers	Trust: 0.1
title:	log4j-vendor-list	url:	https://github.com/bizzarecontacts/log4j-vendor-list	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-44228	Trust: 0.1
title:	log4shell	url:	https://github.com/0xsyr0/log4shell	Trust: 0.1
title:	cve-2021-44228-qingteng-online-patch	url:	https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch	Trust: 0.1
title:	cve-2021-44228	url:	https://github.com/corelight/cve-2021-44228	Trust: 0.1
title:	Log4Shell-IOCs	url:	https://github.com/curated-intel/Log4Shell-IOCs	Trust: 0.1
title:	Sitecore.Solr-log4j-mitigation	url:	https://github.com/avwolferen/Sitecore.Solr-log4j-mitigation	Trust: 0.1
title:	check-log4j	url:	https://github.com/yahoo/check-log4j	Trust: 0.1

sources: VULMON: CVE-2021-44228 // CNNVD: CNNVD-202112-799

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44228	Trust: 3.8
db:	CERT/CC	id:	VU#930724	Trust: 2.6
db:	PACKETSTORM	id:	165260	Trust: 1.8
db:	SIEMENS	id:	SSA-479842	Trust: 1.8
db:	SIEMENS	id:	SSA-714170	Trust: 1.8
db:	SIEMENS	id:	SSA-661247	Trust: 1.8
db:	SIEMENS	id:	SSA-397453	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2021/12/14/4	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2021/12/15/3	Trust: 1.8
db:	PACKETSTORM	id:	165311	Trust: 1.7
db:	PACKETSTORM	id:	165225	Trust: 1.7
db:	PACKETSTORM	id:	165532	Trust: 1.7
db:	PACKETSTORM	id:	165281	Trust: 1.7
db:	PACKETSTORM	id:	165306	Trust: 1.7
db:	PACKETSTORM	id:	165673	Trust: 1.7
db:	PACKETSTORM	id:	165282	Trust: 1.7
db:	PACKETSTORM	id:	165371	Trust: 1.7
db:	PACKETSTORM	id:	167794	Trust: 1.7
db:	PACKETSTORM	id:	167917	Trust: 1.7
db:	PACKETSTORM	id:	165270	Trust: 1.7
db:	PACKETSTORM	id:	165261	Trust: 1.7
db:	PACKETSTORM	id:	165642	Trust: 1.7
db:	PACKETSTORM	id:	165307	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/12/13/1	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/12/10/3	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/12/13/2	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/12/10/2	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/12/10/1	Trust: 1.7
db:	PACKETSTORM	id:	171626	Trust: 1.6
db:	PACKETSTORM	id:	165324	Trust: 0.8
db:	PACKETSTORM	id:	165733	Trust: 0.8
db:	PACKETSTORM	id:	165348	Trust: 0.8
db:	PACKETSTORM	id:	166313	Trust: 0.7
db:	PACKETSTORM	id:	165279	Trust: 0.7
db:	EXPLOIT-DB	id:	50592	Trust: 0.7
db:	CS-HELP	id:	SB2022060708	Trust: 0.6
db:	CS-HELP	id:	SB2022012045	Trust: 0.6
db:	CS-HELP	id:	SB2022010629	Trust: 0.6
db:	CS-HELP	id:	SB2022072076	Trust: 0.6
db:	CS-HELP	id:	SB2022021428	Trust: 0.6
db:	CS-HELP	id:	SB2022071316	Trust: 0.6
db:	CS-HELP	id:	SB2022062001	Trust: 0.6
db:	CS-HELP	id:	SB2021122212	Trust: 0.6
db:	CS-HELP	id:	SB2022010908	Trust: 0.6
db:	CS-HELP	id:	SB2021122403	Trust: 0.6
db:	CS-HELP	id:	SB2021121720	Trust: 0.6
db:	CS-HELP	id:	SB2021123016	Trust: 0.6
db:	CS-HELP	id:	SB2022010421	Trust: 0.6
db:	CS-HELP	id:	SB2022031501	Trust: 0.6
db:	CS-HELP	id:	SB2021122907	Trust: 0.6
db:	CS-HELP	id:	SB2022012732	Trust: 0.6
db:	CS-HELP	id:	SB2021121652	Trust: 0.6
db:	CS-HELP	id:	SB2021121492	Trust: 0.6
db:	CS-HELP	id:	SB2022010522	Trust: 0.6
db:	CS-HELP	id:	SB2021121201	Trust: 0.6
db:	CS-HELP	id:	SB2021121535	Trust: 0.6
db:	CS-HELP	id:	SB2021122721	Trust: 0.6
db:	CS-HELP	id:	SB2021122018	Trust: 0.6
db:	CS-HELP	id:	SB2022032006	Trust: 0.6
db:	CS-HELP	id:	SB2022060808	Trust: 0.6
db:	CS-HELP	id:	SB2022011732	Trust: 0.6
db:	CS-HELP	id:	SB2021122401	Trust: 0.6
db:	CS-HELP	id:	SB2021121350	Trust: 0.6
db:	CS-HELP	id:	SB2022030923	Trust: 0.6
db:	CS-HELP	id:	SB2021122811	Trust: 0.6
db:	CS-HELP	id:	SB2022020607	Trust: 0.6
db:	CS-HELP	id:	SB2022012439	Trust: 0.6
db:	CS-HELP	id:	SB2022011042	Trust: 0.6
db:	CS-HELP	id:	SB2022021807	Trust: 0.6
db:	CS-HELP	id:	SB2022010322	Trust: 0.6
db:	CS-HELP	id:	SB2021122122	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0090	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0492	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4211	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4187.6	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0237	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4236	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0332	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0080	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4186.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4269	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4198	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4316	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4274	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0247	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1188	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4302.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4256.2	Trust: 0.6
db:	CXSECURITY	id:	WLB-2022120027	Trust: 0.6
db:	CXSECURITY	id:	WLB-2021120069	Trust: 0.6
db:	CXSECURITY	id:	WLB-2022080025	Trust: 0.6
db:	CXSECURITY	id:	WLB-2022010065	Trust: 0.6
db:	LENOVO	id:	LEN-76573	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-357-02	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-034-01	Trust: 0.6
db:	EXPLOIT-DB	id:	51183	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-799	Trust: 0.6
db:	PACKETSTORM	id:	165329	Trust: 0.2
db:	PACKETSTORM	id:	165343	Trust: 0.2
db:	PACKETSTORM	id:	165333	Trust: 0.2
db:	PACKETSTORM	id:	165520	Trust: 0.2
db:	PACKETSTORM	id:	165295	Trust: 0.2
db:	PACKETSTORM	id:	165285	Trust: 0.2
db:	PACKETSTORM	id:	165297	Trust: 0.2
db:	PACKETSTORM	id:	165326	Trust: 0.2
db:	PACKETSTORM	id:	165632	Trust: 0.2
db:	PACKETSTORM	id:	165293	Trust: 0.1
db:	PACKETSTORM	id:	165290	Trust: 0.1
db:	PACKETSTORM	id:	165291	Trust: 0.1
db:	PACKETSTORM	id:	165298	Trust: 0.1
db:	PACKETSTORM	id:	165289	Trust: 0.1
db:	PACKETSTORM	id:	165264	Trust: 0.1
db:	EXPLOIT-DB	id:	50590	Trust: 0.1
db:	VULHUB	id:	VHN-407408	Trust: 0.1
db:	PACKETSTORM	id:	165637	Trust: 0.1
db:	PACKETSTORM	id:	165649	Trust: 0.1
db:	PACKETSTORM	id:	165636	Trust: 0.1
db:	PACKETSTORM	id:	165650	Trust: 0.1
db:	PACKETSTORM	id:	165645	Trust: 0.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/18/1	Trust: 0.1
db:	CNVD	id:	CNVD-2022-01776	Trust: 0.1
db:	VULHUB	id:	VHN-408570	Trust: 0.1
db:	VULMON	id:	CVE-2021-44228	Trust: 0.1
db:	PACKETSTORM	id:	165294	Trust: 0.1
db:	PACKETSTORM	id:	165296	Trust: 0.1
db:	PACKETSTORM	id:	165288	Trust: 0.1

sources: CERT/CC: VU#930724 // VULHUB: VHN-407408 // VULHUB: VHN-408570 // VULMON: CVE-2021-44228 // PACKETSTORM: 165294 // PACKETSTORM: 165295 // PACKETSTORM: 165296 // PACKETSTORM: 165288 // PACKETSTORM: 165285 // PACKETSTORM: 165297 // PACKETSTORM: 165324 // PACKETSTORM: 165348 // PACKETSTORM: 165260 // PACKETSTORM: 165733 // PACKETSTORM: 165520 // CNNVD: CNNVD-202112-799 // NVD: CVE-2021-44228

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd	Trust: 2.4
url:	http://packetstormsecurity.com/files/167917/mobileiron-log4shell-remote-command-execution.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/165225/apache-log4j2-2.14.1-remote-code-execution.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/165311/log4j-scan-extensive-scanner.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/165371/vmware-security-advisory-2021-0028.4.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/165532/log4shell-http-header-injection.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/165642/vmware-vcenter-server-unauthenticated-log4shell-jndi-injection-remote-code-execution.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/165673/unifi-network-application-unauthenticated-log4shell-remote-code-execution.html	Trust: 2.3
url:	https://www.kb.cert.org/vuls/id/930724	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Trust: 1.8
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032	Trust: 1.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Trust: 1.8
url:	https://logging.apache.org/log4j/2.x/security.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/12/14/4	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/12/15/3	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20211210-0007/	Trust: 1.7
url:	https://support.apple.com/kb/ht213189	Trust: 1.7
url:	https://www.debian.org/security/2021/dsa-5020	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2022/mar/23	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2022/jul/11	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2022/dec/2	Trust: 1.7
url:	http://packetstormsecurity.com/files/167794/open-xchange-app-suite-7.10.x-cross-site-scripting-command-injection.html	Trust: 1.7
url:	https://github.com/nu11secur1ty/cve-mitre/tree/main/cve-2021-44228	Trust: 1.7
url:	https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/165260/vmware-security-advisory-2021-0028.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/165261/apache-log4j2-2.14.1-information-disclosure.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/165270/apache-log4j2-2.14.1-remote-code-execution.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/165281/log4j2-log4shell-regexes.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/165282/log4j-payload-generator.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/165306/l4sh-log4j-remote-code-execution.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/165307/log4j-remote-code-execution-word-bypassing.html	Trust: 1.7
url:	https://github.com/cisagov/log4j-affected-db/blob/develop/software-list.md	Trust: 1.7
url:	https://twitter.com/kurtseifried/status/1469345530182455296	Trust: 1.7
url:	https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/12/10/1	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/12/10/2	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/12/10/3	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/12/13/1	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/12/13/2	Trust: 1.7
url:	https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Trust: 1.7
url:	http://packetstormsecurity.com/files/171626/ad-manager-plus-7122-remote-code-execution.html	Trust: 1.6
url:	https://access.redhat.com/security/cve/cve-2021-44228	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44228	Trust: 1.4
url:	https://github.com/cisagov/log4j-affected-db	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/	Trust: 1.0
url:	cve-2021-4104	Trust: 0.8
url:	cve-2021-44228	Trust: 0.8
url:	cve-2021-45046	Trust: 0.8
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/	Trust: 0.7
url:	https://access.redhat.com/security/vulnerabilities/rhsb-2021-009	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010908	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060808	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010629	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072076	Trust: 0.6
url:	https://packetstormsecurity.com/files/165733/red-hat-security-advisory-2022-0296-03.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6527216	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4186.4	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4316	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0080	Trust: 0.6
url:	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-44228	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6528268	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122212	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012732	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121201	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4302.3	Trust: 0.6
url:	https://www.exploit-db.com/exploits/50592	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022080025	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011042	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121720	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122018	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0237	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122811	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022010065	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122401	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011732	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021807	Trust: 0.6
url:	https://packetstormsecurity.com/files/165324/ubuntu-security-notice-usn-5197-1.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021123016	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121350	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4211	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122122	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022062001	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122403	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122721	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010522	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010322	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022120027	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525816	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211215-01-log4j-cn	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-357-02	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122907	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060708	Trust: 0.6
url:	https://www.exploit-db.com/exploits/51183	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021428	Trust: 0.6
url:	https://packetstormsecurity.com/files/166313/apple-security-advisory-2022-03-14-7.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6526220	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-log4j-code-execution-via-jndi-remote-class-injection-37049	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4269	Trust: 0.6
url:	https://support.apple.com/en-us/ht213189	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012439	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022020607	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4256.2	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071316	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032006	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0332	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022030923	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1188	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0492	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6526754	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2021120069	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0090	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4236	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121652	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6527330	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4198	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121492	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4187.6	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031501	Trust: 0.6
url:	https://packetstormsecurity.com/files/165279/ubuntu-security-notice-usn-5192-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/165348/ubuntu-security-notice-usn-5192-2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4274	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-76573	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012045	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121535	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010421	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0247	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-28491	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20218	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-37136	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-37137	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-21409	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28491	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20218	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16135	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3200	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25013	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25012	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35522	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5827	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35524	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25013	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25009	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-27645	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33574	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-13435	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-5827	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-24370	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-43527	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14145	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-13751	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25014	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-19603	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14145	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25012	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35521	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-35942	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-17594	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24370	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3572	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-12762	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-36086	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13750	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13751	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-22898	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12762	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-16135	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-36084	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-17541	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3800	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17594	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-36087	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36331	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3712	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-31535	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3445	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13435	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19603	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-22925	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36330	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18218	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20232	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20266	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20838	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-22876	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20231	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36332	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14155	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25010	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20838	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-17541	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25014	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-36085	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33560	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-17595	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3481	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-42574	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14155	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25009	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25010	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35523	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-28153	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-13750	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3426	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-18218	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3580	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17595	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://www.debian.org/security/2021/dsa-5022	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/	Trust: 0.1
url:	https://www.cve.org/cverecord?id=cve-2021-44228	Trust: 0.1
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 0.1
url:	http://www.openwall.com/lists/oss-security/2021/12/18/1	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37714	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35510	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21341	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21342	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21290	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28169	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-17527	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-17521	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3629	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2875	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3690	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28164	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21348	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21344	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12415	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11988	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9488	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30129	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2875	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30468	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21350	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28170	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21290	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21349	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12415	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28163	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10744	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26217	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3597	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26259	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21344	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-17527	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11987	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21295	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21295	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27782	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.10.0	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-34428	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3536	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2934	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-17521	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27223	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21346	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22696	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26259	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29425	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11987	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21345	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26217	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15522	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27218	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27218	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10744	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35510	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2934	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13943	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13943	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21347	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13949	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21341	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9488	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21342	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23926	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27223	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27782	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5134	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-27568	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11988	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13949	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21343	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21343	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22118	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=1.8.4	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5138	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24504	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27777	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20239	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36158	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35448	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3635	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20284	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36386	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20673	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0427	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3348	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26140	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3487	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26146	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31440	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3732	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-0129	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10001	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24502	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3564	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-0427	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23133	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26144	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3679	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36312	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29368	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24588	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29646	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29155	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3489	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29660	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26139	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28971	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23841	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14615	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26143	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3600	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26145	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20673	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33200	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29650	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33033	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20194	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26147	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31916	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10001	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24503	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14615	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24502	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5137	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31829	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3573	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26141	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28950	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3796	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24587	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24503	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3659	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5129	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35523	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20317	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-43267	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36331	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35521	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5130	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=red.hat.integration&version	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=1.6.5	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5133	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.10.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.20.04.1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5197-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.04.1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5192-1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5192-2	Trust: 0.1
url:	https://www.vmware.com/security/advisories/vmsa-2021-0028.html	Trust: 0.1
url:	http://lists.vmware.com/mailman/listinfo/security-announce	Trust: 0.1
url:	https://lists.vmware.com/mailman/listinfo/security-announce.	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39139	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39141	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29505	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39145	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0296	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39144	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39149	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39150	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39151	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39140	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39148	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29505	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39151	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39153	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39152	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39147	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39150	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39139	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39153	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39144	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39146	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39152	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39148	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39146	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39140	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39149	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39147	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39145	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39141	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0082	Trust: 0.1

sources: CERT/CC: VU#930724 // VULHUB: VHN-407408 // VULHUB: VHN-408570 // PACKETSTORM: 165294 // PACKETSTORM: 165295 // PACKETSTORM: 165296 // PACKETSTORM: 165288 // PACKETSTORM: 165285 // PACKETSTORM: 165297 // PACKETSTORM: 165324 // PACKETSTORM: 165348 // PACKETSTORM: 165260 // PACKETSTORM: 165733 // PACKETSTORM: 165520 // CNNVD: CNNVD-202112-799 // NVD: CVE-2021-44228

CREDITS

Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.

Trust: 0.8

sources: CERT/CC: VU#930724

SOURCES

db:	CERT/CC	id:	VU#930724
db:	VULHUB	id:	VHN-407408
db:	VULHUB	id:	VHN-408570
db:	VULMON	id:	CVE-2021-44228
db:	PACKETSTORM	id:	165294
db:	PACKETSTORM	id:	165295
db:	PACKETSTORM	id:	165296
db:	PACKETSTORM	id:	165288
db:	PACKETSTORM	id:	165285
db:	PACKETSTORM	id:	165297
db:	PACKETSTORM	id:	165324
db:	PACKETSTORM	id:	165348
db:	PACKETSTORM	id:	165260
db:	PACKETSTORM	id:	165733
db:	PACKETSTORM	id:	165520
db:	CNNVD	id:	CNNVD-202112-799
db:	NVD	id:	CVE-2021-44228

LAST UPDATE DATE

2025-02-04T21:04:17.334000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#930724	date:	2022-02-07T00:00:00
db:	VULHUB	id:	VHN-407408	date:	2023-02-06T00:00:00
db:	VULHUB	id:	VHN-408570	date:	2022-10-06T00:00:00
db:	VULMON	id:	CVE-2021-44228	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202112-799	date:	2023-04-04T00:00:00
db:	NVD	id:	CVE-2021-44228	date:	2025-02-04T15:15:13.773

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#930724	date:	2021-12-15T00:00:00
db:	VULHUB	id:	VHN-407408	date:	2021-12-10T00:00:00
db:	VULHUB	id:	VHN-408570	date:	2021-12-14T00:00:00
db:	VULMON	id:	CVE-2021-44228	date:	2021-12-10T00:00:00
db:	PACKETSTORM	id:	165294	date:	2021-12-15T15:25:47
db:	PACKETSTORM	id:	165295	date:	2021-12-15T15:26:54
db:	PACKETSTORM	id:	165296	date:	2021-12-15T15:27:05
db:	PACKETSTORM	id:	165288	date:	2021-12-15T15:22:36
db:	PACKETSTORM	id:	165285	date:	2021-12-15T15:20:26
db:	PACKETSTORM	id:	165297	date:	2021-12-15T15:27:51
db:	PACKETSTORM	id:	165324	date:	2021-12-16T15:20:38
db:	PACKETSTORM	id:	165348	date:	2021-12-17T14:06:52
db:	PACKETSTORM	id:	165260	date:	2021-12-14T15:27:58
db:	PACKETSTORM	id:	165733	date:	2022-01-27T14:23:56
db:	PACKETSTORM	id:	165520	date:	2022-01-12T15:37:25
db:	CNNVD	id:	CNNVD-202112-799	date:	2021-12-10T00:00:00
db:	NVD	id:	CVE-2021-44228	date:	2021-12-10T10:15:09.143