Vulnerability Details : CVE-2021-44228
Public exploit exists!
Used for ransomware!
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Vulnerability category: Execute code
Products affected by CVE-2021-44228
- cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:emergency_responder:11.5\(4.65000.14\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:emergency_responder:11.5\(4.66000.14\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):*:*:*:-:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):*:*:*:session_management:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)su3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.17900.52\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18119.2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18900.97\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.21900.40\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.22900.28\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):su1:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_express:12.6\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_express:12.6\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:11.5\(1.10000.6\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:7.14\(1.26\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:7.14\(2.26\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:7.14\(3.025\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:7.14\(4.018\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:finesse:12.6\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:finesse:12.5\(1\):su1:*:*:*:*:*:*
- cpe:2.3:a:cisco:finesse:12.5\(1\):su2:*:*:*:*:*:*
- cpe:2.3:a:cisco:finesse:12.6\(1\):-:*:*:*:*:*:*
- cpe:2.3:a:cisco:finesse:12.6\(1\):es01:*:*:*:*:*:*
- cpe:2.3:a:cisco:finesse:12.6\(1\):es02:*:*:*:*:*:*
- cpe:2.3:a:cisco:finesse:12.6\(1\):es03:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_computing_system:006.008\(001.000\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\(002.000\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):-:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es01:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es02:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):-:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:002.004\(000.914\):-:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:002.006\(000.156\):-:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:002.007\(000.356\):-:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:003.000\(000.458\):-:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:003.001\(000.518\):-:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:003.002\(000.116\):-:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:data_center_network_manager:11.3\(1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:fxos:6.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:fxos:6.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:fxos:6.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:fxos:6.5.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:fxos:6.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:fxos:6.7.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:fxos:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:fxos:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_assurance_engine:6.0\(2.1912\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:dna_spaces\:_connector:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*
- Cisco » Common Services Platform CollectorVersions from including (>=) 2.10.0 and before (<) 2.10.0.1cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.000\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.001\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.002\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.000\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.001\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.002\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:common_services_platform_collector:002.010\(000.000\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1.22900.6\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:*
- Cisco » Business Process AutomationVersions from including (>=) 3.1.000.000 and before (<) 3.1.000.044cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*
- Cisco » Business Process AutomationVersions from including (>=) 3.2.000.000 and before (<) 3.2.000.009cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:paging_server:8.3\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:paging_server:8.4\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:paging_server:8.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:paging_server:9.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:paging_server:9.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:paging_server:9.1\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:paging_server:12.5\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:paging_server:14.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:unified_sip_proxy:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:unified_workforce_optimization:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloudcenter_suite:4.10\(0.15\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloudcenter_suite:5.3\(0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloudcenter_suite:5.4\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloudcenter_suite:5.5\(0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cloudcenter_suite:5.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:network_insights_for_data_center:6.0\(2.1914\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central_software:2.0\(1a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central_software:2.0\(1b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central_software:2.0\(1c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central_software:2.0\(1d\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central_software:2.0\(1e\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central_software:2.0\(1f\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central_software:2.0\(1g\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central_software:2.0\(1h\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central_software:2.0\(1k\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ucs_central_software:2.0\(1l\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_sip_proxy:010.000\(000\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_sip_proxy:010.000\(001\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_sip_proxy:010.002\(000\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_sip_proxy:010.002\(001\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_workforce_optimization:11.5\(1\):sr7:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*
- cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*
- cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*
- cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*
- cpe:2.3:a:siemens:logo\!_soft_comfort:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*
- cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*
- cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*
- cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*
- cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*
- cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*
- cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*
- cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*
- cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*
- cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*
- cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*
- cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*
- cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*
- cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*
- cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*
- cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*
- cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:*
- cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
- cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:*
- cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:*
- cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:*
- cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:*
- cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*
CVE-2021-44228 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Apache Log4j2 Remote Code Execution Vulnerability
CISA required action:
For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitiga
CISA description:
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Added on
2021-12-10
Action due date
2021-12-24
Exploit prediction scoring system (EPSS) score for CVE-2021-44228
96.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-44228
-
Log4Shell HTTP Scanner
Disclosure Date: 2021-12-09First seen: 2022-12-23auxiliary/scanner/http/log4shell_scannerVersions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP end point for the Log4Shell vu -
VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)
Disclosure Date: 2021-12-09First seen: 2022-12-23exploit/multi/http/vmware_vcenter_log4shellVMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the ca -
MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)
Disclosure Date: 2021-12-12First seen: 2022-12-23exploit/linux/http/mobileiron_core_log4shellMobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This module -
Log4Shell HTTP Header Injection
Disclosure Date: 2021-12-09First seen: 2022-12-23exploit/multi/http/log4shell_header_injectionVersions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will exploit an HTTP end point with the Log4Shel -
UniFi Network Application Unauthenticated JNDI Injection RCE (via Log4Shell)
Disclosure Date: 2021-12-09First seen: 2022-12-23exploit/multi/http/ubiquiti_unifi_log4shellThe Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the 'remember' field of a POST request to the /api/login endpoint that will cause the server to connect to t
CVSS scores for CVE-2021-44228
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
NIST |
CWE ids for CVE-2021-44228
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security@apache.org (Primary)
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: security@apache.org (Primary)
-
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.Assigned by: security@apache.org (Primary)
-
The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2021-44228
-
http://seclists.org/fulldisclosure/2022/Mar/23
Full Disclosure: APPLE-SA-2022-03-14-7 Xcode 13.3Mailing List;Third Party Advisory
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
INTEL-SA-00646Third Party Advisory
-
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
Security AdvisoryThird Party Advisory
-
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228
CVE-mitre/CVE-2021-44228 at main · nu11secur1ty/CVE-mitre · GitHubExploit;Third Party Advisory
-
http://seclists.org/fulldisclosure/2022/Jul/11
Full Disclosure: Open-Xchange Security Advisory 2022-07-21Mailing List;Third Party Advisory
-
https://www.kb.cert.org/vuls/id/930724
VU#930724 - Apache Log4j allows insecure JNDI lookupsThird Party Advisory;US Government Resource
-
https://support.apple.com/kb/HT213189
About the security content of Xcode 13.3 - Apple SupportThird Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022Patch;Third Party Advisory
-
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html
VMware Security Advisory 2021-0028.4 ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html
CVE-2021-44228Exploit;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-5020
Debian -- Security Information -- DSA-5020-1 apache-log4j2Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html
VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/
[SECURITY] Fedora 34 Update: jansi-2.1.1-4.fc34 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
Log4j2 Log4Shell Regexes ≈ Packet StormThird Party Advisory;VDB Entry
-
https://twitter.com/kurtseifried/status/1469345530182455296
Kurt Seifried (He/Him) on Twitter: "A reminder that the entry for CVE-2021-44228 https://t.co/64ubPm9b1e doesn't include any details about exploitation, or links to sources with information about explBroken Link;Exploit;Third Party Advisory
-
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
log4j-affected-db/SOFTWARE-LIST.md at develop · cisagov/log4j-affected-db · GitHubBroken Link;Product;US Government Resource
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/
[SECURITY] Fedora 35 Update: log4j-2.15.0-1.fc35 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20211210-0007/
CVE-2021-44228 Apache Log4j Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Patch;Third Party Advisory
-
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html
AD Manager Plus 7122 Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
Log4j Payload Generator ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2021/12/10/1
oss-security - CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpointsMailing List;Mitigation;Third Party Advisory
-
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
Apache Log4j2 2.14.1 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/
[SECURITY] Fedora 34 Update: jansi-2.1.1-4.fc34 - package-announce - Fedora mailing-listsRelease Notes
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021Third Party Advisory
-
https://logging.apache.org/log4j/2.x/security.html
Log4j – Apache Log4j Security VulnerabilitiesRelease Notes;Vendor Advisory
-
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html
Log4Shell HTTP Header Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html
[SECURITY] [DLA 2842-1] apache-log4j2 security updateMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/12/15/3
oss-security - Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attackMailing List;Third Party Advisory
-
https://github.com/cisagov/log4j-affected-db
GitHub - cisagov/log4j-affected-db: A community sourced list of log4j-affected softwareThird Party Advisory
-
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
Apache Log4j2 2.14.1 Information Disclosure ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
VMware Security Advisory 2021-0028 ≈ Packet StormThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
log4j-scan Extensive Scanner ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2021/12/10/3
oss-security - Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpointsMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
Log4j Remote Code Execution Word Bypassing ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2021/12/10/2
oss-security - Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpointsMailing List;Mitigation;Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/12/13/1
oss-security - CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html
MobileIron Log4Shell Remote Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001
BE-2022-0001: Use of Log4j in RenderFarm component for SYNCHRO 4D Pro and SYNCHRO ProThird Party Advisory
-
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
Oracle Security Alert Advisory - CVE-2021-44228Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Third Party Advisory
-
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
Open-Xchange App Suite 7.10.x Cross Site Scripting / Command Injection ≈ Packet StormThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html
UniFi Network Application Unauthenticated Log4Shell Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
Third Party Advisory
-
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
Apache Log4j2 2.14.1 Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2021/12/14/4
oss-security - CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attackMailing List;Third Party Advisory
-
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 – Microsoft Security Response CenterPatch;Third Party Advisory;Vendor Advisory
-
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
L4sh Log4j Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2022/Dec/2
Full Disclosure: Intel Data Center Manager <= 5.1 Local Privileges EscalationExploit;Mailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/12/13/2
oss-security - Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/
[SECURITY] Fedora 35 Update: log4j-2.15.0-1.fc35 - package-announce - Fedora mailing-listsRelease Notes
Jump to