CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Publish Date : 2021-12-10 Last Update Date : 2022-01-24
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
9.3
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 502

- Products Affected By CVE-2021-44228

# Product Type Vendor Product Version Update Edition Language
1 Application Apache Log4j * * * * Version Details Vulnerabilities
2 Application Apache Log4j 2.0 Beta9 * * Version Details Vulnerabilities
3 Application Apache Log4j 2.0 RC1 * * Version Details Vulnerabilities
4 Application Apache Log4j 2.0 RC2 * * Version Details Vulnerabilities
5 Application Apache Log4j 2.0 - * * Version Details Vulnerabilities
6 Application Cisco Advanced Malware Protection Virtual Private Cloud Appliance * * * * Version Details Vulnerabilities
7 Application Cisco Automated Subsea Tuning * * * * Version Details Vulnerabilities
8 Application Cisco Automated Subsea Tuning 02.01.00 * * * Version Details Vulnerabilities
9 Application Cisco Broadworks * * * * Version Details Vulnerabilities
10 Application Cisco Broadworks - * * * Version Details Vulnerabilities
11 Application Cisco Business Process Automation * * * * Version Details Vulnerabilities
12 Application Cisco Cloud Connect * * * * Version Details Vulnerabilities
13 Application Cisco Cloudcenter * * * * Version Details Vulnerabilities
14 Application Cisco Cloudcenter Cost Optimizer * * * * Version Details Vulnerabilities
15 Application Cisco Cloudcenter Suite 4.10\(0.15\) * * * Version Details Vulnerabilities
16 Application Cisco Cloudcenter Suite 5.3\(0\) * * * Version Details Vulnerabilities
17 Application Cisco Cloudcenter Suite 5.4\(1\) * * * Version Details Vulnerabilities
18 Application Cisco Cloudcenter Suite 5.5\(1\) * * * Version Details Vulnerabilities
19 Application Cisco Cloudcenter Suite 5.5\(0\) * * * Version Details Vulnerabilities
20 Application Cisco Cloudcenter Suite Admin * * * * Version Details Vulnerabilities
21 Application Cisco Cloudcenter Workload Manager * * * * Version Details Vulnerabilities
22 Application Cisco Common Services Platform Collector * * * * Version Details Vulnerabilities
23 Application Cisco Common Services Platform Collector 002.009\(000.000\) * * * Version Details Vulnerabilities
24 Application Cisco Common Services Platform Collector 002.009\(001.000\) * * * Version Details Vulnerabilities
25 Application Cisco Common Services Platform Collector 002.009\(001.001\) * * * Version Details Vulnerabilities
26 Application Cisco Common Services Platform Collector 002.009\(000.001\) * * * Version Details Vulnerabilities
27 Application Cisco Common Services Platform Collector 002.009\(001.002\) * * * Version Details Vulnerabilities
28 Application Cisco Common Services Platform Collector 002.009\(000.002\) * * * Version Details Vulnerabilities
29 Application Cisco Common Services Platform Collector 002.010\(000.000\) * * * Version Details Vulnerabilities
30 Application Cisco Connected Analytics For Network Deployment 006.004.000.003 * * * Version Details Vulnerabilities
31 Application Cisco Connected Analytics For Network Deployment 006.005.000.000 * * * Version Details Vulnerabilities
32 Application Cisco Connected Analytics For Network Deployment 006.005.000. * * * Version Details Vulnerabilities
33 Application Cisco Connected Analytics For Network Deployment 007.000.001 * * * Version Details Vulnerabilities
34 Application Cisco Connected Analytics For Network Deployment 007.001.000 * * * Version Details Vulnerabilities
35 Application Cisco Connected Analytics For Network Deployment 007.002.000 * * * Version Details Vulnerabilities
36 Application Cisco Connected Analytics For Network Deployment 7.3 * * * Version Details Vulnerabilities
37 Application Cisco Connected Analytics For Network Deployment 007.003.000 * * * Version Details Vulnerabilities
38 Application Cisco Connected Analytics For Network Deployment 007.003.001.001 * * * Version Details Vulnerabilities
39 Application Cisco Connected Analytics For Network Deployment 007.003.003 * * * Version Details Vulnerabilities
40 Application Cisco Connected Analytics For Network Deployment 008.000.000 * * * Version Details Vulnerabilities
41 Application Cisco Connected Analytics For Network Deployment 008.000.000.000.004 * * * Version Details Vulnerabilities
42 Application Cisco Connected Mobile Experiences - * * * Version Details Vulnerabilities
43 Application Cisco Contact Center Domain Manager * * * * Version Details Vulnerabilities
44 Application Cisco Contact Center Management Portal * * * * Version Details Vulnerabilities
45 Application Cisco Crosswork Data Gateway * * * * Version Details Vulnerabilities
46 Application Cisco Crosswork Data Gateway 3.0.0 * * * Version Details Vulnerabilities
47 Application Cisco Crosswork Network Automation - * * * Version Details Vulnerabilities
48 Application Cisco Crosswork Network Automation 2.0.0 * * * Version Details Vulnerabilities
49 Application Cisco Crosswork Network Automation 3.0.0 * * * Version Details Vulnerabilities
50 Application Cisco Crosswork Network Automation 4.1.0 * * * Version Details Vulnerabilities
51 Application Cisco Crosswork Network Automation 4.1.1 * * * Version Details Vulnerabilities
52 Application Cisco Crosswork Network Controller * * * * Version Details Vulnerabilities
53 Application Cisco Crosswork Network Controller 3.0.0 * * * Version Details Vulnerabilities
54 Application Cisco Crosswork Optimization Engine * * * * Version Details Vulnerabilities
55 Application Cisco Crosswork Optimization Engine 3.0.0 * * * Version Details Vulnerabilities
56 Application Cisco Crosswork Platform Infrastructure * * * * Version Details Vulnerabilities
57 Application Cisco Crosswork Platform Infrastructure 4.1.0 * * * Version Details Vulnerabilities
58 Application Cisco Crosswork Zero Touch Provisioning * * * * Version Details Vulnerabilities
59 Application Cisco Crosswork Zero Touch Provisioning 3.0.0 * * * Version Details Vulnerabilities
60 Application Cisco Customer Experience Cloud Agent * * * * Version Details Vulnerabilities
61 Application Cisco Cx Cloud Agent 001.012 * * * Version Details Vulnerabilities
62 Application Cisco Cyber Vision 4.0.2 * * * Version Details Vulnerabilities
63 Application Cisco Cyber Vision Sensor Management Extension * * * * Version Details Vulnerabilities
64 Application Cisco Cyber Vision Sensor Management Extension 4.0.2 * * * Version Details Vulnerabilities
65 Application Cisco Data Center Network Manager * * * * Version Details Vulnerabilities
66 Application Cisco Data Center Network Manager 11.3\(1\) * * * Version Details Vulnerabilities
67 Application Cisco Dna Center * * * * Version Details Vulnerabilities
68 Application Cisco Dna Center 2.2.2.8 * * * Version Details Vulnerabilities
69 Application Cisco Dna Spaces - * * * Version Details Vulnerabilities
70 Application Cisco Dna Spaces Connector - * * * Version Details Vulnerabilities
71 Application Cisco Dna Spaces\ Connector * * * Version Details Vulnerabilities
72 Application Cisco Emergency Responder * * * * Version Details Vulnerabilities
73 Application Cisco Emergency Responder 11.5 * * * Version Details Vulnerabilities
74 Application Cisco Emergency Responder 11.5\(4.65000.14\) * * * Version Details Vulnerabilities
75 Application Cisco Emergency Responder 11.5\(4.66000.14\) * * * Version Details Vulnerabilities
76 Application Cisco Enterprise Chat And Email * * * * Version Details Vulnerabilities
77 Application Cisco Enterprise Chat And Email 12.0\(1\) * * * Version Details Vulnerabilities
78 Application Cisco Enterprise Chat And Email 12.5\(1\) * * * Version Details Vulnerabilities
79 Application Cisco Enterprise Chat And Email 12.6\(1\) * * * Version Details Vulnerabilities
80 Application Cisco Evolved Programmable Network Manager * * * * Version Details Vulnerabilities
81 Application Cisco Evolved Programmable Network Manager 3.0 * * * Version Details Vulnerabilities
82 Application Cisco Evolved Programmable Network Manager 3.1 * * * Version Details Vulnerabilities
83 Application Cisco Evolved Programmable Network Manager 4.0 * * * Version Details Vulnerabilities
84 Application Cisco Evolved Programmable Network Manager 4.1 * * * Version Details Vulnerabilities
85 Application Cisco Evolved Programmable Network Manager 5.0 * * * Version Details Vulnerabilities
86 Application Cisco Evolved Programmable Network Manager 5.1 * * * Version Details Vulnerabilities
87 Application Cisco Finesse * * * * Version Details Vulnerabilities
88 Application Cisco Finesse 12.5\(1\) SU1 * * Version Details Vulnerabilities
89 Application Cisco Finesse 12.5\(1\) SU2 * * Version Details Vulnerabilities
90 Application Cisco Finesse 12.6\(1\) Es03 * * Version Details Vulnerabilities
91 Application Cisco Finesse 12.6\(1\) - * * Version Details Vulnerabilities
92 Application Cisco Finesse 12.6\(1\) Es01 * * Version Details Vulnerabilities
93 Application Cisco Finesse 12.6\(1\) Es02 * * Version Details Vulnerabilities
94 Application Cisco Finesse 12.6\(1\) * * * Version Details Vulnerabilities
95 Application Cisco Firepower Threat Defense 6.2.3 * * * Version Details Vulnerabilities
96 Application Cisco Firepower Threat Defense 6.3.0 * * * Version Details Vulnerabilities
97 Application Cisco Firepower Threat Defense 6.4.0 * * * Version Details Vulnerabilities
98 Application Cisco Firepower Threat Defense 6.5.0 * * * Version Details Vulnerabilities
99 Application Cisco Firepower Threat Defense 6.6.0 * * * Version Details Vulnerabilities
100 Application Cisco Firepower Threat Defense 6.7.0 * * * Version Details Vulnerabilities
101 Application Cisco Firepower Threat Defense 7.0.0 * * * Version Details Vulnerabilities
102 Application Cisco Firepower Threat Defense 7.1.0 * * * Version Details Vulnerabilities
103 Application Cisco Fog Director - * * * Version Details Vulnerabilities
104 Application Cisco Identity Services Engine * * * * Version Details Vulnerabilities
105 Application Cisco Identity Services Engine 2.4.0 - * * Version Details Vulnerabilities
106 Application Cisco Identity Services Engine 002.004\(000.914\) - * * Version Details Vulnerabilities
107 Application Cisco Identity Services Engine 002.006\(000.156\) - * * Version Details Vulnerabilities
108 Application Cisco Identity Services Engine 002.007\(000.356\) - * * Version Details Vulnerabilities
109 Application Cisco Identity Services Engine 003.000\(000.458\) - * * Version Details Vulnerabilities
110 Application Cisco Identity Services Engine 003.001\(000.518\) - * * Version Details Vulnerabilities
111 Application Cisco Identity Services Engine 003.002\(000.116\) - * * Version Details Vulnerabilities
112 Application Cisco Integrated Management Controller Supervisor * * * * Version Details Vulnerabilities
113 Application Cisco Integrated Management Controller Supervisor 002.003\(002.000\) * * * Version Details Vulnerabilities
114 Application Cisco Integrated Management Controller Supervisor 2.3.2.0 * * * Version Details Vulnerabilities
115 Application Cisco Intersight Virtual Appliance * * * * Version Details Vulnerabilities
116 Application Cisco Intersight Virtual Appliance 1.0.9-343 * * * Version Details Vulnerabilities
117 Application Cisco Iot Operations Dashboard - * * * Version Details Vulnerabilities
118 Application Cisco Mobility Services Engine - * * * Version Details Vulnerabilities
119 Application Cisco Network Assurance Engine * * * * Version Details Vulnerabilities
120 Application Cisco Network Assurance Engine 6.0\(2.1912\) * * * Version Details Vulnerabilities
121 Application Cisco Network Dashboard Fabric Controller 11.0\(1\) * * * Version Details Vulnerabilities
122 Application Cisco Network Dashboard Fabric Controller 11.1\(1\) * * * Version Details Vulnerabilities
123 Application Cisco Network Dashboard Fabric Controller 11.2\(1\) * * * Version Details Vulnerabilities
124 Application Cisco Network Dashboard Fabric Controller 11.3\(1\) * * * Version Details Vulnerabilities
125 Application Cisco Network Dashboard Fabric Controller 11.4\(1\) * * * Version Details Vulnerabilities
126 Application Cisco Network Dashboard Fabric Controller 11.5\(3\) * * * Version Details Vulnerabilities
127 Application Cisco Network Dashboard Fabric Controller 11.5\(1\) * * * Version Details Vulnerabilities
128 Application Cisco Network Dashboard Fabric Controller 11.5\(2\) * * * Version Details Vulnerabilities
129 Application Cisco Network Insights For Data Center 6.0\(2.1914\) * * * Version Details Vulnerabilities
130 Application Cisco Network Services Orchestrator * * * * Version Details Vulnerabilities
131 Application Cisco Network Services Orchestrator - * * * Version Details Vulnerabilities
132 Application Cisco Nexus Dashboard * * * * Version Details Vulnerabilities
133 Application Cisco Nexus Insights * * * * Version Details Vulnerabilities
134 Application Cisco Optical Network Controller * * * * Version Details Vulnerabilities
135 Application Cisco Optical Network Controller 1.1 * * * Version Details Vulnerabilities
136 Application Cisco Packaged Contact Center Enterprise * * * * Version Details Vulnerabilities
137 Application Cisco Packaged Contact Center Enterprise 11.6\(1\) * * * Version Details Vulnerabilities
138 Application Cisco Paging Server * * * * Version Details Vulnerabilities
139 Application Cisco Paging Server 8.3\(1\) * * * Version Details Vulnerabilities
140 Application Cisco Paging Server 8.4\(1\) * * * Version Details Vulnerabilities
141 Application Cisco Paging Server 8.5\(1\) * * * Version Details Vulnerabilities
142 Application Cisco Paging Server 9.0\(1\) * * * Version Details Vulnerabilities
143 Application Cisco Paging Server 9.0\(2\) * * * Version Details Vulnerabilities
144 Application Cisco Paging Server 9.1\(1\) * * * Version Details Vulnerabilities
145 Application Cisco Paging Server 12.5\(2\) * * * Version Details Vulnerabilities
146 Application Cisco Paging Server 14.0\(1\) * * * Version Details Vulnerabilities
147 Application Cisco Prime Service Catalog * * * * Version Details Vulnerabilities
148 Application Cisco Prime Service Catalog 12.1 * * * Version Details Vulnerabilities
149 Application Cisco Sd-wan Vmanage * * * * Version Details Vulnerabilities
150 Application Cisco Sd-wan Vmanage 20.3 * * * Version Details Vulnerabilities
151 Application Cisco Sd-wan Vmanage 20.4 * * * Version Details Vulnerabilities
152 Application Cisco Sd-wan Vmanage 20.5 * * * Version Details Vulnerabilities
153 Application Cisco Sd-wan Vmanage 20.6 * * * Version Details Vulnerabilities
154 Application Cisco Sd-wan Vmanage 20.6.1 * * * Version Details Vulnerabilities
155 Application Cisco Sd-wan Vmanage 20.7 * * * Version Details Vulnerabilities
156 Application Cisco Sd-wan Vmanage 20.8 * * * Version Details Vulnerabilities
157 Application Cisco Smart Phy * * * * Version Details Vulnerabilities
158 Application Cisco Smart Phy 3.1.2 * * * Version Details Vulnerabilities
159 Application Cisco Smart Phy 3.1.3 * * * Version Details Vulnerabilities
160 Application Cisco Smart Phy 3.1.4 * * * Version Details Vulnerabilities
161 Application Cisco Smart Phy 3.1.5 * * * Version Details Vulnerabilities
162 Application Cisco Smart Phy 3.2.1 * * * Version Details Vulnerabilities
163 Application Cisco Smart Phy 21.3 * * * Version Details Vulnerabilities
164 Application Cisco Ucs Central * * * * Version Details Vulnerabilities
165 Application Cisco Ucs Central Software 2.0\(1a\) * * * Version Details Vulnerabilities
166 Application Cisco Ucs Central Software 2.0\(1g\) * * * Version Details Vulnerabilities
167 Application Cisco Ucs Central Software 2.0\(1b\) * * * Version Details Vulnerabilities
168 Application Cisco Ucs Central Software 2.0\(1h\) * * * Version Details Vulnerabilities
169 Application Cisco Ucs Central Software 2.0\(1c\) * * * Version Details Vulnerabilities
170 Application Cisco Ucs Central Software 2.0\(1k\) * * * Version Details Vulnerabilities
171 Application Cisco Ucs Central Software 2.0\(1d\) * * * Version Details Vulnerabilities
172 Application Cisco Ucs Central Software 2.0\(1l\) * * * Version Details Vulnerabilities
173 Application Cisco Ucs Central Software 2.0\(1e\) * * * Version Details Vulnerabilities
174 Application Cisco Ucs Central Software 2.0 * * * Version Details Vulnerabilities
175 Application Cisco Ucs Central Software 2.0\(1f\) * * * Version Details Vulnerabilities
176 Application Cisco Ucs Director * * * * Version Details Vulnerabilities
177 Application Cisco Unified Communications Manager * * * * Version Details Vulnerabilities
178 Application Cisco Unified Communications Manager * * * * Version Details Vulnerabilities
179 Application Cisco Unified Communications Manager 11.5\(1\) * * * Version Details Vulnerabilities
180 Application Cisco Unified Communications Manager 11.5\(1\) * * * Version Details Vulnerabilities
181 Application Cisco Unified Communications Manager 11.5\(1\) * * * Version Details Vulnerabilities
182 Application Cisco Unified Communications Manager 11.5\(1\)su3 * * * Version Details Vulnerabilities
183 Application Cisco Unified Communications Manager 11.5\(1.17900.52\) * * * Version Details Vulnerabilities
184 Application Cisco Unified Communications Manager 11.5\(1.18119.2\) * * * Version Details Vulnerabilities
185 Application Cisco Unified Communications Manager 11.5\(1.18900.97\) * * * Version Details Vulnerabilities
186 Application Cisco Unified Communications Manager 11.5\(1.21900.40\) * * * Version Details Vulnerabilities
187 Application Cisco Unified Communications Manager 11.5\(1.22900.28\) * * * Version Details Vulnerabilities
188 Application Cisco Unified Communications Manager Im And Presence Service * * * * Version Details Vulnerabilities
189 Application Cisco Unified Communications Manager Im And Presence Service 11.5\(1\) * * * Version Details Vulnerabilities
190 Application Cisco Unified Communications Manager Im \& Presence Service 11.5\(1\) * * * Version Details Vulnerabilities
191 Application Cisco Unified Communications Manager Im \& Presence Service 11.5\(1.22900.6\) * * * Version Details Vulnerabilities
192 Application Cisco Unified Computing System 006.008\(001.000\) * * * Version Details Vulnerabilities
193 Application Cisco Unified Contact Center Enterprise * * * * Version Details Vulnerabilities
194 Application Cisco Unified Contact Center Enterprise 11.6\(2\) * * * Version Details Vulnerabilities
195 Application Cisco Unified Contact Center Enterprise 12.0\(1\) * * * Version Details Vulnerabilities
196 Application Cisco Unified Contact Center Enterprise 12.5\(1\) * * * Version Details Vulnerabilities
197 Application Cisco Unified Contact Center Enterprise 12.6\(1\) * * * Version Details Vulnerabilities
198 Application Cisco Unified Contact Center Enterprise 12.6\(2\) * * * Version Details Vulnerabilities
199 Application Cisco Unified Contact Center Express * * * * Version Details Vulnerabilities
200 Application Cisco Unified Contact Center Express 12.5\(1\) - * * Version Details Vulnerabilities
201 Application Cisco Unified Contact Center Express 12.5\(1\) SU1 * * Version Details Vulnerabilities
202 Application Cisco Unified Contact Center Express 12.6\(1\) * * * Version Details Vulnerabilities
203 Application Cisco Unified Contact Center Express 12.6\(2\) * * * Version Details Vulnerabilities
204 Application Cisco Unified Contact Center Management Portal 12.6\(1\) * * * Version Details Vulnerabilities
205 Application Cisco Unified Customer Voice Portal * * * * Version Details Vulnerabilities
206 Application Cisco Unified Customer Voice Portal 11.6\(1\) * * * Version Details Vulnerabilities
207 Application Cisco Unified Customer Voice Portal 11.6 * * * Version Details Vulnerabilities
208 Application Cisco Unified Customer Voice Portal 12.0 * * * Version Details Vulnerabilities
209 Application Cisco Unified Customer Voice Portal 12.0\(1\) * * * Version Details Vulnerabilities
210 Application Cisco Unified Customer Voice Portal 12.5 * * * Version Details Vulnerabilities
211 Application Cisco Unified Customer Voice Portal 12.5\(1\) * * * Version Details Vulnerabilities
212 Application Cisco Unified Customer Voice Portal 12.6\(1\) * * * Version Details Vulnerabilities
213 OS Cisco Unified Intelligence Center * * * * Version Details Vulnerabilities
214 Application Cisco Unified Intelligence Center 12.6\(1\) Es02 * * Version Details Vulnerabilities
215 Application Cisco Unified Intelligence Center 12.6\(2\) - * * Version Details Vulnerabilities
216 Application Cisco Unified Intelligence Center 12.6\(1\) - * * Version Details Vulnerabilities
217 Application Cisco Unified Intelligence Center 12.6\(1\) Es01 * * Version Details Vulnerabilities
218 OS Cisco Unified Sip Proxy * * * * Version Details Vulnerabilities
219 Application Cisco Unified Sip Proxy 010.000\(000\) * * * Version Details Vulnerabilities
220 Application Cisco Unified Sip Proxy 010.000\(001\) * * * Version Details Vulnerabilities
221 Application Cisco Unified Sip Proxy 010.002\(001\) * * * Version Details Vulnerabilities
222 Application Cisco Unified Sip Proxy 010.002\(000\) * * * Version Details Vulnerabilities
223 OS Cisco Unified Workforce Optimization * * * * Version Details Vulnerabilities
224 Application Cisco Unified Workforce Optimization 11.5\(1\) SR7 * * Version Details Vulnerabilities
225 Application Cisco Unity Connection * * * * Version Details Vulnerabilities
226 Application Cisco Unity Connection 11.5 * * * Version Details Vulnerabilities
227 Application Cisco Unity Connection 11.5\(1.10000.6\) * * * Version Details Vulnerabilities
228 Application Cisco Video Surveillance Manager 7.14\(4.018\) * * * Version Details Vulnerabilities
229 Application Cisco Video Surveillance Manager 7.14\(3.025\) * * * Version Details Vulnerabilities
230 Application Cisco Video Surveillance Manager 7.14\(2.26\) * * * Version Details Vulnerabilities
231 Application Cisco Video Surveillance Manager 7.14\(1.26\) * * * Version Details Vulnerabilities
232 Application Cisco Video Surveillance Operations Manager * * * * Version Details Vulnerabilities
233 Application Cisco Virtual Topology System * * * * Version Details Vulnerabilities
234 Application Cisco Virtual Topology System 2.6.6 * * * Version Details Vulnerabilities
235 Application Cisco Virtualized Infrastructure Manager * * * * Version Details Vulnerabilities
236 Application Cisco Virtualized Voice Browser * * * * Version Details Vulnerabilities
237 Application Cisco Wan Automation Engine * * * * Version Details Vulnerabilities
238 Application Cisco Wan Automation Engine 7.1.3 * * * Version Details Vulnerabilities
239 Application Cisco Wan Automation Engine 7.2.1 * * * Version Details Vulnerabilities
240 Application Cisco Wan Automation Engine 7.2.2 * * * Version Details Vulnerabilities
241 Application Cisco Wan Automation Engine 7.2.3 * * * Version Details Vulnerabilities
242 Application Cisco Wan Automation Engine 7.3 * * * Version Details Vulnerabilities
243 Application Cisco Wan Automation Engine 7.4 * * * Version Details Vulnerabilities
244 Application Cisco Wan Automation Engine 7.5 * * * Version Details Vulnerabilities
245 Application Cisco Wan Automation Engine 7.6 * * * Version Details Vulnerabilities
246 Application Cisco Webex Meetings Server * * * * Version Details Vulnerabilities
247 Application Cisco Webex Meetings Server 3.0 Maintenance Release3 Service Pack 2 * * Version Details Vulnerabilities
248 Application Cisco Webex Meetings Server 3.0 Maintenance Release2 * * Version Details Vulnerabilities
249 Application Cisco Webex Meetings Server 3.0 Maintenance Release3 Service Pack 3 * * Version Details Vulnerabilities
250 Application Cisco Webex Meetings Server 3.0 * * * Version Details Vulnerabilities
251 Application Cisco Webex Meetings Server 3.0 Maintenance Release3 * * Version Details Vulnerabilities
252 Application Cisco Webex Meetings Server 3.0 Maintenance Release4 * * Version Details Vulnerabilities
253 Application Cisco Webex Meetings Server 3.0 Maintenance Release3 - * Version Details Vulnerabilities
254 Application Cisco Webex Meetings Server 3.0 Maintenance Release3 Security Patch4 * * Version Details Vulnerabilities
255 Application Cisco Webex Meetings Server 3.0 - * * Version Details Vulnerabilities
256 Application Cisco Webex Meetings Server 3.0 Maintenance Release3 Security Patch5 * * Version Details Vulnerabilities
257 Application Cisco Webex Meetings Server 3.0 Maintenance Release1 * * Version Details Vulnerabilities
258 Application Cisco Webex Meetings Server 4.0 Maintenance Release3 * * Version Details Vulnerabilities
259 Application Cisco Webex Meetings Server 4.0 * * * Version Details Vulnerabilities
260 Application Cisco Webex Meetings Server 4.0 - * * Version Details Vulnerabilities
261 Application Cisco Webex Meetings Server 4.0 Maintenance Release1 * * Version Details Vulnerabilities
262 Application Cisco Webex Meetings Server 4.0 Maintenance Release2 * * Version Details Vulnerabilities
263 Application Cisco Workload Optimization Manager * * * * Version Details Vulnerabilities
264 OS Debian Debian Linux 9.0 * * * Version Details Vulnerabilities
265 OS Debian Debian Linux 10.0 * * * Version Details Vulnerabilities
266 OS Debian Debian Linux 11.0 * * * Version Details Vulnerabilities
267 OS Fedoraproject Fedora 35 * * * Version Details Vulnerabilities
268 Application Intel Audio Development Kit - * * * Version Details Vulnerabilities
269 Application Intel Computer Vision Annotation Tool - * * * Version Details Vulnerabilities
270 Application Intel Data Center Manager - * * * Version Details Vulnerabilities
271 Application Intel Genomics Kernel Library - * * * Version Details Vulnerabilities
272 Application Intel Oneapi Sample Browser - * * * Version Details Vulnerabilities
273 Application Intel Secure Device Onboard - * * * Version Details Vulnerabilities
274 Application Intel Sensor Solution Firmware Development Kit - * * * Version Details Vulnerabilities
275 Application Intel System Debugger - * * * Version Details Vulnerabilities
276 Application Intel System Studio - * * * Version Details Vulnerabilities
277 Application Netapp Active Iq Unified Manager - * * * Version Details Vulnerabilities
278 Application Netapp Active Iq Unified Manager - * * * Version Details Vulnerabilities
279 Application Netapp Active Iq Unified Manager - * * * Version Details Vulnerabilities
280 Application Netapp Cloud Insights - * * * Version Details Vulnerabilities
281 Application Netapp Cloud Manager - * * * Version Details Vulnerabilities
282 Application Netapp Cloud Secure Agent - * * * Version Details Vulnerabilities
283 Application Netapp Oncommand Insight - * * * Version Details Vulnerabilities
284 Application Netapp Ontap Tools - * * * Version Details Vulnerabilities
285 Application Netapp Snapcenter - * * * Version Details Vulnerabilities
286 Application Siemens Captial * * * * Version Details Vulnerabilities
287 Application Siemens Captial 2019.1 - * * Version Details Vulnerabilities
288 Application Siemens Captial 2019.1 Sp1912 * * Version Details Vulnerabilities
289 Application Siemens Comos * * * * Version Details Vulnerabilities
290 Application Siemens Desigo Cc Advanced Reports 4.0 * * * Version Details Vulnerabilities
291 Application Siemens Desigo Cc Advanced Reports 4.1 * * * Version Details Vulnerabilities
292 Application Siemens Desigo Cc Advanced Reports 4.2 * * * Version Details Vulnerabilities
293 Application Siemens Desigo Cc Advanced Reports 5.0 * * * Version Details Vulnerabilities
294 Application Siemens Desigo Cc Advanced Reports 5.1 * * * Version Details Vulnerabilities
295 Application Siemens Desigo Cc Info Center 5.0 * * * Version Details Vulnerabilities
296 Application Siemens Desigo Cc Info Center 5.1 * * * Version Details Vulnerabilities
297 Application Siemens E-car Operation Center * * * * Version Details Vulnerabilities
298 Application Siemens Energy Engage 3.1 * * * Version Details Vulnerabilities
299 Application Siemens Energyip 8.5 * * * Version Details Vulnerabilities
300 Application Siemens Energyip 8.6 * * * Version Details Vulnerabilities
301 Application Siemens Energyip 8.7 * * * Version Details Vulnerabilities
302 Application Siemens Energyip 9.0 * * * Version Details Vulnerabilities
303 Application Siemens Energyip Prepay 3.7 * * * Version Details Vulnerabilities
304 Application Siemens Energyip Prepay 3.8 * * * Version Details Vulnerabilities
305 Application Siemens Gma-manager * * * * Version Details Vulnerabilities
306 Application Siemens Head-end System Universal Device Integration System * * * * Version Details Vulnerabilities
307 Application Siemens Industrial Edge Management * * * * Version Details Vulnerabilities
308 Application Siemens Industrial Edge Management Hub * * * * Version Details Vulnerabilities
309 Application Siemens Logo\! Soft Comfort * * * * Version Details Vulnerabilities
310 Application Siemens Mendix * * * * Version Details Vulnerabilities
311 Application Siemens Mindsphere * * * * Version Details Vulnerabilities
312 Application Siemens Navigator * * * * Version Details Vulnerabilities
313 Application Siemens NX * * * * Version Details Vulnerabilities
314 Application Siemens Opcenter Intelligence * * * * Version Details Vulnerabilities
315 Application Siemens Operation Scheduler * * * * Version Details Vulnerabilities
316 Application Siemens Sentron Powermanager 4.1 * * * Version Details Vulnerabilities
317 Application Siemens Sentron Powermanager 4.2 * * * Version Details Vulnerabilities
318 Application Siemens Siguard Dsa 4.2 * * * Version Details Vulnerabilities
319 Application Siemens Siguard Dsa 4.3 * * * Version Details Vulnerabilities
320 Application Siemens Siguard Dsa 4.4 * * * Version Details Vulnerabilities
321 Application Siemens Sipass Integrated 2.80 * * * Version Details Vulnerabilities
322 Application Siemens Sipass Integrated 2.85 * * * Version Details Vulnerabilities
323 Application Siemens Siveillance Command * * * * Version Details Vulnerabilities
324 Application Siemens Siveillance Control Pro * * * * Version Details Vulnerabilities
325 Application Siemens Siveillance Identity 1.5 * * * Version Details Vulnerabilities
326 Application Siemens Siveillance Identity 1.6 * * * Version Details Vulnerabilities
327 Application Siemens Siveillance Vantage * * * * Version Details Vulnerabilities
328 Application Siemens Siveillance Viewpoint * * * * Version Details Vulnerabilities
329 Application Siemens Solid Edge Cam Pro * * * * Version Details Vulnerabilities
330 Application Siemens Solid Edge Harness Design * * * * Version Details Vulnerabilities
331 Application Siemens Solid Edge Harness Design 2020 * * * Version Details Vulnerabilities
332 Application Siemens Solid Edge Harness Design 2020 - * * Version Details Vulnerabilities
333 Application Siemens Solid Edge Harness Design 2020 Sp2002 * * Version Details Vulnerabilities
334 Application Siemens Spectrum Power 4 * * * * Version Details Vulnerabilities
335 Application Siemens Spectrum Power 4 4.70 SP7 * * Version Details Vulnerabilities
336 Application Siemens Spectrum Power 4 4.70 SP8 * * Version Details Vulnerabilities
337 Application Siemens Spectrum Power 4 4.70 - * * Version Details Vulnerabilities
338 Application Siemens Spectrum Power 7 * * * * Version Details Vulnerabilities
339 Application Siemens Spectrum Power 7 2.30 SP2 * * Version Details Vulnerabilities
340 Application Siemens Spectrum Power 7 2.30 * * * Version Details Vulnerabilities
341 Application Siemens Spectrum Power 7 2.30 - * * Version Details Vulnerabilities
342 Application Siemens Teamcenter * * * * Version Details Vulnerabilities
343 Application Siemens Vesys * * * * Version Details Vulnerabilities
344 Application Siemens Vesys 2019.1 Sp1912 * * Version Details Vulnerabilities
345 Application Siemens Vesys 2019.1 * * * Version Details Vulnerabilities
346 Application Siemens Vesys 2019.1 - * * Version Details Vulnerabilities
347 Application Siemens Xpedition Enterprise - * * * Version Details Vulnerabilities
348 Application Siemens Xpedition Package Integrator - * * * Version Details Vulnerabilities
349 Application Snowsoftware Snow Commander * * * * Version Details Vulnerabilities
350 Application Snowsoftware Vm Access Proxy * * * * Version Details Vulnerabilities
351 Application Sonicwall Email Security * * * * Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Apache Log4j 5
Cisco Advanced Malware Protection Virtual Private Cloud Appliance 1
Cisco Automated Subsea Tuning 2
Cisco Broadworks 2
Cisco Business Process Automation 1
Cisco Cloud Connect 1
Cisco Cloudcenter 1
Cisco Cloudcenter Cost Optimizer 1
Cisco Cloudcenter Suite 5
Cisco Cloudcenter Suite Admin 1
Cisco Cloudcenter Workload Manager 1
Cisco Common Services Platform Collector 8
Cisco Connected Analytics For Network Deployment 12
Cisco Connected Mobile Experiences 1
Cisco Contact Center Domain Manager 1
Cisco Contact Center Management Portal 1
Cisco Crosswork Data Gateway 2
Cisco Crosswork Network Automation 5
Cisco Crosswork Network Controller 2
Cisco Crosswork Optimization Engine 2
Cisco Crosswork Platform Infrastructure 2
Cisco Crosswork Zero Touch Provisioning 2
Cisco Customer Experience Cloud Agent 1
Cisco Cx Cloud Agent 1
Cisco Cyber Vision 1
Cisco Cyber Vision Sensor Management Extension 2
Cisco Data Center Network Manager 2
Cisco Dna Center 2
Cisco Dna Spaces 1
Cisco Dna Spaces Connector 1
Cisco Dna Spaces\ 1
Cisco Emergency Responder 4
Cisco Enterprise Chat And Email 4
Cisco Evolved Programmable Network Manager 7
Cisco Finesse 8
Cisco Firepower Threat Defense 8
Cisco Fog Director 1
Cisco Identity Services Engine 8
Cisco Integrated Management Controller Supervisor 3
Cisco Intersight Virtual Appliance 2
Cisco Iot Operations Dashboard 1
Cisco Mobility Services Engine 1
Cisco Network Assurance Engine 2
Cisco Network Dashboard Fabric Controller 8
Cisco Network Insights For Data Center 1
Cisco Network Services Orchestrator 2
Cisco Nexus Dashboard 1
Cisco Nexus Insights 1
Cisco Optical Network Controller 2
Cisco Packaged Contact Center Enterprise 2
Cisco Paging Server 9
Cisco Prime Service Catalog 2
Cisco Sd-wan Vmanage 8
Cisco Smart Phy 7
Cisco Ucs Central 1
Cisco Ucs Central Software 11
Cisco Ucs Director 1
Cisco Unified Communications Manager 11
Cisco Unified Communications Manager Im And Presence Service 2
Cisco Unified Communications Manager Im \& Presence Service 2
Cisco Unified Computing System 1
Cisco Unified Contact Center Enterprise 6
Cisco Unified Contact Center Express 5
Cisco Unified Contact Center Management Portal 1
Cisco Unified Customer Voice Portal 8
Cisco Unified Intelligence Center 1
Cisco Unified Intelligence Center 4
Cisco Unified Sip Proxy 1
Cisco Unified Sip Proxy 4
Cisco Unified Workforce Optimization 1
Cisco Unified Workforce Optimization 1
Cisco Unity Connection 3
Cisco Video Surveillance Manager 4
Cisco Video Surveillance Operations Manager 1
Cisco Virtual Topology System 2
Cisco Virtualized Infrastructure Manager 1
Cisco Virtualized Voice Browser 1
Cisco Wan Automation Engine 9
Cisco Webex Meetings Server 17
Cisco Workload Optimization Manager 1
Debian Debian Linux 3
Fedoraproject Fedora 1
Intel Audio Development Kit 1
Intel Computer Vision Annotation Tool 1
Intel Data Center Manager 1
Intel Genomics Kernel Library 1
Intel Oneapi Sample Browser 1
Intel Secure Device Onboard 1
Intel Sensor Solution Firmware Development Kit 1
Intel System Debugger 1
Intel System Studio 1
Netapp Active Iq Unified Manager 3
Netapp Cloud Insights 1
Netapp Cloud Manager 1
Netapp Cloud Secure Agent 1
Netapp Oncommand Insight 1
Netapp Ontap Tools 1
Netapp Snapcenter 1
Siemens Captial 3
Siemens Comos 1
Siemens Desigo Cc Advanced Reports 5
Siemens Desigo Cc Info Center 2
Siemens E-car Operation Center 1
Siemens Energy Engage 1
Siemens Energyip 4
Siemens Energyip Prepay 2
Siemens Gma-manager 1
Siemens Head-end System Universal Device Integration System 1
Siemens Industrial Edge Management 1
Siemens Industrial Edge Management Hub 1
Siemens Logo\! Soft Comfort 1
Siemens Mendix 1
Siemens Mindsphere 1
Siemens Navigator 1
Siemens NX 1
Siemens Opcenter Intelligence 1
Siemens Operation Scheduler 1
Siemens Sentron Powermanager 2
Siemens Siguard Dsa 3
Siemens Sipass Integrated 2
Siemens Siveillance Command 1
Siemens Siveillance Control Pro 1
Siemens Siveillance Identity 2
Siemens Siveillance Vantage 1
Siemens Siveillance Viewpoint 1
Siemens Solid Edge Cam Pro 1
Siemens Solid Edge Harness Design 4
Siemens Spectrum Power 4 4
Siemens Spectrum Power 7 4
Siemens Teamcenter 1
Siemens Vesys 4
Siemens Xpedition Enterprise 1
Siemens Xpedition Package Integrator 1
Snowsoftware Snow Commander 1
Snowsoftware Vm Access Proxy 1
Sonicwall Email Security 1

- References For CVE-2021-44228

https://www.kb.cert.org/vuls/id/930724
CERT-VN VU#930724
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
http://www.openwall.com/lists/oss-security/2021/12/13/1
MLIST [oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
http://www.openwall.com/lists/oss-security/2021/12/13/2
MLIST [oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf CONFIRM
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf CONFIRM
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
MS Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
http://www.openwall.com/lists/oss-security/2021/12/15/3
MLIST [oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/
FEDORA FEDORA-2021-66d6c484f3
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
https://logging.apache.org/log4j/2.x/security.html
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
http://www.openwall.com/lists/oss-security/2021/12/14/4
MLIST [oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html CONFIRM
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf CONFIRM
http://www.openwall.com/lists/oss-security/2021/12/10/1
MLIST [oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
https://www.debian.org/security/2021/dsa-5020
DEBIAN DSA-5020
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html
MLIST [debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/
FEDORA FEDORA-2021-f0f501d01f
https://security.netapp.com/advisory/ntap-20211210-0007/ CONFIRM
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
http://www.openwall.com/lists/oss-security/2021/12/10/3
MLIST [oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
http://www.openwall.com/lists/oss-security/2021/12/10/2
MLIST [oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 CONFIRM
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
https://twitter.com/kurtseifried/status/1469345530182455296

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0