Details of VAR-202112-0566

ID

VAR-202112-0566

CVE

CVE-2021-44228

TITLE

Apache Log4j allows insecure JNDI lookups

Trust: 0.8

sources: CERT/CC: VU#930724

DESCRIPTION

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. This update also fixes CVE-2020-9488 in the oldstable distribution (buster). Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. For the oldstable distribution (buster), this problem has been fixed in version 2.15.0-1~deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 2.15.0-1~deb11u1. We recommend that you upgrade your apache-log4j2 packages. For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG0+YVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQvXA/+LIMVC0X80Qc6No564VodtTN3Ci0NyaUcQyZG8Gyo2tPuwKEpOUpmom7f wcZvQgKvwxs3Ad1M5Zt/6Ql3v0KbwzBah0v8KUV86B6g4yb+Wno7iKQR1mN47bpz 2SJPzf6IECwtmz3zYI3fLuJJ/dvAMRlQ+nhPsC8/zJGJgfFHFmDyfG8TtlrYLUHS Pjpov4C/VllQGJ5MjyVF93OqTCy4V7WxH/RgT1YBOs71KNCq5yPoch35geytSQoM Kk59qFLQgST2kYhLVxRRbdQAAhbA7W5XythKqphon6nRmlJPHSGkXMf9s0N3cm6K Zkmvo2/A29FiceZj/bSM4/qw7gqbsJfpSMcTKmxhReolsXAJVj4mGu9cZZTAP7Tb g8fl8kGljFd01ka0208eFyILHCR2bAF2xgS1nG6TCc170azDkvW38fZHHkLQIPbF TOwxoNv8dHgyT6pfI+BDYKy9pNvrLk/jqXkOpry6nY+Ji/RcjGBDIR3VP25VsMk8 6zwERE1LX0IvwiaSFBg6oyWW4siINZzFyVXryLvRr/YBIAYKGv+Y1Wn8ageACItW 2SZjLbK4uBTOHyvPITBgOZSYD7kYcTPxdbb8ntw7Uo489hYXzjYlloTBoUPg1G3o gyZnRfW0yYf2bA63I7vVBDTITt8K4H1UkUDEOIUjXGekFLqDnGw= =BY2+ -----END PGP SIGNATURE----- . Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html 4. JIRA issues fixed (https://issues.jboss.org/): LOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable LOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard LOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1] 6. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat AMQ Streams 1.6.5 release and security update Advisory ID: RHSA-2021:5133-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:5133 Issue date: 2021-12-14 CVE Names: CVE-2021-44228 ==================================================================== 1. Summary: Red Hat AMQ Streams 1.6.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.5 serves as a replacement for Red Hat AMQ Streams 1.6.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. References: https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.streams&version=1.6.5 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYblJBNzjgjWX9erEAQgrQQ//cpcYDzrhPXM4+U+DMgmqnuVhobliJIZt dwIgEyX3jYfLfXZgzkDCnHdwUjJsVub12ielI3JkHsOnGU8faFmp1kEKBvub0Xdh EhjmyDGVSTvdcQyCn9+1z8BDddxLM8UjUBrqF6FrLe6OJcrZi5ICOlZB9sBJ9TKj s4HH3NWW/PSUM96X20TZXl2ah9rkWy+MBoa+jxhOX5Fzyil2Dhcv2LNPA8SfVIme hqN+pSCiQ4Ik1FKJ2wPUItPtTGdQQKVIVhh/RHvGQrIqNWFXWCQkyq4R2Ho2+Eip b5+XW/X0Mt5AkJo5Lz8TZEIjPSeILOy6ucf3fOVDSDUIA2wtdmBA/QV8XvNPtRzy zIUMMdKmuKfR6IF2N+05G6sJ0BWisMmz8hYVD/nBh4FF9HmUGP8wBaLrBMDpGhPE Qu59Ysh0/cdtCGY0O75QSa6RbDn6WyE56groY0i0JSSzrlA94ygSuNJ71nG5wz5I 9TdZqceCDDmR9/FsFgvtzNRaJXqq92/fJdHwTJ/qToutYRsBgEYPmCpNqMXBz59W oXs+VKtt2muYCe9WNDRO/1l9WAs6SO8FekvxcEripg8s1gofkvB4Xa7VkSkbrROZ qCyI4Rz1JSYX287LsQ+Z5E7f4ZchsAIggxOw6ovrnuXbT+rS4IVpwu6Os2AOYQHo 9Sch0c3lbGw=Ervs -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-5192-2 December 17, 2021 apache-log4j2 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Apache Log4j 2 could be made to crash or run programs as an administrator if it received a specially crafted input. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: liblog4j2-java 2.4-2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. VMware Unified Access Gateway VMware Carbon Black Workload Appliance VMware Site Recovery Manager, vSphere Replication VMware Tanzu GemFire VMware Tanzu GemFire for VMs VMware Tanzu Operations Manager VMware Tanzu Application Service for VMs VMware Horizon Agents Installer You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491) * kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154) * xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153) * xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140) * xstream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Bugs fixed (https://bugzilla.redhat.com/): 1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1997763 - CVE-2021-39139 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997765 - CVE-2021-39140 xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler 1997769 - CVE-2021-39141 xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* 1997772 - CVE-2021-39144 xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* 1997775 - CVE-2021-39145 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997777 - CVE-2021-39146 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue 1997779 - CVE-2021-39147 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration 1997781 - CVE-2021-39148 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator 1997784 - CVE-2021-39149 xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* 1997786 - CVE-2021-39150 xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* 1997791 - CVE-2021-39151 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997793 - CVE-2021-39152 xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData 1997795 - CVE-2021-39153 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997801 - CVE-2021-39154 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5

Trust: 2.79

sources: NVD: CVE-2021-44228 // CERT/CC: VU#930724 // VULHUB: VHN-407408 // VULHUB: VHN-408570 // VULMON: CVE-2021-44228 // PACKETSTORM: 169172 // PACKETSTORM: 165295 // PACKETSTORM: 165288 // PACKETSTORM: 165291 // PACKETSTORM: 165297 // PACKETSTORM: 165324 // PACKETSTORM: 165329 // PACKETSTORM: 165348 // PACKETSTORM: 165371 // PACKETSTORM: 165733

AFFECTED PRODUCTS

vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.010$000.000$	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14$1.26$	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1g$	Trust: 1.0
vendor:	apache	model:	log4j	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	lt	version:	2.9.1.3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1.22900.28$	Trust: 1.0
vendor:	cisco	model:	workload optimization manager	scope:	lt	version:	3.2.1	Trust: 1.0
vendor:	siemens	model:	capital	scope:	lt	version:	2019.1	Trust: 1.0
vendor:	cisco	model:	virtualized infrastructure manager	scope:	gte	version:	3.4.0	Trust: 1.0
vendor:	siemens	model:	comos	scope:	lt	version:	10.4.2	Trust: 1.0
vendor:	cisco	model:	crosswork network controller	scope:	lt	version:	2.0.1	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.3$0$	Trust: 1.0
vendor:	netapp	model:	solidfire \& hci storage node	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.8	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.4	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1d$	Trust: 1.0
vendor:	cisco	model:	unified communications manager im \& presence service	scope:	eq	version:	11.5$1.22900.6$	Trust: 1.0
vendor:	siemens	model:	industrial edge management hub	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	apache	model:	log4j	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.5.1.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.6	Trust: 1.0
vendor:	cisco	model:	contact center domain manager	scope:	lt	version:	12.5$1$	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	siemens	model:	6bk1602-0aa42-0tp0	scope:	lt	version:	2.7.0	Trust: 1.0
vendor:	cisco	model:	unified contact center management portal	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	siemens	model:	siveillance viewpoint	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	9.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1.18119.2$	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	crosswork zero touch provisioning	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	crosswork data gateway	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	dna spaces	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.5$1$	Trust: 1.0
vendor:	intel	model:	datacenter manager	scope:	lt	version:	5.1	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	9.0$2$	Trust: 1.0
vendor:	cisco	model:	cloudcenter	scope:	lt	version:	4.10.0.16	Trust: 1.0
vendor:	cisco	model:	crosswork network controller	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	siemens	model:	solid edge harness design	scope:	lt	version:	2020	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	eq	version:	2.2.2.8	Trust: 1.0
vendor:	cisco	model:	cloudcenter cost optimizer	scope:	lt	version:	5.5.2	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	12.5$2$	Trust: 1.0
vendor:	siemens	model:	operation scheduler	scope:	lte	version:	1.1.3	Trust: 1.0
vendor:	siemens	model:	gma-manager	scope:	lt	version:	8.6.2j-398	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	008.000.000	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	lt	version:	3.0	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	eq	version:	002.003$002.000$	Trust: 1.0
vendor:	snowsoftware	model:	vm access proxy	scope:	lt	version:	3.6	Trust: 1.0
vendor:	siemens	model:	capital	scope:	eq	version:	2019.1	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.2	Trust: 1.0
vendor:	siemens	model:	6bk1602-0aa52-0tp0	scope:	lt	version:	2.7.0	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.7	Trust: 1.0
vendor:	cisco	model:	crosswork optimization engine	scope:	lt	version:	2.0.1	Trust: 1.0
vendor:	siemens	model:	mendix	scope:	eq	version:	*	Trust: 1.0
vendor:	netapp	model:	cloud manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	006.004.000.003	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	7.3	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	gte	version:	3.2.000.000	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.5$0$	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	003.000$000.458$	Trust: 1.0
vendor:	siemens	model:	e-car operation center	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.1$1$	Trust: 1.0
vendor:	bentley	model:	synchro	scope:	lt	version:	6.2.4.2	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.5$3$	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1.21900.40$	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	12.6$2$	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	9.0$1$	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.7	Trust: 1.0
vendor:	cisco	model:	enterprise chat and email	scope:	eq	version:	12.5$1$	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.0$1$	Trust: 1.0
vendor:	intel	model:	oneapi sample browser	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	eq	version:	11.5$4.66000.14$	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.5$2$	Trust: 1.0
vendor:	siemens	model:	desigo cc info center	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.5	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.1.3	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	lt	version:	11.6$2$	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	eq	version:	12.5$1$	Trust: 1.0
vendor:	cisco	model:	intersight virtual appliance	scope:	eq	version:	1.0.9-343	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	lt	version:	3.1.000.044	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14$3.025$	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	11.6$2$	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	8.4$1$	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1e$	Trust: 1.0
vendor:	siemens	model:	6bk1602-0aa22-0tp0	scope:	lt	version:	2.7.0	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	siemens	model:	spectrum power 4	scope:	lt	version:	4.70	Trust: 1.0
vendor:	siemens	model:	desigo cc info center	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.5.4.1	Trust: 1.0
vendor:	cisco	model:	video surveillance operations manager	scope:	lt	version:	7.14.4	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.4.5.2	Trust: 1.0
vendor:	cisco	model:	packaged contact center enterprise	scope:	eq	version:	11.6$1$	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$001.000$	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0	Trust: 1.0
vendor:	intel	model:	system studio	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	genomics kernel library	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	logo\! soft comfort	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	cx cloud agent	scope:	eq	version:	001.012	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	gte	version:	3.1.000.000	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1f$	Trust: 1.0
vendor:	siemens	model:	opcenter intelligence	scope:	lt	version:	3.5	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	006.008$001.000$	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$001.002$	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1.17900.52$	Trust: 1.0
vendor:	cisco	model:	virtual topology system	scope:	eq	version:	2.6.6	Trust: 1.0
vendor:	cisco	model:	unified workforce optimization	scope:	lt	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	advanced malware protection virtual private cloud appliance	scope:	lt	version:	3.5.4	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	lt	version:	7.3.0.2	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.3$1$	Trust: 1.0
vendor:	cisco	model:	enterprise chat and email	scope:	lt	version:	12.0$1$	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.6.0	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	eq	version:	11.3$1$	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	gte	version:	2.2.2.0	Trust: 1.0
vendor:	cisco	model:	automated subsea tuning	scope:	lt	version:	2.1.0	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.003.001.001	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	dna spaces\: connector	scope:	lt	version:	2.5	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	vesys	scope:	lt	version:	2019.1	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.4$1$	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	3.1	Trust: 1.0
vendor:	siemens	model:	energyip prepay	scope:	lt	version:	3.8.0.12	Trust: 1.0
vendor:	cisco	model:	prime service catalog	scope:	lt	version:	12.1	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$000.000$	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	14.0$1$	Trust: 1.0
vendor:	cisco	model:	cyber vision	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.002$000$	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	lt	version:	6.8.2.0	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.5	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	lt	version:	12.5$1$	Trust: 1.0
vendor:	siemens	model:	sipass integrated	scope:	eq	version:	2.80	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	intel	model:	computer vision annotation tool	scope:	eq	version:	-	Trust: 1.0
vendor:	sonicwall	model:	email security	scope:	lt	version:	10.0.13	Trust: 1.0
vendor:	bentley	model:	synchro	scope:	gte	version:	6.1	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	12.5$1$	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	006.005.000.	Trust: 1.0
vendor:	siemens	model:	industrial edge management	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	virtualized infrastructure manager	scope:	lt	version:	3.2.0	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	lte	version:	4.1.1	Trust: 1.0
vendor:	cisco	model:	virtual topology system	scope:	lt	version:	2.6.7	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.5	Trust: 1.0
vendor:	apache	model:	log4j	scope:	lt	version:	2.15.0	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.2.2	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	5.4	Trust: 1.0
vendor:	apple	model:	xcode	scope:	lt	version:	13.3	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	lt	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.3	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	lt	version:	11.5$4$	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.6$1$	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.002.000	Trust: 1.0
vendor:	cisco	model:	automated subsea tuning	scope:	eq	version:	02.01.00	Trust: 1.0
vendor:	cisco	model:	network assurance engine	scope:	eq	version:	6.0$2.1912$	Trust: 1.0
vendor:	cisco	model:	virtualized infrastructure manager	scope:	lt	version:	3.4.4	Trust: 1.0
vendor:	siemens	model:	vesys	scope:	eq	version:	2019.1	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	eq	version:	2.3.2.0	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	cisco	model:	prime service catalog	scope:	eq	version:	12.1	Trust: 1.0
vendor:	intel	model:	secure device onboard	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	crosswork zero touch provisioning	scope:	lt	version:	2.0.1	Trust: 1.0
vendor:	cisco	model:	unified communications manager im \& presence service	scope:	eq	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.4.2.1	Trust: 1.0
vendor:	cisco	model:	crosswork data gateway	scope:	lt	version:	2.0.2	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$000.002$	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	vesys	scope:	eq	version:	2021.1	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	2.1.2.8	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.000.001	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	002.006$000.156$	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	002.004$000.914$	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	002.007$000.356$	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$001.001$	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.2.3	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.5$1$	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.002$001$	Trust: 1.0
vendor:	cisco	model:	unified workforce optimization	scope:	eq	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	netapp	model:	brocade san navigator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	network insights for data center	scope:	eq	version:	6.0$2.1914$	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1k$	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.000$001$	Trust: 1.0
vendor:	siemens	model:	mindsphere	scope:	lt	version:	2021-12-16	Trust: 1.0
vendor:	netapp	model:	ontap tools	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.2$1$	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.6$2$	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	eq	version:	11.5	Trust: 1.0
vendor:	snowsoftware	model:	snow commander	scope:	lt	version:	8.10.0	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1b$	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.3	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	iot operations dashboard	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1h$	Trust: 1.0
vendor:	siemens	model:	siveillance command	scope:	lte	version:	4.16.2.1	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.001.000	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.5	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	lt	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.003.003	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	siemens	model:	sppa-t3000 ses3000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	fog director	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	6bk1602-0aa32-0tp0	scope:	lt	version:	2.7.0	Trust: 1.0
vendor:	cisco	model:	cloud connect	scope:	lt	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.2.3	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	2.2.2.8	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	5.6	Trust: 1.0
vendor:	cisco	model:	optical network controller	scope:	eq	version:	1.1	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	netapp	model:	cloud insights	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	intersight virtual appliance	scope:	lt	version:	1.0.9-361	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	integrated management controller supervisor	scope:	lt	version:	2.3.2.1	Trust: 1.0
vendor:	cisco	model:	broadworks	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1a$	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.6.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	003.002$000.116$	Trust: 1.0
vendor:	cisco	model:	crosswork platform infrastructure	scope:	lt	version:	4.0.1	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	gte	version:	5.5	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	010.000$000$	Trust: 1.0
vendor:	cisco	model:	cyber vision sensor management extension	scope:	lt	version:	4.0.3	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1c$	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.5$1.10000.6$	Trust: 1.0
vendor:	siemens	model:	navigator	scope:	lt	version:	2021-12-13	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.6	Trust: 1.0
vendor:	cisco	model:	unified communications manager im and presence service	scope:	lt	version:	11.5$1$	Trust: 1.0
vendor:	apache	model:	log4j	scope:	gte	version:	2.13.0	Trust: 1.0
vendor:	netapp	model:	cloud secure agent	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified communications manager im and presence service	scope:	eq	version:	11.5$1$	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.3.5.1	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	lt	version:	3.2.000.009	Trust: 1.0
vendor:	apache	model:	log4j	scope:	lt	version:	2.3.1	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	lt	version:	3.2.1	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	lt	version:	2.10.0.1	Trust: 1.0
vendor:	cisco	model:	crosswork platform infrastructure	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	9.1$1$	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	siemens	model:	energy engage	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	007.003.000	Trust: 1.0
vendor:	cisco	model:	ucs central software	scope:	eq	version:	2.0$1l$	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.0$1$	Trust: 1.0
vendor:	siemens	model:	spectrum power 7	scope:	lt	version:	2.30	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.2.3	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	teamcenter	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	8.3$1$	Trust: 1.0
vendor:	siemens	model:	siveillance vantage	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	lt	version:	14.4.1	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	spectrum power 4	scope:	eq	version:	4.70	Trust: 1.0
vendor:	cisco	model:	cloudcenter workload manager	scope:	lt	version:	5.5.2	Trust: 1.0
vendor:	cisco	model:	cyber vision sensor management extension	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	4.10$0.15$	Trust: 1.0
vendor:	cisco	model:	contact center management portal	scope:	lt	version:	12.5$1$	Trust: 1.0
vendor:	siemens	model:	siguard dsa	scope:	gte	version:	4.2	Trust: 1.0
vendor:	netapp	model:	solidfire enterprise sds	scope:	eq	version:	-	Trust: 1.0
vendor:	percussion	model:	rhythmyx	scope:	lte	version:	7.3.2	Trust: 1.0
vendor:	siemens	model:	sentron powermanager	scope:	eq	version:	4.2	Trust: 1.0
vendor:	siemens	model:	sentron powermanager	scope:	eq	version:	4.1	Trust: 1.0
vendor:	cisco	model:	network assurance engine	scope:	lt	version:	6.0.2	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	cisco	model:	dna spaces connector	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1.18900.97$	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	2.2.3.4	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.5	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite	scope:	eq	version:	5.4$1$	Trust: 1.0
vendor:	cisco	model:	cloudcenter suite admin	scope:	lt	version:	5.3.1	Trust: 1.0
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	gte	version:	2.10.0	Trust: 1.0
vendor:	cisco	model:	customer experience cloud agent	scope:	lt	version:	1.12.1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5$1$su3	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	gte	version:	2.2.3.0	Trust: 1.0
vendor:	siemens	model:	head-end system universal device integration system	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siveillance control pro	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	006.005.000.000	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	lt	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	enterprise chat and email	scope:	eq	version:	12.0$1$	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14$4.018$	Trust: 1.0
vendor:	siemens	model:	spectrum power 7	scope:	eq	version:	2.30	Trust: 1.0
vendor:	siemens	model:	6bk1602-0aa12-0tp0	scope:	lt	version:	2.7.0	Trust: 1.0
vendor:	siemens	model:	siveillance identity	scope:	eq	version:	1.6	Trust: 1.0
vendor:	cisco	model:	connected mobile experiences	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	cisco	model:	crosswork optimization engine	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	broadworks	scope:	lt	version:	2021.11_1.162	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	bentley	model:	synchro 4d	scope:	lt	version:	6.4.3.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.3.4.1	Trust: 1.0
vendor:	cisco	model:	network services orchestrator	scope:	lt	version:	5.6.3.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.4	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	21.3	Trust: 1.0
vendor:	cisco	model:	nexus dashboard	scope:	lt	version:	2.1.2	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	003.001$000.518$	Trust: 1.0
vendor:	cisco	model:	wan automation engine	scope:	eq	version:	7.6	Trust: 1.0
vendor:	cisco	model:	business process automation	scope:	lt	version:	3.0.000.115	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.5$1$	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.0	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.0$1$	Trust: 1.0
vendor:	cisco	model:	ucs central	scope:	lt	version:	2.0$1p$	Trust: 1.0
vendor:	cisco	model:	paging server	scope:	eq	version:	8.5$1$	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	12.6$2$	Trust: 1.0
vendor:	cisco	model:	fxos	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	cisco	model:	optical network controller	scope:	lt	version:	1.1.0	Trust: 1.0
vendor:	cisco	model:	nexus insights	scope:	lt	version:	6.0.2	Trust: 1.0
vendor:	cisco	model:	connected analytics for network deployment	scope:	eq	version:	008.000.000.000.004	Trust: 1.0
vendor:	cisco	model:	enterprise chat and email	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	siemens	model:	solid edge cam pro	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	xpedition package integrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	crosswork network automation	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	eq	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	packaged contact center enterprise	scope:	lt	version:	11.6	Trust: 1.0
vendor:	siemens	model:	nx	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	desigo cc advanced reports	scope:	eq	version:	4.0	Trust: 1.0
vendor:	siemens	model:	siguard dsa	scope:	lt	version:	4.4.1	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.4	Trust: 1.0
vendor:	cisco	model:	network dashboard fabric controller	scope:	eq	version:	11.3$1$	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	eq	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	lt	version:	12.6$1$	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.6.2.1	Trust: 1.0
vendor:	cisco	model:	emergency responder	scope:	eq	version:	11.5$4.65000.14$	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	12.5$1$	Trust: 1.0
vendor:	apache	model:	log4j	scope:	gte	version:	2.0.1	Trust: 1.0
vendor:	siemens	model:	sipass integrated	scope:	eq	version:	2.85	Trust: 1.0
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	002.009$000.001$	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	eq	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	smart phy	scope:	eq	version:	3.1.3	Trust: 1.0
vendor:	cisco	model:	unified sip proxy	scope:	lt	version:	10.2.1v2	Trust: 1.0
vendor:	siemens	model:	solid edge harness design	scope:	eq	version:	2020	Trust: 1.0
vendor:	siemens	model:	energyip	scope:	eq	version:	8.5	Trust: 1.0
vendor:	siemens	model:	opcenter intelligence	scope:	gte	version:	3.2	Trust: 1.0
vendor:	siemens	model:	vesys	scope:	eq	version:	2020.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	cisco	model:	video surveillance manager	scope:	eq	version:	7.14$2.26$	Trust: 1.0
vendor:	apache	model:	log4j	scope:	lt	version:	2.12.2	Trust: 1.0
vendor:	siemens	model:	xpedition enterprise	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siveillance identity	scope:	eq	version:	1.5	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	lt	version:	11.6	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	11.6	Trust: 1.0
vendor:	cisco	model:	virtualized voice browser	scope:	lt	version:	12.5$1$	Trust: 1.0

sources: NVD: CVE-2021-44228

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-44228
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-44228
value:	CRITICAL
Trust: 1.0
VULHUB:	VHN-407408
value:	HIGH
Trust: 0.1
VULHUB:	VHN-408570
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-44228
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-44228
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-407408
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-408570
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-44228
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-407408 // VULHUB: VHN-408570 // VULMON: CVE-2021-44228 // NVD: CVE-2021-44228 // NVD: CVE-2021-44228

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.2
problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-917	Trust: 1.1

sources: VULHUB: VHN-407408 // VULHUB: VHN-408570 // NVD: CVE-2021-44228

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 165348 // PACKETSTORM: 165371

TYPE

code execution

Trust: 0.7

sources: PACKETSTORM: 165295 // PACKETSTORM: 165288 // PACKETSTORM: 165291 // PACKETSTORM: 165297 // PACKETSTORM: 165329 // PACKETSTORM: 165371 // PACKETSTORM: 165733

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-407408

PATCH

title:	Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-44228: Remote code injection via crafted log messages	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=4eae9b09b97da57f4ca6103cc85ed4da	Trust: 0.1
title:	Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b88a8ce4fc53c3a45830bc6bbde8b01c	Trust: 0.1
title:	Debian Security Advisories: DSA-5020-1 apache-log4j2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=24c79c59809a2c5bcddc81889b23a6bc	Trust: 0.1
title:	Debian Security Advisories: DSA-5022-1 apache-log4j2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5ba53229ef5f408ed29126bd4f624def	Trust: 0.1
title:	IBM: Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=dbdfcf9d51b60adf542d500e515b9ba8	Trust: 0.1
title:	Red Hat: CVE-2021-44228	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-44228	Trust: 0.1
title:	IBM: An update on the Apache Log4j 2.x vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0648a3f00f067d373b069c4f2acd5db4	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1553	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1553	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c8b40ff47e1d31bee8b0fbdbdd4fe212	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=654a4f5a7bd1fdfd229558535923710b	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1731	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1731	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1730	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1730	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-44228 log	Trust: 0.1
title:	-	url:	https://github.com/canarieids/Zeek-Ubuntu-22.04	Trust: 0.1
title:	-	url:	https://github.com/f5devcentral/f5-professional-services	Trust: 0.1
title:	Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet	url:	https://github.com/thedevappsecguy/Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet	Trust: 0.1
title:	spring-on-k8s	url:	https://github.com/AndriyKalashnykov/spring-on-k8s	Trust: 0.1
title:	jaygooby	url:	https://github.com/jaygooby/jaygooby	Trust: 0.1
title:	log4j-log4shell-playground	url:	https://github.com/rgl/log4j-log4shell-playground	Trust: 0.1
title:	Log4j	url:	https://github.com/kaganoglu/Log4j	Trust: 0.1
title:	trivy-cve-scan	url:	https://github.com/broadinstitute/trivy-cve-scan	Trust: 0.1
title:	test-44228	url:	https://github.com/datadavev/test-44228	Trust: 0.1
title:	cve-2021-44228-helpers	url:	https://github.com/uint0/cve-2021-44228-helpers	Trust: 0.1
title:	log4j-vendor-list	url:	https://github.com/bizzarecontacts/log4j-vendor-list	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-44228	Trust: 0.1
title:	log4shell	url:	https://github.com/0xsyr0/log4shell	Trust: 0.1
title:	cve-2021-44228-qingteng-online-patch	url:	https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch	Trust: 0.1
title:	cve-2021-44228	url:	https://github.com/corelight/cve-2021-44228	Trust: 0.1
title:	Log4Shell-IOCs	url:	https://github.com/curated-intel/Log4Shell-IOCs	Trust: 0.1
title:	Sitecore.Solr-log4j-mitigation	url:	https://github.com/avwolferen/Sitecore.Solr-log4j-mitigation	Trust: 0.1
title:	check-log4j	url:	https://github.com/yahoo/check-log4j	Trust: 0.1

sources: VULMON: CVE-2021-44228

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44228	Trust: 3.1
db:	CERT/CC	id:	VU#930724	Trust: 2.0
db:	PACKETSTORM	id:	165371	Trust: 1.2
db:	SIEMENS	id:	SSA-479842	Trust: 1.2
db:	SIEMENS	id:	SSA-714170	Trust: 1.2
db:	SIEMENS	id:	SSA-661247	Trust: 1.2
db:	SIEMENS	id:	SSA-397453	Trust: 1.2
db:	OPENWALL	id:	OSS-SECURITY/2021/12/14/4	Trust: 1.2
db:	OPENWALL	id:	OSS-SECURITY/2021/12/15/3	Trust: 1.2
db:	PACKETSTORM	id:	165311	Trust: 1.1
db:	PACKETSTORM	id:	165225	Trust: 1.1
db:	PACKETSTORM	id:	165532	Trust: 1.1
db:	PACKETSTORM	id:	165281	Trust: 1.1
db:	PACKETSTORM	id:	165306	Trust: 1.1
db:	PACKETSTORM	id:	165260	Trust: 1.1
db:	PACKETSTORM	id:	165673	Trust: 1.1
db:	PACKETSTORM	id:	165282	Trust: 1.1
db:	PACKETSTORM	id:	167794	Trust: 1.1
db:	PACKETSTORM	id:	167917	Trust: 1.1
db:	PACKETSTORM	id:	165270	Trust: 1.1
db:	PACKETSTORM	id:	165261	Trust: 1.1
db:	PACKETSTORM	id:	165642	Trust: 1.1
db:	PACKETSTORM	id:	165307	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/13/1	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/10/3	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/13/2	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/10/2	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/10/1	Trust: 1.1
db:	PACKETSTORM	id:	171626	Trust: 1.0
db:	PACKETSTORM	id:	165329	Trust: 0.3
db:	PACKETSTORM	id:	165343	Trust: 0.2
db:	PACKETSTORM	id:	165333	Trust: 0.2
db:	PACKETSTORM	id:	165324	Trust: 0.2
db:	PACKETSTORM	id:	165295	Trust: 0.2
db:	PACKETSTORM	id:	165291	Trust: 0.2
db:	PACKETSTORM	id:	165733	Trust: 0.2
db:	PACKETSTORM	id:	165297	Trust: 0.2
db:	PACKETSTORM	id:	165326	Trust: 0.2
db:	PACKETSTORM	id:	165348	Trust: 0.2
db:	PACKETSTORM	id:	165632	Trust: 0.2
db:	PACKETSTORM	id:	165293	Trust: 0.1
db:	PACKETSTORM	id:	165520	Trust: 0.1
db:	PACKETSTORM	id:	165285	Trust: 0.1
db:	PACKETSTORM	id:	165290	Trust: 0.1
db:	PACKETSTORM	id:	166313	Trust: 0.1
db:	PACKETSTORM	id:	165279	Trust: 0.1
db:	PACKETSTORM	id:	165298	Trust: 0.1
db:	PACKETSTORM	id:	165289	Trust: 0.1
db:	PACKETSTORM	id:	165264	Trust: 0.1
db:	EXPLOIT-DB	id:	50592	Trust: 0.1
db:	EXPLOIT-DB	id:	50590	Trust: 0.1
db:	VULHUB	id:	VHN-407408	Trust: 0.1
db:	PACKETSTORM	id:	165637	Trust: 0.1
db:	PACKETSTORM	id:	165649	Trust: 0.1
db:	PACKETSTORM	id:	165636	Trust: 0.1
db:	PACKETSTORM	id:	165650	Trust: 0.1
db:	PACKETSTORM	id:	165645	Trust: 0.1
db:	OPENWALL	id:	OSS-SECURITY/2021/12/18/1	Trust: 0.1
db:	CNVD	id:	CNVD-2022-01776	Trust: 0.1
db:	VULHUB	id:	VHN-408570	Trust: 0.1
db:	VULMON	id:	CVE-2021-44228	Trust: 0.1
db:	PACKETSTORM	id:	169172	Trust: 0.1
db:	PACKETSTORM	id:	165288	Trust: 0.1

sources: CERT/CC: VU#930724 // VULHUB: VHN-407408 // VULHUB: VHN-408570 // VULMON: CVE-2021-44228 // PACKETSTORM: 169172 // PACKETSTORM: 165295 // PACKETSTORM: 165288 // PACKETSTORM: 165291 // PACKETSTORM: 165297 // PACKETSTORM: 165324 // PACKETSTORM: 165329 // PACKETSTORM: 165348 // PACKETSTORM: 165371 // PACKETSTORM: 165733 // NVD: CVE-2021-44228

REFERENCES

url:	https://www.kb.cert.org/vuls/id/930724	Trust: 1.2
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd	Trust: 1.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Trust: 1.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Trust: 1.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Trust: 1.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Trust: 1.2
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032	Trust: 1.2
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Trust: 1.2
url:	https://logging.apache.org/log4j/2.x/security.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.2
url:	http://www.openwall.com/lists/oss-security/2021/12/14/4	Trust: 1.2
url:	http://www.openwall.com/lists/oss-security/2021/12/15/3	Trust: 1.2
url:	https://security.netapp.com/advisory/ntap-20211210-0007/	Trust: 1.1
url:	https://support.apple.com/kb/ht213189	Trust: 1.1
url:	https://www.debian.org/security/2021/dsa-5020	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/mar/23	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/jul/11	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/dec/2	Trust: 1.1
url:	http://packetstormsecurity.com/files/167794/open-xchange-app-suite-7.10.x-cross-site-scripting-command-injection.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/167917/mobileiron-log4shell-remote-command-execution.html	Trust: 1.1
url:	https://github.com/nu11secur1ty/cve-mitre/tree/main/cve-2021-44228	Trust: 1.1
url:	https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165225/apache-log4j2-2.14.1-remote-code-execution.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165260/vmware-security-advisory-2021-0028.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165261/apache-log4j2-2.14.1-information-disclosure.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165270/apache-log4j2-2.14.1-remote-code-execution.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165281/log4j2-log4shell-regexes.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165282/log4j-payload-generator.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165306/l4sh-log4j-remote-code-execution.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165307/log4j-remote-code-execution-word-bypassing.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165311/log4j-scan-extensive-scanner.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165371/vmware-security-advisory-2021-0028.4.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165532/log4shell-http-header-injection.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165642/vmware-vcenter-server-unauthenticated-log4shell-jndi-injection-remote-code-execution.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/165673/unifi-network-application-unauthenticated-log4shell-remote-code-execution.html	Trust: 1.1
url:	https://github.com/cisagov/log4j-affected-db	Trust: 1.1
url:	https://github.com/cisagov/log4j-affected-db/blob/develop/software-list.md	Trust: 1.1
url:	https://twitter.com/kurtseifried/status/1469345530182455296	Trust: 1.1
url:	https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/12/10/1	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/12/10/2	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/12/10/3	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/12/13/1	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/12/13/2	Trust: 1.1
url:	https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/	Trust: 1.0
url:	http://packetstormsecurity.com/files/171626/ad-manager-plus-7122-remote-code-execution.html	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44228	Trust: 0.9
url:	cve-2021-4104	Trust: 0.8
url:	cve-2021-44228	Trust: 0.8
url:	cve-2021-45046	Trust: 0.8
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-44228	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/security/vulnerabilities/rhsb-2021-009	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.5
url:	https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html	Trust: 0.2
url:	https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html	Trust: 0.2
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/	Trust: 0.1
url:	https://www.debian.org/security/2021/dsa-5022	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/	Trust: 0.1
url:	https://www.cve.org/cverecord?id=cve-2021-44228	Trust: 0.1
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 0.1
url:	http://www.openwall.com/lists/oss-security/2021/12/18/1	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9488	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/apache-log4j2	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=1.8.4	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5138	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16135	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3200	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-25013	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25012	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5827	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25013	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25009	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-27645	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33574	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13435	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5827	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24370	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-43527	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5129	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14145	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13751	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-25014	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19603	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14145	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-25012	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35521	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-35942	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17594	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24370	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3572	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12762	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-36086	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13750	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13751	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22898	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12762	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-16135	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-36084	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37136	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17594	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-17541	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3800	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-36087	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36331	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3712	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31535	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35523	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3445	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13435	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19603	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22925	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18218	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20232	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20266	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20838	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22876	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20231	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36332	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14155	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25010	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-17541	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25014	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-36085	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37137	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20317	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21409	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33560	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-43267	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17595	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3481	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-42574	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14155	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-25009	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-25010	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35523	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28153	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36331	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13750	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3426	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-18218	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3580	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36330	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35521	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5108	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=1.6.5	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5133	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.10.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.20.04.1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5197-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache-log4j2/2.16.0-0.21.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4104	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-45046	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45046	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4104	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5148	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5192-1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5192-2	Trust: 0.1
url:	https://www.vmware.com/security/advisories/vmsa-2021-0028.html	Trust: 0.1
url:	http://lists.vmware.com/mailman/listinfo/security-announce	Trust: 0.1
url:	https://lists.vmware.com/mailman/listinfo/security-announce.	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39139	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39141	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20218	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20218	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29505	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39145	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0296	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39144	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39149	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39150	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39151	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39140	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39148	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29505	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39151	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39153	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39152	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39147	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39150	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39139	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39153	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39144	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39146	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39152	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39148	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28491	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39146	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39140	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39149	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39147	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39145	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28491	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39141	Trust: 0.1

sources: CERT/CC: VU#930724 // VULHUB: VHN-407408 // VULHUB: VHN-408570 // PACKETSTORM: 169172 // PACKETSTORM: 165295 // PACKETSTORM: 165288 // PACKETSTORM: 165291 // PACKETSTORM: 165297 // PACKETSTORM: 165324 // PACKETSTORM: 165329 // PACKETSTORM: 165348 // PACKETSTORM: 165371 // PACKETSTORM: 165733 // NVD: CVE-2021-44228

CREDITS

Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.

Trust: 0.8

sources: CERT/CC: VU#930724

SOURCES

db:	CERT/CC	id:	VU#930724
db:	VULHUB	id:	VHN-407408
db:	VULHUB	id:	VHN-408570
db:	VULMON	id:	CVE-2021-44228
db:	PACKETSTORM	id:	169172
db:	PACKETSTORM	id:	165295
db:	PACKETSTORM	id:	165288
db:	PACKETSTORM	id:	165291
db:	PACKETSTORM	id:	165297
db:	PACKETSTORM	id:	165324
db:	PACKETSTORM	id:	165329
db:	PACKETSTORM	id:	165348
db:	PACKETSTORM	id:	165371
db:	PACKETSTORM	id:	165733
db:	NVD	id:	CVE-2021-44228

LAST UPDATE DATE

2025-04-28T21:16:07.363000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#930724	date:	2022-02-07T00:00:00
db:	VULHUB	id:	VHN-407408	date:	2023-02-06T00:00:00
db:	VULHUB	id:	VHN-408570	date:	2022-10-06T00:00:00
db:	VULMON	id:	CVE-2021-44228	date:	2023-11-07T00:00:00
db:	NVD	id:	CVE-2021-44228	date:	2025-04-03T20:53:22.977

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#930724	date:	2021-12-15T00:00:00
db:	VULHUB	id:	VHN-407408	date:	2021-12-10T00:00:00
db:	VULHUB	id:	VHN-408570	date:	2021-12-14T00:00:00
db:	VULMON	id:	CVE-2021-44228	date:	2021-12-10T00:00:00
db:	PACKETSTORM	id:	169172	date:	2021-12-28T20:12:00
db:	PACKETSTORM	id:	165295	date:	2021-12-15T15:26:54
db:	PACKETSTORM	id:	165288	date:	2021-12-15T15:22:36
db:	PACKETSTORM	id:	165291	date:	2021-12-15T15:23:37
db:	PACKETSTORM	id:	165297	date:	2021-12-15T15:27:51
db:	PACKETSTORM	id:	165324	date:	2021-12-16T15:20:38
db:	PACKETSTORM	id:	165329	date:	2021-12-16T15:25:46
db:	PACKETSTORM	id:	165348	date:	2021-12-17T14:06:52
db:	PACKETSTORM	id:	165371	date:	2021-12-20T16:19:51
db:	PACKETSTORM	id:	165733	date:	2022-01-27T14:23:56
db:	NVD	id:	CVE-2021-44228	date:	2021-12-10T10:15:09.143