CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVSS v3 10.0 CRITICAL
CVSS v2.0 9.3 HIGH

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2022/Dec/2	Exploit Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jul/11	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Mar/23	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/1	Mailing List Mitigation Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/2	Mailing List Mitigation Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/13/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/13/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
https://github.com/cisagov/log4j-affected-db	Third Party Advisory
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md	Broken Link Product US Government Resource
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/	Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/	Release Notes
https://logging.apache.org/log4j/2.x/security.html	Release Notes Vendor Advisory
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Patch Third Party Advisory Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
https://security.netapp.com/advisory/ntap-20211210-0007/	Third Party Advisory
https://support.apple.com/kb/HT213189	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
https://twitter.com/kurtseifried/status/1469345530182455296	Broken Link Exploit Third Party Advisory
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Third Party Advisory
https://www.debian.org/security/2021/dsa-5020	Mailing List Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
https://www.kb.cert.org/vuls/id/930724	Third Party Advisory US Government Resource
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Exploit Third Party Advisory
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2022/Dec/2	Exploit Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jul/11	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Mar/23	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/1	Mailing List Mitigation Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/2	Mailing List Mitigation Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/13/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/13/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
https://github.com/cisagov/log4j-affected-db	Third Party Advisory
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md	Broken Link Product US Government Resource
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/	Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/	Release Notes
https://logging.apache.org/log4j/2.x/security.html	Release Notes Vendor Advisory
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Patch Third Party Advisory Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
https://security.netapp.com/advisory/ntap-20211210-0007/	Third Party Advisory
https://support.apple.com/kb/HT213189	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
https://twitter.com/kurtseifried/status/1469345530182455296	Broken Link Exploit Third Party Advisory
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Third Party Advisory
https://www.debian.org/security/2021/dsa-5020	Mailing List Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
https://www.kb.cert.org/vuls/id/930724	Third Party Advisory US Government Resource
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Exploit Third Party Advisory
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j:2.0:-::::::
	cpe:2.3:a:apache:log4j:2.0:beta9::::::
	cpe:2.3:a:apache:log4j:2.0:rc1::::::
	cpe:2.3:a:apache:log4j:2.0:rc2::::::

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:siemens:captial::::::::
	cpe:2.3:a:siemens:captial:2019.1:-::::::
	cpe:2.3:a:siemens:captial:2019.1:sp1912::::::
	cpe:2.3:a:siemens:comos::::::::
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:::::::*
	cpe:2.3:a:siemens:desigo_cc_info_center:5.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_info_center:5.1:::::::*
	cpe:2.3:a:siemens:e-car_operation_center::::::::
	cpe:2.3:a:siemens:energy_engage:3.1:::::::*
	cpe:2.3:a:siemens:energyip:8.5:::::::*
	cpe:2.3:a:siemens:energyip:8.6:::::::*
	cpe:2.3:a:siemens:energyip:8.7:::::::*
	cpe:2.3:a:siemens:energyip:9.0:::::::*
	cpe:2.3:a:siemens:energyip_prepay:3.7:::::::*
	cpe:2.3:a:siemens:energyip_prepay:3.8:::::::*
	cpe:2.3:a:siemens:gma-manager::::::::
	cpe:2.3:a:siemens:head-end_system_universal_device_integration_system::::::::
	cpe:2.3:a:siemens:industrial_edge_management::::::::
	cpe:2.3:a:siemens:industrial_edge_management_hub::::::::
	cpe:2.3:a:siemens:logo\!_soft_comfort::::::::
	cpe:2.3:a:siemens:mendix::::::::
	cpe:2.3:a:siemens:mindsphere::::::::
	cpe:2.3:a:siemens:navigator::::::::
	cpe:2.3:a:siemens:nx::::::::
	cpe:2.3:a:siemens:opcenter_intelligence::::::::
	cpe:2.3:a:siemens:operation_scheduler::::::::
	cpe:2.3:a:siemens:sentron_powermanager:4.1:::::::*
	cpe:2.3:a:siemens:sentron_powermanager:4.2:::::::*
	cpe:2.3:a:siemens:siguard_dsa:4.2:::::::*
	cpe:2.3:a:siemens:siguard_dsa:4.3:::::::*
	cpe:2.3:a:siemens:siguard_dsa:4.4:::::::*
	cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
	cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
	cpe:2.3:a:siemens:siveillance_command::::::::
	cpe:2.3:a:siemens:siveillance_control_pro::::::::
	cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*
	cpe:2.3:a:siemens:siveillance_vantage::::::::
	cpe:2.3:a:siemens:siveillance_viewpoint::::::::
	cpe:2.3:a:siemens:solid_edge_cam_pro::::::::
	cpe:2.3:a:siemens:solid_edge_harness_design::::::::
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:::::::*
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:-::::::
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002::::::
	cpe:2.3:a:siemens:spectrum_power_4::::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:-::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8::::::
	cpe:2.3:a:siemens:spectrum_power_7::::::::
	cpe:2.3:a:siemens:spectrum_power_7:2.30:::::::*
	cpe:2.3:a:siemens:spectrum_power_7:2.30:-::::::
	cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2::::::
	cpe:2.3:a:siemens:teamcenter::::::::
	cpe:2.3:a:siemens:vesys::::::::
	cpe:2.3:a:siemens:vesys:2019.1:::::::*
	cpe:2.3:a:siemens:vesys:2019.1:-::::::
	cpe:2.3:a:siemens:vesys:2019.1:sp1912::::::
	cpe:2.3:a:siemens:xpedition_enterprise:-:::::::*
	cpe:2.3:a:siemens:xpedition_package_integrator:-:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:intel:audio_development_kit:-:::::::*
	cpe:2.3:a:intel:computer_vision_annotation_tool:-:::::::*
	cpe:2.3:a:intel:data_center_manager::::::::
	cpe:2.3:a:intel:genomics_kernel_library:-:::::::*
	cpe:2.3:a:intel:oneapi_sample_browser:-:::::eclipse::
	cpe:2.3:a:intel:secure_device_onboard:-:::::::*
	cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:::::::*
	cpe:2.3:a:intel:system_debugger:-:::::::*
	cpe:2.3:a:intel:system_studio:-:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 7 (hide)

cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*

Configuration 8 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:cloud_insights:-:::::::*
	cpe:2.3:a:netapp:cloud_manager:-:::::::*
	cpe:2.3:a:netapp:cloud_secure_agent:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:ontap_tools:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:snapcenter:-:::::vmware_vsphere::

Configuration 9 (hide)

OR	cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance::::::::
	cpe:2.3:a:cisco:automated_subsea_tuning::::::::
	cpe:2.3:a:cisco:broadworks::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:cloud_connect::::::::
	cpe:2.3:a:cisco:cloudcenter::::::::
	cpe:2.3:a:cisco:cloudcenter_cost_optimizer::::::::
	cpe:2.3:a:cisco:cloudcenter_suite_admin::::::::
	cpe:2.3:a:cisco:cloudcenter_workload_manager::::::::
	cpe:2.3:a:cisco:common_services_platform_collector::::::::
	cpe:2.3:a:cisco:common_services_platform_collector::::::::
	cpe:2.3:a:cisco:connected_mobile_experiences:-:::::::*
	cpe:2.3:a:cisco:contact_center_domain_manager::::::::
	cpe:2.3:a:cisco:contact_center_management_portal::::::::
	cpe:2.3:a:cisco:crosswork_data_gateway::::::::
	cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_controller::::::::
	cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_optimization_engine::::::::
	cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_platform_infrastructure::::::::
	cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:::::::*
	cpe:2.3:a:cisco:crosswork_zero_touch_provisioning::::::::
	cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:::::::*
	cpe:2.3:a:cisco:customer_experience_cloud_agent::::::::
	cpe:2.3:a:cisco:cyber_vision_sensor_management_extension::::::::
	cpe:2.3:a:cisco:data_center_network_manager::::::::
	cpe:2.3:a:cisco:data_center_network_manager:11.3\(1\):::::::*
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_spaces\:_connector::::::::
	cpe:2.3:a:cisco:emergency_responder::::::::
	cpe:2.3:a:cisco:enterprise_chat_and_email::::::::
	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::
	cpe:2.3:a:cisco:finesse::::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):::::::*
	cpe:2.3:a:cisco:fog_director:-:::::::*
	cpe:2.3:a:cisco:identity_services_engine::::::::
	cpe:2.3:a:cisco:identity_services_engine:2.4.0:-::::::
	cpe:2.3:a:cisco:integrated_management_controller_supervisor::::::::
	cpe:2.3:a:cisco:intersight_virtual_appliance::::::::
	cpe:2.3:a:cisco:iot_operations_dashboard:-:::::::*
	cpe:2.3:a:cisco:network_assurance_engine::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:nexus_dashboard::::::::
	cpe:2.3:a:cisco:nexus_insights::::::::
	cpe:2.3:a:cisco:optical_network_controller::::::::
	cpe:2.3:a:cisco:packaged_contact_center_enterprise::::::::
	cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\(1\):::::::*
	cpe:2.3:a:cisco:paging_server::::::::
	cpe:2.3:a:cisco:prime_service_catalog::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:smart_phy::::::::
	cpe:2.3:a:cisco:ucs_central::::::::
	cpe:2.3:a:cisco:ucs_director::::::::
cpe:2.3:a:cisco:unified_communications_manager:::::-:::*
cpe:2.3:a:cisco:unified_communications_manager:::::session_management:::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::-:::
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::session_management:::
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)su3:::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service::::::::
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise::::::::
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express::::::::
cpe:2.3:a:cisco:unified_customer_voice_portal::::::::
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:::::::*
cpe:2.3:a:cisco:unity_connection::::::::
cpe:2.3:a:cisco:video_surveillance_operations_manager::::::::
cpe:2.3:a:cisco:virtual_topology_system::::::::
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::
cpe:2.3:a:cisco:virtualized_voice_browser::::::::
cpe:2.3:a:cisco:wan_automation_engine::::::::
cpe:2.3:a:cisco:webex_meetings_server::::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:-::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:-::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3::::::
cpe:2.3:a:cisco:workload_optimization_manager::::::::
cpe:2.3:o:cisco:unified_intelligence_center::::::::
cpe:2.3:o:cisco:unified_sip_proxy::::::::
cpe:2.3:o:cisco:unified_workforce_optimization::::::::

Configuration 10 (hide)

AND

OR	cpe:2.3:h:cisco:firepower_1010:-:::::::*
	cpe:2.3:h:cisco:firepower_1120:-:::::::*
	cpe:2.3:h:cisco:firepower_1140:-:::::::*
	cpe:2.3:h:cisco:firepower_1150:-:::::::*
	cpe:2.3:h:cisco:firepower_2110:-:::::::*
	cpe:2.3:h:cisco:firepower_2120:-:::::::*
	cpe:2.3:h:cisco:firepower_2130:-:::::::*
	cpe:2.3:h:cisco:firepower_2140:-:::::::*
	cpe:2.3:h:cisco:firepower_4110:-:::::::*
	cpe:2.3:h:cisco:firepower_4112:-:::::::*
	cpe:2.3:h:cisco:firepower_4115:-:::::::*
	cpe:2.3:h:cisco:firepower_4120:-:::::::*
	cpe:2.3:h:cisco:firepower_4125:-:::::::*
	cpe:2.3:h:cisco:firepower_4140:-:::::::*
	cpe:2.3:h:cisco:firepower_4145:-:::::::*
	cpe:2.3:h:cisco:firepower_4150:-:::::::*
	cpe:2.3:h:cisco:firepower_9300:-:::::::*

OR	cpe:2.3:o:cisco:fxos:6.2.3:::::::*
	cpe:2.3:o:cisco:fxos:6.3.0:::::::*
	cpe:2.3:o:cisco:fxos:6.4.0:::::::*
	cpe:2.3:o:cisco:fxos:6.5.0:::::::*
	cpe:2.3:o:cisco:fxos:6.6.0:::::::*
	cpe:2.3:o:cisco:fxos:6.7.0:::::::*
	cpe:2.3:o:cisco:fxos:7.0.0:::::::*
	cpe:2.3:o:cisco:fxos:7.1.0:::::::*

Configuration 11 (hide)

OR	cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:::::::*
	cpe:2.3:a:cisco:broadworks:-:::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:4.10\(0.15\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.3\(0\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.4\(1\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.5\(0\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.5\(1\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.000\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.001\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.002\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.000\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.001\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.002\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.010\(000.000\):::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:-:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:::::::*
	cpe:2.3:a:cisco:cx_cloud_agent:001.012:::::::*
	cpe:2.3:a:cisco:cyber_vision:4.0.2:::::::*
	cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:::::::*
	cpe:2.3:a:cisco:dna_center:2.2.2.8:::::::*
	cpe:2.3:a:cisco:dna_spaces:-:::::::*
	cpe:2.3:a:cisco:dna_spaces_connector:-:::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5:::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5\(4.65000.14\):::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5\(4.66000.14\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\(1\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\(1\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\(1\):::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:::::::*
	cpe:2.3:a:cisco:finesse:12.5\(1\):su1::::::
	cpe:2.3:a:cisco:finesse:12.5\(1\):su2::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):-::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es01::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es02::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es03::::::
	cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:::::::*
	cpe:2.3:a:cisco:identity_services_engine:002.004\(000.914\):-::::::
cpe:2.3:a:cisco:identity_services_engine:002.006\(000.156\):-::::::
cpe:2.3:a:cisco:identity_services_engine:002.007\(000.356\):-::::::
cpe:2.3:a:cisco:identity_services_engine:003.000\(000.458\):-::::::
cpe:2.3:a:cisco:identity_services_engine:003.001\(000.518\):-::::::
cpe:2.3:a:cisco:identity_services_engine:003.002\(000.116\):-::::::
cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\(002.000\):::::::*
cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:::::::*
cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:::::::*
cpe:2.3:a:cisco:mobility_services_engine:-:::::::*
cpe:2.3:a:cisco:network_assurance_engine:6.0\(2.1912\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(2\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(3\):::::::*
cpe:2.3:a:cisco:network_insights_for_data_center:6.0\(2.1914\):::::::*
cpe:2.3:a:cisco:network_services_orchestrator:-:::::::*
cpe:2.3:a:cisco:optical_network_controller:1.1:::::::*
cpe:2.3:a:cisco:paging_server:8.3\(1\):::::::*
cpe:2.3:a:cisco:paging_server:8.4\(1\):::::::*
cpe:2.3:a:cisco:paging_server:8.5\(1\):::::::*
cpe:2.3:a:cisco:paging_server:9.0\(1\):::::::*
cpe:2.3:a:cisco:paging_server:9.0\(2\):::::::*
cpe:2.3:a:cisco:paging_server:9.1\(1\):::::::*
cpe:2.3:a:cisco:paging_server:12.5\(2\):::::::*
cpe:2.3:a:cisco:paging_server:14.0\(1\):::::::*
cpe:2.3:a:cisco:prime_service_catalog:12.1:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.3:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.4:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.5:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.7:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.8:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.2:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.3:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.4:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.5:::::::*
cpe:2.3:a:cisco:smart_phy:3.2.1:::::::*
cpe:2.3:a:cisco:smart_phy:21.3:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1a\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1b\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1c\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1d\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1e\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1f\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1g\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1h\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1k\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1l\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.17900.52\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18119.2\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18900.97\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.21900.40\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.22900.28\):::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1.22900.6\):::::::*
cpe:2.3:a:cisco:unified_computing_system:006.008\(001.000\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-::::::
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):su1::::::
cpe:2.3:a:cisco:unified_contact_center_express:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):-::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es01::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es02::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):-::::::
cpe:2.3:a:cisco:unified_sip_proxy:010.000\(000\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.000\(001\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002\(000\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002\(001\):::::::*
cpe:2.3:a:cisco:unified_workforce_optimization:11.5\(1\):sr7::::::
cpe:2.3:a:cisco:unity_connection:11.5:::::::*
cpe:2.3:a:cisco:unity_connection:11.5\(1.10000.6\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(1.26\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(2.26\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(3.025\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(4.018\):::::::*
cpe:2.3:a:cisco:virtual_topology_system:2.6.6:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.1.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.1:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.2:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.4:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.5:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.6:::::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:::::::*
cpe:2.3:a:cisco:webex_meetings_server:4.0:::::::*

Configuration 12 (hide)

OR	cpe:2.3:a:snowsoftware:snow_commander::::::::
	cpe:2.3:a:snowsoftware:vm_access_proxy::::::::

Configuration 13 (hide)

OR	cpe:2.3:a:bentley:synchro:::::pro:::*
	cpe:2.3:a:bentley:synchro_4d:::::pro:::*

Configuration 14 (hide)

cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*

Configuration 15 (hide)

cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:30

24 Jul 2024, 17:08

Type	Values Removed	Values Added
First Time		Apple Apple xcode
CPE		cpe:2.3:a:apple:xcode::::::::
References	~~() http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html - Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html - Exploit, Third Party Advisory, VDB Entry
References	~~() http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html - Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html - Exploit, Third Party Advisory, VDB Entry
References	~~() http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html - Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References	~~() http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html - Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References	~~() http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html -~~	() http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html - Third Party Advisory, VDB Entry
References	~~() https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md - Product, US Government Resource~~	() https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md - Broken Link, Product, US Government Resource
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ - Release Notes
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/ - Release Notes
References	~~() https://security.netapp.com/advisory/ntap-20211210-0007/ - Vendor Advisory~~	() https://security.netapp.com/advisory/ntap-20211210-0007/ - Third Party Advisory
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory
References	~~() https://twitter.com/kurtseifried/status/1469345530182455296 - Exploit, Third Party Advisory~~	() https://twitter.com/kurtseifried/status/1469345530182455296 - Broken Link, Exploit, Third Party Advisory
References	~~() https://www.debian.org/security/2021/dsa-5020 - Third Party Advisory~~	() https://www.debian.org/security/2021/dsa-5020 - Mailing List, Third Party Advisory

17 Aug 2022, 17:46

Type	Values Removed	Values Added
CPE		cpe:2.3:a:percussion:rhythmyx::::::::

09 Aug 2022, 13:17

Type	Values Removed	Values Added
CWE	~~CWE-502~~	CWE-917
References	~~(MISC) http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html -~~	(MISC) http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry
References	~~(MISC) http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html -~~	(MISC) http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html - Third Party Advisory, VDB Entry
References	~~(FULLDISC) http://seclists.org/fulldisclosure/2022/Jul/11 -~~	(FULLDISC) http://seclists.org/fulldisclosure/2022/Jul/11 - Mailing List, Third Party Advisory

03 Aug 2022, 18:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html -

22 Jul 2022, 18:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html - (FULLDISC) http://seclists.org/fulldisclosure/2022/Jul/11 -

30 Jun 2022, 18:26

Type	Values Removed	Values Added
References	~~(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
References	~~(MISC) https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228 -~~	(MISC) https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228 - Exploit, Third Party Advisory
References	~~(MISC) https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html -~~	(MISC) https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html - Exploit, Third Party Advisory

05 May 2022, 23:15

Type	Values Removed	Values Added
References		(MISC) https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html - (MISC) https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228 -

20 Apr 2022, 00:16

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

18 Apr 2022, 13:45

Type	Values Removed	Values Added
References	~~(FULLDISC) http://seclists.org/fulldisclosure/2022/Mar/23 - Third Party Advisory~~	(FULLDISC) http://seclists.org/fulldisclosure/2022/Mar/23 - Mailing List, Third Party Advisory

12 Apr 2022, 18:14

Type	Values Removed	Values Added
References	~~(MISC) https://github.com/cisagov/log4j-affected-db -~~	(MISC) https://github.com/cisagov/log4j-affected-db - Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/kb/HT213189 -~~	(CONFIRM) https://support.apple.com/kb/HT213189 - Third Party Advisory
References	~~(FULLDISC) http://seclists.org/fulldisclosure/2022/Mar/23 -~~	(FULLDISC) http://seclists.org/fulldisclosure/2022/Mar/23 - Third Party Advisory
References	~~(MISC) https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001 -~~	(MISC) https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001 - Third Party Advisory
CPE		cpe:2.3:a:bentley:synchro:::::pro:::* cpe:2.3:a:bentley:synchro_4d:::::pro:::*

15 Mar 2022, 06:15

Type	Values Removed	Values Added
References		(FULLDISC) http://seclists.org/fulldisclosure/2022/Mar/23 -

14 Mar 2022, 20:15

Type	Values Removed	Values Added
References		(CONFIRM) https://support.apple.com/kb/HT213189 -

01 Mar 2022, 23:15

Type	Values Removed	Values Added
References		(MISC) https://github.com/cisagov/log4j-affected-db - (MISC) https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001 -

19 Feb 2022, 04:23

Type	Values Removed	Values Added
References	~~(MISC) https://www.oracle.com/security-alerts/cpujan2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory

07 Feb 2022, 16:16

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

01 Feb 2022, 20:31

Type	Values Removed	Values Added
References	~~(MISC) http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html -~~	(MISC) http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html - Third Party Advisory, VDB Entry
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - Third Party Advisory
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf - Third Party Advisory
References	~~(MISC) https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md -~~	(MISC) https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md - Product, US Government Resource
References	~~(MISC) http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html -~~	(MISC) http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html - Third Party Advisory, VDB Entry
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ - Third Party Advisory
References	~~(MISC) http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html -~~	(MISC) http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html - Third Party Advisory, VDB Entry
References	~~(MISC) http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html -~~	(MISC) http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html - Third Party Advisory, VDB Entry
References	~~(MS) https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - Patch, Third Party Advisory~~	(MS) https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - Patch, Third Party Advisory, Vendor Advisory
CPE		cpe:2.3:o:fedoraproject:fedora:34:::::::*

24 Jan 2022, 17:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html -

20 Jan 2022, 21:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html -

19 Jan 2022, 04:15

Type	Values Removed	Values Added
References		(MISC) https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md -

12 Jan 2022, 18:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/ - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf - (MISC) http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html - (MISC) http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html -
Summary	Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.	Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

28 Dec 2021, 19:32

Type	Values Removed	Values Added
References	~~(MS) https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - Third Party Advisory~~	(MS) https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - Patch, Third Party Advisory
References	~~(MISC) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory~~	(MISC) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory
CPE		cpe:2.3:a:snowsoftware:snow_commander:::::::: cpe:2.3:a:snowsoftware:vm_access_proxy::::::::

20 Dec 2021, 18:13

Type	Values Removed	Values Added
References	~~(MS) https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - Mitigation, Third Party Advisory~~	(MS) https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - Third Party Advisory
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory~~	(MISC) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory
CPE		cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:::::::* cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:::::::* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(2\):::::::* cpe:2.3:a:cisco:webex_meetings_server:3.0:::::::* cpe:2.3:a:cisco:paging_server:9.1\(1\):::::::* cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es02:::::: cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:::::::* cpe:2.3:a:cisco:crosswork_network_automation:-:::::::* cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:::::::* cpe:2.3:a:cisco:paging_server:12.5\(2\):::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:::::::* cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.002\):::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:::::::* cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:::::::* cpe:2.3:a:cisco:ucs_central_software:2.0\(1h\):::::::* cpe:2.3:a:cisco:video_surveillance_manager:7.14\(1.26\):::::::* cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:::::::* cpe:2.3:a:cisco:unified_sip_proxy:010.002\(000\):::::::* cpe:2.3:a:cisco:dna_center:2.2.2.8:::::::* cpe:2.3:a:cisco:unity_connection:11.5:::::::* cpe:2.3:a:cisco:unified_sip_proxy:010.000\(001\):::::::* cpe:2.3:a:cisco:identity_services_engine:003.001\(000.518\):-:::::: cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.3\(0\):::::::* cpe:2.3:a:cisco:sd-wan_vmanage:20.6:::::::* cpe:2.3:a:cisco:paging_server:8.4\(1\):::::::* cpe:2.3:a:cisco:ucs_central_software:2.0\(1l\):::::::* cpe:2.3:a:cisco:prime_service_catalog:12.1:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:::::::* cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\(1\):::::::* cpe:2.3:a:cisco:wan_automation_engine:7.2.1:::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.5\(0\):::::::* cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:::::::* cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.002\):::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.5\(1\):::::::* cpe:2.3:a:cisco:smart_phy:3.1.4:::::::* cpe:2.3:a:cisco:dna_spaces_connector:-:::::::* cpe:2.3:a:cisco:webex_meetings_server:4.0:::::::* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.22900.28\):::::::* cpe:2.3:a:cisco:video_surveillance_manager:7.14\(4.018\):::::::* cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:::::::* cpe:2.3:a:cisco:finesse:12.6\(1\):es01:::::: cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18900.97\):::::::* cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.000\):::::::* cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:::::::* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.21900.40\):::::::* cpe:2.3:a:cisco:paging_server:8.5\(1\):::::::* cpe:2.3:a:cisco:dna_spaces:-:::::::* cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:::::::* cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es01:::::: cpe:2.3:a:cisco:paging_server:8.3\(1\):::::::* cpe:2.3:a:cisco:identity_services_engine:003.002\(000.116\):-:::::: cpe:2.3:a:cisco:unified_contact_center_express:12.6\(1\):::::::* cpe:2.3:a:cisco:wan_automation_engine:7.1.3:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-:::::: cpe:2.3:a:cisco:video_surveillance_manager:7.14\(3.025\):::::::* cpe:2.3:a:cisco:ucs_central_software:2.0\(1b\):::::::* cpe:2.3:a:cisco:virtual_topology_system:2.6.6:::::::* cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:::::::* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\(1\):::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.6\(2\):::::::* cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:::::::* cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:::::::* cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.001\):::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:::::::* cpe:2.3:a:cisco:smart_phy:3.1.5:::::::* cpe:2.3:a:cisco:cyber_vision:4.0.2:::::::* cpe:2.3:a:cisco:mobility_services_engine:-:::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.4\(1\):::::::* cpe:2.3:a:cisco:ucs_central_software:2.0\(1d\):::::::* cpe:2.3:a:cisco:broadworks:-:::::::* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\(1\):::::::* cpe:2.3:a:cisco:paging_server:9.0\(2\):::::::* cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:::::::* cpe:2.3:a:cisco:identity_services_engine:003.000\(000.458\):-:::::: cpe:2.3:a:cisco:finesse:12.5\(1\):su1:::::: cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\(1\):::::::* cpe:2.3:a:cisco:sd-wan_vmanage:20.5:::::::* cpe:2.3:a:cisco:wan_automation_engine:7.5:::::::* cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\(1\):::::::* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(3\):::::::* cpe:2.3:a:cisco:wan_automation_engine:7.2.2:::::::* cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\(1\):::::::* cpe:2.3:a:cisco:network_assurance_engine:6.0\(2.1912\):::::::* cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:::::::* cpe:2.3:a:cisco:common_services_platform_collector:002.010\(000.000\):::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:::::::* cpe:2.3:a:cisco:ucs_central_software:2.0\(1g\):::::::* cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:::::::* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18119.2\):::::::* cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\):::::::* cpe:2.3:a:cisco:emergency_responder:11.5\(4.65000.14\):::::::* cpe:2.3:a:cisco:paging_server:9.0\(1\):::::::* cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1\):::::::* cpe:2.3:a:cisco:ucs_central_software:2.0\(1a\):::::::* cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.000\):::::::* cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:::::::* cpe:2.3:a:cisco:emergency_responder:11.5:::::::* cpe:2.3:a:cisco:unified_sip_proxy:010.002\(001\):::::::* cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:::::::* cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\(1\):::::::* cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1.22900.6\):::::::* cpe:2.3:a:cisco:network_services_orchestrator:-:::::::* cpe:2.3:a:cisco:cloudcenter_suite:4.10\(0.15\):::::::* cpe:2.3:a:cisco:sd-wan_vmanage:20.4:::::::* cpe:2.3:a:cisco:ucs_central_software:2.0\(1f\):::::::* cpe:2.3:a:cisco:ucs_central_software:2.0\(1e\):::::::* cpe:2.3:a:cisco:emergency_responder:11.5\(4.66000.14\):::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:::::::* cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:::::::* cpe:2.3:a:cisco:unified_sip_proxy:010.000\(000\):::::::* cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:::::::* cpe:2.3:a:cisco:wan_automation_engine:7.4:::::::* cpe:2.3:a:cisco:sd-wan_vmanage:20.8:::::::* cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\(002.000\):::::::* cpe:2.3:a:cisco:ucs_central_software:2.0\(1c\):::::::* cpe:2.3:a:cisco:ucs_central_software:2.0:::::::* cpe:2.3:a:cisco:smart_phy:3.1.2:::::::* cpe:2.3:a:cisco:smart_phy:3.1.3:::::::* cpe:2.3:a:cisco:ucs_central_software:2.0\(1k\):::::::* cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:::::::* cpe:2.3:a:cisco:identity_services_engine:002.004\(000.914\):-:::::: cpe:2.3:a:cisco:network_insights_for_data_center:6.0\(2.1914\):::::::* cpe:2.3:a:cisco:identity_services_engine:002.006\(000.156\):-:::::: cpe:2.3:a:cisco:sd-wan_vmanage:20.7:::::::* cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\(1\):::::::* cpe:2.3:a:cisco:smart_phy:21.3:::::::* cpe:2.3:a:cisco:finesse:12.5\(1\):su2:::::: cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.001\):::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:::::::* cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):-:::::: cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(1\):::::::* cpe:2.3:a:cisco:cx_cloud_agent:001.012:::::::* cpe:2.3:a:cisco:identity_services_engine:002.007\(000.356\):-:::::: cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\(1\):::::::* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(1\):::::::* cpe:2.3:a:cisco:finesse:12.6\(1\):es03:::::: cpe:2.3:a:cisco:wan_automation_engine:7.3:::::::* cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):-:::::: cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\(1\):::::::* cpe:2.3:a:cisco:paging_server:14.0\(1\):::::::* cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:::::::* cpe:2.3:a:cisco:unity_connection:11.5\(1.10000.6\):::::::* cpe:2.3:a:cisco:finesse:12.6\(1\):es02:::::: cpe:2.3:a:cisco:finesse:12.6\(1\):-:::::: cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\(1\):::::::* cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:::::::* cpe:2.3:a:cisco:video_surveillance_manager:7.14\(2.26\):::::::* cpe:2.3:a:cisco:smart_phy:3.2.1:::::::* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\(1\):::::::* cpe:2.3:a:cisco:unified_computing_system:006.008\(001.000\):::::::* cpe:2.3:a:cisco:wan_automation_engine:7.6:::::::* cpe:2.3:a:cisco:wan_automation_engine:7.2.3:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:::::::* cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.17900.52\):::::::* cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\(1\):::::::* cpe:2.3:a:cisco:optical_network_controller:1.1:::::::* cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:::::::* cpe:2.3:a:cisco:sd-wan_vmanage:20.3:::::::* cpe:2.3:a:cisco:unified_workforce_optimization:11.5\(1\):sr7:::::: cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\(1\):::::::* cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\(1\):::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:::::::* cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):su1::::::

16 Dec 2021, 19:56

16 Dec 2021, 17:15

Type	Values Removed	Values Added
References		(MS) https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ -

16 Dec 2021, 14:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf -

15 Dec 2021, 22:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2021/12/15/3 -

15 Dec 2021, 18:15

Type	Values Removed	Values Added
References	{'url': 'http://www.openwall.com/lists/oss-security/2021/12/15/1', 'name': '[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack', 'tags': [], 'refsource': 'MLIST'}	(MISC) http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html - (MISC) http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html - (MISC) http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html - (MISC) http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html - (MISC) http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html -
Summary	Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.	Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

15 Dec 2021, 16:15

Type	Values Removed	Values Added
Summary	Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or it can be mitigated in prior releases (<2.10) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).	Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References		(MLIST) http://www.openwall.com/lists/oss-security/2021/12/15/1 -

15 Dec 2021, 04:15

Type	Values Removed	Values Added
References		(CERT-VN) https://www.kb.cert.org/vuls/id/930724 - (CONFIRM) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html -

14 Dec 2021, 19:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2021/12/14/4 -

14 Dec 2021, 18:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html - (MISC) http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html - (MISC) http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html -

14 Dec 2021, 01:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf -

14 Dec 2021, 00:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html - (MISC) https://twitter.com/kurtseifried/status/1469345530182455296 - (DEBIAN) https://www.debian.org/security/2021/dsa-5020 -
Summary	Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting "com.sun.jndi.rmi.object.trustURLCodebase" and "com.sun.jndi.cosnaming.object.trustURLCodebase" to "false".	Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or it can be mitigated in prior releases (<2.10) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

13 Dec 2021, 22:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2021/12/13/1 - (MLIST) http://www.openwall.com/lists/oss-security/2021/12/13/2 -

13 Dec 2021, 20:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/ -

13 Dec 2021, 15:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:apache:log4j:2.0:beta9:::::: cpe:2.3:a:apache:log4j:::::::: cpe:2.3:a:apache:log4j:2.0:rc2:::::: cpe:2.3:a:apache:log4j:2.0:-:::::: cpe:2.3:a:apache:log4j:2.0:rc1::::::
CWE		CWE-502
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 9.3 v3 : 10.0
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/1 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/1 - Mailing List, Mitigation, Third Party Advisory
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/2 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/2 - Mailing List, Mitigation, Third Party Advisory
References	~~(CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 -~~	(CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20211210-0007/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20211210-0007/ - Vendor Advisory
References	~~(MISC) http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html -~~	(MISC) http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html - Third Party Advisory, VDB Entry
References	~~(CONFIRM) https://www.oracle.com/security-alerts/alert-cve-2021-44228.html -~~	(CONFIRM) https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - Third Party Advisory
References	~~(MISC) https://logging.apache.org/log4j/2.x/security.html -~~	(MISC) https://logging.apache.org/log4j/2.x/security.html - Release Notes, Vendor Advisory
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/3 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/3 - Mailing List, Third Party Advisory
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - Third Party Advisory

13 Dec 2021, 12:15

Type	Values Removed	Values Added
References		(CONFIRM) https://www.oracle.com/security-alerts/alert-cve-2021-44228.html -
Summary	Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or it can be mitigated in prior releases (<2.10) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).	Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting "com.sun.jndi.rmi.object.trustURLCodebase" and "com.sun.jndi.cosnaming.object.trustURLCodebase" to "false".

12 Dec 2021, 17:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.debian.org/security/2021/dsa-5020', 'name': 'DSA-5020', 'tags': [], 'refsource': 'DEBIAN'}~~
Summary	Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class). Java 8u121 (see https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects against remote code execution by defaulting "com.sun.jndi.rmi.object.trustURLCodebase" and "com.sun.jndi.cosnaming.object.trustURLCodebase" to "false".	Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property "log4j2.formatMsgNoLookups" to “true” or it can be mitigated in prior releases (<2.10) by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).

12 Dec 2021, 11:15

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2021/dsa-5020 -

11 Dec 2021, 05:15

Type	Values Removed	Values Added
References		(CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 -

10 Dec 2021, 22:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/3 - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd -

10 Dec 2021, 18:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20211210-0007/ - (MISC) http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html -

10 Dec 2021, 13:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/2 - (MLIST) http://www.openwall.com/lists/oss-security/2021/12/10/1 -

10 Dec 2021, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-10 10:15

Updated : 2024-11-21 06:30

NVD link : CVE-2021-44228

Mitre link : CVE-2021-44228

CVE.ORG link : CVE-2021-44228

JSON object : View

Products Affected

cisco

network_assurance_engine
network_insights_for_data_center
dna_spaces\
optical_network_controller
connected_mobile_experiences
contact_center_management_portal
crosswork_zero_touch_provisioning
firepower_1120
webex_meetings_server
iot_operations_dashboard
identity_services_engine
cyber_vision
emergency_responder
evolved_programmable_network_manager
unified_sip_proxy
dna_spaces
firepower_4112
firepower_4140
connected_analytics_for_network_deployment
video_surveillance_operations_manager
video_surveillance_manager
nexus_insights
mobility_services_engine
crosswork_network_controller
firepower_1150
firepower_4150
wan_automation_engine
crosswork_network_automation
integrated_management_controller_supervisor
cyber_vision_sensor_management_extension
ucs_director
firepower_4145
cloudcenter
intersight_virtual_appliance
broadworks
automated_subsea_tuning
firepower_2120
cloud_connect
cloudcenter_suite
virtual_topology_system
smart_phy
firepower_4110
prime_service_catalog
unified_contact_center_enterprise
fog_director
data_center_network_manager
packaged_contact_center_enterprise
sd-wan_vmanage
firepower_2140
dna_spaces_connector
common_services_platform_collector
advanced_malware_protection_virtual_private_cloud_appliance
unified_contact_center_express
firepower_1010
firepower_4115
firepower_2130
firepower_threat_defense
customer_experience_cloud_agent
finesse
paging_server
crosswork_data_gateway
firepower_9300
crosswork_platform_infrastructure
cx_cloud_agent
unified_contact_center_management_portal
nexus_dashboard
fxos
unified_computing_system
firepower_1140
unified_workforce_optimization
virtualized_voice_browser
business_process_automation
unified_intelligence_center
dna_center
network_services_orchestrator
ucs_central
cloudcenter_cost_optimizer
virtualized_infrastructure_manager
firepower_2110
enterprise_chat_and_email
crosswork_optimization_engine
unified_communications_manager
firepower_4125
network_dashboard_fabric_controller
workload_optimization_manager
contact_center_domain_manager
unified_communications_manager_im_and_presence_service
unified_customer_voice_portal
firepower_4120
cloudcenter_workload_manager
cloudcenter_suite_admin
unity_connection
ucs_central_software
unified_communications_manager_im_\&_presence_service

siemens

siveillance_identity
opcenter_intelligence
teamcenter
xpedition_enterprise
spectrum_power_4
desigo_cc_info_center
siveillance_command
desigo_cc_advanced_reports
e-car_operation_center
sppa-t3000_ses3000
xpedition_package_integrator
solid_edge_cam_pro
gma-manager
energy_engage
logo\!_soft_comfort
mendix
vesys
industrial_edge_management
sppa-t3000_ses3000_firmware
siveillance_viewpoint
operation_scheduler
industrial_edge_management_hub
siguard_dsa
siveillance_vantage
sentron_powermanager
solid_edge_harness_design
navigator
head-end_system_universal_device_integration_system
comos
sipass_integrated
mindsphere
nx
spectrum_power_7
siveillance_control_pro
energyip
energyip_prepay
captial

debian

debian_linux

bentley

synchro
synchro_4d

netapp

cloud_secure_agent
active_iq_unified_manager
cloud_manager
oncommand_insight
cloud_insights
ontap_tools
snapcenter

intel

genomics_kernel_library
system_debugger
sensor_solution_firmware_development_kit
system_studio
computer_vision_annotation_tool
data_center_manager
secure_device_onboard
audio_development_kit
oneapi_sample_browser

snowsoftware

vm_access_proxy
snow_commander

apple

xcode

apache

log4j

fedoraproject

fedora

percussion

rhythmyx

sonicwall

email_security

CWE

CWE-20

Improper Input Validation

CWE-400

Uncontrolled Resource Consumption

CWE-502

Deserialization of Untrusted Data

CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

10.0 /10