CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVSS v3 10.0 CRITICAL
CVSS v2.0 9.3 HIGH

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2022/Dec/2	Exploit Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jul/11	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Mar/23	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/1	Mailing List Mitigation Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/2	Mailing List Mitigation Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/13/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/13/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
https://github.com/cisagov/log4j-affected-db	Third Party Advisory
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md	Broken Link Product US Government Resource
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/	Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/	Release Notes
https://logging.apache.org/log4j/2.x/security.html	Release Notes Vendor Advisory
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Patch Third Party Advisory Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
https://security.netapp.com/advisory/ntap-20211210-0007/	Third Party Advisory
https://support.apple.com/kb/HT213189	Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
https://twitter.com/kurtseifried/status/1469345530182455296	Broken Link Exploit Third Party Advisory
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Third Party Advisory
https://www.debian.org/security/2021/dsa-5020	Mailing List Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
https://www.kb.cert.org/vuls/id/930724	Third Party Advisory US Government Resource
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Exploit Third Party Advisory
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j:2.0:-::::::
	cpe:2.3:a:apache:log4j:2.0:beta9::::::
	cpe:2.3:a:apache:log4j:2.0:rc1::::::
	cpe:2.3:a:apache:log4j:2.0:rc2::::::

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:siemens:captial::::::::
	cpe:2.3:a:siemens:captial:2019.1:-::::::
	cpe:2.3:a:siemens:captial:2019.1:sp1912::::::
	cpe:2.3:a:siemens:comos::::::::
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:::::::*
	cpe:2.3:a:siemens:desigo_cc_info_center:5.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_info_center:5.1:::::::*
	cpe:2.3:a:siemens:e-car_operation_center::::::::
	cpe:2.3:a:siemens:energy_engage:3.1:::::::*
	cpe:2.3:a:siemens:energyip:8.5:::::::*
	cpe:2.3:a:siemens:energyip:8.6:::::::*
	cpe:2.3:a:siemens:energyip:8.7:::::::*
	cpe:2.3:a:siemens:energyip:9.0:::::::*
	cpe:2.3:a:siemens:energyip_prepay:3.7:::::::*
	cpe:2.3:a:siemens:energyip_prepay:3.8:::::::*
	cpe:2.3:a:siemens:gma-manager::::::::
	cpe:2.3:a:siemens:head-end_system_universal_device_integration_system::::::::
	cpe:2.3:a:siemens:industrial_edge_management::::::::
	cpe:2.3:a:siemens:industrial_edge_management_hub::::::::
	cpe:2.3:a:siemens:logo\!_soft_comfort::::::::
	cpe:2.3:a:siemens:mendix::::::::
	cpe:2.3:a:siemens:mindsphere::::::::
	cpe:2.3:a:siemens:navigator::::::::
	cpe:2.3:a:siemens:nx::::::::
	cpe:2.3:a:siemens:opcenter_intelligence::::::::
	cpe:2.3:a:siemens:operation_scheduler::::::::
	cpe:2.3:a:siemens:sentron_powermanager:4.1:::::::*
	cpe:2.3:a:siemens:sentron_powermanager:4.2:::::::*
	cpe:2.3:a:siemens:siguard_dsa:4.2:::::::*
	cpe:2.3:a:siemens:siguard_dsa:4.3:::::::*
	cpe:2.3:a:siemens:siguard_dsa:4.4:::::::*
	cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
	cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
	cpe:2.3:a:siemens:siveillance_command::::::::
	cpe:2.3:a:siemens:siveillance_control_pro::::::::
	cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*
	cpe:2.3:a:siemens:siveillance_vantage::::::::
	cpe:2.3:a:siemens:siveillance_viewpoint::::::::
	cpe:2.3:a:siemens:solid_edge_cam_pro::::::::
	cpe:2.3:a:siemens:solid_edge_harness_design::::::::
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:::::::*
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:-::::::
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002::::::
	cpe:2.3:a:siemens:spectrum_power_4::::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:-::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8::::::
	cpe:2.3:a:siemens:spectrum_power_7::::::::
	cpe:2.3:a:siemens:spectrum_power_7:2.30:::::::*
	cpe:2.3:a:siemens:spectrum_power_7:2.30:-::::::
	cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2::::::
	cpe:2.3:a:siemens:teamcenter::::::::
	cpe:2.3:a:siemens:vesys::::::::
	cpe:2.3:a:siemens:vesys:2019.1:::::::*
	cpe:2.3:a:siemens:vesys:2019.1:-::::::
	cpe:2.3:a:siemens:vesys:2019.1:sp1912::::::
	cpe:2.3:a:siemens:xpedition_enterprise:-:::::::*
	cpe:2.3:a:siemens:xpedition_package_integrator:-:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:intel:audio_development_kit:-:::::::*
	cpe:2.3:a:intel:computer_vision_annotation_tool:-:::::::*
	cpe:2.3:a:intel:data_center_manager::::::::
	cpe:2.3:a:intel:genomics_kernel_library:-:::::::*
	cpe:2.3:a:intel:oneapi_sample_browser:-:::::eclipse::
	cpe:2.3:a:intel:secure_device_onboard:-:::::::*
	cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:::::::*
	cpe:2.3:a:intel:system_debugger:-:::::::*
	cpe:2.3:a:intel:system_studio:-:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 7 (hide)

cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*

Configuration 8 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:cloud_insights:-:::::::*
	cpe:2.3:a:netapp:cloud_manager:-:::::::*
	cpe:2.3:a:netapp:cloud_secure_agent:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:ontap_tools:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:snapcenter:-:::::vmware_vsphere::

Configuration 9 (hide)

OR	cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance::::::::
	cpe:2.3:a:cisco:automated_subsea_tuning::::::::
	cpe:2.3:a:cisco:broadworks::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:cloud_connect::::::::
	cpe:2.3:a:cisco:cloudcenter::::::::
	cpe:2.3:a:cisco:cloudcenter_cost_optimizer::::::::
	cpe:2.3:a:cisco:cloudcenter_suite_admin::::::::
	cpe:2.3:a:cisco:cloudcenter_workload_manager::::::::
	cpe:2.3:a:cisco:common_services_platform_collector::::::::
	cpe:2.3:a:cisco:common_services_platform_collector::::::::
	cpe:2.3:a:cisco:connected_mobile_experiences:-:::::::*
	cpe:2.3:a:cisco:contact_center_domain_manager::::::::
	cpe:2.3:a:cisco:contact_center_management_portal::::::::
	cpe:2.3:a:cisco:crosswork_data_gateway::::::::
	cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_controller::::::::
	cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_optimization_engine::::::::
	cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_platform_infrastructure::::::::
	cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:::::::*
	cpe:2.3:a:cisco:crosswork_zero_touch_provisioning::::::::
	cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:::::::*
	cpe:2.3:a:cisco:customer_experience_cloud_agent::::::::
	cpe:2.3:a:cisco:cyber_vision_sensor_management_extension::::::::
	cpe:2.3:a:cisco:data_center_network_manager::::::::
	cpe:2.3:a:cisco:data_center_network_manager:11.3\(1\):::::::*
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_spaces\:_connector::::::::
	cpe:2.3:a:cisco:emergency_responder::::::::
	cpe:2.3:a:cisco:enterprise_chat_and_email::::::::
	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::
	cpe:2.3:a:cisco:finesse::::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):::::::*
	cpe:2.3:a:cisco:fog_director:-:::::::*
	cpe:2.3:a:cisco:identity_services_engine::::::::
	cpe:2.3:a:cisco:identity_services_engine:2.4.0:-::::::
	cpe:2.3:a:cisco:integrated_management_controller_supervisor::::::::
	cpe:2.3:a:cisco:intersight_virtual_appliance::::::::
	cpe:2.3:a:cisco:iot_operations_dashboard:-:::::::*
	cpe:2.3:a:cisco:network_assurance_engine::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:nexus_dashboard::::::::
	cpe:2.3:a:cisco:nexus_insights::::::::
	cpe:2.3:a:cisco:optical_network_controller::::::::
	cpe:2.3:a:cisco:packaged_contact_center_enterprise::::::::
	cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\(1\):::::::*
	cpe:2.3:a:cisco:paging_server::::::::
	cpe:2.3:a:cisco:prime_service_catalog::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:smart_phy::::::::
	cpe:2.3:a:cisco:ucs_central::::::::
	cpe:2.3:a:cisco:ucs_director::::::::
cpe:2.3:a:cisco:unified_communications_manager:::::-:::*
cpe:2.3:a:cisco:unified_communications_manager:::::session_management:::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::-:::
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::session_management:::
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)su3:::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service::::::::
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise::::::::
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express::::::::
cpe:2.3:a:cisco:unified_customer_voice_portal::::::::
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:::::::*
cpe:2.3:a:cisco:unity_connection::::::::
cpe:2.3:a:cisco:video_surveillance_operations_manager::::::::
cpe:2.3:a:cisco:virtual_topology_system::::::::
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::
cpe:2.3:a:cisco:virtualized_voice_browser::::::::
cpe:2.3:a:cisco:wan_automation_engine::::::::
cpe:2.3:a:cisco:webex_meetings_server::::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:-::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:-::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3::::::
cpe:2.3:a:cisco:workload_optimization_manager::::::::
cpe:2.3:o:cisco:unified_intelligence_center::::::::
cpe:2.3:o:cisco:unified_sip_proxy::::::::
cpe:2.3:o:cisco:unified_workforce_optimization::::::::

Configuration 10 (hide)

AND

OR	cpe:2.3:h:cisco:firepower_1010:-:::::::*
	cpe:2.3:h:cisco:firepower_1120:-:::::::*
	cpe:2.3:h:cisco:firepower_1140:-:::::::*
	cpe:2.3:h:cisco:firepower_1150:-:::::::*
	cpe:2.3:h:cisco:firepower_2110:-:::::::*
	cpe:2.3:h:cisco:firepower_2120:-:::::::*
	cpe:2.3:h:cisco:firepower_2130:-:::::::*
	cpe:2.3:h:cisco:firepower_2140:-:::::::*
	cpe:2.3:h:cisco:firepower_4110:-:::::::*
	cpe:2.3:h:cisco:firepower_4112:-:::::::*
	cpe:2.3:h:cisco:firepower_4115:-:::::::*
	cpe:2.3:h:cisco:firepower_4120:-:::::::*
	cpe:2.3:h:cisco:firepower_4125:-:::::::*
	cpe:2.3:h:cisco:firepower_4140:-:::::::*
	cpe:2.3:h:cisco:firepower_4145:-:::::::*
	cpe:2.3:h:cisco:firepower_4150:-:::::::*
	cpe:2.3:h:cisco:firepower_9300:-:::::::*

OR	cpe:2.3:o:cisco:fxos:6.2.3:::::::*
	cpe:2.3:o:cisco:fxos:6.3.0:::::::*
	cpe:2.3:o:cisco:fxos:6.4.0:::::::*
	cpe:2.3:o:cisco:fxos:6.5.0:::::::*
	cpe:2.3:o:cisco:fxos:6.6.0:::::::*
	cpe:2.3:o:cisco:fxos:6.7.0:::::::*
	cpe:2.3:o:cisco:fxos:7.0.0:::::::*
	cpe:2.3:o:cisco:fxos:7.1.0:::::::*

Configuration 11 (hide)

OR	cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:::::::*
	cpe:2.3:a:cisco:broadworks:-:::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:4.10\(0.15\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.3\(0\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.4\(1\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.5\(0\):::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.5\(1\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.000\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.001\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.002\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.000\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.001\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.002\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.010\(000.000\):::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:::::::*
	cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:-:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:::::::*
	cpe:2.3:a:cisco:cx_cloud_agent:001.012:::::::*
	cpe:2.3:a:cisco:cyber_vision:4.0.2:::::::*
	cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:::::::*
	cpe:2.3:a:cisco:dna_center:2.2.2.8:::::::*
	cpe:2.3:a:cisco:dna_spaces:-:::::::*
	cpe:2.3:a:cisco:dna_spaces_connector:-:::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5:::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5\(4.65000.14\):::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5\(4.66000.14\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\(1\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\(1\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\(1\):::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:::::::*
	cpe:2.3:a:cisco:finesse:12.5\(1\):su1::::::
	cpe:2.3:a:cisco:finesse:12.5\(1\):su2::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):-::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es01::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es02::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es03::::::
	cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:::::::*
	cpe:2.3:a:cisco:identity_services_engine:002.004\(000.914\):-::::::
cpe:2.3:a:cisco:identity_services_engine:002.006\(000.156\):-::::::
cpe:2.3:a:cisco:identity_services_engine:002.007\(000.356\):-::::::
cpe:2.3:a:cisco:identity_services_engine:003.000\(000.458\):-::::::
cpe:2.3:a:cisco:identity_services_engine:003.001\(000.518\):-::::::
cpe:2.3:a:cisco:identity_services_engine:003.002\(000.116\):-::::::
cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\(002.000\):::::::*
cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:::::::*
cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:::::::*
cpe:2.3:a:cisco:mobility_services_engine:-:::::::*
cpe:2.3:a:cisco:network_assurance_engine:6.0\(2.1912\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(2\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(3\):::::::*
cpe:2.3:a:cisco:network_insights_for_data_center:6.0\(2.1914\):::::::*
cpe:2.3:a:cisco:network_services_orchestrator:-:::::::*
cpe:2.3:a:cisco:optical_network_controller:1.1:::::::*
cpe:2.3:a:cisco:paging_server:8.3\(1\):::::::*
cpe:2.3:a:cisco:paging_server:8.4\(1\):::::::*
cpe:2.3:a:cisco:paging_server:8.5\(1\):::::::*
cpe:2.3:a:cisco:paging_server:9.0\(1\):::::::*
cpe:2.3:a:cisco:paging_server:9.0\(2\):::::::*
cpe:2.3:a:cisco:paging_server:9.1\(1\):::::::*
cpe:2.3:a:cisco:paging_server:12.5\(2\):::::::*
cpe:2.3:a:cisco:paging_server:14.0\(1\):::::::*
cpe:2.3:a:cisco:prime_service_catalog:12.1:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.3:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.4:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.5:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.7:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.8:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.2:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.3:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.4:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.5:::::::*
cpe:2.3:a:cisco:smart_phy:3.2.1:::::::*
cpe:2.3:a:cisco:smart_phy:21.3:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1a\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1b\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1c\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1d\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1e\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1f\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1g\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1h\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1k\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1l\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.17900.52\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18119.2\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18900.97\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.21900.40\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.22900.28\):::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1.22900.6\):::::::*
cpe:2.3:a:cisco:unified_computing_system:006.008\(001.000\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-::::::
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):su1::::::
cpe:2.3:a:cisco:unified_contact_center_express:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):-::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es01::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es02::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):-::::::
cpe:2.3:a:cisco:unified_sip_proxy:010.000\(000\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.000\(001\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002\(000\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002\(001\):::::::*
cpe:2.3:a:cisco:unified_workforce_optimization:11.5\(1\):sr7::::::
cpe:2.3:a:cisco:unity_connection:11.5:::::::*
cpe:2.3:a:cisco:unity_connection:11.5\(1.10000.6\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(1.26\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(2.26\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(3.025\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(4.018\):::::::*
cpe:2.3:a:cisco:virtual_topology_system:2.6.6:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.1.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.1:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.2:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.4:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.5:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.6:::::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:::::::*
cpe:2.3:a:cisco:webex_meetings_server:4.0:::::::*

Configuration 12 (hide)

OR	cpe:2.3:a:snowsoftware:snow_commander::::::::
	cpe:2.3:a:snowsoftware:vm_access_proxy::::::::

Configuration 13 (hide)

OR	cpe:2.3:a:bentley:synchro:::::pro:::*
	cpe:2.3:a:bentley:synchro_4d:::::pro:::*

Configuration 14 (hide)

cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*

Configuration 15 (hide)

cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-12-10 10:15

Updated : 2024-07-24 17:08

NVD link : CVE-2021-44228

Mitre link : CVE-2021-44228

CVE.ORG link : CVE-2021-44228

JSON object : View

Products Affected

cisco

firepower_4120
dna_spaces_connector
crosswork_platform_infrastructure
cx_cloud_agent
business_process_automation
firepower_4110
firepower_2120
firepower_threat_defense
cyber_vision_sensor_management_extension
customer_experience_cloud_agent
firepower_2130
connected_analytics_for_network_deployment
crosswork_network_automation
broadworks
nexus_insights
evolved_programmable_network_manager
firepower_4140
unified_communications_manager
firepower_4150
mobility_services_engine
cloudcenter_cost_optimizer
unified_contact_center_enterprise
emergency_responder
nexus_dashboard
contact_center_domain_manager
data_center_network_manager
finesse
optical_network_controller
crosswork_network_controller
workload_optimization_manager
cloudcenter_suite_admin
crosswork_zero_touch_provisioning
ucs_central
webex_meetings_server
firepower_9300
contact_center_management_portal
packaged_contact_center_enterprise
prime_service_catalog
crosswork_data_gateway
firepower_1150
firepower_1140
dna_spaces\
unified_workforce_optimization
crosswork_optimization_engine
cloudcenter
cloud_connect
enterprise_chat_and_email
dna_center
unity_connection
virtualized_infrastructure_manager
sd-wan_vmanage
dna_spaces
fxos
common_services_platform_collector
cyber_vision
video_surveillance_manager
iot_operations_dashboard
firepower_2110
firepower_1010
paging_server
network_assurance_engine
connected_mobile_experiences
integrated_management_controller_supervisor
automated_subsea_tuning
cloudcenter_workload_manager
unified_sip_proxy
fog_director
firepower_4125
identity_services_engine
advanced_malware_protection_virtual_private_cloud_appliance
ucs_central_software
wan_automation_engine
unified_contact_center_express
network_dashboard_fabric_controller
network_services_orchestrator
ucs_director
smart_phy
firepower_1120
cloudcenter_suite
unified_communications_manager_im_and_presence_service
unified_intelligence_center
firepower_2140
intersight_virtual_appliance
unified_computing_system
virtual_topology_system
unified_contact_center_management_portal
firepower_4115
unified_customer_voice_portal
network_insights_for_data_center
unified_communications_manager_im_\&_presence_service
video_surveillance_operations_manager
virtualized_voice_browser
firepower_4145
firepower_4112

siemens

industrial_edge_management
e-car_operation_center
xpedition_enterprise
comos
sentron_powermanager
xpedition_package_integrator
siveillance_command
energyip_prepay
nx
mindsphere
siguard_dsa
spectrum_power_4
operation_scheduler
gma-manager
mendix
siveillance_identity
sppa-t3000_ses3000
teamcenter
siveillance_vantage
sppa-t3000_ses3000_firmware
head-end_system_universal_device_integration_system
captial
spectrum_power_7
logo\!_soft_comfort
energyip
solid_edge_harness_design
desigo_cc_info_center
industrial_edge_management_hub
desigo_cc_advanced_reports
siveillance_viewpoint
sipass_integrated
solid_edge_cam_pro
navigator
vesys
energy_engage
siveillance_control_pro
opcenter_intelligence

apache

log4j

netapp

cloud_insights
cloud_manager
cloud_secure_agent
active_iq_unified_manager
ontap_tools
snapcenter
oncommand_insight

percussion

rhythmyx

intel

secure_device_onboard
computer_vision_annotation_tool
audio_development_kit
data_center_manager
genomics_kernel_library
sensor_solution_firmware_development_kit
system_debugger
oneapi_sample_browser
system_studio

snowsoftware

vm_access_proxy
snow_commander

sonicwall

email_security

debian

debian_linux

apple

xcode

bentley

synchro
synchro_4d

fedoraproject

fedora

CWE

CWE-20

Improper Input Validation

CWE-400

Uncontrolled Resource Consumption

CWE-502

Deserialization of Untrusted Data

CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

10.0 /10