CVE-2021-44228 - Vulnerability Details

- Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Published: 2021-12-10

Score: 10 Critical

EPSS: 94.4% High

KEV: Yes

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apache Software Foundation

Apache Log4j2

affected

Version	Status	Constraints
`2.0-beta9`	affected	< log4j-core*

Configuration 1 [-]

AND

cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*

Configuration 6 [-]

OR	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j:2.0:-::::::
	cpe:2.3:a:apache:log4j:2.0:beta9::::::
	cpe:2.3:a:apache:log4j:2.0:rc1::::::
	cpe:2.3:a:apache:log4j:2.0:rc2::::::

Configuration 7 [-]

AND

cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*

Configuration 8 [-]

OR	cpe:2.3:a:siemens:capital::::::::
	cpe:2.3:a:siemens:capital:2019.1:-::::::
	cpe:2.3:a:siemens:capital:2019.1:sp1912::::::
	cpe:2.3:a:siemens:comos::::::::
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:3.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:::::::*
	cpe:2.3:a:siemens:desigo_cc_info_center:5.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_info_center:5.1:::::::*
	cpe:2.3:a:siemens:e-car_operation_center::::::::
	cpe:2.3:a:siemens:energy_engage:3.1:::::::*
	cpe:2.3:a:siemens:energyip:8.5:::::::*
	cpe:2.3:a:siemens:energyip:8.6:::::::*
	cpe:2.3:a:siemens:energyip:8.7:::::::*
	cpe:2.3:a:siemens:energyip:9.0:::::::*
	cpe:2.3:a:siemens:energyip_prepay::::::::
	cpe:2.3:a:siemens:gma-manager::::::::
	cpe:2.3:a:siemens:head-end_system_universal_device_integration_system::::::::
	cpe:2.3:a:siemens:industrial_edge_management::::::::
	cpe:2.3:a:siemens:industrial_edge_management_hub::::::::
	cpe:2.3:a:siemens:logo\!_soft_comfort::::::::
	cpe:2.3:a:siemens:mendix::::::::
	cpe:2.3:a:siemens:mindsphere::::::::
	cpe:2.3:a:siemens:navigator::::::::
	cpe:2.3:a:siemens:nx::::::::
	cpe:2.3:a:siemens:opcenter_intelligence::::::::
	cpe:2.3:a:siemens:operation_scheduler::::::::
	cpe:2.3:a:siemens:sentron_powermanager:4.1:::::::*
	cpe:2.3:a:siemens:sentron_powermanager:4.2:::::::*
	cpe:2.3:a:siemens:siguard_dsa::::::::
	cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
	cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
	cpe:2.3:a:siemens:siveillance_command::::::::
	cpe:2.3:a:siemens:siveillance_control_pro::::::::
	cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*
	cpe:2.3:a:siemens:siveillance_vantage::::::::
	cpe:2.3:a:siemens:siveillance_viewpoint::::::::
	cpe:2.3:a:siemens:solid_edge_cam_pro::::::::
	cpe:2.3:a:siemens:solid_edge_harness_design::::::::
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:::::::*
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:-::::::
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002::::::
	cpe:2.3:a:siemens:spectrum_power_4::::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:-::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8::::::
	cpe:2.3:a:siemens:spectrum_power_7::::::::
	cpe:2.3:a:siemens:spectrum_power_7:2.30:::::::*
	cpe:2.3:a:siemens:spectrum_power_7:2.30:-::::::
	cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2::::::
	cpe:2.3:a:siemens:teamcenter::::::::
	cpe:2.3:a:siemens:vesys::::::::
	cpe:2.3:a:siemens:vesys:2019.1:::::::*
	cpe:2.3:a:siemens:vesys:2019.1:-::::::
	cpe:2.3:a:siemens:vesys:2019.1:sp1912::::::
	cpe:2.3:a:siemens:vesys:2020.1:-::::::
	cpe:2.3:a:siemens:vesys:2021.1:-::::::
	cpe:2.3:a:siemens:xpedition_enterprise:-:::::::*
	cpe:2.3:a:siemens:xpedition_package_integrator:-:::::::*

Configuration 9 [-]

OR	cpe:2.3:a:intel:computer_vision_annotation_tool:-:::::::*
	cpe:2.3:a:intel:datacenter_manager::::::::
	cpe:2.3:a:intel:genomics_kernel_library:-:::::::*
	cpe:2.3:a:intel:oneapi_sample_browser:-:::::eclipse::
	cpe:2.3:a:intel:secure_device_onboard:-:::::::*
	cpe:2.3:a:intel:system_studio:-:::::::*

Configuration 10 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 11 [-]

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 12 [-]

cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*

Configuration 13 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:brocade_san_navigator:-:::::::*
	cpe:2.3:a:netapp:cloud_insights:-:::::::*
	cpe:2.3:a:netapp:cloud_manager:-:::::::*
	cpe:2.3:a:netapp:cloud_secure_agent:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:ontap_tools:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:snapcenter:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:::::::*
	cpe:2.3:a:netapp:solidfire_enterprise_sds:-:::::::*

Configuration 14 [-]

OR	cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance::::::::
	cpe:2.3:a:cisco:automated_subsea_tuning::::::::
	cpe:2.3:a:cisco:broadworks::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:cloud_connect::::::::
	cpe:2.3:a:cisco:cloudcenter::::::::
	cpe:2.3:a:cisco:cloudcenter_cost_optimizer::::::::
	cpe:2.3:a:cisco:cloudcenter_suite_admin::::::::
	cpe:2.3:a:cisco:cloudcenter_workload_manager::::::::
	cpe:2.3:a:cisco:common_services_platform_collector::::::::
	cpe:2.3:a:cisco:common_services_platform_collector::::::::
	cpe:2.3:a:cisco:connected_mobile_experiences:-:::::::*
	cpe:2.3:a:cisco:contact_center_domain_manager::::::::
	cpe:2.3:a:cisco:contact_center_management_portal::::::::
	cpe:2.3:a:cisco:crosswork_data_gateway::::::::
	cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_controller::::::::
	cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_optimization_engine::::::::
	cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_platform_infrastructure::::::::
	cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:::::::*
	cpe:2.3:a:cisco:crosswork_zero_touch_provisioning::::::::
	cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:::::::*
	cpe:2.3:a:cisco:customer_experience_cloud_agent::::::::
	cpe:2.3:a:cisco:cyber_vision_sensor_management_extension::::::::
	cpe:2.3:a:cisco:data_center_network_manager::::::::
	cpe:2.3:a:cisco:data_center_network_manager:11.3\(1\):::::::*
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_center::::::::
	cpe:2.3:a:cisco:dna_spaces\:_connector::::::::
	cpe:2.3:a:cisco:emergency_responder::::::::
	cpe:2.3:a:cisco:enterprise_chat_and_email::::::::
	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::
	cpe:2.3:a:cisco:finesse::::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):::::::*
	cpe:2.3:a:cisco:fog_director:-:::::::*
	cpe:2.3:a:cisco:identity_services_engine::::::::
	cpe:2.3:a:cisco:identity_services_engine:2.4.0:-::::::
	cpe:2.3:a:cisco:integrated_management_controller_supervisor::::::::
	cpe:2.3:a:cisco:intersight_virtual_appliance::::::::
	cpe:2.3:a:cisco:iot_operations_dashboard:-:::::::*
	cpe:2.3:a:cisco:network_assurance_engine::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:nexus_dashboard::::::::
	cpe:2.3:a:cisco:nexus_insights::::::::
	cpe:2.3:a:cisco:optical_network_controller::::::::
	cpe:2.3:a:cisco:packaged_contact_center_enterprise::::::::
	cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\(1\):::::::*
	cpe:2.3:a:cisco:paging_server::::::::
	cpe:2.3:a:cisco:prime_service_catalog::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:smart_phy::::::::
	cpe:2.3:a:cisco:ucs_central::::::::
	cpe:2.3:a:cisco:ucs_director::::::::
cpe:2.3:a:cisco:unified_communications_manager:::::-:::*
cpe:2.3:a:cisco:unified_communications_manager:::::session_management:::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::-:::
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::session_management:::
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)su3:::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service::::::::
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise::::::::
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express::::::::
cpe:2.3:a:cisco:unified_customer_voice_portal::::::::
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:::::::*
cpe:2.3:a:cisco:unified_intelligence_center::::::::
cpe:2.3:a:cisco:unity_connection::::::::
cpe:2.3:a:cisco:video_surveillance_operations_manager::::::::
cpe:2.3:a:cisco:virtual_topology_system::::::::
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::
cpe:2.3:a:cisco:virtualized_voice_browser::::::::
cpe:2.3:a:cisco:wan_automation_engine::::::::
cpe:2.3:a:cisco:webex_meetings_server::::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:-::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:-::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3::::::
cpe:2.3:a:cisco:workload_optimization_manager::::::::
cpe:2.3:o:cisco:unified_sip_proxy::::::::
cpe:2.3:o:cisco:unified_workforce_optimization::::::::

Configuration 15 [-]

AND

OR	cpe:2.3:h:cisco:firepower_1010:-:::::::*
	cpe:2.3:h:cisco:firepower_1120:-:::::::*
	cpe:2.3:h:cisco:firepower_1140:-:::::::*
	cpe:2.3:h:cisco:firepower_1150:-:::::::*
	cpe:2.3:h:cisco:firepower_2110:-:::::::*
	cpe:2.3:h:cisco:firepower_2120:-:::::::*
	cpe:2.3:h:cisco:firepower_2130:-:::::::*
	cpe:2.3:h:cisco:firepower_2140:-:::::::*
	cpe:2.3:h:cisco:firepower_4110:-:::::::*
	cpe:2.3:h:cisco:firepower_4112:-:::::::*
	cpe:2.3:h:cisco:firepower_4115:-:::::::*
	cpe:2.3:h:cisco:firepower_4120:-:::::::*
	cpe:2.3:h:cisco:firepower_4125:-:::::::*
	cpe:2.3:h:cisco:firepower_4140:-:::::::*
	cpe:2.3:h:cisco:firepower_4145:-:::::::*
	cpe:2.3:h:cisco:firepower_4150:-:::::::*
	cpe:2.3:h:cisco:firepower_9300:-:::::::*

OR	cpe:2.3:o:cisco:fxos:6.2.3:::::::*
	cpe:2.3:o:cisco:fxos:6.3.0:::::::*
	cpe:2.3:o:cisco:fxos:6.4.0:::::::*
	cpe:2.3:o:cisco:fxos:6.5.0:::::::*
	cpe:2.3:o:cisco:fxos:6.6.0:::::::*
	cpe:2.3:o:cisco:fxos:6.7.0:::::::*
	cpe:2.3:o:cisco:fxos:7.0.0:::::::*
	cpe:2.3:o:cisco:fxos:7.1.0:::::::*

Configuration 16 [-]

OR	cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:::::::*
	cpe:2.3:a:cisco:broadworks:-:::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:4.10.0.15:::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.3.0:::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.4.1:::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.5.0:::::::*
	cpe:2.3:a:cisco:cloudcenter_suite:5.5.1:::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.000\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.001\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.002\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.000\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.001\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.002\):::::::*
	cpe:2.3:a:cisco:common_services_platform_collector:002.010\(000.000\):::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:-:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:::::::*
	cpe:2.3:a:cisco:cx_cloud_agent:001.012:::::::*
	cpe:2.3:a:cisco:cyber_vision:4.0.2:::::::*
	cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:::::::*
	cpe:2.3:a:cisco:dna_center:2.2.2.8:::::::*
	cpe:2.3:a:cisco:dna_spaces:-:::::::*
	cpe:2.3:a:cisco:dna_spaces_connector:-:::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5:::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5\(4.65000.14\):::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5\(4.66000.14\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\(1\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\(1\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\(1\):::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:::::::*
	cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:::::::*
	cpe:2.3:a:cisco:finesse:12.5\(1\):su1::::::
	cpe:2.3:a:cisco:finesse:12.5\(1\):su2::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):-::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es01::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es02::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es03::::::
	cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:::::::*
	cpe:2.3:a:cisco:identity_services_engine:002.004\(000.914\):-::::::
	cpe:2.3:a:cisco:identity_services_engine:002.006\(000.156\):-::::::
	cpe:2.3:a:cisco:identity_services_engine:002.007\(000.356\):-::::::
	cpe:2.3:a:cisco:identity_services_engine:003.000\(000.458\):-::::::
	cpe:2.3:a:cisco:identity_services_engine:003.001\(000.518\):-::::::
	cpe:2.3:a:cisco:identity_services_engine:003.002\(000.116\):-::::::
	cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\(002.000\):::::::*
	cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:::::::*
	cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:::::::*
	cpe:2.3:a:cisco:mobility_services_engine:-:::::::*
	cpe:2.3:a:cisco:network_assurance_engine:6.0\(2.1912\):::::::*
	cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\(1\):::::::*
	cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(2\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(3\):::::::*
cpe:2.3:a:cisco:network_insights_for_data_center:6.0\(2.1914\):::::::*
cpe:2.3:a:cisco:network_services_orchestrator:-:::::::*
cpe:2.3:a:cisco:optical_network_controller:1.1:::::::*
cpe:2.3:a:cisco:paging_server:8.3\(1\):::::::*
cpe:2.3:a:cisco:paging_server:8.4\(1\):::::::*
cpe:2.3:a:cisco:paging_server:8.5\(1\):::::::*
cpe:2.3:a:cisco:paging_server:9.0\(1\):::::::*
cpe:2.3:a:cisco:paging_server:9.0\(2\):::::::*
cpe:2.3:a:cisco:paging_server:9.1\(1\):::::::*
cpe:2.3:a:cisco:paging_server:12.5\(2\):::::::*
cpe:2.3:a:cisco:paging_server:14.0\(1\):::::::*
cpe:2.3:a:cisco:prime_service_catalog:12.1:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.3:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.4:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.5:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.7:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.8:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.2:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.3:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.4:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.5:::::::*
cpe:2.3:a:cisco:smart_phy:3.2.1:::::::*
cpe:2.3:a:cisco:smart_phy:21.3:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1a\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1b\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1c\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1d\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1e\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1f\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1g\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1h\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1k\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1l\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.17900.52\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18119.2\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18900.97\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.21900.40\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.22900.28\):::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1.22900.6\):::::::*
cpe:2.3:a:cisco:unified_computing_system:006.008\(001.000\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-::::::
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):su1::::::
cpe:2.3:a:cisco:unified_contact_center_express:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.6\(2\):::::::*
cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):-::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es01::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es02::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):-::::::
cpe:2.3:a:cisco:unified_sip_proxy:010.000\(000\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.000\(001\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002\(000\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002\(001\):::::::*
cpe:2.3:a:cisco:unified_workforce_optimization:11.5\(1\):sr7::::::
cpe:2.3:a:cisco:unity_connection:11.5:::::::*
cpe:2.3:a:cisco:unity_connection:11.5\(1.10000.6\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(1.26\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(2.26\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(3.025\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(4.018\):::::::*
cpe:2.3:a:cisco:virtual_topology_system:2.6.6:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.1.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.1:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.2:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.4:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.5:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.6:::::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:::::::*
cpe:2.3:a:cisco:webex_meetings_server:4.0:::::::*

Configuration 17 [-]

OR	cpe:2.3:a:snowsoftware:snow_commander::::::::
	cpe:2.3:a:snowsoftware:vm_access_proxy::::::::

Configuration 18 [-]

OR	cpe:2.3:a:bentley:synchro:::::pro:::*
	cpe:2.3:a:bentley:synchro_4d:::::pro:::*

Configuration 19 [-]

cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*

Configuration 20 [-]

cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
EAP 7.4 log4j async
log4j-core	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2021:5140	2021-12-15T00:00:00Z
OpenShift Logging 5.0
openshift-logging/elasticsearch6-rhel8:v5.0.10-1	cpe:/a:redhat:logging:5.0::el8	RHSA-2021:5137	2021-12-14T00:00:00Z
OpenShift Logging 5.1
openshift-logging/elasticsearch6-rhel8:v6.8.1-67	cpe:/a:redhat:logging:5.1::el8	RHSA-2021:5128	2021-12-14T00:00:00Z
OpenShift Logging 5.2
openshift-logging/elasticsearch6-rhel8:v6.8.1-66	cpe:/a:redhat:logging:5.2::el8	RHSA-2021:5127	2021-12-14T00:00:00Z
OpenShift Logging 5.3
openshift-logging/elasticsearch6-rhel8:v6.8.1-65	cpe:/a:redhat:logging:5.3::el8	RHSA-2021:5129	2021-12-14T00:00:00Z
Red Hat AMQ Streams 1.6.5
log4j-core	cpe:/a:redhat:amq_streams:1	RHSA-2021:5133	2021-12-14T00:00:00Z
Red Hat AMQ Streams 1.8.4
log4j-core	cpe:/a:redhat:amq_streams:1	RHSA-2021:5138	2021-12-14T00:00:00Z
Red Hat Data Grid 8.2.2
log4j-core	cpe:/a:redhat:jboss_data_grid:8.2	RHSA-2021:5132	2021-12-14T00:00:00Z
Red Hat Fuse 7.10
log4j-core	cpe:/a:redhat:jboss_fuse:7	RHSA-2021:5134	2021-12-14T00:00:00Z
Red Hat Fuse 7.8.2, 7.9.1, 7.10.1
log4j-core	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:0203	2022-01-20T00:00:00Z
Red Hat Integration
log4j-core	cpe:/a:redhat:integration:1	RHSA-2021:5130	2021-12-14T00:00:00Z
Red Hat Integration Camel Quarkus 1
log4j-core	cpe:/a:redhat:camel_quarkus:2.2	RHSA-2021:5126	2021-12-14T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:1746	2025-02-24T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:1747	2025-02-24T00:00:00Z
Red Hat OpenShift Container Platform 3.11
openshift3/ose-logging-elasticsearch5:v3.11.570-2.gd119820	cpe:/a:redhat:openshift:3.11::el7	RHSA-2021:5094	2021-12-14T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-logging-elasticsearch6:v4.6.0-202112132021.p0.g2a13a81.assembly.stream	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5106	2021-12-16T00:00:00Z
openshift4/ose-metering-hive:v4.6.0-202112140546.p0.g8b9da97.assembly.stream	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5106	2021-12-16T00:00:00Z
openshift4/ose-metering-presto:v4.6.0-202112150545.p0.g190688a.assembly.art3595	cpe:/a:redhat:openshift:4.6::el8	RHSA-2021:5141	2021-12-16T00:00:00Z
Red Hat OpenShift Container Platform 4.7
openshift4/ose-metering-hive:v4.7.0-202112140553.p0.g091bb99.assembly.stream	cpe:/a:redhat:openshift:4.7::el8	RHSA-2021:5107	2021-12-16T00:00:00Z
openshift4/ose-metering-presto:v4.7.0-202112150631.p0.gd502108.assembly.4.7.40	cpe:/a:redhat:openshift:4.7::el8	RHSA-2021:5107	2021-12-16T00:00:00Z
Red Hat OpenShift Container Platform 4.8
openshift4/ose-metering-hive:v4.8.0-202112132154.p0.g57dd03a.assembly.stream	cpe:/a:redhat:openshift:4.8::el8	RHSA-2021:5108	2021-12-14T00:00:00Z
openshift4/ose-metering-presto:v4.8.0-202112150431.p0.g4b934ae.assembly.art3599	cpe:/a:redhat:openshift:4.8::el8	RHSA-2021:5148	2021-12-15T00:00:00Z
RHPAM 7.11.1
	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.11	RHSA-2022:0082	2022-01-11T00:00:00Z
RHPAM 7.12.0
log4j-core	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.12	RHSA-2022:0296	2022-01-26T00:00:00Z
Vert.x 4.1.5 SP1
log4j-core	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2021:5093	2021-12-14T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-2842-1	apache-log4j2 security update
Debian DSA	DSA-5020-1	apache-log4j2 security update
Debian DSA	DSA-5022-1	apache-log4j2 security update
Github GHSA	GHSA-jfh8-c2jp-5v3q	Remote code injection in Log4j
Ubuntu USN	USN-5192-1	Apache Log4j 2 vulnerability
Ubuntu USN	USN-5192-2	Apache Log4j 2 vulnerability
Ubuntu USN	USN-5197-1	Apache Log4j 2 vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since Dec. 10, 2021.

The EPSS score is 0.94358.

Exploitation active

Automatable yes

Technical Impact total

References

Link	Providers
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2022/Dec/2
http://seclists.org/fulldisclosure/2022/Jul/11
http://seclists.org/fulldisclosure/2022/Mar/23
http://www.openwall.com/lists/oss-security/2021/12/10/1
http://www.openwall.com/lists/oss-security/2021/12/10/2
http://www.openwall.com/lists/oss-security/2021/12/10/3
http://www.openwall.com/lists/oss-security/2021/12/13/1
http://www.openwall.com/lists/oss-security/2021/12/13/2
http://www.openwall.com/lists/oss-security/2021/12/14/4
http://www.openwall.com/lists/oss-security/2021/12/15/3
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
https://github.com/cisagov/log4j-affected-db
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/
https://logging.apache.org/log4j/2.x/security.html
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://security.netapp.com/advisory/ntap-20211210-0007/
https://support.apple.com/kb/HT213189
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
https://twitter.com/kurtseifried/status/1469345530182455296
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://www.debian.org/security/2021/dsa-5020
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
https://www.kb.cert.org/vuls/id/930724
https://www.lunasec.io/docs/blog/log4j-zero-day/
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html

History

Fri, 20 Feb 2026 16:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:cisco:cloudcenter_suite:4.10\(0.15\):::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.3\(0\):::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.4\(1\):::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.5\(0\):::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.5\(1\):::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:::::::* cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:::::::*	cpe:2.3:a:cisco:cloudcenter_suite:4.10.0.15:::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.3.0:::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.4.1:::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.5.0:::::::* cpe:2.3:a:cisco:cloudcenter_suite:5.5.1:::::::*
Vendors & Products	Cisco connected Analytics For Network Deployment

Wed, 22 Oct 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228

Fri, 08 Aug 2025 19:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:cisco:unified_intelligence_center::::::::	cpe:2.3:a:cisco:unified_intelligence_center::::::::

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.94358}`	epss `{'score': 0.9447}`

Thu, 03 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Intel datacenter Manager Netapp brocade San Navigator Netapp solidfire \& Hci Storage Node Netapp solidfire Enterprise Sds Siemens 6bk1602-0aa12-0tp0 Siemens 6bk1602-0aa12-0tp0 Firmware Siemens 6bk1602-0aa22-0tp0 Siemens 6bk1602-0aa22-0tp0 Firmware Siemens 6bk1602-0aa32-0tp0 Siemens 6bk1602-0aa32-0tp0 Firmware Siemens 6bk1602-0aa42-0tp0 Siemens 6bk1602-0aa42-0tp0 Firmware Siemens 6bk1602-0aa52-0tp0 Siemens 6bk1602-0aa52-0tp0 Firmware Siemens capital
CPEs	cpe:2.3:a:intel:audio_development_kit:-:::::::* cpe:2.3:a:intel:data_center_manager:::::::: cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:::::::* cpe:2.3:a:intel:system_debugger:-:::::::* cpe:2.3:a:siemens:captial:::::::: cpe:2.3:a:siemens:captial:2019.1:-:::::: cpe:2.3:a:siemens:captial:2019.1:sp1912:::::: cpe:2.3:a:siemens:energyip_prepay:3.7:::::::* cpe:2.3:a:siemens:energyip_prepay:3.8:::::::* cpe:2.3:a:siemens:siguard_dsa:4.2:::::::* cpe:2.3:a:siemens:siguard_dsa:4.3:::::::* cpe:2.3:a:siemens:siguard_dsa:4.4:::::::*	cpe:2.3:a:intel:datacenter_manager:::::::: cpe:2.3:a:netapp:brocade_san_navigator:-:::::::* cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:::::::* cpe:2.3:a:netapp:solidfire_enterprise_sds:-:::::::* cpe:2.3:a:siemens:capital:::::::: cpe:2.3:a:siemens:capital:2019.1:-:::::: cpe:2.3:a:siemens:capital:2019.1:sp1912:::::: cpe:2.3:a:siemens:desigo_cc_advanced_reports:3.0:::::::* cpe:2.3:a:siemens:energyip_prepay:::::::: cpe:2.3:a:siemens:siguard_dsa:::::::: cpe:2.3:a:siemens:vesys:2020.1:-:::::: cpe:2.3:a:siemens:vesys:2021.1:-:::::: cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:::::::* cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:::::::* cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:::::::* cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:::::::* cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:::::::* cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:::::::: cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:::::::: cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:::::::: cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:::::::: cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware::::::::
Vendors & Products	Intel audio Development Kit Intel data Center Manager Intel sensor Solution Firmware Development Kit Intel system Debugger Siemens captial	Intel datacenter Manager Netapp brocade San Navigator Netapp solidfire \& Hci Storage Node Netapp solidfire Enterprise Sds Siemens 6bk1602-0aa12-0tp0 Siemens 6bk1602-0aa12-0tp0 Firmware Siemens 6bk1602-0aa22-0tp0 Siemens 6bk1602-0aa22-0tp0 Firmware Siemens 6bk1602-0aa32-0tp0 Siemens 6bk1602-0aa32-0tp0 Firmware Siemens 6bk1602-0aa42-0tp0 Siemens 6bk1602-0aa42-0tp0 Firmware Siemens 6bk1602-0aa52-0tp0 Siemens 6bk1602-0aa52-0tp0 Firmware Siemens capital

Tue, 25 Feb 2025 02:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

Tue, 04 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-12-10'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 00:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Subscriptions

Apache Log4j

Apple Xcode

Bentley Synchro Synchro 4d

Cisco Advanced Malware Protection Virtual Private Cloud Appliance Automated Subsea Tuning Broadworks Business Process Automation Cloud Connect Cloudcenter Cloudcenter Cost Optimizer Cloudcenter Suite Cloudcenter Suite Admin Cloudcenter Workload Manager Common Services Platform Collector Connected Mobile Experiences Contact Center Domain Manager Contact Center Management Portal Crosswork Data Gateway Crosswork Network Automation Crosswork Network Controller Crosswork Optimization Engine Crosswork Platform Infrastructure Crosswork Zero Touch Provisioning Customer Experience Cloud Agent Cx Cloud Agent Cyber Vision Cyber Vision Sensor Management Extension Data Center Network Manager Dna Center Dna Spaces Dna Spaces\ Dna Spaces Connector Emergency Responder Enterprise Chat And Email Evolved Programmable Network Manager Finesse Firepower 1010 Firepower 1120 Firepower 1140 Firepower 1150 Firepower 2110 Firepower 2120 Firepower 2130 Firepower 2140 Firepower 4110 Firepower 4112 Firepower 4115 Firepower 4120 Firepower 4125 Firepower 4140 Firepower 4145 Firepower 4150 Firepower 9300 Firepower Threat Defense Fog Director Fxos Identity Services Engine Integrated Management Controller Supervisor Intersight Virtual Appliance Iot Operations Dashboard Mobility Services Engine Network Assurance Engine Network Dashboard Fabric Controller Network Insights For Data Center Network Services Orchestrator Nexus Dashboard Nexus Insights Optical Network Controller Packaged Contact Center Enterprise Paging Server Prime Service Catalog Sd-wan Vmanage Smart Phy Ucs Central Ucs Central Software Ucs Director Unified Communications Manager Unified Communications Manager Im \& Presence Service Unified Communications Manager Im And Presence Service Unified Computing System Unified Contact Center Enterprise Unified Contact Center Express Unified Contact Center Management Portal Unified Customer Voice Portal Unified Intelligence Center Unified Sip Proxy Unified Workforce Optimization Unity Connection Video Surveillance Manager Video Surveillance Operations Manager Virtual Topology System Virtualized Infrastructure Manager Virtualized Voice Browser Wan Automation Engine Webex Meetings Server Workload Optimization Manager

Debian Debian Linux

Fedoraproject Fedora

Intel Computer Vision Annotation Tool Datacenter Manager Genomics Kernel Library Oneapi Sample Browser Secure Device Onboard System Studio

Netapp Active Iq Unified Manager Brocade San Navigator Cloud Insights Cloud Manager Cloud Secure Agent Oncommand Insight Ontap Tools Snapcenter Solidfire \& Hci Storage Node Solidfire Enterprise Sds

Percussion Rhythmyx

Redhat Amq Streams Camel Quarkus Integration Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Application Platform Eus Jboss Enterprise Bpms Platform Jboss Fuse Logging Openshift Openshift Application Runtimes

Siemens 6bk1602-0aa12-0tp0 6bk1602-0aa12-0tp0 Firmware 6bk1602-0aa22-0tp0 6bk1602-0aa22-0tp0 Firmware 6bk1602-0aa32-0tp0 6bk1602-0aa32-0tp0 Firmware 6bk1602-0aa42-0tp0 6bk1602-0aa42-0tp0 Firmware 6bk1602-0aa52-0tp0 6bk1602-0aa52-0tp0 Firmware Capital Comos Desigo Cc Advanced Reports Desigo Cc Info Center E-car Operation Center Energy Engage Energyip Energyip Prepay Gma-manager Head-end System Universal Device Integration System Industrial Edge Management Industrial Edge Management Hub Logo\! Soft Comfort Mendix Mindsphere Navigator Nx Opcenter Intelligence Operation Scheduler Sentron Powermanager Siguard Dsa Sipass Integrated Siveillance Command Siveillance Control Pro Siveillance Identity Siveillance Vantage Siveillance Viewpoint Solid Edge Cam Pro Solid Edge Harness Design Spectrum Power 4 Spectrum Power 7 Sppa-t3000 Ses3000 Sppa-t3000 Ses3000 Firmware Teamcenter Vesys Xpedition Enterprise Xpedition Package Integrator

Snowsoftware Snow Commander Vm Access Proxy

Sonicwall Email Security

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-12-10T00:00:00.000Z

Updated: 2025-10-21T23:25:23.121Z

Reserved: 2021-11-26T00:00:00.000Z

Link: CVE-2021-44228

Vulnrichment

Updated: 2024-08-04T04:17:24.696Z

NVD

Status : Analyzed

Published: 2021-12-10T10:15:09.143

Modified: 2026-02-20T16:15:59.363

Link: CVE-2021-44228

Redhat

Severity : Critical

Publid Date: 2021-12-10T02:01:00Z

Links: CVE-2021-44228 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object