Show plain JSON{"cisaActionDue": "2023-05-22", "cisaExploitAdd": "2023-05-01", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apache Log4j2 Deserialization of Untrusted Data Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "155A3CFA-903D-4DC9-9A64-C964FAABACC4", "versionEndExcluding": "2.12.2", "versionStartIncluding": "2.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "88DD4847-0961-4CC4-90FC-DFCDC235F62F", "versionEndExcluding": "2.16.0", "versionStartIncluding": "2.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", "matchCriteriaId": "17854E42-7063-4A55-BF2A-4C7074CC2D60", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "53F32FB2-6970-4975-8BD0-EAE12E9AD03A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B773ED91-1D39-42E6-9C52-D02210DE1A94", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "EF24312D-1A62-482E-8078-7EC24758B710", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cvat:computer_vision_annotation_tool:-:*:*:*:*:*:*:*", "matchCriteriaId": "99BBE644-5421-472E-8595-5279E0CC67B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "099344DD-8AEE-49A0-88A8-691A8A1E651F", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:datacenter_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "070C1452-C349-4953-A748-3039F2217811", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*", "matchCriteriaId": "18989EBC-E1FB-473B-83E0-48C8896C2E96", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:oneapi:-:*:*:*:*:eclipse:*:*", "matchCriteriaId": "720D3597-B74B-4540-AD50-80884183D5DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*", "matchCriteriaId": "22BEE177-D117-478C-8EAD-9606DEDF9FD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "F021E2E7-0D8F-4336-82A6-77E521347C4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F66B0A2-22C0-41D5-B866-1764DEC12CB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC619106-991C-413A-809D-C2410EBA4CDB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8320869-CBF4-4C92-885C-560C09855BFA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "755BA221-33DD-40A2-A517-8574D042C261", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*", "matchCriteriaId": "07856DAA-EDB4-4522-BA16-CD302C9E39EF", "versionEndExcluding": "2019.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*", "matchCriteriaId": "F7AD819D-D093-472E-AA47-1A925111E4C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*", "matchCriteriaId": "2D07A11A-A3C6-4D44-B2E0-A8358D23947A", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*", "matchCriteriaId": "61597661-A3B0-4A14-AA6B-C911E0063390", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB524B33-68E7-46A2-B5CE-BCD9C3194B8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5F852C6D-44A0-4CCE-83C7-4501CAD73F9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA61161C-C2E7-4852-963E-E2D3DFBFDC7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A76AA04A-BB43-4027-895E-D1EACFCDF41B", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A6B60F3-327B-49B7-B5E4-F1C60896C9BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BCF281E-B0A2-49E2-AEF8-8691BDCE08D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "A87EFCC4-4BC1-4FEA-BAA4-8FF221838EBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "B678380B-E95E-4A8B-A49D-D13B62AA454E", "versionEndExcluding": "2021-12-13", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "4557476B-0157-44C2-BB50-299E7C7E1E72", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "991B2959-5AA3-4B68-A05A-42D9860FAA9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "7E5948A0-CA31-41DF-85B6-1E6D09E5720B", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "4C08D302-EEAC-45AA-9943-3A5F09E29FAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "D53BA68C-B653-4507-9A2F-177CF456960F", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "1F0C3D5E-579F-42C6-9D8C-37969A1D17D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*", "matchCriteriaId": "2C16C460-9482-4A22-92AC-1AE0E87D7F28", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E180527-5C36-4158-B017-5BEDC0412FD6", "versionEndExcluding": "8.6.2j-398", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFDADA98-1CD0-45DA-9082-BFC383F7DB97", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "E33D707F-100E-4DE7-A05B-42467DE75EAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD3EAC80-44BE-41D2-8D57-0EE3DBA1E1B1", "versionEndExcluding": "2021-12-13", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AC8AB52-F4F4-440D-84F5-2776BFE1957A", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF6D774-AC8C-49CA-A00B-A2740CA8FA91", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*", "matchCriteriaId": "6423B1A7-F09F-421A-A0AC-3059CB89B110", "versionEndExcluding": "2021-12-11", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*", "matchCriteriaId": "48C6A61B-2198-4B9E-8BCF-824643C81EC3", "versionEndExcluding": "2021-12-13", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEE2F7A1-8281-48F1-8BFB-4FE0D7E1AEF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", "matchCriteriaId": "C74B9880-FFF9-48CA-974F-54FB80F30D2D", "versionEndIncluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", "matchCriteriaId": "74D1F4AD-9A60-4432-864F-4505B3C60659", "versionEndIncluding": "1.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "7ABA5332-8D1E-4129-A557-FCECBAC12827", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "9C3AA865-5570-4C8B-99DE-431AD7B163F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "00E03FB6-37F9-4559-8C86-F203D6782920", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "90439591-BA01-4007-A2B6-B316548D4595", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "E1F3B8B4-4D1B-4913-BD5F-1A04B47F829A", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", "matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", "matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FC0A575-F771-4B44-A0C6-6A5FD98E5134", "versionEndIncluding": "4.16.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D1D6B61-1F17-4008-9DFB-EF419777768E", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*", "matchCriteriaId": "F30DE588-9479-46AA-8346-EA433EE83A5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*", "matchCriteriaId": "4941EAD6-8759-4C72-ABA6-259C0E838216", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BF2708F-0BD9-41BF-8CB1-4D06C4EFB777", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*", "matchCriteriaId": "0762031C-DFF1-4962-AE05-0778B27324B9", "versionEndExcluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*", "matchCriteriaId": "96271088-1D1B-4378-8ABF-11DAB3BB4DDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*", "matchCriteriaId": "2595AD24-2DF2-4080-B780-BC03F810B9A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*", "matchCriteriaId": "88096F08-F261-4E3E-9EEB-2AB0225CD6F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*", "matchCriteriaId": "044994F7-8127-4F03-AA1A-B2AB41D68AF5", "versionEndExcluding": "4.70", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*", "matchCriteriaId": "A6CB3A8D-9577-41FB-8AC4-0DF8DE6A519C", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*", "matchCriteriaId": "17B7C211-6339-4AF2-9564-94C7DE52EEB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*", "matchCriteriaId": "DBCCBBBA-9A4F-4354-91EE-10A1460BBA3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "12F81F6B-E455-4367-ADA4-8A5EC7F4754A", "versionEndExcluding": "2.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*", "matchCriteriaId": "A5EF509E-3799-4718-B361-EFCBA17AEEF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*", "matchCriteriaId": "8CA31645-29FC-4432-9BFC-C98A808DB8CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*", "matchCriteriaId": "BB424991-0B18-4FFC-965F-FCF4275F56C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B209EFE-77F2-48CD-A880-ABA0A0A81AB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:tracealertserverplus:*:*:*:*:*:*:*:*", "matchCriteriaId": "6340621E-0FAF-4684-B457-E621E51E13A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*", "matchCriteriaId": "72D238AB-4A1F-458D-897E-2C93DCD7BA6C", "versionEndExcluding": "2019.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*", "matchCriteriaId": "9778339A-EA93-4D18-9A03-4EB4CBD25459", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*", "matchCriteriaId": "1747F127-AB45-4325-B9A1-F3D12E69FFC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*", "matchCriteriaId": "18BBEF7C-F686-4129-8EE9-0F285CE38845", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD525494-2807-48EA-AED0-11B9CB5A6A9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*", "matchCriteriaId": "1EDCBF98-A857-48BC-B04D-6F36A1975AA5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5BAA8A5-74B3-48EB-8287-302927197A4E", "versionEndExcluding": "10.0.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF99FE8F-40D0-48A8-9A40-43119B259535", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD64FC36-CC7B-4FD7-9845-7EA1DDB0E627", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3F61BCB-64FA-463C-8B95-8868995EDBC0", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0012304-B1C8-460A-B891-42EBF96504F5", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5A189B7-DDBF-4B84-997F-637CEC5FF12B", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B02BCF56-D9D3-4BF3-85A2-D445E997F5EC", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*", "matchCriteriaId": "035AFD6F-E560-43C8-A283-8D80DAA33025", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A2DB5BA-1065-467A-8FB6-81B5EC29DC0C", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*", "matchCriteriaId": "4594FF76-A1F8-4457-AE90-07D051CD0DCB", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "809EB87E-561A-4DE5-9FF3-BBEE0FA3706E", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default."}, {"lang": "es", "value": "Se descubri\u00f3 que la correcci\u00f3n para abordar CVE-2021-44228 en Apache Log4j versiones 2.15.0 estaba incompleta en ciertas configuraciones no predeterminadas. Esto podr\u00eda permitir a los atacantes con control sobre los datos de entrada de Thread Context Map (MDC) cuando la configuraci\u00f3n de registro utiliza un Pattern Layout no predeterminado con un Context Lookup (por ejemplo, $${ctx:loginId}) o un Thread Context Map pattern (%X, %mdc, o %MDC) para elaborar datos de entrada maliciosos utilizando un patr\u00f3n JNDI Lookup que resulta en una fuga de informaci\u00f3n y ejecuci\u00f3n de c\u00f3digo remoto en algunos entornos y ejecuci\u00f3n de c\u00f3digo local en todos los entornos. Log4j versiones 2.16.0 (Java 8) y 2.12.2 (Java 7) solucionan este problema eliminando el soporte para los patrones de b\u00fasqueda de mensajes y deshabilitando la funcionalidad JNDI por defecto"}], "id": "CVE-2021-45046", "lastModified": "2025-02-04T20:15:45.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2021-12-14T19:15:07.733", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"}, {"source": "security@apache.org", "tags": ["Mailing List", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/"}, {"source": "security@apache.org", "tags": ["Mailing List", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/"}, {"source": "security@apache.org", "tags": ["Mitigation", "Release Notes", "Vendor Advisory"], "url": "https://logging.apache.org/log4j/2.x/security.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-16"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"}, {"source": "security@apache.org", "tags": ["Not Applicable"], "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-5022"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/930724"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/12/18/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Release Notes", "Vendor Advisory"], "url": "https://logging.apache.org/log4j/2.x/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-5022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/930724"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-917"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-917"}], "source": "nvd@nist.gov", "type": "Secondary"}]}