CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVSS v3.0 10.0 CRITICAL
CVSS v2.0 9.3 HIGH

10.0^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://logging.apache.org/log4j/2.x/security.html	Release Notes Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/1	Mailing List Mitigation Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/2	Mailing List Mitigation Third Party Advisory
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20211210-0007/	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/10/3	Mailing List Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/	Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/13/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/12/13/2	Mailing List Third Party Advisory
https://twitter.com/kurtseifried/status/1469345530182455296	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Mailing List Third Party Advisory
https://www.debian.org/security/2021/dsa-5020	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html	Exploit Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
https://www.kb.cert.org/vuls/id/930724	Third Party Advisory US Government Resource
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html	Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Patch Third Party Advisory Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html	Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html	Third Party Advisory VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/	Third Party Advisory
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md	Product US Government Resource
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html	Third Party Advisory VDB Entry
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://github.com/cisagov/log4j-affected-db	Third Party Advisory
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Third Party Advisory
https://support.apple.com/kb/HT213189	Third Party Advisory
http://seclists.org/fulldisclosure/2022/Mar/23	Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228	Exploit Third Party Advisory
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jul/11	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2022/Dec/2	Exploit Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:log4j:2.0:rc1::::::
	cpe:2.3:a:apache:log4j:2.0:beta9::::::
	cpe:2.3:a:apache:log4j:2.0:rc2::::::
	cpe:2.3:a:apache:log4j:2.0:-::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::
	cpe:2.3:a:apache:log4j::::::::

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:siemens:logo\!_soft_comfort::::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7::::::
	cpe:2.3:a:siemens:spectrum_power_4:4.70:-::::::
	cpe:2.3:a:siemens:spectrum_power_4::::::::
	cpe:2.3:a:siemens:siveillance_control_pro::::::::
	cpe:2.3:a:siemens:energyip_prepay:3.7:::::::*
	cpe:2.3:a:siemens:energyip_prepay:3.8:::::::*
	cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8::::::
	cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*
	cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
	cpe:2.3:a:siemens:siveillance_command::::::::
	cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
	cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
	cpe:2.3:a:siemens:head-end_system_universal_device_integration_system::::::::
	cpe:2.3:a:siemens:gma-manager::::::::
	cpe:2.3:a:siemens:energyip:8.5:::::::*
	cpe:2.3:a:siemens:energyip:8.6:::::::*
	cpe:2.3:a:siemens:energyip:8.7:::::::*
	cpe:2.3:a:siemens:energyip:9.0:::::::*
	cpe:2.3:a:siemens:energy_engage:3.1:::::::*
	cpe:2.3:a:siemens:e-car_operation_center::::::::
	cpe:2.3:a:siemens:desigo_cc_info_center:5.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_info_center:5.1:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:::::::*
	cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:::::::*
	cpe:2.3:a:siemens:comos::::::::
	cpe:2.3:a:siemens:captial:2019.1:sp1912::::::
	cpe:2.3:a:siemens:navigator::::::::
	cpe:2.3:a:siemens:xpedition_package_integrator:-:::::::*
	cpe:2.3:a:siemens:xpedition_enterprise:-:::::::*
	cpe:2.3:a:siemens:vesys:2019.1:sp1912::::::
	cpe:2.3:a:siemens:vesys:2019.1:::::::*
	cpe:2.3:a:siemens:vesys::::::::
	cpe:2.3:a:siemens:vesys:2019.1:-::::::
	cpe:2.3:a:siemens:teamcenter::::::::
	cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2::::::
	cpe:2.3:a:siemens:spectrum_power_7:2.30:-::::::
	cpe:2.3:a:siemens:spectrum_power_7::::::::
	cpe:2.3:a:siemens:spectrum_power_7:2.30:::::::*
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002::::::
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:-::::::
	cpe:2.3:a:siemens:solid_edge_harness_design::::::::
	cpe:2.3:a:siemens:captial:2019.1:-::::::
	cpe:2.3:a:siemens:solid_edge_harness_design:2020:::::::*
	cpe:2.3:a:siemens:solid_edge_cam_pro::::::::
	cpe:2.3:a:siemens:siveillance_viewpoint::::::::
	cpe:2.3:a:siemens:siveillance_vantage::::::::
	cpe:2.3:a:siemens:siguard_dsa:4.3:::::::*
	cpe:2.3:a:siemens:siguard_dsa:4.4:::::::*
	cpe:2.3:a:siemens:siguard_dsa:4.2:::::::*
	cpe:2.3:a:siemens:sentron_powermanager:4.2:::::::*
	cpe:2.3:a:siemens:sentron_powermanager:4.1:::::::*
	cpe:2.3:a:siemens:operation_scheduler::::::::
	cpe:2.3:a:siemens:nx::::::::
	cpe:2.3:a:siemens:opcenter_intelligence::::::::
	cpe:2.3:a:siemens:mindsphere::::::::
	cpe:2.3:a:siemens:mendix::::::::
	cpe:2.3:a:siemens:industrial_edge_management_hub::::::::
	cpe:2.3:a:siemens:industrial_edge_management::::::::
	cpe:2.3:a:siemens:captial::::::::

Configuration 4 (hide)

OR	cpe:2.3:a:intel:audio_development_kit:-:::::::*
	cpe:2.3:a:intel:system_debugger:-:::::::*
	cpe:2.3:a:intel:secure_device_onboard:-:::::::*
	cpe:2.3:a:intel:oneapi_sample_browser:-:::::eclipse::
	cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:::::::*
	cpe:2.3:a:intel:computer_vision_annotation_tool:-:::::::*
	cpe:2.3:a:intel:genomics_kernel_library:-:::::::*
	cpe:2.3:a:intel:system_studio:-:::::::*
	cpe:2.3:a:intel:data_center_manager::::::::

Configuration 5 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 7 (hide)

cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*

Configuration 8 (hide)

OR	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:cloud_insights:-:::::::*
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:cloud_manager:-:::::::*
	cpe:2.3:a:netapp:cloud_secure_agent:-:::::::*
	cpe:2.3:a:netapp:ontap_tools:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:snapcenter:-:::::vmware_vsphere::

Configuration 9 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:::::::*
	cpe:2.3:a:cisco:webex_meetings_server::::::::
	cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\(1\):::::::*
	cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1::::::
	cpe:2.3:a:cisco:webex_meetings_server:3.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine::::::::
	cpe:2.3:a:cisco:data_center_network_manager::::::::
	cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2::::::
	cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3::::::
	cpe:2.3:a:cisco:webex_meetings_server:4.0:-::::::
	cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1::::::
	cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2::::::
	cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3::::::
	cpe:2.3:a:cisco:unified_contact_center_express::::::::
	cpe:2.3:a:cisco:data_center_network_manager:11.3\(1\):::::::*
	cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:::::*
	cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2::::::
	cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3::::::
	cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4::::::
	cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4::::::
	cpe:2.3:a:cisco:identity_services_engine:2.4.0:-::::::
	cpe:2.3:a:cisco:finesse::::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):::::::*
	cpe:2.3:a:cisco:nexus_dashboard::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:iot_operations_dashboard:-:::::::*
	cpe:2.3:a:cisco:intersight_virtual_appliance::::::::
	cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::
	cpe:2.3:a:cisco:network_services_orchestrator::::::::
	cpe:2.3:a:cisco:dna_spaces\:_connector::::::::
	cpe:2.3:a:cisco:cyber_vision_sensor_management_extension::::::::
	cpe:2.3:a:cisco:crosswork_zero_touch_provisioning::::::::
	cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_platform_infrastructure::::::::
	cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:::::::*
	cpe:2.3:a:cisco:crosswork_optimization_engine::::::::
	cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_network_controller::::::::
	cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:::::::*
	cpe:2.3:a:cisco:crosswork_data_gateway::::::::
	cpe:2.3:a:cisco:common_services_platform_collector::::::::
	cpe:2.3:a:cisco:common_services_platform_collector::::::::
	cpe:2.3:a:cisco:cloudcenter::::::::
	cpe:2.3:a:cisco:cloudcenter_workload_manager::::::::
	cpe:2.3:a:cisco:cloudcenter_suite_admin::::::::
	cpe:2.3:a:cisco:cloudcenter_cost_optimizer::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:business_process_automation::::::::
	cpe:2.3:a:cisco:automated_subsea_tuning::::::::
	cpe:2.3:a:cisco:nexus_insights::::::::
	cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance::::::::
	cpe:2.3:a:cisco:customer_experience_cloud_agent::::::::
	cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5::::::
	cpe:2.3:a:cisco:workload_optimization_manager::::::::
	cpe:2.3:a:cisco:ucs_central::::::::
	cpe:2.3:a:cisco:ucs_director::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:optical_network_controller::::::::
	cpe:2.3:a:cisco:fog_director:-:::::::*
cpe:2.3:a:cisco:dna_center::::::::
cpe:2.3:a:cisco:sd-wan_vmanage::::::::
cpe:2.3:a:cisco:integrated_management_controller_supervisor::::::::
cpe:2.3:a:cisco:wan_automation_engine::::::::
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::
cpe:2.3:a:cisco:sd-wan_vmanage::::::::
cpe:2.3:a:cisco:network_assurance_engine::::::::
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::
cpe:2.3:a:cisco:dna_center::::::::
cpe:2.3:a:cisco:sd-wan_vmanage::::::::
cpe:2.3:a:cisco:virtual_topology_system::::::::
cpe:2.3:a:cisco:dna_center::::::::
cpe:2.3:a:cisco:smart_phy::::::::
cpe:2.3:a:cisco:prime_service_catalog::::::::
cpe:2.3:a:cisco:connected_mobile_experiences:-:::::::*
cpe:2.3:a:cisco:video_surveillance_operations_manager::::::::
cpe:2.3:a:cisco:unity_connection::::::::
cpe:2.3:a:cisco:virtualized_voice_browser::::::::
cpe:2.3:o:cisco:unified_workforce_optimization::::::::
cpe:2.3:o:cisco:unified_sip_proxy::::::::
cpe:2.3:o:cisco:unified_intelligence_center::::::::
cpe:2.3:a:cisco:unified_customer_voice_portal::::::::
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise::::::::
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service::::::::
cpe:2.3:a:cisco:unified_communications_manager:::::session_management:::*
cpe:2.3:a:cisco:unified_communications_manager:::::-:::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)su3:::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::session_management:::
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::-:::
cpe:2.3:a:cisco:paging_server::::::::
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):::::::*
cpe:2.3:a:cisco:packaged_contact_center_enterprise::::::::
cpe:2.3:a:cisco:enterprise_chat_and_email::::::::
cpe:2.3:a:cisco:emergency_responder::::::::
cpe:2.3:a:cisco:contact_center_management_portal::::::::
cpe:2.3:a:cisco:contact_center_domain_manager::::::::
cpe:2.3:a:cisco:cloud_connect::::::::
cpe:2.3:a:cisco:broadworks::::::::

Configuration 10 (hide)

AND

OR	cpe:2.3:o:cisco:fxos:6.2.3:::::::*
	cpe:2.3:o:cisco:fxos:6.3.0:::::::*
	cpe:2.3:o:cisco:fxos:6.4.0:::::::*
	cpe:2.3:o:cisco:fxos:6.5.0:::::::*
	cpe:2.3:o:cisco:fxos:6.6.0:::::::*
	cpe:2.3:o:cisco:fxos:6.7.0:::::::*
	cpe:2.3:o:cisco:fxos:7.0.0:::::::*
	cpe:2.3:o:cisco:fxos:7.1.0:::::::*

OR	cpe:2.3:h:cisco:firepower_1010:-:::::::*
	cpe:2.3:h:cisco:firepower_1120:-:::::::*
	cpe:2.3:h:cisco:firepower_1140:-:::::::*
	cpe:2.3:h:cisco:firepower_1150:-:::::::*
	cpe:2.3:h:cisco:firepower_2110:-:::::::*
	cpe:2.3:h:cisco:firepower_2120:-:::::::*
	cpe:2.3:h:cisco:firepower_2130:-:::::::*
	cpe:2.3:h:cisco:firepower_2140:-:::::::*
	cpe:2.3:h:cisco:firepower_4110:-:::::::*
	cpe:2.3:h:cisco:firepower_4112:-:::::::*
	cpe:2.3:h:cisco:firepower_4115:-:::::::*
	cpe:2.3:h:cisco:firepower_4120:-:::::::*
	cpe:2.3:h:cisco:firepower_4125:-:::::::*
	cpe:2.3:h:cisco:firepower_4140:-:::::::*
	cpe:2.3:h:cisco:firepower_4145:-:::::::*
	cpe:2.3:h:cisco:firepower_4150:-:::::::*
	cpe:2.3:h:cisco:firepower_9300:-:::::::*

Configuration 11 (hide)

OR	cpe:2.3:a:cisco:prime_service_catalog:12.1:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:::::::*
	cpe:2.3:a:cisco:webex_meetings_server:3.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:::::::*
	cpe:2.3:a:cisco:webex_meetings_server:4.0:::::::*
	cpe:2.3:a:cisco:unity_connection:11.5:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:::::::*
	cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:::::::*
	cpe:2.3:a:cisco:sd-wan_vmanage:20.3:::::::*
	cpe:2.3:a:cisco:sd-wan_vmanage:20.6:::::::*
	cpe:2.3:a:cisco:sd-wan_vmanage:20.5:::::::*
	cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
	cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:::::::*
	cpe:2.3:a:cisco:dna_spaces_connector:-:::::::*
	cpe:2.3:a:cisco:unified_sip_proxy:010.002\(001\):::::::*
	cpe:2.3:a:cisco:unified_sip_proxy:010.002\(000\):::::::*
	cpe:2.3:a:cisco:unified_sip_proxy:010.000\(001\):::::::*
	cpe:2.3:a:cisco:unified_sip_proxy:010.000\(000\):::::::*
	cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):-::::::
	cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es02::::::
	cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es01::::::
	cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):-::::::
	cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\(1\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\(1\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):su1::::::
	cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-::::::
	cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1.22900.6\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.22900.28\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.21900.40\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18900.97\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18119.2\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.17900.52\):::::::*
	cpe:2.3:a:cisco:paging_server:9.1\(1\):::::::*
	cpe:2.3:a:cisco:paging_server:9.0\(2\):::::::*
	cpe:2.3:a:cisco:paging_server:9.0\(1\):::::::*
	cpe:2.3:a:cisco:paging_server:8.5\(1\):::::::*
	cpe:2.3:a:cisco:paging_server:8.4\(1\):::::::*
	cpe:2.3:a:cisco:paging_server:8.3\(1\):::::::*
	cpe:2.3:a:cisco:paging_server:14.0\(1\):::::::*
	cpe:2.3:a:cisco:paging_server:12.5\(2\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(1\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\(1\):::::::*
	cpe:2.3:a:cisco:finesse:12.6\(1\):es03::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es02::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):es01::::::
	cpe:2.3:a:cisco:finesse:12.6\(1\):-::::::
	cpe:2.3:a:cisco:finesse:12.5\(1\):su2::::::
	cpe:2.3:a:cisco:finesse:12.5\(1\):su1::::::
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\(1\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\(1\):::::::*
	cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\(1\):::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5\(4.66000.14\):::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5\(4.65000.14\):::::::*
	cpe:2.3:a:cisco:emergency_responder:11.5:::::::*
	cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\(1\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.6\(2\):::::::*
	cpe:2.3:a:cisco:unified_contact_center_express:12.6\(1\):::::::*
	cpe:2.3:a:cisco:broadworks:-:::::::*
cpe:2.3:a:cisco:unified_computing_system:006.008\(001.000\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1l\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1k\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1h\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1g\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1f\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1e\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1d\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1c\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1b\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0\(1a\):::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0:::::::*
cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:::::::*
cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\(002.000\):::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.8:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.7:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.4:::::::*
cpe:2.3:a:cisco:optical_network_controller:1.1:::::::*
cpe:2.3:a:cisco:network_assurance_engine:6.0\(2.1912\):::::::*
cpe:2.3:a:cisco:dna_center:2.2.2.8:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.6:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.5:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.4:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.2:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.1:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.1.3:::::::*
cpe:2.3:a:cisco:virtual_topology_system:2.6.6:::::::*
cpe:2.3:a:cisco:smart_phy:3.2.1:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.5:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.4:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.3:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.2:::::::*
cpe:2.3:a:cisco:smart_phy:21.3:::::::*
cpe:2.3:a:cisco:network_services_orchestrator:-:::::::*
cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(3\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(2\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\(1\):::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\(1\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(4.018\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(3.025\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(2.26\):::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14\(1.26\):::::::*
cpe:2.3:a:cisco:unified_workforce_optimization:11.5\(1\):sr7::::::
cpe:2.3:a:cisco:unity_connection:11.5\(1.10000.6\):::::::*
cpe:2.3:a:cisco:cloudcenter_suite:5.3\(0\):::::::*
cpe:2.3:a:cisco:cloudcenter_suite:5.5\(0\):::::::*
cpe:2.3:a:cisco:cloudcenter_suite:5.4\(1\):::::::*
cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:::::::*
cpe:2.3:a:cisco:identity_services_engine:003.002\(000.116\):-::::::
cpe:2.3:a:cisco:identity_services_engine:003.001\(000.518\):-::::::
cpe:2.3:a:cisco:identity_services_engine:003.000\(000.458\):-::::::
cpe:2.3:a:cisco:identity_services_engine:002.007\(000.356\):-::::::
cpe:2.3:a:cisco:identity_services_engine:002.006\(000.156\):-::::::
cpe:2.3:a:cisco:identity_services_engine:002.004\(000.914\):-::::::
cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:::::::*
cpe:2.3:a:cisco:network_insights_for_data_center:6.0\(2.1914\):::::::*
cpe:2.3:a:cisco:cx_cloud_agent:001.012:::::::*
cpe:2.3:a:cisco:mobility_services_engine:-:::::::*
cpe:2.3:a:cisco:cloudcenter_suite:5.5\(1\):::::::*
cpe:2.3:a:cisco:cloudcenter_suite:4.10\(0.15\):::::::*
cpe:2.3:a:cisco:dna_spaces:-:::::::*
cpe:2.3:a:cisco:cyber_vision:4.0.2:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:::::::*
cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:::::::*
cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:::::::*
cpe:2.3:a:cisco:crosswork_network_automation:-:::::::*
cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:::::::*
cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.010\(000.000\):::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.002\):::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.001\):::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009\(001.000\):::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.002\):::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.001\):::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009\(000.000\):::::::*

Configuration 12 (hide)

OR	cpe:2.3:a:snowsoftware:vm_access_proxy::::::::
	cpe:2.3:a:snowsoftware:snow_commander::::::::

Configuration 13 (hide)

OR	cpe:2.3:a:bentley:synchro_4d:::::pro:::*
	cpe:2.3:a:bentley:synchro:::::pro:::*

Configuration 14 (hide)

cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*

Information

Published : 2021-12-10 02:15

Updated : 2023-02-06 10:53

NVD link : CVE-2021-44228

Mitre link : CVE-2021-44228

JSON object : View

CWE

CWE-502

Deserialization of Untrusted Data

CWE-20

Improper Input Validation

CWE-400

Uncontrolled Resource Consumption

Products Affected

cisco

firepower_9300
virtualized_infrastructure_manager
crosswork_platform_infrastructure
cloudcenter_suite
virtualized_voice_browser
smart_phy
firepower_4140
cloudcenter_cost_optimizer
ucs_central_software
cyber_vision_sensor_management_extension
connected_mobile_experiences
emergency_responder
unified_workforce_optimization
unity_connection
firepower_4150
crosswork_zero_touch_provisioning
firepower_4112
dna_spaces_connector
unified_computing_system
ucs_director
prime_service_catalog
network_services_orchestrator
cloudcenter_workload_manager
workload_optimization_manager
unified_sip_proxy
advanced_malware_protection_virtual_private_cloud_appliance
video_surveillance_manager
fog_director
evolved_programmable_network_manager
firepower_1140
integrated_management_controller_supervisor
identity_services_engine
firepower_2130
unified_communications_manager_im_and_presence_service
dna_spaces\
crosswork_network_automation
unified_customer_voice_portal
cloudcenter_suite_admin
network_insights_for_data_center
iot_operations_dashboard
intersight_virtual_appliance
unified_contact_center_express
broadworks
fxos
firepower_1120
firepower_4145
network_dashboard_fabric_controller
optical_network_controller
network_assurance_engine
unified_contact_center_enterprise
unified_contact_center_management_portal
business_process_automation
virtual_topology_system
data_center_network_manager
nexus_dashboard
automated_subsea_tuning
packaged_contact_center_enterprise
unified_intelligence_center
sd-wan_vmanage
crosswork_optimization_engine
contact_center_domain_manager
customer_experience_cloud_agent
cx_cloud_agent
contact_center_management_portal
firepower_4110
ucs_central
unified_communications_manager_im_\&_presence_service
dna_spaces
firepower_4120
paging_server
video_surveillance_operations_manager
unified_communications_manager
nexus_insights
cloud_connect
cyber_vision
firepower_2120
firepower_1010
enterprise_chat_and_email
webex_meetings_server
firepower_4115
firepower_2110
cloudcenter
wan_automation_engine
crosswork_data_gateway
finesse
common_services_platform_collector
firepower_4125
firepower_1150
crosswork_network_controller
mobility_services_engine
connected_analytics_for_network_deployment
firepower_2140
dna_center
firepower_threat_defense

netapp

active_iq_unified_manager
cloud_secure_agent
cloud_manager
ontap_tools
cloud_insights
oncommand_insight
snapcenter

siemens

gma-manager
logo\!_soft_comfort
navigator
siveillance_identity
opcenter_intelligence
desigo_cc_info_center
desigo_cc_advanced_reports
siveillance_viewpoint
operation_scheduler
energyip_prepay
spectrum_power_4
sipass_integrated
xpedition_package_integrator
head-end_system_universal_device_integration_system
mindsphere
xpedition_enterprise
sppa-t3000_ses3000_firmware
industrial_edge_management
siguard_dsa
nx
energy_engage
sentron_powermanager
solid_edge_harness_design
vesys
solid_edge_cam_pro
siveillance_command
mendix
energyip
industrial_edge_management_hub
teamcenter
comos
captial
sppa-t3000_ses3000
siveillance_control_pro
siveillance_vantage
e-car_operation_center
spectrum_power_7

fedoraproject

fedora

debian

debian_linux

snowsoftware

vm_access_proxy
snow_commander

intel

data_center_manager
genomics_kernel_library
audio_development_kit
system_debugger
sensor_solution_firmware_development_kit
secure_device_onboard
computer_vision_annotation_tool
system_studio
oneapi_sample_browser

sonicwall

email_security

percussion

rhythmyx

apache

log4j

bentley

synchro
synchro_4d

10.0 /10