Vulnerability Database

289,598

Total vulnerabilities in the database

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVSS v3:

  • Severity: Critical
  • Score: 10
  • AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

Software From Fixed in
apache / log4j 2.0-rc1 2.0-rc1.x
apache / log4j 2.0-beta9 2.0-beta9.x
apache / log4j 2.0-rc2 2.0-rc2.x
apache / log4j 2.0 2.0.x
apache / log4j 2.13.0 2.15.0
apache / log4j 2.0.1 2.3.1
apache / log4j 2.4.0 2.12.2
siemens / sppa-t3000_ses3000_firmware - -
siemens / logo!_soft_comfort - -
siemens / spectrum_power_4 4.70-sp7 4.70-sp7.x
siemens / spectrum_power_4 4.70 4.70.x
siemens / spectrum_power_4 - 4.70
siemens / siveillance_control_pro - -
siemens / spectrum_power_4 4.70-sp8 4.70-sp8.x
siemens / siveillance_identity 1.6 1.6.x
siemens / siveillance_identity 1.5 1.5.x
siemens / siveillance_command - 4.16.2.1.x
siemens / sipass_integrated 2.85 2.85.x
siemens / sipass_integrated 2.80 2.80.x
siemens / head-end_system_universal_device_integration_system - -
siemens / gma-manager - 8.6.2j-398
siemens / energyip 8.5 8.5.x
siemens / energyip 8.6 8.6.x
siemens / energyip 8.7 8.7.x
siemens / energyip 9.0 9.0.x
siemens / energy_engage 3.1 3.1.x
siemens / e-car_operation_center - 2021-12-13
siemens / desigo_cc_info_center 5.0 5.0.x
siemens / desigo_cc_info_center 5.1 5.1.x
siemens / desigo_cc_advanced_reports 4.1 4.1.x
siemens / desigo_cc_advanced_reports 4.2 4.2.x
siemens / desigo_cc_advanced_reports 5.0 5.0.x
siemens / desigo_cc_advanced_reports 5.1 5.1.x
siemens / desigo_cc_advanced_reports 4.0 4.0.x
siemens / navigator - 2021-12-13
siemens / vesys 2019.1-sp1912 2019.1-sp1912.x
siemens / vesys 2019.1 2019.1.x
siemens / vesys - 2019.1
siemens / teamcenter - -
siemens / spectrum_power_7 2.30-sp2 2.30-sp2.x
siemens / spectrum_power_7 2.30 2.30.x
siemens / spectrum_power_7 - 2.30
siemens / solid_edge_harness_design 2020-sp2002 2020-sp2002.x
siemens / solid_edge_harness_design 2020 2020.x
siemens / solid_edge_harness_design - 2020
siemens / solid_edge_cam_pro - -
siemens / siveillance_viewpoint - -
siemens / siveillance_vantage - -
siemens / sentron_powermanager 4.2 4.2.x
siemens / sentron_powermanager 4.1 4.1.x
siemens / operation_scheduler - 1.1.3.x
siemens / nx - -
siemens / mendix - -
siemens / industrial_edge_management_hub - 2021-12-13
siemens / industrial_edge_management - -
debian / debian_linux 9.0 9.0.x
debian / debian_linux 10.0 10.0.x
debian / debian_linux 11.0 11.0.x
fedoraproject / fedora 34 34.x
fedoraproject / fedora 35 35.x
cisco / unified_communications_manager_im_and_presence_service 11.5(1) 11.5(1).x
cisco / unified_customer_voice_portal 11.6 11.6.x
cisco / webex_meetings_server - 3.0
cisco / packaged_contact_center_enterprise 11.6(1) 11.6(1).x
cisco / webex_meetings_server 3.0-maintenance_release1 3.0-maintenance_release1.x
cisco / webex_meetings_server 3.0 3.0.x
cisco / identity_services_engine - 2.4.0
cisco / data_center_network_manager - 11.3\(1\)
cisco / webex_meetings_server 3.0-maintenance_release2 3.0-maintenance_release2.x
cisco / webex_meetings_server 3.0-maintenance_release3 3.0-maintenance_release3.x
cisco / webex_meetings_server 4.0 4.0.x
cisco / webex_meetings_server 4.0-maintenance_release1 4.0-maintenance_release1.x
cisco / webex_meetings_server 4.0-maintenance_release2 4.0-maintenance_release2.x
cisco / webex_meetings_server 4.0-maintenance_release3 4.0-maintenance_release3.x
cisco / unified_contact_center_express - 12.5\(1\)
cisco / data_center_network_manager 11.3(1) 11.3(1).x
cisco / webex_meetings_server 3.0-maintenance_release3_service_pack_2 3.0-maintenance_release3_service_pack_2.x
cisco / webex_meetings_server 3.0-maintenance_release3_service_pack_3 3.0-maintenance_release3_service_pack_3.x
cisco / webex_meetings_server 3.0-maintenance_release4 3.0-maintenance_release4.x
cisco / webex_meetings_server 3.0-maintenance_release3_security_patch4 3.0-maintenance_release3_security_patch4.x
cisco / identity_services_engine 2.4.0 2.4.0.x
cisco / finesse - 12.6\(1\)
cisco / finesse 12.6(1) 12.6(1).x
cisco / nexus_dashboard - 2.1.2
cisco / network_services_orchestrator 5.6 5.6.3.1
cisco / network_services_orchestrator 5.5 5.5.4.1
cisco / network_services_orchestrator - 5.3.5.1
cisco / intersight_virtual_appliance - 1.0.9-361
cisco / evolved_programmable_network_manager - 4.1.1.x
cisco / network_services_orchestrator 5.4 5.4.5.2
cisco / dna_spaces-_connector - 2.5
cisco / cyber_vision_sensor_management_extension - 4.0.3
cisco / crosswork_zero_touch_provisioning - 2.0.1
cisco / crosswork_zero_touch_provisioning 3.0.0 3.0.0.x
cisco / crosswork_platform_infrastructure - 4.0.1
cisco / crosswork_platform_infrastructure 4.1.0 4.1.0.x
cisco / crosswork_optimization_engine - 2.0.1
cisco / crosswork_optimization_engine 3.0.0 3.0.0.x
cisco / crosswork_network_controller 3.0.0 3.0.0.x
cisco / crosswork_network_controller - 2.0.1
cisco / crosswork_data_gateway 3.0.0 3.0.0.x
cisco / crosswork_data_gateway - 2.0.2
cisco / common_services_platform_collector 2.10.0 2.10.0.1
cisco / common_services_platform_collector - 2.9.1.3
cisco / cloudcenter - 4.10.0.16
cisco / cloudcenter_workload_manager - 5.5.2
cisco / cloudcenter_suite_admin - 5.3.1
cisco / cloudcenter_cost_optimizer - 5.5.2
cisco / business_process_automation 3.2.000.000 3.2.000.009
cisco / business_process_automation 3.1.000.000 3.1.000.044
cisco / business_process_automation - 3.0.000.115
cisco / automated_subsea_tuning - 2.1.0
cisco / nexus_insights - 6.0.2
cisco / advanced_malware_protection_virtual_private_cloud_appliance - 3.5.4
cisco / customer_experience_cloud_agent - 1.12.1
cisco / webex_meetings_server 3.0-maintenance_release3_security_patch5 3.0-maintenance_release3_security_patch5.x
cisco / workload_optimization_manager - 3.2.1
cisco / ucs_central - 2.0\(1p\)
cisco / ucs_director - 6.8.2.0
cisco / sd-wan_vmanage - 20.3.4.1
cisco / optical_network_controller - 1.1.0
cisco / dna_center 2.2.3.0 2.2.3.4
cisco / sd-wan_vmanage 20.4 20.4.2.1
cisco / integrated_management_controller_supervisor - 2.3.2.1
cisco / wan_automation_engine - 7.3.0.2
cisco / virtualized_infrastructure_manager 3.4.0 3.4.4
cisco / sd-wan_vmanage 20.5 20.5.1.1
cisco / network_assurance_engine - 6.0.2
cisco / virtualized_infrastructure_manager - 3.2.0
cisco / dna_center - 2.1.2.8
cisco / sd-wan_vmanage 20.6 20.6.2.1
cisco / virtual_topology_system - 2.6.7
cisco / dna_center 2.2.2.0 2.2.2.8
cisco / smart_phy - 3.2.1
cisco / prime_service_catalog - 12.1
cisco / video_surveillance_operations_manager - 7.14.4
cisco / unity_connection - 11.5\(1\)
cisco / virtualized_voice_browser - 12.5\(1\)
cisco / unified_workforce_optimization - 11.5\(1\)
cisco / unified_sip_proxy - 10.2.1v2
cisco / unified_intelligence_center - 12.6\(1\)
cisco / unified_customer_voice_portal - 11.6
cisco / unified_customer_voice_portal 12.0 12.0.x
cisco / unified_customer_voice_portal 12.5 12.5.x
cisco / unified_contact_center_enterprise - 11.6\(2\)
cisco / unified_contact_center_enterprise 11.6(2) 11.6(2).x
cisco / unified_communications_manager_im_and_presence_service - 11.5\(1\)
cisco / unified_communications_manager - 11.5\(1\)
cisco / unified_communications_manager 11.5(1)su3 11.5(1)su3.x
cisco / unified_communications_manager 11.5(1) 11.5(1).x
cisco / paging_server - 14.4.1
cisco / packaged_contact_center_enterprise - 11.6
cisco / enterprise_chat_and_email - 12.0\(1\)
cisco / emergency_responder - 11.5\(4\)
cisco / contact_center_management_portal - 12.5\(1\)
cisco / contact_center_domain_manager - 12.5\(1\)
cisco / cloud_connect - 12.6\(1\)
cisco / broadworks - 2021.11_1.162
cisco / fxos 6.2.3 6.2.3.x
cisco / fxos 6.3.0 6.3.0.x
cisco / fxos 6.4.0 6.4.0.x
cisco / fxos 6.5.0 6.5.0.x
cisco / fxos 6.6.0 6.6.0.x
cisco / fxos 6.7.0 6.7.0.x
cisco / fxos 7.0.0 7.0.0.x
cisco / fxos 7.1.0 7.1.0.x
cisco / prime_service_catalog 12.1 12.1.x
cisco / firepower_threat_defense 6.2.3 6.2.3.x
cisco / firepower_threat_defense 6.4.0 6.4.0.x
cisco / firepower_threat_defense 6.3.0 6.3.0.x
cisco / unity_connection 11.5 11.5.x
cisco / firepower_threat_defense 6.5.0 6.5.0.x
cisco / firepower_threat_defense 6.6.0 6.6.0.x
cisco / sd-wan_vmanage 20.3 20.3.x
cisco / sd-wan_vmanage 20.6 20.6.x
cisco / sd-wan_vmanage 20.5 20.5.x
cisco / cyber_vision_sensor_management_extension 4.0.2 4.0.2.x
cisco / unified_sip_proxy 010.002(001) 010.002(001).x
cisco / unified_sip_proxy 010.002(000) 010.002(000).x
cisco / unified_sip_proxy 010.000(001) 010.000(001).x
cisco / unified_sip_proxy 010.000(000) 010.000(000).x
cisco / unified_intelligence_center 12.6(2) 12.6(2).x
cisco / unified_intelligence_center 12.6(1)-es02 12.6(1)-es02.x
cisco / unified_intelligence_center 12.6(1)-es01 12.6(1)-es01.x
cisco / unified_intelligence_center 12.6(1) 12.6(1).x
cisco / unified_customer_voice_portal 12.6(1) 12.6(1).x
cisco / unified_customer_voice_portal 12.5(1) 12.5(1).x
cisco / unified_customer_voice_portal 12.0(1) 12.0(1).x
cisco / unified_customer_voice_portal 11.6(1) 11.6(1).x
cisco / unified_contact_center_express 12.5(1)-su1 12.5(1)-su1.x
cisco / unified_contact_center_express 12.5(1) 12.5(1).x
cisco / unified_communications_manager_im_&_presence_service 11.5(1.22900.6) 11.5(1.22900.6).x
cisco / unified_communications_manager_im_&_presence_service 11.5(1) 11.5(1).x
cisco / unified_communications_manager 11.5(1.22900.28) 11.5(1.22900.28).x
cisco / unified_communications_manager 11.5(1.21900.40) 11.5(1.21900.40).x
cisco / unified_communications_manager 11.5(1.18900.97) 11.5(1.18900.97).x
cisco / unified_communications_manager 11.5(1.18119.2) 11.5(1.18119.2).x
cisco / unified_communications_manager 11.5(1.17900.52) 11.5(1.17900.52).x
cisco / paging_server 9.1(1) 9.1(1).x
cisco / paging_server 9.0(2) 9.0(2).x
cisco / paging_server 9.0(1) 9.0(1).x
cisco / paging_server 8.5(1) 8.5(1).x
cisco / paging_server 8.4(1) 8.4(1).x
cisco / paging_server 8.3(1) 8.3(1).x
cisco / paging_server 14.0(1) 14.0(1).x
cisco / paging_server 12.5(2) 12.5(2).x
cisco / unified_contact_center_enterprise 12.6(2) 12.6(2).x
cisco / unified_contact_center_enterprise 12.6(1) 12.6(1).x
cisco / unified_contact_center_enterprise 12.5(1) 12.5(1).x
cisco / unified_contact_center_enterprise 12.0(1) 12.0(1).x
cisco / finesse 12.6(1)-es03 12.6(1)-es03.x
cisco / finesse 12.6(1)-es02 12.6(1)-es02.x
cisco / finesse 12.6(1)-es01 12.6(1)-es01.x
cisco / finesse 12.5(1)-su2 12.5(1)-su2.x
cisco / finesse 12.5(1)-su1 12.5(1)-su1.x
cisco / enterprise_chat_and_email 12.6(1) 12.6(1).x
cisco / enterprise_chat_and_email 12.5(1) 12.5(1).x
cisco / enterprise_chat_and_email 12.0(1) 12.0(1).x
cisco / emergency_responder 11.5(4.66000.14) 11.5(4.66000.14).x
cisco / emergency_responder 11.5(4.65000.14) 11.5(4.65000.14).x
cisco / emergency_responder 11.5 11.5.x
cisco / unified_contact_center_management_portal 12.6(1) 12.6(1).x
cisco / unified_contact_center_express 12.6(2) 12.6(2).x
cisco / unified_contact_center_express 12.6(1) 12.6(1).x
cisco / unified_computing_system 006.008(001.000) 006.008(001.000).x
cisco / ucs_central_software 2.0(1l) 2.0(1l).x
cisco / ucs_central_software 2.0(1k) 2.0(1k).x
cisco / ucs_central_software 2.0(1h) 2.0(1h).x
cisco / ucs_central_software 2.0(1g) 2.0(1g).x
cisco / ucs_central_software 2.0(1f) 2.0(1f).x
cisco / ucs_central_software 2.0(1e) 2.0(1e).x
cisco / ucs_central_software 2.0(1d) 2.0(1d).x
cisco / ucs_central_software 2.0(1c) 2.0(1c).x
cisco / ucs_central_software 2.0(1b) 2.0(1b).x
cisco / ucs_central_software 2.0(1a) 2.0(1a).x
cisco / ucs_central_software 2.0 2.0.x
cisco / integrated_management_controller_supervisor 2.3.2.0 2.3.2.0.x
cisco / integrated_management_controller_supervisor 002.003(002.000) 002.003(002.000).x
cisco / sd-wan_vmanage 20.6.1 20.6.1.x
cisco / sd-wan_vmanage 20.8 20.8.x
cisco / sd-wan_vmanage 20.7 20.7.x
cisco / sd-wan_vmanage 20.4 20.4.x
cisco / optical_network_controller 1.1 1.1.x
cisco / network_assurance_engine 6.0(2.1912) 6.0(2.1912).x
cisco / dna_center 2.2.2.8 2.2.2.8.x
cisco / wan_automation_engine 7.6 7.6.x
cisco / wan_automation_engine 7.5 7.5.x
cisco / wan_automation_engine 7.4 7.4.x
cisco / wan_automation_engine 7.3 7.3.x
cisco / wan_automation_engine 7.2.3 7.2.3.x
cisco / wan_automation_engine 7.2.2 7.2.2.x
cisco / wan_automation_engine 7.2.1 7.2.1.x
cisco / wan_automation_engine 7.1.3 7.1.3.x
cisco / virtual_topology_system 2.6.6 2.6.6.x
cisco / smart_phy 3.2.1 3.2.1.x
cisco / smart_phy 3.1.5 3.1.5.x
cisco / smart_phy 3.1.4 3.1.4.x
cisco / smart_phy 3.1.3 3.1.3.x
cisco / smart_phy 3.1.2 3.1.2.x
cisco / smart_phy 21.3 21.3.x
cisco / intersight_virtual_appliance 1.0.9-343 1.0.9-343.x
cisco / evolved_programmable_network_manager 5.1 5.1.x
cisco / evolved_programmable_network_manager 5.0 5.0.x
cisco / evolved_programmable_network_manager 4.1 4.1.x
cisco / evolved_programmable_network_manager 4.0 4.0.x
cisco / evolved_programmable_network_manager 3.1 3.1.x
cisco / evolved_programmable_network_manager 3.0 3.0.x
cisco / network_dashboard_fabric_controller 11.5(3) 11.5(3).x
cisco / network_dashboard_fabric_controller 11.5(2) 11.5(2).x
cisco / network_dashboard_fabric_controller 11.5(1) 11.5(1).x
cisco / network_dashboard_fabric_controller 11.4(1) 11.4(1).x
cisco / network_dashboard_fabric_controller 11.3(1) 11.3(1).x
cisco / network_dashboard_fabric_controller 11.2(1) 11.2(1).x
cisco / network_dashboard_fabric_controller 11.1(1) 11.1(1).x
cisco / network_dashboard_fabric_controller 11.0(1) 11.0(1).x
cisco / video_surveillance_manager 7.14(4.018) 7.14(4.018).x
cisco / video_surveillance_manager 7.14(3.025) 7.14(3.025).x
cisco / video_surveillance_manager 7.14(2.26) 7.14(2.26).x
cisco / video_surveillance_manager 7.14(1.26) 7.14(1.26).x
cisco / unified_workforce_optimization 11.5(1)-sr7 11.5(1)-sr7.x
cisco / unity_connection 11.5(1.10000.6) 11.5(1.10000.6).x
cisco / cloudcenter_suite 5.3(0) 5.3(0).x
cisco / cloudcenter_suite 5.5(0) 5.5(0).x
cisco / cloudcenter_suite 5.4(1) 5.4(1).x
cisco / automated_subsea_tuning 02.01.00 02.01.00.x
cisco / identity_services_engine 003.002(000.116) 003.002(000.116).x
cisco / identity_services_engine 003.001(000.518) 003.001(000.518).x
cisco / identity_services_engine 003.000(000.458) 003.000(000.458).x
cisco / identity_services_engine 002.007(000.356) 002.007(000.356).x
cisco / identity_services_engine 002.006(000.156) 002.006(000.156).x
cisco / identity_services_engine 002.004(000.914) 002.004(000.914).x
cisco / firepower_threat_defense 7.1.0 7.1.0.x
cisco / firepower_threat_defense 7.0.0 7.0.0.x
cisco / firepower_threat_defense 6.7.0 6.7.0.x
cisco / network_insights_for_data_center 6.0(2.1914) 6.0(2.1914).x
cisco / cx_cloud_agent 001.012 001.012.x
cisco / cloudcenter_suite 5.5(1) 5.5(1).x
cisco / cloudcenter_suite 4.10(0.15) 4.10(0.15).x
cisco / cyber_vision 4.0.2 4.0.2.x
cisco / connected_analytics_for_network_deployment 7.3 7.3.x
cisco / connected_analytics_for_network_deployment 008.000.000.000.004 008.000.000.000.004.x
cisco / connected_analytics_for_network_deployment 008.000.000 008.000.000.x
cisco / connected_analytics_for_network_deployment 007.003.003 007.003.003.x
cisco / connected_analytics_for_network_deployment 007.003.001.001 007.003.001.001.x
cisco / connected_analytics_for_network_deployment 007.003.000 007.003.000.x
cisco / connected_analytics_for_network_deployment 007.002.000 007.002.000.x
cisco / connected_analytics_for_network_deployment 007.001.000 007.001.000.x
cisco / connected_analytics_for_network_deployment 007.000.001 007.000.001.x
cisco / connected_analytics_for_network_deployment 006.005.000.000 006.005.000.000.x
cisco / connected_analytics_for_network_deployment 006.005.000. 006.005.000..x
cisco / connected_analytics_for_network_deployment 006.004.000.003 006.004.000.003.x
cisco / crosswork_network_automation 4.1.1 4.1.1.x
cisco / crosswork_network_automation 4.1.0 4.1.0.x
cisco / crosswork_network_automation 3.0.0 3.0.0.x
cisco / crosswork_network_automation 2.0.0 2.0.0.x
cisco / common_services_platform_collector 002.010(000.000) 002.010(000.000).x
cisco / common_services_platform_collector 002.009(001.002) 002.009(001.002).x
cisco / common_services_platform_collector 002.009(001.001) 002.009(001.001).x
cisco / common_services_platform_collector 002.009(001.000) 002.009(001.000).x
cisco / common_services_platform_collector 002.009(000.002) 002.009(000.002).x
cisco / common_services_platform_collector 002.009(000.001) 002.009(000.001).x
cisco / common_services_platform_collector 002.009(000.000) 002.009(000.000).x
snowsoftware / vm_access_proxy - 3.6
snowsoftware / snow_commander - 8.10.0
percussion / rhythmyx - 7.3.2.x
org.apache.logging.log4j / log4j-core 2.13.0 2.15.0
org.apache.logging.log4j / log4j-core - 2.3.1
org.apache.logging.log4j / log4j-core 2.4 2.12.2
apple / xcode - 13.3
siemens / 6bk1602-0aa12-0tp0_firmware - 2.7.0
siemens / 6bk1602-0aa22-0tp0_firmware - 2.7.0
siemens / 6bk1602-0aa32-0tp0_firmware - 2.7.0
siemens / 6bk1602-0aa42-0tp0_firmware - 2.7.0
siemens / 6bk1602-0aa52-0tp0_firmware - 2.7.0
siemens / capital - 2019.1
siemens / capital 2019.1 2019.1.x
siemens / capital 2019.1-sp1912 2019.1-sp1912.x
siemens / mindsphere - 2021-12-16
siemens / opcenter_intelligence 3.2 3.5
siemens / desigo_cc_advanced_reports 3.0 3.0.x
siemens / comos - 10.4.2
siemens / energyip_prepay - 3.8.0.12
siemens / siguard_dsa 4.2 4.4.1
siemens / vesys 2020.1 2020.1.x
siemens / vesys 2021.1 2021.1.x
intel / datacenter_manager - 5.1
sonicwall / email_security - 10.0.13
bentley / synchro 6.1 6.2.4.2
bentley / synchro_4d - 6.4.3.2