CB-K21/1283 Update 7
Risikostufe 4
Titel:Apache log4j: Schwachstelle ermöglicht CodeausführungDatum:27.12.2021Software:Apache log4j < 2.12.2, Apache log4j < 2.16.0, Amazon Linux 2, Debian Linux, HCL Domino, HCL Notes, IBM WebSphere Application Server, Red Hat Enterprise Linux, Ubuntu Linux, Apache Solr, Avaya Analytics, Avaya Aura Application Enablement Services, Avaya Aura Device Services, Avaya Aura Media Server, Avaya Aura Session Manager, Avaya Aura System Manager, Avaya Aura Web Gateway, Avaya Breeze Platform, Avaya Oceana, Avaya Session Border Controller, Cisco Emergency Responder (ER), Cisco Finesse, Cisco Firepower, Cisco Identity Services Engine (ISE), Cisco Integrated Management Controller, Cisco Network Services Orchestrator, Cisco Nexus, Cisco SD-WAN, Cisco Unified Communications Manager (CUCM), Cisco Unified Communications Manager IM & Presence Service, Cisco Unified Computing System (UCS), Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express (UCCX), Cisco Unified Intelligence Center, Cisco Unity Connection, Cisco Video Surveillance Operations Manager, Cisco WebEx Meetings Server, TIBCO Managed File Transfer Server, TIBCO Spotfire, TIBCO Spotfire Statistics Services, Unify OpenScape Contact Center, Unify OpenScape Mediaserver, Unify OpenScape UC Application, Unify OpenScape Voice, Citrix Systems Virtual Apps and Desktops, HCL Commerce, IBM MQ, Cisco Application Policy Infrastructure Controller, Cisco Unified Communications Manager (CUCM) Session Management Edition, IBM Security Guardium Insights, NetApp ActiveIQ Unified Manager, VMware Carbon Black Cloud Workload, VMware Cloud Director Object Storage Extension, VMware Cloud Foundation, VMware Horizon, VMware Identity Manager, VMware NSX Data Center for vSphere, VMware SD-WAN by VeloCloud, VMware vCenter Server, VMware vRealize Log Insight, VMware vRealize Operations, VMware vRealize Operations Cloud Proxy, VMware Workspace One Access, VMware Workspace One Access Connector, Apache log4j < 2.12.3, Apache log4j < 2.3.1, F-Secure Policy Manager, IBM DB2, IBM QRadar SIEM, IBM SPSS, IBM Tivoli Netcool/OMNIbus, Wibu-Systems CodeMeterPlattform:Applicance, CISCO Appliance, Hardware Appliance, Linux, Native Hypervisor, NetApp Appliance, Sonstiges, UNIX, WindowsAuswirkung:Ausführen beliebigen ProgrammcodesRemoteangriff:JaRisiko:hochCVE Liste:CVE-2021-45046Bezug:
Beschreibung
Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Code auszuführen.
Quellen:
- Apache Log4j Security Vulnerabilities vom 2021-12-13
- Lunasec Blog "Log4Shell Update" vom 2021-12-14
- HCL Article KB0095516 vom 2021-12-16
- Red Hat Security Advisory RHSA-2021:5148 vom 2021-12-16
- Ubuntu Security Notice USN-5197-1 vom 2021-12-15
- Red Hat Security Advisory RHSA-2021:5106 vom 2021-12-16
- Amazon Linux Security Advisory ALAS-2021-1730 vom 2021-12-16
- IBM Security Bulletin 6526750 vom 2021-12-16
- Debian Security Advisory DSA-5022 vom 2021-12-16
- CloudFlare Blog vom 2021-12-16
- Red Hat Security Advisory RHSA-2021:5186 vom 2021-12-17
- Cisco Security Advisory CISCO-SA-APACHE-LOG4J-QRUKNEBD vom 2021-12-17
- Red Hat Security Advisory RHSA-2021:5183 vom 2021-12-17
- Red Hat Security Advisory RHSA-2021:5184 vom 2021-12-17
- Red Hat Security Advisory RHSA-2021:5141 vom 2021-12-16
- Siemens Security Advisory SSA-714170 vom 2021-12-16
- Red Hat Security Advisory RHSA-2021:5107 vom 2021-12-16
- Log4j Vulnerabilities Impact On Oracle E-Business Suite Analysis
- Apache Log4j Security Vulnerabilities vom 2021-12-16
- Apache Log4j Security Vulnerabilities vom 2021-12-16
- Tibco Apache Log4J Vulnerability Daily Update
- Atos Security Advisory Report - OBSO-2112-01
- Avaya Product Security Apache Log4J Vulnerability vom 2021-12-17
- Amazon Linux Security Advisory ALAS-2021-1553 vom 2021-12-18
- Amazon Linux Security Advisory ALASCORRETTO8-2021-001 vom 2021-12-20
- IBM Security Bulletin 6527924 vom 2021-12-17
- Amazon Linux Security Advisory ALASJAVA-OPENJDK11-2021-001 vom 2021-12-20
- HCL Article KB0095587 vom 2021-12-17
- Citrix Security Advisory CTX335705 vom 2021-12-20
- Amazon Linux Security Advisory ALAS-2021-1731 vom 2021-12-18
- Amazon Linux Security Advisory ALAS-2021-004 vom 2021-12-18
- IBM Security Bulletin 6528372 vom 2021-12-21
- NetApp Security Advisory NTAP-20211215-0001 vom 2021-12-20
- Apache Log4j 2 Release Notes
- IBM Security Bulletin 6528672 vom 2021-12-22
- Incident Report for F-Secure services
- Apache Log4j2 Advisory
- IBM Security Bulletin 6529162 vom 2021-12-22
- IBM Security Bulletin 6536704 vom 2021-12-23
- IBM Security Bulletin 6536870 vom 2021-12-23
- IBM Security Bulletin 6536868 vom 2021-12-23
- WIBU Security Advisory WIBU-211215-01 vom 2021-12-23
- IBM Security Bulletin 6537184 vom 2021-12-27
- IBM Security Bulletin 6537182 vom 2021-12-27
- IBM Security Bulletin 6537186 vom 2021-12-27
- IBM Security Bulletin 6537142 vom 2021-12-25
- IBM Security Bulletin 6537180 vom 2021-12-27