CB-K21/1317 Update 25
Risikostufe 3
Titel:Apache log4j: Schwachstelle ermöglicht CodeausführungDatum:09.06.2022Software:Apache log4j < 2.12.4, Apache log4j < 2.17.1, Apache log4j < 2.3.2, Debian Linux, Apache Struts, IBM WebSphere Application Server, Cisco Application Policy Infrastructure Controller, Cisco Emergency Responder (ER) Director, Cisco Finesse Director, Cisco Firepower, Cisco Identity Services Engine (ISE), Cisco Integrated Management Controller Supervisor, Cisco Network Services Orchestrator, Cisco Nexus Dashboard, Cisco Nexus Insights, Cisco SD-WAN vManage, Cisco Unified Communications Manager (CUCM) Director, Cisco Unified Communications Manager IM & Presence Service Director, Cisco Unified Computing System (UCS), Cisco Unified Computing System (UCS) Director, Cisco Unified Contact Center Enterprise Director, Cisco Unified Contact Center Express (UCCX) Director, Cisco Unified Intelligence Center Director, Cisco Unity Connection Director, Cisco Video Surveillance Operations Manager Director, Cisco WebEx Meetings Server, HPE Intelligent Management Center (IMC), SOS GmbH JobScheduler, IBM Security Guardium, Ubuntu Linux, Red Hat Enterprise Linux, IBM DB2, Amazon Linux 2, IBM Tivoli Netcool/OMNIbus, Avaya Aura Application Enablement Services, Avaya Aura Experience Portal, Avaya one-X, IBM Rational Software ArchitectPlattform:CISCO Appliance, Linux, Sonstiges, UNIX, WindowsAuswirkung:Ausführen beliebigen ProgrammcodesRemoteangriff:JaRisiko:mittelCVE Liste:CVE-2021-44832Bezug:
Beschreibung
Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Programmcode auszuführen.
Quellen:
- Apache Log4j 2 Website vom 2021-12-28
- Debian Security Advisory DLA-2870 vom 2021-12-30
- Apache Struts Announcement
- IBM Security Bulletin 6538148 vom 2022-01-05
- Cisco Security Advisory cisco-sa-apache-log4j-qRuKNEbd vom 2022-01-06
- JobScheduler Vulnerability Release 1.13.11 vom 2022-01-10
- HPE Security Bulletin HPESBGN04215 rev.10 vom 2022-01-08
- IBM Security Bulletin 6539408 vom 2022-01-11
- Ubuntu Security Notice USN-5222-1 vom 2022-01-11
- JobScheduler Vulnerability Release 2.2.1 vom 2022-01-11
- Red Hat Security Advisory RHSA-2022:0138 vom 2022-01-13
- IBM Security Bulletin 6540676 vom 2022-01-15
- IBM Security Bulletin 6540560 vom 2022-01-15
- IBM Security Bulletin 6540846 vom 2022-01-15
- IBM Security Bulletin 6540692 vom 2022-01-15
- IBM Security Bulletin 6540874 vom 2022-01-15
- Red Hat Security Advisory RHSA-2022:0203 vom 2022-01-20
- Red Hat Security Advisory RHSA-2022:0226 vom 2022-01-21
- Red Hat Security Advisory RHSA-2022:0227 vom 2022-01-21
- Red Hat Security Advisory RHSA-2022:0083 vom 2022-01-20
- Red Hat Security Advisory RHSA-2022:0225 vom 2022-01-21
- Red Hat Security Advisory RHSA-2022:0216 vom 2022-01-20
- Red Hat Security Advisory RHSA-2022:0222 vom 2022-01-21
- Red Hat Security Advisory RHSA-2022:0205 vom 2022-01-20
- Red Hat Security Advisory RHSA-2022:0223 vom 2022-01-21
- Red Hat Security Advisory RHSA-2022:0230 vom 2022-01-22
- IBM Security Bulletin 6549888 vom 2022-01-25
- Red Hat Security Advisory RHSA-2022:0236 vom 2022-01-25
- Red Hat Security Advisory RHSA-2022:0181 vom 2022-01-27
- Amazon Linux Security Advisory ALAS-2022-011 vom 2022-01-27
- IBM Security Bulletin 6551310 vom 2022-01-28
- Amazon Linux Security Advisory ALAS-2022-1734 vom 2022-01-27
- IBM Security Bulletin 6552546 vom 2022-02-02
- IBM Security Bulletin 6553026 vom 2022-02-05
- Red Hat Security Advisory RHSA-2022:0467 vom 2022-02-08
- Red Hat Security Advisory RHSA-2022:0485 vom 2022-02-16
- Red Hat Security Advisory RHSA-2022:0493 vom 2022-02-16
- HCL Article KB0097299 vom 2022-03-23
- Red Hat Security Advisory RHSA-2022:1296 vom 2022-04-11
- Red Hat Security Advisory RHSA-2022:1297 vom 2022-04-11
- Red Hat Security Advisory RHSA-2022:1299 vom 2022-04-11
- AVAYA Security Advisory ASA-2022-001 vom 2022-04-25
- IBM Security Bulletin 6593439 vom 2022-06-09