CVE Details for CVE: CVE-2021-45046
Summary
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
Timestamps
Last major update 20-04-2022 - 00:16
Published 14-12-2021 - 19:15
Last modified 20-04-2022 - 00:16
Vulnerable Configurations
  • cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.3.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.3.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.3.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.3.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.3.2:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.3.2:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.3.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.3.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.5:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.5:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6.2:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6.2:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.6.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.6.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.7:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.7:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.7:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.7:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.8:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.8:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.8.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.8.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.8.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.8.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.8.2:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.8.2:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.8.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.8.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.9.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.9.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.9.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.9.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.9.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.9.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.10.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.10.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.10.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.10.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.11.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.11.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.11.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.11.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.11.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.11.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.11.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.11.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.11.2:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.11.2:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.11.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.11.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.11.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.11.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.11.2:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.11.2:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.12.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.12.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.12.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.12.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.12.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.12.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.12.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.12.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.12.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.12.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.13.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.13.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.13.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.13.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.13.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.13.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.13.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.13.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.13.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.13.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.13.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.13.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.13.2:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.13.2:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.13.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.13.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.13.3:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.13.3:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.13.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.13.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.14.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.14.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.14.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.14.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.14.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.14.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.14.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.14.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.15.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.15.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.15.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.15.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.15.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.15.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:log4j:2.15.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:log4j:2.15.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*
    cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*
  • cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*
    cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*
  • cpe:2.3:a:intel:datacenter_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:intel:datacenter_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*
    cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*
  • cpe:2.3:a:intel:oneapi:-:*:*:*:*:eclipse:*:*
    cpe:2.3:a:intel:oneapi:-:*:*:*:*:eclipse:*:*
  • cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*
    cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*
  • cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*
    cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*
  • cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*
    cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*
  • cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*
    cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*
    cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*
  • cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*
    cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*
  • cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:logo\!_soft_comfort:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:logo\!_soft_comfort:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:opcenter_intelligence:-:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:opcenter_intelligence:-:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*
    cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*
  • cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*
    cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*
  • cpe:2.3:a:siemens:spectrum_power_4:-:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:spectrum_power_4:-:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*
    cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*
  • cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*
    cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*
  • cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*
    cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*
  • cpe:2.3:a:siemens:spectrum_power_7:2.20:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:spectrum_power_7:2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*
    cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*
  • cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*
    cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*
  • cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:tracealertserverplus:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:tracealertserverplus:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*
    cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*
  • cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*
    cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*
  • cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sonicwall:email_security:-:*:*:*:*:*:*:*
    cpe:2.3:a:sonicwall:email_security:-:*:*:*:*:*:*:*
  • cpe:2.3:a:sonicwall:email_security:10.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:sonicwall:email_security:10.0.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
  • An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.
CWE
CVSS
Base
5.1
Impact
6.4
Exploitability
4.9
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
CVSS3
Base
9.0
Impact
6.0
Exploitability
2.2
Access
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
HIGH NETWORK NONE CHANGED NONE
Impact
ConfidentialityIntegrityAvailability
HIGH HIGH HIGH
VIA4 references
cvss-vector via4
AV:N/AC:H/Au:N/C:P/I:P/A:P
cvss3-vector via4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H