CVE Details for CVE: CVE-2021-45046
Summary
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
| Timestamps | |
|---|---|
| Last major update | 27-12-2021 - 03:15 |
| Published | 14-12-2021 - 19:15 |
| Last modified | 27-12-2021 - 03:15 |
References
- http://www.openwall.com/lists/oss-security/2021/12/14/4
- https://logging.apache.org/log4j/2.x/security.html
- https://www.cve.org/CVERecord?id=CVE-2021-44228
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
- http://www.openwall.com/lists/oss-security/2021/12/15/3
- https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
- https://www.kb.cert.org/vuls/id/930724
- https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
- https://www.debian.org/security/2021/dsa-5022
- https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
- http://www.openwall.com/lists/oss-security/2021/12/18/1
- https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/
Vulnerable Configurations
-
cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.0.2:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.1:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.1:rc2:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.1:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.1:rc3:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.2:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.3:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.4:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.4.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.5:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.5:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.5:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.5:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.5:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.6:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.6.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.1:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.6.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.1:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.2:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.6.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.2:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.6.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.6.2:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.7:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.7:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.7:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.7:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.7:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.7:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.7:rc2:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.8:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.8:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.8.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.1:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.8.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.1:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.8.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.2:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.8.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.8.2:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.9.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.9.0:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.9.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.9.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.9.1:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.10.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.10.0:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.10.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.11.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.0:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.11.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.1:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.11.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.1:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.11.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.11.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.11.2:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:rc2:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.11.2:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.11.2:rc3:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.12.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.0:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.0:rc2:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.12.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.1:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.12.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.12.1:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.13.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.0:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.13.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.13.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.0:rc2:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.13.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.1:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.13.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.1:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.13.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.1:rc2:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.13.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.2:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.13.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.2:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.13.3:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.3:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.13.3:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.13.3:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.14.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.0:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.14.1:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.1:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.14.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.14.1:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.15.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.0:-:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.15.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.15.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.0:rc2:*:*:*:*:*:*
-
cpe:2.3:a:apache:log4j:2.15.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:log4j:2.15.1:rc1:*:*:*:*:*:*
-
cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*
cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*
-
cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*
cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*
-
cpe:2.3:a:intel:datacenter_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:intel:datacenter_manager:-:*:*:*:*:*:*:*
-
cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*
cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*
-
cpe:2.3:a:intel:oneapi:-:*:*:*:*:eclipse:*:*
cpe:2.3:a:intel:oneapi:-:*:*:*:*:eclipse:*:*
-
cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*
cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*
-
cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*
cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*
-
cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*
cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*
-
cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*
cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*
-
cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*
-
cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*
cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*
-
cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*
cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*
-
cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*
cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*
cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*
cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*
cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:logo\!_soft_comfort:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:logo\!_soft_comfort:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:opcenter_intelligence:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:opcenter_intelligence:-:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*
-
cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*
-
cpe:2.3:a:siemens:spectrum_power_4:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:spectrum_power_4:-:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*
cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*
-
cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*
cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*
-
cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*
cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*
-
cpe:2.3:a:siemens:spectrum_power_7:2.20:*:*:*:*:*:*:*
cpe:2.3:a:siemens:spectrum_power_7:2.20:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*
cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*
cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*
-
cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*
cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*
-
cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*
cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*
-
cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*
cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*
-
cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*
-
cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
-
cpe:2.3:a:sonicwall:email_security:-:*:*:*:*:*:*:*
cpe:2.3:a:sonicwall:email_security:-:*:*:*:*:*:*:*
-
cpe:2.3:a:sonicwall:email_security:10.0.9:*:*:*:*:*:*:*
cpe:2.3:a:sonicwall:email_security:10.0.9:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
-
Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.
CWE
CVSS
Base
5.1
Impact
6.4
Exploitability
4.9
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | HIGH | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| PARTIAL | PARTIAL | PARTIAL |
CVSS3
Base
9.0
Impact
6.0
Exploitability
2.2
Access
| Attack Complexity | Attack vector | Privileges Required | Scope | User Interaction |
|---|---|---|---|---|
| HIGH | NETWORK | NONE | CHANGED | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| HIGH | HIGH | HIGH |