製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache Log4j における任意のコードが実行可能な脆弱性

Title	Apache Log4j における任意のコードが実行可能な脆弱性
Summary	Log4j には JNDI Lookup 機能による外部入力値の検証不備に起因して任意の Java コードを実行可能な脆弱性が存在します。 The Apache Software Foundation が提供する Log4j は、Java ベースのロギングライブラリです。Log4j には、ログに記載された文字列から一部の値を変数として評価する Lookup 機能が実装されています。その Lookup 機能の内、JNDI Lookup 機能を悪用することにより、ログに含まれる外部の URL もしくは内部パスから Java のクラス情報をデシリアライズして実行してしまう問題（CWE-20, CVE-2021-44228）が発見されました。これにより、遠隔の攻撃者が細工した文字列を脆弱なシステムのログに記載させ、結果として任意の Java コードをシステムに実行させることが可能です。
Possible impacts	遠隔の攻撃者により細工された文字列を Log4j がログに記録することにより、システム上で任意の Java コードが実行される可能性があります。
Solution	[アップデートする] 開発者により、本脆弱性を修正した以下のバージョンが提供されています。開発者が提供する情報をもとに、最新版にアップデートしてください。なお、本アップデートでは、Log4j の Lookup 機能が削除されており、JNDI へのアクセスがデフォルトで無効化されています。　* Java 8のユーザ向け修正版　　* Log4j 2.17.1 　* Java 7のユーザ向け修正版　　* Log4j 2.12.4 　* Java 6のユーザ向け修正　　* Log4j 2.3.2 開発者は当初、本脆弱性に対する修正版として 2.15.0 をリリースしていましたが、特定の構成において任意のコード実行が行われる可能性があることが判明し、Lookup 機能を削除した上で JNDI 機能そのものをデフォルトで無効化した 2.16.0 および 2.12.2 が改めてリリースされました。この問題に対しては CVE-2021-45046 が採番されています。 2021年12月18日、開発者は Log4j 2.0-alpha1 から 2.16.0 までのバージョンにおいて、再帰的（self-referential）なLookup を行う設定下において、サービス運用（DoS）が行われる脆弱性が新たに発見されたとして、バージョン 2.17.0 をリリースしました。この脆弱性に対しては CVE-2021-45105 が採番されています。 2021年12月21日、開発者は一連の脆弱性を修正したバージョンとして、Java 6 ユーザ向けに 2.3.1 を、Java 7 ユーザ向けに 2.12.3 をリリースしました。 2021年12月28日、開発者は Log4j2 2.0-beta7 から 2.17.0（2.3.2 および 2.12.4 を除く）において、攻撃者がログ出力設定を変更できる場合に限り任意のコード実行が行われる可能性があるとして、Log4j 2.17.1、2.12.4、2.3.2 をリリースしました。この修正では、JNDI のデータソースを Java プロトコルに制限する変更が行われました。この脆弱性に対しては CVE-2021-44832 が採番されています。 [ワークアラウンドを実施する] 以下の回避策を適用することにより、本脆弱性の悪用を防ぐことが可能です。　* JndiLookup クラスをクラスパスから除外する　　* 例: zip -q -d log4j-core-.jar org/apache/logging/log4j/core/lookup/JndiLookup.class 　　この回避策は CVE-2021-45046 に対しても有効です　* Log4j を実行する Java 仮想マシンを起動する際に log4j2.formatMsgNoLookups を true に設定する（Log4j 2.10 およびそれ以降のバージョンが対象）　　* 例: -Dlog4j2.formatMsgNoLookups=true 　　* この回避策は CVE-2021-45046 に対して有効ではありません　* 環境変数 LOG4J_FORMAT_MSG_NO_LOOKUPS を true に設定する（Log4j 2.10 およびそれ以降のバージョンが対象）　　* この回避策は CVE-2021-45046 に対して有効ではありませんまた、本脆弱性の影響を軽減するため、システムから外部への接続を制限するアクセス制御を実施または強化することも有効です。
Publication Date	Dec. 13, 2021, midnight
Registration Date	Dec. 14, 2021, 4:37 p.m.
Last Update	Dec. 15, 2022, 10:24 a.m.

CVSS3.0 : 緊急
Score	10
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS2.0 : 危険
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected System

Apache Software Foundation

Apache Log4j 2.13.0 から 2.15.0 より前のバージョン

Apache Log4j core 2.0-beta9 から 2.12.1 より前のバージョン

日本電気

ACOS Access Toolkit

CONNEXIVE Application Platform

CONNEXIVE Edge Device Management

CONNEXIVE PF

ESMPRO/UPSManager

IoT 共通基盤

SystemDirector Enterprise

UniversalBackup

WebSAM SystemManager G

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-44228	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
2	CVE-2021-45046	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
3	CVE-2021-45105	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
National Vulnerability Database (NVD)
4	CVE-2021-44228	https://nvd.nist.gov/vuln/detail/CVE-2021-44228
5	CVE-2021-45046	https://nvd.nist.gov/vuln/detail/CVE-2021-45046
6	CVE-2021-45105	https://nvd.nist.gov/vuln/detail/CVE-2021-45105

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Apache
1	Apache Log4j Security Vulnerabilities - Fixed in Log4j 2.15.0	https://logging.apache.org/log4j/2.x/security.html
Hitachi Incdent Response Team
2	HIRT-PUB21001：Apache Log4jの脆弱性	https://www.hitachi.co.jp/hirt/publications/hirt-pub21001/
Hitachi Software Vulnerability Information
3	hitachi-sec-2021-145	https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-145/index.html
4	hitachi-sec-2021-146	https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-146/index.html
5	hitachi-sec-2021-147	https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-147/index.html
6	hitachi-sec-2021-315	https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_315.html
Intel Product Security Center
7	INTEL-SA-00646	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
NEC製品セキュリティ情報
8	NV22-001	https://jpn.nec.com/security-info/secinfo/nv22-001.html
Security Advisory
9	JCI‐PSA‐2022‐01	https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2022/jci-psa-2022-01.pdf
Siemens
10	Siemens ProductCERT and Siemens CERT	https://new.siemens.com/global/en/products/services/cert.html
Siemens Security Advisory
11	SSA-397453: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlertServerPLUS	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
12	SSA-479842: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer (Platform, Basic and Advanced)	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
13	SSA-501673: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products	https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
14	SSA-661247: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
15	SSA-714170: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000s	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
16	SSA-784507: Apache Log4j Vulnerability (CVE-2021-44832) via JDBC Appender - Impact to Siemens Products	https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf
17	SSA-978692: Apache Log4j Vulnerabilities - Impact to Siemens Energy Omnivise Fleet Management	https://cert-portal.siemens.com/productcert/pdf/ssa-978692.pdf
SKYSEA Client View
18	Javaライブラリ「Apache Log4j」の脆弱性について	https://www.skyseaclientview.net/news/211222_01/
Soliton Systems K.K.
19	【情報】Apache Log4j 脆弱性の影響について	https://www.soliton.co.jp/support/2021/004618.html
Yokogawa Security Advisory Report
20	YSAR-22-0003: Apache Log4j 脆弱性の影響を受ける横河製品	https://web-material3.yokogawa.com/19/32348/files/YSAR-22-0003-J.pdf
サイボウズからのお知らせ
21	Apache Log4j ライブラリの脆弱性（CVE-2021-44228）のサイボウズ製品への影響について（2021/12/13）	https://cs.cybozu.co.jp/2021/007558.html
サイレックス・テクノロジー株式会社
22	Apache Log4j脆弱性に対する各製品の影響について	https://www.silex.jp/backnumber/support/info_220113_Log4jNotapplicable.html
ソフトウェア製品セキュリティ情報
23	hitachi-sec-2021-145	https://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2021-145/index.html
24	hitachi-sec-2021-146	https://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2021-146/index.html
25	hitachi-sec-2021-147	https://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2021-147/index.html
26	hitachi-sec-2021-225	https://www.hitachi.co.jp/products/it/server/security/info/vulnerable/hitachi_sec_2021_225.html
27	hitachi-sec-2021-226	https://www.hitachi.co.jp/products/it/server/security/info/vulnerable/hitachi_sec_2021_226.html
28	hitachi-sec-2021-315	https://www.hitachi.co.jp/products/it/storage-solutions/techsupport/sec_info/sec_2021_315.html
トレンドマイクロ
29	アラート/アドバイザリ：Apache Log4j の脆弱性（CVE-2021-44228）について	https://success.trendmicro.com/jp/solution/000289941
三菱電機株式会社
30	Apache Log4jにおける複数の脆弱性(Log4shell)の影響について	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-030.pdf
富士通セキュリティ情報
31	Apache Log4jにおける任意のコードが実行可能な脆弱性（CVE-2021-44228）	https://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2021/jvn-96768815.html
東芝デジタルソリューションズ
32	MAGNIA シリーズ	https://www.toshiba-sol.co.jp/pro/magnia/
33	PowerChute Business Edition v10.0 における Apache Log4j の脆弱性対策について (CVE-2021-44228)	https://www.toshiba-sol.co.jp/pro/magnia/tech/pcbe_apatch_log4j.htm
34	ダウンロードモジュール情報	http://magnia.toshiba-dme.co.jp/download/index.php?action=DispInfo&dl_id=1986%22%20target=%22_blank

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-22-034-01	https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-01
JPCERT 緊急報告
2	JPCERT-AT-2021-0050	https://www.jpcert.or.jp/at/2021/at210050.html
JVN
3	JVNVU#94360308	https://jvn.jp/vu/JVNVU94360308/index.html
4	JVNVU#96768815	https://jvn.jp/vu/JVNVU96768815/
5	JVNVU#98748974	https://jvn.jp/vu/JVNVU98748974/index.html
US-CERT Vulnerability Note
6	VU#930724	https://kb.cert.org/vuls/id/930724
関連文書
7	Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package	https://www.lunasec.io/docs/blog/log4j-zero-day/
8	Restrict LDAP access via JNDI #608	https://github.com/apache/logging-log4j2/pull/608

Change Log

No	Changed Details	Date of change
18	[2022年02月15日] ベンダ情報：東芝 (MAGNIA シリーズ) を追加ベンダ情報：東芝 (PowerChute Business Edition v10.0 における Apache Log4j の脆弱性対策について (CVE-2021-44228)) を追加ベンダ情報：東芝 (ダウンロードモジュール情報) を追加	Feb. 15, 2022, 1:42 p.m.
19	[2022年02月21日] ベンダ情報：横河電機株式会社 (YSAR-22-0003: Apache Log4j 脆弱性の影響を受ける横河製品) を追加	Feb. 21, 2022, 12:16 p.m.
17	[2022年02月14日] ベンダ情報：シーメンス (SSA-978692: Apache Log4j Vulnerabilities - Impact to Siemens Energy Omnivise Fleet Management) を追加参考情報：JVN (JVNVU#98748974) を追加	Feb. 14, 2022, 12:19 p.m.
12	[2022年01月06日] ベンダ情報：富士通 (Apache Log4jにおける任意のコードが実行可能な脆弱性（CVE-2021-44228）) を追加	Jan. 14, 2022, 11:51 a.m.
13	[2022年01月11日] ベンダ情報：日立 (HIRT-PUB21001：Apache Log4jの脆弱性) を追加	Jan. 14, 2022, 11:52 a.m.
14	[2022年01月14日] ベンダ情報：サイレックス・テクノロジー株式会社 (Apache Log4j脆弱性に対する各製品の影響について) を追加	Jan. 14, 2022, 11:53 a.m.
15	[2022年01月27日] ベンダ情報：日本電気 (NV22-001) を追加	Jan. 27, 2022, 11 a.m.
16	[2022年02月08日] ベンダ情報：ジョンソンコントロールズ (JCI‐PSA‐2022‐01) を追加参考情報：ICS-CERT ADVISORY (ICSA-22-034-01) を追加	Feb. 8, 2022, 1:58 p.m.
11	[2022年01月05日] 対策：内容を更新ベンダ情報：シーメンス (SSA-784507: Apache Log4j Vulnerability (CVE-2021-44832) via JDBC Appender - Impact to Siemens Products) を追加	Jan. 14, 2022, 11:50 a.m.
8	[2021年12月27日] 対策：内容を更新	Dec. 27, 2021, 11:46 a.m.
9	[2021年12月28日] 参考情報：JVN (JVNVU#94360308) を追加	Dec. 28, 2021, 12:14 p.m.
10	[2022年01月04日] ベンダ情報：日立 (hitachi-sec-2021-315) を追加ベンダ情報：日立 (hitachi-sec-2021-225) を追加ベンダ情報：日立 (hitachi-sec-2021-226) を追加	Jan. 14, 2022, 11:50 a.m.
7	[2021年12月24日] CVSS による深刻度：内容を更新	Dec. 24, 2021, 4:05 p.m.
6	[2021年12月23日] 対策：内容を更新ベンダ情報：シーメンス (SSA-479842: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer (Platform, Basic and Advanced) を追加ベンダ情報：Ｓｋｙ株式会社 (Javaライブラリ「Apache Log4j」の脆弱性について) を追加	Dec. 23, 2021, 3:28 p.m.
5	[2021年12月22日] ベンダ情報：シーメンス (SSA-397453: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlertServerPLUS) を追加ベンダ情報：インテル (INTEL-SA-00646) を追加ベンダ情報：株式会社ソリトンシステムズ (【情報】Apache Log4j 脆弱性の影響について) を追加	Dec. 22, 2021, 1:37 p.m.
4	[2021年12月21日] ベンダ情報：シーメンス (Siemens ProductCERT and Siemens CERT) を追加ベンダ情報：シーメンス (SSA-661247: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products) ベンダ情報：シーメンス (SSA-714170: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000s) ベンダ情報：シーメンス (SSA-501673: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products) ベンダ情報：日立 (hitachi-sec-2021-147) を追加ベンダ情報：日立 (hitachi-sec-2021-146) を追加ベンダ情報：日立 (hitachi-sec-2021-145) を追加対策：内容を更新共通脆弱性識別子(CVE)：CVE-2021-45105 を追加参考情報：National Vulnerability Database (NVD) (CVE-2021-45105) を追加	Dec. 21, 2021, 11:54 a.m.
3	[2021年12月17日] ベンダ情報：サイボウズ (Apache Log4j ライブラリの脆弱性（CVE-2021-44228）のサイボウズ製品への影響について（2021/12/13）) を追加	Dec. 17, 2021, 1:53 p.m.
1	[2021年12月14日] 掲載	Dec. 14, 2021, 4:37 p.m.
2	[2021年12月16日] 影響を受けるシステム：内容を更新対策：内容を更新ベンダ情報：トレンドマイクロ (アラート/アドバイザリ：Apache Log4j の脆弱性（CVE-2021-44228）について) を追加共通脆弱性識別子(CVE)：CVE-2021-45046 を追加参考情報：National Vulnerability Database (NVD) (CVE-2021-45046) を追加参考情報：US-CERT Vulnerability Note (VU#930724) を追加	Dec. 16, 2021, 6:10 p.m.
20	[2022年03月30日] ベンダ情報：三菱電機 (Apache Log4jにおける複数の脆弱性(Log4shell)の影響について) を追加	March 30, 2022, 1:39 p.m.
21	[2022年08月09日] 影響を受けるシステム：ベンダ情報 (NV22-001) の更新に伴い内容を更新	Aug. 9, 2022, 4:44 p.m.
22	[2022年09月26日] 影響を受けるシステム：ベンダ情報 (NV22-001) の更新に伴い内容を更新	Sept. 26, 2022, 4:01 p.m.
23	[2022年12月15日] 影響を受けるシステム：ベンダ情報 (NV22-001) の更新に伴い内容を更新	Dec. 15, 2022, 10:03 a.m.

NVD Vulnerability Information

CVE-2021-44228

Summary	Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Publication Date	Dec. 10, 2021, 7:15 p.m.
Registration Date	Dec. 11, 2021, 10 a.m.
Last Update	Nov. 21, 2024, 3:30 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:log4j:2.0:rc1::::::
cpe:2.3:a:apache:log4j:2.0:beta9::::::
cpe:2.3:a:apache:log4j:2.0:rc2::::::
cpe:2.3:a:apache:log4j:2.0:-::::::
cpe:2.3:a:apache:log4j::::::::	2.13.0			2.15.0
cpe:2.3:a:apache:log4j::::::::	2.0.1			2.3.1
cpe:2.3:a:apache:log4j::::::::	2.4.0			2.12.2

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:sppa-t3000_ses3000:-:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:siemens:logo\!_soft_comfort::::::::
cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7::::::
cpe:2.3:a:siemens:spectrum_power_4:4.70:-::::::
cpe:2.3:a:siemens:spectrum_power_4::::::::				4.70
cpe:2.3:a:siemens:siveillance_control_pro::::::::
cpe:2.3:a:siemens:energyip_prepay:3.7:::::::*
cpe:2.3:a:siemens:energyip_prepay:3.8:::::::*
cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8::::::
cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*
cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
cpe:2.3:a:siemens:siveillance_command::::::::		4.16.2.1
cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
cpe:2.3:a:siemens:head-end_system_universal_device_integration_system::::::::
cpe:2.3:a:siemens:gma-manager::::::::				8.6.2j-398
cpe:2.3:a:siemens:energyip:8.5:::::::*
cpe:2.3:a:siemens:energyip:8.6:::::::*
cpe:2.3:a:siemens:energyip:8.7:::::::*
cpe:2.3:a:siemens:energyip:9.0:::::::*
cpe:2.3:a:siemens:energy_engage:3.1:::::::*
cpe:2.3:a:siemens:e-car_operation_center::::::::				2021-12-13
cpe:2.3:a:siemens:desigo_cc_info_center:5.0:::::::*
cpe:2.3:a:siemens:desigo_cc_info_center:5.1:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:::::::*
cpe:2.3:a:siemens:comos::::::::
cpe:2.3:a:siemens:captial:2019.1:sp1912::::::
cpe:2.3:a:siemens:navigator::::::::				2021-12-13
cpe:2.3:a:siemens:xpedition_package_integrator:-:::::::*
cpe:2.3:a:siemens:xpedition_enterprise:-:::::::*
cpe:2.3:a:siemens:vesys:2019.1:sp1912::::::
cpe:2.3:a:siemens:vesys:2019.1:::::::*
cpe:2.3:a:siemens:vesys::::::::				2019.1
cpe:2.3:a:siemens:vesys:2019.1:-::::::
cpe:2.3:a:siemens:teamcenter::::::::
cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2::::::
cpe:2.3:a:siemens:spectrum_power_7:2.30:-::::::
cpe:2.3:a:siemens:spectrum_power_7::::::::				2.30
cpe:2.3:a:siemens:spectrum_power_7:2.30:::::::*
cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002::::::
cpe:2.3:a:siemens:solid_edge_harness_design:2020:-::::::
cpe:2.3:a:siemens:solid_edge_harness_design::::::::				2020
cpe:2.3:a:siemens:captial:2019.1:-::::::
cpe:2.3:a:siemens:solid_edge_harness_design:2020:::::::*
cpe:2.3:a:siemens:solid_edge_cam_pro::::::::
cpe:2.3:a:siemens:siveillance_viewpoint::::::::
cpe:2.3:a:siemens:siveillance_vantage::::::::
cpe:2.3:a:siemens:siguard_dsa:4.3:::::::*
cpe:2.3:a:siemens:siguard_dsa:4.4:::::::*
cpe:2.3:a:siemens:siguard_dsa:4.2:::::::*
cpe:2.3:a:siemens:sentron_powermanager:4.2:::::::*
cpe:2.3:a:siemens:sentron_powermanager:4.1:::::::*
cpe:2.3:a:siemens:operation_scheduler::::::::		1.1.3
cpe:2.3:a:siemens:nx::::::::
cpe:2.3:a:siemens:opcenter_intelligence::::::::		3.2
cpe:2.3:a:siemens:mindsphere::::::::				2021-12-11
cpe:2.3:a:siemens:mendix::::::::
cpe:2.3:a:siemens:industrial_edge_management_hub::::::::				2021-12-13
cpe:2.3:a:siemens:industrial_edge_management::::::::
cpe:2.3:a:siemens:captial::::::::				2019.1

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:intel:audio_development_kit:-:::::::*
cpe:2.3:a:intel:system_debugger:-:::::::*
cpe:2.3:a:intel:secure_device_onboard:-:::::::*
cpe:2.3:a:intel:oneapi_sample_browser:-:::::eclipse::
cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:::::::*
cpe:2.3:a:intel:computer_vision_annotation_tool:-:::::::*
cpe:2.3:a:intel:genomics_kernel_library:-:::::::*
cpe:2.3:a:intel:system_studio:-:::::::*
cpe:2.3:a:intel:data_center_manager::::::::				5.1

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration6	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration7		or higher	or less	more than	less than
cpe:2.3:a:sonicwall:email_security::::::::					10.0.12

Configuration8	or higher	or less	more than	less than
cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:cloud_insights:-:::::::*
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:cloud_manager:-:::::::*
cpe:2.3:a:netapp:cloud_secure_agent:-:::::::*
cpe:2.3:a:netapp:ontap_tools:-:::::vmware_vsphere::
cpe:2.3:a:netapp:snapcenter:-:::::vmware_vsphere::

Configuration9	or higher	or less	more than	less than
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5$1$:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:::::::*
cpe:2.3:a:cisco:webex_meetings_server::::::::				3.0
cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6$1$:::::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:-::::::
cpe:2.3:a:cisco:identity_services_engine::::::::				2.4.0
cpe:2.3:a:cisco:data_center_network_manager::::::::				11.3$1$
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:-::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3::::::
cpe:2.3:a:cisco:unified_contact_center_express::::::::				12.5$1$
cpe:2.3:a:cisco:data_center_network_manager:11.3$1$:::::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4::::::
cpe:2.3:a:cisco:identity_services_engine:2.4.0:-::::::
cpe:2.3:a:cisco:finesse::::::::				12.6$1$
cpe:2.3:a:cisco:finesse:12.6$1$:::::::*
cpe:2.3:a:cisco:nexus_dashboard::::::::				2.1.2
cpe:2.3:a:cisco:network_services_orchestrator::::::::	5.6			5.6.3.1
cpe:2.3:a:cisco:network_services_orchestrator::::::::	5.5			5.5.4.1
cpe:2.3:a:cisco:network_services_orchestrator::::::::				5.3.5.1
cpe:2.3:a:cisco:iot_operations_dashboard:-:::::::*
cpe:2.3:a:cisco:intersight_virtual_appliance::::::::				1.0.9-361
cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::		4.1.1
cpe:2.3:a:cisco:network_services_orchestrator::::::::	5.4			5.4.5.2
cpe:2.3:a:cisco:dna_spaces\:_connector::::::::				2.5
cpe:2.3:a:cisco:cyber_vision_sensor_management_extension::::::::				4.0.3
cpe:2.3:a:cisco:crosswork_zero_touch_provisioning::::::::				2.0.1
cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:::::::*
cpe:2.3:a:cisco:crosswork_platform_infrastructure::::::::				4.0.1
cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:::::::*
cpe:2.3:a:cisco:crosswork_optimization_engine::::::::				2.0.1
cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:::::::*
cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:::::::*
cpe:2.3:a:cisco:crosswork_network_controller::::::::				2.0.1
cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:::::::*
cpe:2.3:a:cisco:crosswork_data_gateway::::::::				2.0.2
cpe:2.3:a:cisco:common_services_platform_collector::::::::	2.10.0			2.10.0.1
cpe:2.3:a:cisco:common_services_platform_collector::::::::				2.9.1.3
cpe:2.3:a:cisco:cloudcenter::::::::				4.10.0.16
cpe:2.3:a:cisco:cloudcenter_workload_manager::::::::				5.5.2
cpe:2.3:a:cisco:cloudcenter_suite_admin::::::::				5.3.1
cpe:2.3:a:cisco:cloudcenter_cost_optimizer::::::::				5.5.2
cpe:2.3:a:cisco:business_process_automation::::::::	3.2.000.000			3.2.000.009
cpe:2.3:a:cisco:business_process_automation::::::::	3.1.000.000			3.1.000.044
cpe:2.3:a:cisco:business_process_automation::::::::				3.0.000.115
cpe:2.3:a:cisco:automated_subsea_tuning::::::::				2.1.0
cpe:2.3:a:cisco:nexus_insights::::::::				6.0.2
cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance::::::::				3.5.4
cpe:2.3:a:cisco:customer_experience_cloud_agent::::::::				1.12.1
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5::::::
cpe:2.3:a:cisco:workload_optimization_manager::::::::				3.2.1
cpe:2.3:a:cisco:ucs_central::::::::				2.0$1p$
cpe:2.3:a:cisco:ucs_director::::::::				6.8.2.0
cpe:2.3:a:cisco:sd-wan_vmanage::::::::				20.3.4.1
cpe:2.3:a:cisco:optical_network_controller::::::::				1.1.0
cpe:2.3:a:cisco:fog_director:-:::::::*
cpe:2.3:a:cisco:dna_center::::::::	2.2.3.0			2.2.3.4
cpe:2.3:a:cisco:sd-wan_vmanage::::::::	20.4			20.4.2.1
cpe:2.3:a:cisco:integrated_management_controller_supervisor::::::::				2.3.2.1
cpe:2.3:a:cisco:wan_automation_engine::::::::				7.3.0.2
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::	3.4.0			3.4.4
cpe:2.3:a:cisco:sd-wan_vmanage::::::::	20.5			20.5.1.1
cpe:2.3:a:cisco:network_assurance_engine::::::::				6.0.2
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::				3.2.0
cpe:2.3:a:cisco:dna_center::::::::				2.1.2.8
cpe:2.3:a:cisco:sd-wan_vmanage::::::::	20.6			20.6.2.1
cpe:2.3:a:cisco:virtual_topology_system::::::::				2.6.7
cpe:2.3:a:cisco:dna_center::::::::	2.2.2.0			2.2.2.8
cpe:2.3:a:cisco:smart_phy::::::::				3.2.1
cpe:2.3:a:cisco:prime_service_catalog::::::::				12.1
cpe:2.3:a:cisco:connected_mobile_experiences:-:::::::*
cpe:2.3:a:cisco:video_surveillance_operations_manager::::::::				7.14.4
cpe:2.3:a:cisco:unity_connection::::::::				11.5$1$
cpe:2.3:a:cisco:virtualized_voice_browser::::::::				12.5$1$
cpe:2.3:o:cisco:unified_workforce_optimization::::::::				11.5$1$
cpe:2.3:o:cisco:unified_sip_proxy::::::::				10.2.1v2
cpe:2.3:o:cisco:unified_intelligence_center::::::::				12.6$1$
cpe:2.3:a:cisco:unified_customer_voice_portal::::::::				11.6
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise::::::::				11.6$2$
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6$2$:::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service::::::::				11.5$1$
cpe:2.3:a:cisco:unified_communications_manager:::::session_management:::*				11.5$1$
cpe:2.3:a:cisco:unified_communications_manager:::::-:::*				11.5$1$
cpe:2.3:a:cisco:unified_communications_manager:11.5$1$su3:::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5$1$::::session_management:::
cpe:2.3:a:cisco:unified_communications_manager:11.5$1$::::-:::
cpe:2.3:a:cisco:paging_server::::::::				14.4.1
cpe:2.3:a:cisco:unified_communications_manager:11.5$1$:::::::*
cpe:2.3:a:cisco:packaged_contact_center_enterprise::::::::				11.6
cpe:2.3:a:cisco:enterprise_chat_and_email::::::::				12.0$1$
cpe:2.3:a:cisco:emergency_responder::::::::				11.5$4$
cpe:2.3:a:cisco:contact_center_management_portal::::::::				12.5$1$
cpe:2.3:a:cisco:contact_center_domain_manager::::::::				12.5$1$
cpe:2.3:a:cisco:cloud_connect::::::::				12.6$1$
cpe:2.3:a:cisco:broadworks::::::::				2021.11_1.162

Configuration10	or higher	or less	more than	less than
cpe:2.3:o:cisco:fxos:6.2.3:::::::*
cpe:2.3:o:cisco:fxos:6.3.0:::::::*
cpe:2.3:o:cisco:fxos:6.4.0:::::::*
cpe:2.3:o:cisco:fxos:6.5.0:::::::*
cpe:2.3:o:cisco:fxos:6.6.0:::::::*
cpe:2.3:o:cisco:fxos:6.7.0:::::::*
cpe:2.3:o:cisco:fxos:7.0.0:::::::*
cpe:2.3:o:cisco:fxos:7.1.0:::::::*

Configuration11	or higher	or less	more than	less than
cpe:2.3:a:cisco:prime_service_catalog:12.1:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:::::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:::::::*
cpe:2.3:a:cisco:webex_meetings_server:4.0:::::::*
cpe:2.3:a:cisco:unity_connection:11.5:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.3:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.5:::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6$2$:::::::*
cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:::::::*
cpe:2.3:a:cisco:dna_spaces_connector:-:::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002$001$:::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002$000$:::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.000$001$:::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.000$000$:::::::*
cpe:2.3:a:cisco:unified_intelligence_center:12.6$2$:-::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6$1$:es02::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6$1$:es01::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6$1$:-::::::
cpe:2.3:a:cisco:unified_customer_voice_portal:12.6$1$:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5$1$:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0$1$:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6$1$:::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.5$1$:su1::::::
cpe:2.3:a:cisco:unified_contact_center_express:12.5$1$:-::::::
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5$1.22900.6$:::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5$1$:::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5$1.22900.28$:::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5$1.21900.40$:::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5$1.18900.97$:::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5$1.18119.2$:::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5$1.17900.52$:::::::*
cpe:2.3:a:cisco:paging_server:9.1$1$:::::::*
cpe:2.3:a:cisco:paging_server:9.0$2$:::::::*
cpe:2.3:a:cisco:paging_server:9.0$1$:::::::*
cpe:2.3:a:cisco:paging_server:8.5$1$:::::::*
cpe:2.3:a:cisco:paging_server:8.4$1$:::::::*
cpe:2.3:a:cisco:paging_server:8.3$1$:::::::*
cpe:2.3:a:cisco:paging_server:14.0$1$:::::::*
cpe:2.3:a:cisco:paging_server:12.5$2$:::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6$2$:::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6$1$:::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5$1$:::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0$1$:::::::*
cpe:2.3:a:cisco:finesse:12.6$1$:es03::::::
cpe:2.3:a:cisco:finesse:12.6$1$:es02::::::
cpe:2.3:a:cisco:finesse:12.6$1$:es01::::::
cpe:2.3:a:cisco:finesse:12.6$1$:-::::::
cpe:2.3:a:cisco:finesse:12.5$1$:su2::::::
cpe:2.3:a:cisco:finesse:12.5$1$:su1::::::
cpe:2.3:a:cisco:enterprise_chat_and_email:12.6$1$:::::::*
cpe:2.3:a:cisco:enterprise_chat_and_email:12.5$1$:::::::*
cpe:2.3:a:cisco:enterprise_chat_and_email:12.0$1$:::::::*
cpe:2.3:a:cisco:emergency_responder:11.5$4.66000.14$:::::::*
cpe:2.3:a:cisco:emergency_responder:11.5$4.65000.14$:::::::*
cpe:2.3:a:cisco:emergency_responder:11.5:::::::*
cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6$1$:::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.6$2$:::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.6$1$:::::::*
cpe:2.3:a:cisco:broadworks:-:::::::*
cpe:2.3:a:cisco:unified_computing_system:006.008$001.000$:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0$1l$:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0$1k$:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0$1h$:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0$1g$:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0$1f$:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0$1e$:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0$1d$:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0$1c$:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0$1b$:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0$1a$:::::::*
cpe:2.3:a:cisco:ucs_central_software:2.0:::::::*
cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:::::::*
cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003$002.000$:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.8:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.7:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.4:::::::*
cpe:2.3:a:cisco:optical_network_controller:1.1:::::::*
cpe:2.3:a:cisco:network_assurance_engine:6.0$2.1912$:::::::*
cpe:2.3:a:cisco:dna_center:2.2.2.8:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.6:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.5:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.4:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.3:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.2:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.2.1:::::::*
cpe:2.3:a:cisco:wan_automation_engine:7.1.3:::::::*
cpe:2.3:a:cisco:virtual_topology_system:2.6.6:::::::*
cpe:2.3:a:cisco:smart_phy:3.2.1:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.5:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.4:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.3:::::::*
cpe:2.3:a:cisco:smart_phy:3.1.2:::::::*
cpe:2.3:a:cisco:smart_phy:21.3:::::::*
cpe:2.3:a:cisco:network_services_orchestrator:-:::::::*
cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:::::::*
cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5$3$:::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5$2$:::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5$1$:::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4$1$:::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3$1$:::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2$1$:::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1$1$:::::::*
cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0$1$:::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14$4.018$:::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14$3.025$:::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14$2.26$:::::::*
cpe:2.3:a:cisco:video_surveillance_manager:7.14$1.26$:::::::*
cpe:2.3:a:cisco:unified_workforce_optimization:11.5$1$:sr7::::::
cpe:2.3:a:cisco:unity_connection:11.5$1.10000.6$:::::::*
cpe:2.3:a:cisco:cloudcenter_suite:5.3$0$:::::::*
cpe:2.3:a:cisco:cloudcenter_suite:5.5$0$:::::::*
cpe:2.3:a:cisco:cloudcenter_suite:5.4$1$:::::::*
cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:::::::*
cpe:2.3:a:cisco:identity_services_engine:003.002$000.116$:-::::::
cpe:2.3:a:cisco:identity_services_engine:003.001$000.518$:-::::::
cpe:2.3:a:cisco:identity_services_engine:003.000$000.458$:-::::::
cpe:2.3:a:cisco:identity_services_engine:002.007$000.356$:-::::::
cpe:2.3:a:cisco:identity_services_engine:002.006$000.156$:-::::::
cpe:2.3:a:cisco:identity_services_engine:002.004$000.914$:-::::::
cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:::::::*
cpe:2.3:a:cisco:network_insights_for_data_center:6.0$2.1914$:::::::*
cpe:2.3:a:cisco:cx_cloud_agent:001.012:::::::*
cpe:2.3:a:cisco:mobility_services_engine:-:::::::*
cpe:2.3:a:cisco:cloudcenter_suite:5.5$1$:::::::*
cpe:2.3:a:cisco:cloudcenter_suite:4.10$0.15$:::::::*
cpe:2.3:a:cisco:dna_spaces:-:::::::*
cpe:2.3:a:cisco:cyber_vision:4.0.2:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:::::::*
cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:::::::*
cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:::::::*
cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:::::::*
cpe:2.3:a:cisco:crosswork_network_automation:-:::::::*
cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:::::::*
cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.010$000.000$:::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009$001.002$:::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009$001.001$:::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009$001.000$:::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009$000.002$:::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009$000.001$:::::::*
cpe:2.3:a:cisco:common_services_platform_collector:002.009$000.000$:::::::*

Configuration12	or higher	or less	more than	less than
cpe:2.3:a:snowsoftware:vm_access_proxy::::::::				3.6
cpe:2.3:a:snowsoftware:snow_commander::::::::				8.10.0

Configuration13	or higher	or less	more than	less than
cpe:2.3:a:bentley:synchro_4d:::::pro:::*				6.2.4.2
cpe:2.3:a:bentley:synchro:::::pro:::*	6.1			6.4.3.2

Configuration14		or higher	or less	more than	less than
cpe:2.3:a:percussion:rhythmyx::::::::			7.3.2

Configuration15		or higher	or less	more than	less than
cpe:2.3:a:apple:xcode::::::::					13.3

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Third Party Advisory VDB Entry
2	http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Third Party Advisory VDB Entry
3	http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html	Third Party Advisory VDB Entry
4	http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html	Third Party Advisory VDB Entry
5	http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html	Exploit Third Party Advisory VDB Entry
6	http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html	Exploit Third Party Advisory VDB Entry
7	http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
8	http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
9	http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html	Third Party Advisory VDB Entry
10	http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html	Third Party Advisory VDB Entry
11	http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html	Third Party Advisory VDB Entry
12	http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html	Third Party Advisory VDB Entry
13	http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html	Third Party Advisory VDB Entry
14	http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html	Third Party Advisory VDB Entry
15	http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html	Third Party Advisory VDB Entry
16	http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html	Third Party Advisory VDB Entry
17	http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html	Third Party Advisory VDB Entry
18	http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html	Third Party Advisory VDB Entry
19	http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html	Exploit Third Party Advisory VDB Entry
20	http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html	Exploit Third Party Advisory VDB Entry
21	http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html	Exploit Third Party Advisory VDB Entry
22	http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html	Exploit Third Party Advisory VDB Entry
23	http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
24	http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
25	http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
26	http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
27	http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html	Third Party Advisory VDB Entry
28	http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html	Third Party Advisory VDB Entry
29	http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
30	http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
31	http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html	Third Party Advisory VDB Entry
32	http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html	Third Party Advisory VDB Entry
33	http://seclists.org/fulldisclosure/2022/Dec/2	Exploit Mailing List Third Party Advisory
34	http://seclists.org/fulldisclosure/2022/Dec/2	Exploit Mailing List Third Party Advisory
35	http://seclists.org/fulldisclosure/2022/Jul/11	Mailing List Third Party Advisory
36	http://seclists.org/fulldisclosure/2022/Jul/11	Mailing List Third Party Advisory
37	http://seclists.org/fulldisclosure/2022/Mar/23	Mailing List Third Party Advisory
38	http://seclists.org/fulldisclosure/2022/Mar/23	Mailing List Third Party Advisory
39	http://www.openwall.com/lists/oss-security/2021/12/10/1	Mailing List Mitigation Third Party Advisory
40	http://www.openwall.com/lists/oss-security/2021/12/10/1	Mailing List Mitigation Third Party Advisory
41	http://www.openwall.com/lists/oss-security/2021/12/10/2	Mailing List Mitigation Third Party Advisory
42	http://www.openwall.com/lists/oss-security/2021/12/10/2	Mailing List Mitigation Third Party Advisory
43	http://www.openwall.com/lists/oss-security/2021/12/10/3	Mailing List Third Party Advisory
44	http://www.openwall.com/lists/oss-security/2021/12/10/3	Mailing List Third Party Advisory
45	http://www.openwall.com/lists/oss-security/2021/12/13/1	Mailing List Third Party Advisory
46	http://www.openwall.com/lists/oss-security/2021/12/13/1	Mailing List Third Party Advisory
47	http://www.openwall.com/lists/oss-security/2021/12/13/2	Mailing List Third Party Advisory
48	http://www.openwall.com/lists/oss-security/2021/12/13/2	Mailing List Third Party Advisory
49	http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List Third Party Advisory
50	http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List Third Party Advisory
51	http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List Third Party Advisory
52	http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List Third Party Advisory
53	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
54	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
55	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
56	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
57	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
58	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
59	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
60	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
61	https://github.com/cisagov/log4j-affected-db	Third Party Advisory
62	https://github.com/cisagov/log4j-affected-db	Third Party Advisory
63	https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md	Broken Link Product US Government Resource
64	https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md	Broken Link Product US Government Resource
65	https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228	Exploit Third Party Advisory
66	https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228	Exploit Third Party Advisory
67	https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Mailing List Third Party Advisory
68	https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Mailing List Third Party Advisory
69	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/	Release Notes
70	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/	Release Notes
71	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/	Release Notes
72	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/	Release Notes
73	https://logging.apache.org/log4j/2.x/security.html	Release Notes Vendor Advisory
74	https://logging.apache.org/log4j/2.x/security.html	Release Notes Vendor Advisory
75	https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Patch Third Party Advisory Vendor Advisory
76	https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Patch Third Party Advisory Vendor Advisory
77	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
78	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
79	https://security.netapp.com/advisory/ntap-20211210-0007/	Third Party Advisory
80	https://security.netapp.com/advisory/ntap-20211210-0007/	Third Party Advisory
81	https://support.apple.com/kb/HT213189	Third Party Advisory
82	https://support.apple.com/kb/HT213189	Third Party Advisory
83	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
84	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
85	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
86	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
87	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
88	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
89	https://twitter.com/kurtseifried/status/1469345530182455296	Broken Link Exploit Third Party Advisory
90	https://twitter.com/kurtseifried/status/1469345530182455296	Broken Link Exploit Third Party Advisory
91	https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Third Party Advisory
92	https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Third Party Advisory
93	https://www.debian.org/security/2021/dsa-5020	Mailing List Third Party Advisory
94	https://www.debian.org/security/2021/dsa-5020	Mailing List Third Party Advisory
95	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
96	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
97	https://www.kb.cert.org/vuls/id/930724	Third Party Advisory US Government Resource
98	https://www.kb.cert.org/vuls/id/930724	Third Party Advisory US Government Resource
99	https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Exploit Third Party Advisory
100	https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Exploit Third Party Advisory
101	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
102	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
103	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
104	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
105	https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
106	https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory

Common Vulnerabilities List

CVE-2021-45046

Summary	It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
Publication Date	Dec. 15, 2021, 4:15 a.m.
Registration Date	Dec. 15, 2021, 10 a.m.
Last Update	Nov. 21, 2024, 3:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:log4j:2.0:rc1::::::
cpe:2.3:a:apache:log4j:2.0:beta9::::::
cpe:2.3:a:apache:log4j:2.0:rc2::::::
cpe:2.3:a:apache:log4j:2.0:-::::::
cpe:2.3:a:apache:log4j::::::::	2.0.1			2.12.2
cpe:2.3:a:apache:log4j::::::::	2.13.0			2.16.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:intel:oneapi:-:::::eclipse::
cpe:2.3:a:intel:audio_development_kit:-:::::::*
cpe:2.3:a:intel:datacenter_manager:-:::::::*
cpe:2.3:a:intel:system_debugger:-:::::::*
cpe:2.3:a:intel:secure_device_onboard:-:::::::*
cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:::::::*
cpe:2.3:a:intel:genomics_kernel_library:-:::::::*
cpe:2.3:a:intel:system_studio:-:::::::*
cpe:2.3:a:cvat:computer_vision_annotation_tool:-:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware::::::::
execution environment
1	cpe:2.3:h:siemens:sppa-t3000_ses3000:-:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:siemens:logo\!_soft_comfort::::::::
cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7::::::
cpe:2.3:a:siemens:spectrum_power_4:4.70:-::::::
cpe:2.3:a:siemens:spectrum_power_4::::::::				4.70
cpe:2.3:a:siemens:siveillance_control_pro::::::::
cpe:2.3:a:siemens:energyip_prepay:3.7:::::::*
cpe:2.3:a:siemens:energyip_prepay:3.8:::::::*
cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8::::::
cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*
cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
cpe:2.3:a:siemens:siveillance_command::::::::		4.16.2.1
cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
cpe:2.3:a:siemens:head-end_system_universal_device_integration_system::::::::
cpe:2.3:a:siemens:gma-manager::::::::				8.6.2j-398
cpe:2.3:a:siemens:energyip:8.5:::::::*
cpe:2.3:a:siemens:energyip:8.6:::::::*
cpe:2.3:a:siemens:energyip:8.7:::::::*
cpe:2.3:a:siemens:energyip:9.0:::::::*
cpe:2.3:a:siemens:energy_engage:3.1:::::::*
cpe:2.3:a:siemens:e-car_operation_center::::::::				2021-12-13
cpe:2.3:a:siemens:desigo_cc_info_center:5.0:::::::*
cpe:2.3:a:siemens:desigo_cc_info_center:5.1:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:::::::*
cpe:2.3:a:siemens:comos::::::::
cpe:2.3:a:siemens:captial:2019.1:sp1912::::::
cpe:2.3:a:siemens:navigator::::::::				2021-12-13
cpe:2.3:a:siemens:xpedition_package_integrator:-:::::::*
cpe:2.3:a:siemens:xpedition_enterprise:-:::::::*
cpe:2.3:a:siemens:vesys:2019.1:sp1912::::::
cpe:2.3:a:siemens:vesys:2019.1:::::::*
cpe:2.3:a:siemens:vesys::::::::				2019.1
cpe:2.3:a:siemens:vesys:2019.1:-::::::
cpe:2.3:a:siemens:teamcenter::::::::
cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2::::::
cpe:2.3:a:siemens:spectrum_power_7:2.30:-::::::
cpe:2.3:a:siemens:spectrum_power_7::::::::				2.30
cpe:2.3:a:siemens:spectrum_power_7:2.30:::::::*
cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002::::::
cpe:2.3:a:siemens:solid_edge_harness_design:2020:-::::::
cpe:2.3:a:siemens:solid_edge_harness_design::::::::				2020
cpe:2.3:a:siemens:captial:2019.1:-::::::
cpe:2.3:a:siemens:solid_edge_harness_design:2020:::::::*
cpe:2.3:a:siemens:solid_edge_cam_pro::::::::
cpe:2.3:a:siemens:siveillance_viewpoint::::::::
cpe:2.3:a:siemens:siveillance_vantage::::::::
cpe:2.3:a:siemens:siguard_dsa:4.3:::::::*
cpe:2.3:a:siemens:siguard_dsa:4.4:::::::*
cpe:2.3:a:siemens:siguard_dsa:4.2:::::::*
cpe:2.3:a:siemens:sentron_powermanager:4.2:::::::*
cpe:2.3:a:siemens:sentron_powermanager:4.1:::::::*
cpe:2.3:a:siemens:operation_scheduler::::::::		1.1.3
cpe:2.3:a:siemens:nx::::::::
cpe:2.3:a:siemens:opcenter_intelligence::::::::		3.2
cpe:2.3:a:siemens:mindsphere::::::::				2021-12-11
cpe:2.3:a:siemens:mendix::::::::
cpe:2.3:a:siemens:industrial_edge_management_hub::::::::				2021-12-13
cpe:2.3:a:siemens:industrial_edge_management::::::::
cpe:2.3:a:siemens:captial::::::::				2019.1
cpe:2.3:a:siemens:tracealertserverplus::::::::

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration6		or higher	or less	more than	less than
cpe:2.3:a:sonicwall:email_security::::::::					10.0.12

Configuration7	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration8		or higher	or less	more than	less than
cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware::::::::					2.7.0

Configuration9		or higher	or less	more than	less than
cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware::::::::					2.7.0

Configuration10		or higher	or less	more than	less than
cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware::::::::					2.7.0

Configuration11		or higher	or less	more than	less than
cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware::::::::					2.7.0

Configuration12		or higher	or less	more than	less than
cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware::::::::					2.7.0

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List Mitigation Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List Mitigation Third Party Advisory
3	http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List Third Party Advisory
5	http://www.openwall.com/lists/oss-security/2021/12/18/1	Mailing List Third Party Advisory
6	http://www.openwall.com/lists/oss-security/2021/12/18/1	Mailing List Third Party Advisory
7	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
8	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
9	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
10	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
11	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
12	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
13	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
14	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
15	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/	Mailing List Release Notes
16	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/	Mailing List Release Notes
17	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/	Mailing List Release Notes
18	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/	Mailing List Release Notes
19	https://logging.apache.org/log4j/2.x/security.html	Mitigation Release Notes Vendor Advisory
20	https://logging.apache.org/log4j/2.x/security.html	Mitigation Release Notes Vendor Advisory
21	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
22	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
23	https://security.gentoo.org/glsa/202310-16	Third Party Advisory
24	https://security.gentoo.org/glsa/202310-16	Third Party Advisory
25	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
26	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
27	https://www.cve.org/CVERecord?id=CVE-2021-44228	Not Applicable
28	https://www.cve.org/CVERecord?id=CVE-2021-44228	Not Applicable
29	https://www.debian.org/security/2021/dsa-5022	Third Party Advisory
30	https://www.debian.org/security/2021/dsa-5022	Third Party Advisory
31	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
32	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
33	https://www.kb.cert.org/vuls/id/930724	Third Party Advisory US Government Resource
34	https://www.kb.cert.org/vuls/id/930724	Third Party Advisory US Government Resource
35	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
36	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
37	https://www.oracle.com/security-alerts/cpuapr2022.html	Third Party Advisory
38	https://www.oracle.com/security-alerts/cpuapr2022.html	Third Party Advisory
39	https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
40	https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
41	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory
42	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory

Common Vulnerabilities List

CVE-2021-45105

Summary	Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Publication Date	Dec. 18, 2021, 9:15 p.m.
Registration Date	Dec. 19, 2021, 10 a.m.
Last Update	Nov. 21, 2024, 3:31 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:log4j::::::::	2.0			2.3.1
cpe:2.3:a:apache:log4j::::::::	2.4			2.12.3
cpe:2.3:a:apache:log4j::::::::	2.13.0	2.16.0

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:netapp:cloud_manager:-:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:sonicwall:network_security_manager:::::saas:::*	2.0			3.0
cpe:2.3:a:sonicwall:network_security_manager:::::on-premises:::*	2.0			3.0
cpe:2.3:a:sonicwall:email_security::::::::		10.0.12
cpe:2.3:a:sonicwall:web_application_firewall::::::::	3.0.0			3.1.0

Configuration5		or higher	or less	more than	less than
cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware::::::::					2.7.0
execution environment
1	cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:::::::*

Configuration6		or higher	or less	more than	less than
cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware::::::::					2.7.0
execution environment
1	cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:::::::*

Configuration7		or higher	or less	more than	less than
cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware::::::::					2.7.0
execution environment
1	cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:::::::*

Configuration8		or higher	or less	more than	less than
cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware::::::::					2.7.0
execution environment
1	cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:::::::*

Configuration9		or higher	or less	more than	less than
cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware::::::::					2.7.0
execution environment
1	cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:::::::*

Configuration10	or higher	or less	more than	less than
cpe:2.3:a:oracle:e-business_suite:12.2:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:retail_central_office:14.1:::::::*
cpe:2.3:a:oracle:banking_platform:2.6.2:::::::*
cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:retail_point-of-service:14.1:::::::*
cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:flexcube_universal_banking::::::::	14.0.0	14.3.0
cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0::::enterprise:::
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::*
cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*
cpe:2.3:a:oracle:utilities_framework::::::::	4.3.0.1.0	4.3.0.6.0
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:::::::*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:::::::*
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:::::::*
cpe:2.3:a:oracle:banking_platform:2.7.1:::::::*
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:retail_service_backbone:14.1.3:::::::*
cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:::::::*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*
cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:::::::*
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:::::::*
cpe:2.3:a:oracle:primavera_gateway::::::::	17.12.0	17.12.11
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:::::::*
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:::::::*
cpe:2.3:a:oracle:retail_price_management:14.1.3.0:::::::*
cpe:2.3:a:oracle:retail_price_management:15.0.3.0:::::::*
cpe:2.3:a:oracle:retail_price_management:16.0.3.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:19.1:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:::::::*
cpe:2.3:a:oracle:primavera_gateway::::::::	20.12.0	20.12.7
cpe:2.3:a:oracle:banking_platform:2.12.0:::::::*
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:::::::*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:::::::*
cpe:2.3:a:oracle:banking_party_management:2.7.0:::::::*
cpe:2.3:a:oracle:communications_messaging_server:8.1:::::::*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:::::::*
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:::::::*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:::::::*
cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:::::::*
cpe:2.3:a:oracle:retail_eftlink:16.0.3:::::::*
cpe:2.3:a:oracle:retail_eftlink:17.0.2:::::::*
cpe:2.3:a:oracle:retail_eftlink:18.0.1:::::::*
cpe:2.3:a:oracle:retail_eftlink:19.0.1:::::::*
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:::::::*
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:::::::*
cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:::::::*
cpe:2.3:a:oracle:communications_asap:7.3:::::::*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:::::::*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:::::::*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::	8.0.7	8.1.1
cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*
cpe:2.3:a:oracle:siebel_ui_framework::::::::		21.12
cpe:2.3:a:oracle:retail_service_backbone:19.0.0:::::::*
cpe:2.3:a:oracle:retail_service_backbone::::::::	16.0.1	16.0.3
cpe:2.3:a:oracle:retail_price_management:13.2:::::::*
cpe:2.3:a:oracle:retail_price_management:14.0.4:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:::::::*
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:::::::*
cpe:2.3:a:oracle:retail_order_management_system:19.5:::::::*
cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:::::::*
cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:::::::*
cpe:2.3:a:oracle:retail_integration_bus::::::::	16.0.1	16.0.3
cpe:2.3:a:oracle:retail_integration_bus::::::::	19.0.0	19.0.1.0
cpe:2.3:a:oracle:retail_eftlink:20.0.1:::::::*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:::::::*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:::::::*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::	20.12.0.0	20.12.12.0
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management::::::::	19.12.0.0	19.12.18.0
cpe:2.3:a:oracle:primavera_gateway:21.12.0:::::::*
cpe:2.3:a:oracle:primavera_gateway::::::::	19.12.0	19.12.12
cpe:2.3:a:oracle:primavera_gateway::::::::	18.8.0	18.8.13
cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::	8.3.0.0	8.5.1.0
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:::::::*
cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:::::::*
cpe:2.3:a:oracle:communications_service_broker:6.2:::::::*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*
cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:::::::*
cpe:2.3:a:oracle:communications_network_charging_and_control::::::::	12.0.1.0.0	12.0.4.0.0
cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:::::::*
cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:::::::*
cpe:2.3:a:oracle:communications_convergent_charging_controller::::::::	12.0.1.0.0	12.0.4.0.0
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:::::::*
cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:::::::*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1:::::::*
cpe:2.3:a:oracle:retail_integration_bus:19.0.0:::::::*
cpe:2.3:a:oracle:retail_integration_bus:19.0.1:::::::*
cpe:2.3:a:oracle:retail_financial_integration:19.0.1:::::::*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:::::::*
cpe:2.3:a:oracle:hospitality_suite8:8.13.0:::::::*
cpe:2.3:a:oracle:hospitality_suite8:8.14.0:::::::*
cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:::::::*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:::::::*
cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:::::::*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:::::::*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:::::::*
cpe:2.3:a:oracle:communications_element_manager::::::::				9.0
cpe:2.3:a:oracle:communications_session_report_manager::::::::				9.0
cpe:2.3:a:oracle:communications_session_route_manager::::::::				9.0
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:hyperion_data_relationship_management::::::::				11.2.8.0
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::		8.0.29
cpe:2.3:a:oracle:hyperion_infrastructure_technology::::::::				11.2.8.0
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:::::::*
cpe:2.3:a:oracle:banking_payments:14.5:::::::*
cpe:2.3:a:oracle:banking_trade_finance:14.5:::::::*
cpe:2.3:a:oracle:banking_treasury_management:14.5:::::::*
cpe:2.3:a:oracle:flexcube_universal_banking:14.5:::::::*
cpe:2.3:a:oracle:retail_customer_insights:15.0.2:::::::*
cpe:2.3:a:oracle:retail_customer_insights:16.0.2:::::::*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:::::::*
cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:::::::*
cpe:2.3:a:oracle:health_sciences_information_manager::::::::	3.0.1	3.0.4
cpe:2.3:a:oracle:payment_interface:20.3:::::::*
cpe:2.3:a:oracle:payment_interface:19.1:::::::*
cpe:2.3:a:oracle:retail_eftlink:21.0.0:::::::*
cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:::::::*
cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:::::::*
cpe:2.3:a:oracle:retail_financial_integration:19.0.0:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:::::::*
cpe:2.3:a:oracle:communications_convergence:3.0.3.0:::::::*
cpe:2.3:a:oracle:sql_developer::::::::				21.4.2
cpe:2.3:a:oracle:communications_user_data_repository:12.4:::::::*
cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:::::::*
cpe:2.3:a:oracle:management_cloud_engine:1.5.0:::::::*
cpe:2.3:a:oracle:identity_manager_connector:9.1.0:::::::*
cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:::::::*
cpe:2.3:a:oracle:flexcube_universal_banking::::::::	12.1.0	12.4
cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:::::::*
cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:::::::*
cpe:2.3:a:oracle:healthcare_foundation::::::::	7.3.0.1	7.3.0.4
cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:::::::*
cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:::::::*
cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:::::::*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:::::::*
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:::::::*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::	5.4	5.6.0.0
cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:::::::*
cpe:2.3:a:oracle:hyperion_tax_provision::::::::				11.2.8.0
cpe:2.3:a:oracle:hyperion_profitability_and_cost_management::::::::				11.2.8.0
cpe:2.3:a:oracle:hyperion_planning::::::::				11.2.8.0
cpe:2.3:a:oracle:hyperion_bi\+::::::::				11.2.8.0
cpe:2.3:a:oracle:retail_financial_integration::::::::	16.0.1	16.0.3
cpe:2.3:a:oracle:taleo_platform::::::::				22.1

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2021/12/19/1	Mailing List Mitigation Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2021/12/19/1	Mailing List Mitigation Third Party Advisory
3	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
4	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
5	https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf	Third Party Advisory
6	https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf	Third Party Advisory
7	https://logging.apache.org/log4j/2.x/security.html	Release Notes Vendor Advisory
8	https://logging.apache.org/log4j/2.x/security.html	Release Notes Vendor Advisory
9	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
10	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
11	https://security.netapp.com/advisory/ntap-20211218-0001/	Third Party Advisory
12	https://security.netapp.com/advisory/ntap-20211218-0001/	Third Party Advisory
13	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
14	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
15	https://www.debian.org/security/2021/dsa-5024	Third Party Advisory
16	https://www.debian.org/security/2021/dsa-5024	Third Party Advisory
17	https://www.kb.cert.org/vuls/id/930724	Third Party Advisory US Government Resource
18	https://www.kb.cert.org/vuls/id/930724	Third Party Advisory US Government Resource
19	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
20	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
21	https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
22	https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
23	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory
24	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory
25	https://www.zerodayinitiative.com/advisories/ZDI-21-1541/	Third Party Advisory VDB Entry
26	https://www.zerodayinitiative.com/advisories/ZDI-21-1541/	Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html
2	CWE-674	不適切な再帰制御	https://cwe.mitre.org/data/definitions/674.html

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:siemens:logo\!_soft_comfort::::::::
cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7::::::
cpe:2.3:a:siemens:spectrum_power_4:4.70:-::::::
cpe:2.3:a:siemens:spectrum_power_4::::::::				4.70
cpe:2.3:a:siemens:siveillance_control_pro::::::::
cpe:2.3:a:siemens:energyip_prepay:3.7:::::::*
cpe:2.3:a:siemens:energyip_prepay:3.8:::::::*
cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8::::::
cpe:2.3:a:siemens:siveillance_identity:1.6:::::::*
cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*
cpe:2.3:a:siemens:siveillance_command::::::::		4.16.2.1
cpe:2.3:a:siemens:sipass_integrated:2.85:::::::*
cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*
cpe:2.3:a:siemens:head-end_system_universal_device_integration_system::::::::
cpe:2.3:a:siemens:gma-manager::::::::				8.6.2j-398
cpe:2.3:a:siemens:energyip:8.5:::::::*
cpe:2.3:a:siemens:energyip:8.6:::::::*
cpe:2.3:a:siemens:energyip:8.7:::::::*
cpe:2.3:a:siemens:energyip:9.0:::::::*
cpe:2.3:a:siemens:energy_engage:3.1:::::::*
cpe:2.3:a:siemens:e-car_operation_center::::::::				2021-12-13
cpe:2.3:a:siemens:desigo_cc_info_center:5.0:::::::*
cpe:2.3:a:siemens:desigo_cc_info_center:5.1:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:::::::*
cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:::::::*
cpe:2.3:a:siemens:comos::::::::
cpe:2.3:a:siemens:captial:2019.1:sp1912::::::
cpe:2.3:a:siemens:navigator::::::::				2021-12-13
cpe:2.3:a:siemens:xpedition_package_integrator:-:::::::*
cpe:2.3:a:siemens:xpedition_enterprise:-:::::::*
cpe:2.3:a:siemens:vesys:2019.1:sp1912::::::
cpe:2.3:a:siemens:vesys:2019.1:::::::*
cpe:2.3:a:siemens:vesys::::::::				2019.1
cpe:2.3:a:siemens:vesys:2019.1:-::::::
cpe:2.3:a:siemens:teamcenter::::::::
cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2::::::
cpe:2.3:a:siemens:spectrum_power_7:2.30:-::::::
cpe:2.3:a:siemens:spectrum_power_7::::::::				2.30
cpe:2.3:a:siemens:spectrum_power_7:2.30:::::::*
cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002::::::
cpe:2.3:a:siemens:solid_edge_harness_design:2020:-::::::
cpe:2.3:a:siemens:solid_edge_harness_design::::::::				2020
cpe:2.3:a:siemens:captial:2019.1:-::::::
cpe:2.3:a:siemens:solid_edge_harness_design:2020:::::::*
cpe:2.3:a:siemens:solid_edge_cam_pro::::::::
cpe:2.3:a:siemens:siveillance_viewpoint::::::::
cpe:2.3:a:siemens:siveillance_vantage::::::::
cpe:2.3:a:siemens:siguard_dsa:4.3:::::::*
cpe:2.3:a:siemens:siguard_dsa:4.4:::::::*
cpe:2.3:a:siemens:siguard_dsa:4.2:::::::*
cpe:2.3:a:siemens:sentron_powermanager:4.2:::::::*
cpe:2.3:a:siemens:sentron_powermanager:4.1:::::::*
cpe:2.3:a:siemens:operation_scheduler::::::::		1.1.3
cpe:2.3:a:siemens:nx::::::::
cpe:2.3:a:siemens:opcenter_intelligence::::::::		3.2
cpe:2.3:a:siemens:mindsphere::::::::				2021-12-11
cpe:2.3:a:siemens:mendix::::::::
cpe:2.3:a:siemens:industrial_edge_management_hub::::::::				2021-12-13
cpe:2.3:a:siemens:industrial_edge_management::::::::
cpe:2.3:a:siemens:captial::::::::				2019.1

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:intel:audio_development_kit:-:::::::*
cpe:2.3:a:intel:system_debugger:-:::::::*
cpe:2.3:a:intel:secure_device_onboard:-:::::::*
cpe:2.3:a:intel:oneapi_sample_browser:-:::::eclipse::
cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:::::::*
cpe:2.3:a:intel:computer_vision_annotation_tool:-:::::::*
cpe:2.3:a:intel:genomics_kernel_library:-:::::::*
cpe:2.3:a:intel:system_studio:-:::::::*
cpe:2.3:a:intel:data_center_manager::::::::				5.1

Configuration8	or higher	or less	more than	less than
cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:cloud_insights:-:::::::*
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:cloud_manager:-:::::::*
cpe:2.3:a:netapp:cloud_secure_agent:-:::::::*
cpe:2.3:a:netapp:ontap_tools:-:::::vmware_vsphere::
cpe:2.3:a:netapp:snapcenter:-:::::vmware_vsphere::

Configuration9	or higher	or less	more than	less than
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:::::::*
cpe:2.3:a:cisco:webex_meetings_server::::::::				3.0
cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\(1\):::::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:-::::::
cpe:2.3:a:cisco:identity_services_engine::::::::				2.4.0
cpe:2.3:a:cisco:data_center_network_manager::::::::				11.3\(1\)
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:-::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2::::::
cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3::::::
cpe:2.3:a:cisco:unified_contact_center_express::::::::				12.5\(1\)
cpe:2.3:a:cisco:data_center_network_manager:11.3\(1\):::::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4::::::
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4::::::
cpe:2.3:a:cisco:identity_services_engine:2.4.0:-::::::
cpe:2.3:a:cisco:finesse::::::::				12.6\(1\)
cpe:2.3:a:cisco:finesse:12.6\(1\):::::::*
cpe:2.3:a:cisco:nexus_dashboard::::::::				2.1.2
cpe:2.3:a:cisco:network_services_orchestrator::::::::	5.6			5.6.3.1
cpe:2.3:a:cisco:network_services_orchestrator::::::::	5.5			5.5.4.1
cpe:2.3:a:cisco:network_services_orchestrator::::::::				5.3.5.1
cpe:2.3:a:cisco:iot_operations_dashboard:-:::::::*
cpe:2.3:a:cisco:intersight_virtual_appliance::::::::				1.0.9-361
cpe:2.3:a:cisco:evolved_programmable_network_manager::::::::		4.1.1
cpe:2.3:a:cisco:network_services_orchestrator::::::::	5.4			5.4.5.2
cpe:2.3:a:cisco:dna_spaces\:_connector::::::::				2.5
cpe:2.3:a:cisco:cyber_vision_sensor_management_extension::::::::				4.0.3
cpe:2.3:a:cisco:crosswork_zero_touch_provisioning::::::::				2.0.1
cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:::::::*
cpe:2.3:a:cisco:crosswork_platform_infrastructure::::::::				4.0.1
cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:::::::*
cpe:2.3:a:cisco:crosswork_optimization_engine::::::::				2.0.1
cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:::::::*
cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:::::::*
cpe:2.3:a:cisco:crosswork_network_controller::::::::				2.0.1
cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:::::::*
cpe:2.3:a:cisco:crosswork_data_gateway::::::::				2.0.2
cpe:2.3:a:cisco:common_services_platform_collector::::::::	2.10.0			2.10.0.1
cpe:2.3:a:cisco:common_services_platform_collector::::::::				2.9.1.3
cpe:2.3:a:cisco:cloudcenter::::::::				4.10.0.16
cpe:2.3:a:cisco:cloudcenter_workload_manager::::::::				5.5.2
cpe:2.3:a:cisco:cloudcenter_suite_admin::::::::				5.3.1
cpe:2.3:a:cisco:cloudcenter_cost_optimizer::::::::				5.5.2
cpe:2.3:a:cisco:business_process_automation::::::::	3.2.000.000			3.2.000.009
cpe:2.3:a:cisco:business_process_automation::::::::	3.1.000.000			3.1.000.044
cpe:2.3:a:cisco:business_process_automation::::::::				3.0.000.115
cpe:2.3:a:cisco:automated_subsea_tuning::::::::				2.1.0
cpe:2.3:a:cisco:nexus_insights::::::::				6.0.2
cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance::::::::				3.5.4
cpe:2.3:a:cisco:customer_experience_cloud_agent::::::::				1.12.1
cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5::::::
cpe:2.3:a:cisco:workload_optimization_manager::::::::				3.2.1
cpe:2.3:a:cisco:ucs_central::::::::				2.0\(1p\)
cpe:2.3:a:cisco:ucs_director::::::::				6.8.2.0
cpe:2.3:a:cisco:sd-wan_vmanage::::::::				20.3.4.1
cpe:2.3:a:cisco:optical_network_controller::::::::				1.1.0
cpe:2.3:a:cisco:fog_director:-:::::::*
cpe:2.3:a:cisco:dna_center::::::::	2.2.3.0			2.2.3.4
cpe:2.3:a:cisco:sd-wan_vmanage::::::::	20.4			20.4.2.1
cpe:2.3:a:cisco:integrated_management_controller_supervisor::::::::				2.3.2.1
cpe:2.3:a:cisco:wan_automation_engine::::::::				7.3.0.2
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::	3.4.0			3.4.4
cpe:2.3:a:cisco:sd-wan_vmanage::::::::	20.5			20.5.1.1
cpe:2.3:a:cisco:network_assurance_engine::::::::				6.0.2
cpe:2.3:a:cisco:virtualized_infrastructure_manager::::::::				3.2.0
cpe:2.3:a:cisco:dna_center::::::::				2.1.2.8
cpe:2.3:a:cisco:sd-wan_vmanage::::::::	20.6			20.6.2.1
cpe:2.3:a:cisco:virtual_topology_system::::::::				2.6.7
cpe:2.3:a:cisco:dna_center::::::::	2.2.2.0			2.2.2.8
cpe:2.3:a:cisco:smart_phy::::::::				3.2.1
cpe:2.3:a:cisco:prime_service_catalog::::::::				12.1
cpe:2.3:a:cisco:connected_mobile_experiences:-:::::::*
cpe:2.3:a:cisco:video_surveillance_operations_manager::::::::				7.14.4
cpe:2.3:a:cisco:unity_connection::::::::				11.5\(1\)
cpe:2.3:a:cisco:virtualized_voice_browser::::::::				12.5\(1\)
cpe:2.3:o:cisco:unified_workforce_optimization::::::::				11.5\(1\)
cpe:2.3:o:cisco:unified_sip_proxy::::::::				10.2.1v2
cpe:2.3:o:cisco:unified_intelligence_center::::::::				12.6\(1\)
cpe:2.3:a:cisco:unified_customer_voice_portal::::::::				11.6
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise::::::::				11.6\(2\)
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service::::::::				11.5\(1\)
cpe:2.3:a:cisco:unified_communications_manager:::::session_management:::*				11.5\(1\)
cpe:2.3:a:cisco:unified_communications_manager:::::-:::*				11.5\(1\)
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)su3:::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::session_management:::
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\)::::-:::
cpe:2.3:a:cisco:paging_server::::::::				14.4.1
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1\):::::::*
cpe:2.3:a:cisco:packaged_contact_center_enterprise::::::::				11.6
cpe:2.3:a:cisco:enterprise_chat_and_email::::::::				12.0\(1\)
cpe:2.3:a:cisco:emergency_responder::::::::				11.5\(4\)
cpe:2.3:a:cisco:contact_center_management_portal::::::::				12.5\(1\)
cpe:2.3:a:cisco:contact_center_domain_manager::::::::				12.5\(1\)
cpe:2.3:a:cisco:cloud_connect::::::::				12.6\(1\)
cpe:2.3:a:cisco:broadworks::::::::				2021.11_1.162

Configuration10	or higher	or less	more than	less than
cpe:2.3:o:cisco:fxos:6.2.3:::::::*
cpe:2.3:o:cisco:fxos:6.3.0:::::::*
cpe:2.3:o:cisco:fxos:6.4.0:::::::*
cpe:2.3:o:cisco:fxos:6.5.0:::::::*
cpe:2.3:o:cisco:fxos:6.6.0:::::::*
cpe:2.3:o:cisco:fxos:6.7.0:::::::*
cpe:2.3:o:cisco:fxos:7.0.0:::::::*
cpe:2.3:o:cisco:fxos:7.1.0:::::::*

Configuration11	or higher	or less	more than	less than
cpe:2.3:a:cisco:prime_service_catalog:12.1:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:::::::*
cpe:2.3:a:cisco:webex_meetings_server:3.0:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:::::::*
cpe:2.3:a:cisco:webex_meetings_server:4.0:::::::*
cpe:2.3:a:cisco:unity_connection:11.5:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:::::::*
cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.3:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.6:::::::*
cpe:2.3:a:cisco:sd-wan_vmanage:20.5:::::::*
cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\(2\):::::::*
cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:::::::*
cpe:2.3:a:cisco:dna_spaces_connector:-:::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002\(001\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.002\(000\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.000\(001\):::::::*
cpe:2.3:a:cisco:unified_sip_proxy:010.000\(000\):::::::*
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(2\):-::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es02::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):es01::::::
cpe:2.3:a:cisco:unified_intelligence_center:12.6\(1\):-::::::
cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\(1\):::::::*
cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\(1\):::::::*
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):su1::::::
cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-::::::
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1.22900.6\):::::::*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:11.5\(1\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.22900.28\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.21900.40\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18900.97\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.18119.2\):::::::*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.17900.52\):::::::*
cpe:2.3:a:cisco:paging_server:9.1\(1\):::::::*
cpe:2.3:a:cisco:paging_server:9.0\(2\):::::::*
cpe:2.3:a:cisco:paging_server:9.0\(1\):::::::*