CB-K21/1264 Update 1

Titel:Apache log4j: Schwachstelle ermöglicht CodeausführungDatum:13.12.2021Software:Apache log4j < 2.15.0, Amazon Linux 2, Apache Kafka, Apache Solr, Apache Struts, Atlassian Bamboo, Atlassian Confluence, Atlassian Crucible, Atlassian Fisheye, Atlassian Jira Software, Cisco Identity Services Engine (ISE), Cisco Integrated Management Controller, Cisco Nexus Dashboard, Cisco SD-WAN vManage, Cisco Unified Communications Manager (CUCM) Cloud, Cisco Unified Computing System (UCS) Director, Cisco Unified Contact Center Enterprise, Cisco Unified Intelligent Contact Manager (ICM), Cisco Video Surveillance Operations Manager, Cisco WebEx Cloud-Connected UC, Cisco WebEx Meetings Server, Debian Linux, F-Secure Policy Manager, HCL Commerce, IBM WebSphere Application Server, Open Source Elasticsearch, Open Source LogStash, Red Hat JBoss A-MQ, Red Hat JBoss Enterprise Application Platform, Red Hat OpenShift, Red Hat OpenStack, Red Hat Process Automation Manager, RSA SecurID Authentication Manager, SOS GmbH JobScheduler, Splunk Splunk Enterprise, Symantec Endpoint Protection Manager, VMware Carbon Black Cloud Workload, VMware Horizon, VMware Identity Manager, VMware NSX Data Center for vSphere, VMware vCenter Server, VMware vRealize Log Insight, VMware vRealize Operations, VMware vRealize Suite Lifecycle Manager, VMware Workspace One Access, VMware Workspace One Access Connector, VMware Tanzu Spring BootPlattform:Applicance, CISCO Appliance, Hardware Appliance, Linux, Native Hypervisor, Sonstiges, UNIX, WindowsAuswirkung:Ausführen beliebigen ProgrammcodesRemoteangriff:JaRisiko:sehr hochCVE Liste:CVE-2021-44228Bezug:

Beschreibung

Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Programmcode auszuführen.

Quellen: