CB-K21/1264 Update 11

Risikostufe 5

Titel:Apache log4j: Schwachstelle ermöglicht CodeausführungDatum:28.12.2021Software:Apache log4j < 2.16.0, Amazon Linux 2, Apache Kafka, Apache Solr, Apache Struts, Atlassian Bamboo, Atlassian Confluence, Atlassian Crucible, Atlassian Fisheye, Atlassian Jira Software, Cisco Identity Services Engine (ISE), Cisco Integrated Management Controller, Cisco Nexus Dashboard, Cisco SD-WAN vManage, Cisco Unified Communications Manager (CUCM) Cloud, Cisco Unified Computing System (UCS) Director, Cisco Unified Contact Center Enterprise, Cisco Unified Intelligent Contact Manager (ICM), Cisco WebEx Cloud-Connected UC, Cisco WebEx Meetings Server, Debian Linux, F-Secure Policy Manager, IBM WebSphere Application Server, Open Source Elasticsearch, Open Source LogStash, Red Hat JBoss A-MQ, Red Hat JBoss Enterprise Application Platform, Red Hat OpenShift, Red Hat OpenStack, Red Hat Process Automation Manager, RSA SecurID Authentication Manager, SOS GmbH JobScheduler, Splunk Splunk Enterprise, Symantec Endpoint Protection Manager, VMware Carbon Black Cloud Workload, VMware Horizon, VMware Identity Manager, VMware NSX Data Center for vSphere, VMware vCenter Server, VMware vRealize Log Insight, VMware vRealize Operations, VMware vRealize Suite Lifecycle Manager, VMware Workspace One Access, VMware Workspace One Access Connector, VMware Tanzu Spring Boot, Cisco Emergency Responder (ER), Cisco Finesse, Cisco Firepower Dashboard, Cisco Unity Connection, Cisco Video Surveillance Operations Manager, Juniper Junos Space, Red Hat Enterprise Linux, Siemens SIMATIC WinCC < V7.4 SP1, Unify OpenScape UC Application < V10.3.10, IBM MQ 9.1, IBM MQ 9.2, IBM SPSS, QNAP NAS, Ubuntu Linux, Wibu-Systems CodeMeter, IBM DB2, IBM Security Guardium, IBM Spectrum Protect, SAP Software < 2.15.0, SUSE Linux, Atlassian Bitbucket, Avaya Analytics, Avaya Aura Application Enablement Services, Avaya Aura Device Services, Avaya Aura Media Server, Avaya Aura Session Manager, Avaya Aura System Manager, Avaya Aura Web Gateway, Avaya Breeze Platform, Avaya Oceana, Avaya Session Border Controller, Cisco Network Services Orchestrator, Cisco Nexus Insights, Cisco Unified Computing System (UCS) Central Software, Cisco Unified Contact Center Express (UCCX), Cisco Unified Intelligence Center, Hitachi Storage, IBM InfoSphere Information Server, PaloAlto Networks PAN-OS, Siemens SPPA-T3000, TIBCO Managed File Transfer Server, TIBCO Spotfire, TIBCO Spotfire Statistics Services, Unify OpenScape Contact Center, Unify OpenScape Mediaserver, Unify OpenScape Voice, Citrix Systems Virtual Apps and Desktops, HCL Commerce, IBM Business Automation Workflow, IBM Spectrum Scale, IBM Tivoli Monitoring, Cisco Application Policy Infrastructure Controller, Cisco Unified Communications Manager (CUCM) Session Management Edition, NetApp ActiveIQ Unified Manager, NetApp Data ONTAP Tools for VMware vSphere, VMware Cloud Director Object Storage Extension, VMware Cloud Foundation, VMware SD-WAN by VeloCloud, VMware vRealize Operations Cloud Proxy, HCL Domino, IBM Informix, IBM Tivoli Netcool/OMNIbusPlattform:Applicance, CISCO Appliance, Hardware Appliance, Linux, Native Hypervisor, NetApp Appliance, Sonstiges, UNIX, WindowsAuswirkung:Ausführen beliebigen ProgrammcodesRemoteangriff:JaRisiko:sehr hochCVE Liste:CVE-2021-44228Bezug:

Beschreibung

Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Programmcode auszuführen.

Navigation und Service

Unsere Top-Themen

Unsere Top-Themen

Unsere Top-Themen

Unsere Top-Themen

Suche

Häufig gesucht

CB-K21/1264 Update 11

Beschreibung

Quellen: