Navigation und Service

BSI - Bundesamt für Sicherheit in der Informationstechnik (Link zur Startseite)

CB-K21/1264 Update 4

Risikostufe 5

Titel:Apache log4j: Schwachstelle ermöglicht CodeausführungDatum:16.12.2021Software:Apache log4j < 2.15.0, Amazon Linux 2, Apache Kafka, Apache Solr, Apache Struts, Atlassian Bamboo, Atlassian Confluence, Atlassian Crucible, Atlassian Fisheye, Atlassian Jira Software, Cisco Identity Services Engine (ISE), Cisco Integrated Management Controller, Cisco Nexus Dashboard, Cisco SD-WAN vManage, Cisco Unified Communications Manager (CUCM) Cloud, Cisco Unified Computing System (UCS) Director, Cisco Unified Contact Center Enterprise, Cisco Unified Intelligent Contact Manager (ICM), Cisco WebEx Cloud-Connected UC, Cisco WebEx Meetings Server, Debian Linux, F-Secure Policy Manager, HCL Commerce, IBM WebSphere Application Server, Open Source Elasticsearch, Open Source LogStash, Red Hat JBoss A-MQ, Red Hat JBoss Enterprise Application Platform, Red Hat OpenShift, Red Hat OpenStack, Red Hat Process Automation Manager, RSA SecurID Authentication Manager, SOS GmbH JobScheduler, Splunk Splunk Enterprise, Symantec Endpoint Protection Manager, VMware Carbon Black Cloud Workload, VMware Horizon, VMware Identity Manager, VMware NSX Data Center for vSphere, VMware vCenter Server, VMware vRealize Log Insight, VMware vRealize Operations, VMware vRealize Suite Lifecycle Manager, VMware Workspace One Access, VMware Workspace One Access Connector, VMware Tanzu Spring Boot, Cisco Emergency Responder (ER), Cisco Finesse, Cisco Firepower Dashboard, Cisco Unity Connection, Cisco Video Surveillance Operations Manager, Juniper Junos Space, Red Hat Enterprise Linux, Siemens SIMATIC WinCC < V7.4 SP1, Unify OpenScape UC Application < V10.3.10, IBM MQ 9.1, IBM MQ 9.2, IBM SPSS, QNAP NAS, Ubuntu Linux, Wibu-Systems CodeMeter, IBM DB2, IBM Security Guardium, IBM Spectrum Protect, SAP Software < 2.15.0, SUSE LinuxPlattform:Applicance, CISCO Appliance, Hardware Appliance, Linux, Native Hypervisor, Sonstiges, UNIX, WindowsAuswirkung:Ausführen beliebigen ProgrammcodesRemoteangriff:JaRisiko:sehr hochCVE Liste:CVE-2021-44228Bezug:

Beschreibung

Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Programmcode auszuführen.

Quellen: