CB-K21/1283 Update 3
Risikostufe 4
Titel:Apache log4j: Schwachstelle ermöglicht CodeausführungDatum:20.12.2021Software:Apache log4j < 2.12.2, Apache log4j < 2.16.0, Amazon Linux 2, Debian Linux, HCL Domino, HCL Notes, IBM WebSphere Application Server, Red Hat Enterprise Linux, Ubuntu Linux, Apache Solr, Avaya Analytics, Avaya Aura Application Enablement Services, Avaya Aura Device Services, Avaya Aura Media Server, Avaya Aura Session Manager, Avaya Aura System Manager, Avaya Aura Web Gateway, Avaya Breeze Platform, Avaya Oceana, Avaya Session Border Controller, Cisco Emergency Responder (ER), Cisco Finesse, Cisco Firepower, Cisco Identity Services Engine (ISE), Cisco Integrated Management Controller, Cisco Network Services Orchestrator, Cisco Nexus, Cisco SD-WAN, Cisco Unified Communications Manager (CUCM), Cisco Unified Communications Manager IM & Presence Service, Cisco Unified Computing System (UCS), Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express (UCCX), Cisco Unified Intelligence Center, Cisco Unity Connection, Cisco Video Surveillance Operations Manager, Cisco WebEx Meetings Server, TIBCO Managed File Transfer Server, TIBCO Spotfire, TIBCO Spotfire Statistics Services, Unify OpenScape Contact Center, Unify OpenScape Mediaserver, Unify OpenScape UC Application, Unify OpenScape Voice, Citrix Systems Virtual Apps and Desktops, HCL Commerce, IBM MQPlattform:Applicance, CISCO Appliance, Hardware Appliance, Linux, Sonstiges, UNIX, WindowsAuswirkung:Ausführen beliebigen ProgrammcodesRemoteangriff:JaRisiko:hochCVE Liste:CVE-2021-45046Bezug:
Beschreibung
Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Code auszuführen.
Quellen:
- Apache Log4j Security Vulnerabilities vom 2021-12-13
- Lunasec Blog "Log4Shell Update" vom 2021-12-14
- HCL Article KB0095516 vom 2021-12-16
- Red Hat Security Advisory RHSA-2021:5148 vom 2021-12-16
- Ubuntu Security Notice USN-5197-1 vom 2021-12-15
- Red Hat Security Advisory RHSA-2021:5106 vom 2021-12-16
- Amazon Linux Security Advisory ALAS-2021-1730 vom 2021-12-16
- IBM Security Bulletin 6526750 vom 2021-12-16
- Debian Security Advisory DSA-5022 vom 2021-12-16
- CloudFlare Blog vom 2021-12-16
- Red Hat Security Advisory RHSA-2021:5186 vom 2021-12-17
- Cisco Security Advisory CISCO-SA-APACHE-LOG4J-QRUKNEBD vom 2021-12-17
- Red Hat Security Advisory RHSA-2021:5183 vom 2021-12-17
- Red Hat Security Advisory RHSA-2021:5184 vom 2021-12-17
- Red Hat Security Advisory RHSA-2021:5141 vom 2021-12-16
- Siemens Security Advisory SSA-714170 vom 2021-12-16
- Red Hat Security Advisory RHSA-2021:5107 vom 2021-12-16
- Log4j Vulnerabilities Impact On Oracle E-Business Suite Analysis
- Apache Log4j Security Vulnerabilities vom 2021-12-16
- Apache Log4j Security Vulnerabilities vom 2021-12-16
- Tibco Apache Log4J Vulnerability Daily Update
- Atos Security Advisory Report - OBSO-2112-01
- Avaya Product Security Apache Log4J Vulnerability vom 2021-12-17
- Amazon Linux Security Advisory ALAS-2021-1553 vom 2021-12-18
- Amazon Linux Security Advisory ALASCORRETTO8-2021-001 vom 2021-12-20
- IBM Security Bulletin 6527924 vom 2021-12-17
- Amazon Linux Security Advisory ALASJAVA-OPENJDK11-2021-001 vom 2021-12-20
- HCL Article KB0095587 vom 2021-12-17
- Citrix Security Advisory CTX335705 vom 2021-12-20
- Amazon Linux Security Advisory ALAS-2021-1731 vom 2021-12-18
- Amazon Linux Security Advisory ALAS-2021-004 vom 2021-12-18