CB-K21/1297 Update 2
Risikostufe 3
Titel:Apache log4j: Schwachstelle ermöglicht Denial of ServiceDatum:22.12.2021Software:Apache log4j < 2.17.0, Cisco Emergency Responder (ER), Cisco Finesse, Cisco Firepower, Cisco Identity Services Engine (ISE), Cisco Integrated Management Controller, Cisco Network Services Orchestrator, Cisco Nexus Dashboard, Cisco Nexus Insights, Cisco SD-WAN vManage, Cisco Unified Communications Manager (CUCM), Cisco Unified Communications Manager IM & Presence Service, Cisco Unified Computing System (UCS), Cisco Unified Computing System (UCS) Director, Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express (UCCX), Cisco Unified Intelligence Center, Cisco Unity Connection, Cisco Video Surveillance Operations Manager, Cisco WebEx Workforce Optimization, Cisco WebEx Meetings Server, Citrix Systems Virtual Apps and Desktops, Debian Linux, Ubuntu Linux, Cisco Application Policy Infrastructure Controller, Cisco Unified Communications Manager (CUCM) Session Management Edition, Apache log4j < 2.12.3, Apache log4j < 2.3.1, IBM DB2Plattform:Windows, CISCO Appliance, Linux, MacOS X, Native Hypervisor, NetApp Appliance, Sonstiges, UNIXAuswirkung:Denial-of-ServiceRemoteangriff:JaRisiko:mittelCVE Liste:CVE-2021-45105Bezug:
Beschreibung
Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um einen Denial of Service Angriff durchzuführen.
Quellen:
- Apache Log4j Security Vulnerabilities vom 2021-12-17
- Ubuntu Security Notice USN-5203-1
- Debian Security Advisory DSA-5024-1
- Citrix Security Advisory CTX335705
- Cisco Security Advisory cisco-sa-apache-log4j-qRuKNEbd
- GitHub Security Advisory GHSA-P6XC-XR62-6R2G
- PoC
- NetApp Security Advisory NTAP-20211218-0001
- Siemens Security Advisory SSA-501673
- Cisco Security Advisory cisco-sa-apache-log4j-qRuKNEbd vom 2021-12-20
- Apache Log4j 2 Release Notes
- Apache Log4j2 Advisory
- IBM Security Bulletin 6528672 vom 2021-12-22