CB-K21/1283 Update 14
Risikostufe 4
Titel:Apache log4j: Schwachstelle ermöglicht CodeausführungDatum:12.01.2022Software:Apache log4j < 2.12.2, Apache log4j < 2.16.0, Amazon Linux 2, Debian Linux, HCL Domino, HCL Notes, IBM WebSphere Application Server, Red Hat Enterprise Linux, Ubuntu Linux, Apache Solr, Avaya Analytics, Avaya Aura Application Enablement Services, Avaya Aura Device Services, Avaya Aura Media Server, Avaya Aura Session Manager, Avaya Aura System Manager, Avaya Aura Web Gateway, Avaya Breeze Platform, Avaya Oceana, Avaya Session Border Controller, Cisco Emergency Responder (ER), Cisco Finesse, Cisco Firepower, Cisco Identity Services Engine (ISE), Cisco Integrated Management Controller, Cisco Network Services Orchestrator, Cisco Nexus, Cisco SD-WAN, Cisco Unified Communications Manager (CUCM), Cisco Unified Communications Manager IM & Presence Service, Cisco Unified Computing System (UCS), Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express (UCCX), Cisco Unified Intelligence Center, Cisco Unity Connection, Cisco Video Surveillance Operations Manager, Cisco WebEx Meetings Server, TIBCO Managed File Transfer Server, TIBCO Spotfire, TIBCO Spotfire Statistics Services, Unify OpenScape Contact Center, Unify OpenScape Mediaserver, Unify OpenScape UC Application, Unify OpenScape Voice, Citrix Systems Virtual Apps and Desktops, HCL Commerce, IBM MQ, Cisco Application Policy Infrastructure Controller, Cisco Unified Communications Manager (CUCM) Session Management Edition, IBM Security Guardium Insights, NetApp ActiveIQ Unified Manager, VMware Carbon Black Cloud Workload, VMware Cloud Director Object Storage Extension, VMware Cloud Foundation, VMware Horizon, VMware Identity Manager, VMware NSX Data Center for vSphere, VMware SD-WAN by VeloCloud, VMware vCenter Server, VMware vRealize Log Insight, VMware vRealize Operations, VMware vRealize Operations Cloud Proxy, VMware Workspace One Access, VMware Workspace One Access Connector, Apache log4j < 2.12.3, Apache log4j < 2.3.1, F-Secure Policy Manager, IBM DB2, IBM QRadar SIEM, IBM SPSS, IBM Tivoli Netcool/OMNIbus, Wibu-Systems CodeMeter, IBM Spectrum Protect, IBM Spectrum Scale, Dell Data Protection Advisor, EMC Avamar, EMC Data Domain, EMC Data Domain OS, IBM Security Guardium, IBM MQ Blockchain BridgePlattform:Applicance, CISCO Appliance, Hardware Appliance, Linux, Native Hypervisor, NetApp Appliance, Sonstiges, UNIX, WindowsAuswirkung:Ausführen beliebigen ProgrammcodesRemoteangriff:JaRisiko:hochCVE Liste:CVE-2021-45046Bezug:
Beschreibung
Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Code auszuführen.
Quellen:
- Apache Log4j Security Vulnerabilities vom 2021-12-13
- Lunasec Blog "Log4Shell Update" vom 2021-12-14
- HCL Article KB0095516 vom 2021-12-16
- Red Hat Security Advisory RHSA-2021:5148 vom 2021-12-16
- Ubuntu Security Notice USN-5197-1 vom 2021-12-15
- Red Hat Security Advisory RHSA-2021:5106 vom 2021-12-16
- Amazon Linux Security Advisory ALAS-2021-1730 vom 2021-12-16
- IBM Security Bulletin 6526750 vom 2021-12-16
- Debian Security Advisory DSA-5022 vom 2021-12-16
- CloudFlare Blog vom 2021-12-16
- Red Hat Security Advisory RHSA-2021:5186 vom 2021-12-17
- Cisco Security Advisory CISCO-SA-APACHE-LOG4J-QRUKNEBD vom 2021-12-17
- Red Hat Security Advisory RHSA-2021:5183 vom 2021-12-17
- Red Hat Security Advisory RHSA-2021:5184 vom 2021-12-17
- Red Hat Security Advisory RHSA-2021:5141 vom 2021-12-16
- Siemens Security Advisory SSA-714170 vom 2021-12-16
- Red Hat Security Advisory RHSA-2021:5107 vom 2021-12-16
- Log4j Vulnerabilities Impact On Oracle E-Business Suite Analysis
- Apache Log4j Security Vulnerabilities vom 2021-12-16
- Apache Log4j Security Vulnerabilities vom 2021-12-16
- Tibco Apache Log4J Vulnerability Daily Update
- Atos Security Advisory Report - OBSO-2112-01
- Avaya Product Security Apache Log4J Vulnerability vom 2021-12-17
- Amazon Linux Security Advisory ALAS-2021-1553 vom 2021-12-18
- Amazon Linux Security Advisory ALASCORRETTO8-2021-001 vom 2021-12-20
- IBM Security Bulletin 6527924 vom 2021-12-17
- Amazon Linux Security Advisory ALASJAVA-OPENJDK11-2021-001 vom 2021-12-20
- HCL Article KB0095587 vom 2021-12-17
- Citrix Security Advisory CTX335705 vom 2021-12-20
- Amazon Linux Security Advisory ALAS-2021-1731 vom 2021-12-18
- Amazon Linux Security Advisory ALAS-2021-004 vom 2021-12-18
- IBM Security Bulletin 6528372 vom 2021-12-21
- NetApp Security Advisory NTAP-20211215-0001 vom 2021-12-20
- Apache Log4j 2 Release Notes
- IBM Security Bulletin 6528672 vom 2021-12-22
- Incident Report for F-Secure services
- Apache Log4j2 Advisory
- IBM Security Bulletin 6529162 vom 2021-12-22
- IBM Security Bulletin 6536704 vom 2021-12-23
- IBM Security Bulletin 6536870 vom 2021-12-23
- IBM Security Bulletin 6536868 vom 2021-12-23
- WIBU Security Advisory WIBU-211215-01 vom 2021-12-23
- IBM Security Bulletin 6537184 vom 2021-12-27
- IBM Security Bulletin 6537182 vom 2021-12-27
- IBM Security Bulletin 6537186 vom 2021-12-27
- IBM Security Bulletin 6537142 vom 2021-12-25
- IBM Security Bulletin 6537180 vom 2021-12-27
- IBM Security Bulletin 6537212 vom 2021-12-28
- IBM Security Bulletin 6537240 vom 2021-12-28
- IBM Security Bulletin 6537748 vom 2021-12-31
- IBM Security Bulletin 6537636 vom 2022-01-04
- IBM Security Bulletin 6537634 vom 2022-01-04
- IBM Security Bulletin 6538396 vom 2022-01-06
- IBM Security Bulletin 6537642 vom 2022-01-06
- IBM Security Bulletin 6537640 vom 2022-01-06
- IBM Security Bulletin 6537644 vom 2022-01-07
- EMC Security Advisory DSA-2021-274 vom 2022-01-09
- EMC Security Advisory DSA-2021-309 vom 2022-01-09
- EMC Security Advisory DSA-2021-277 vom 2022-01-09
- HPE Security Bulletin HPESBGN04215 rev.10 vom 2022-01-08
- IBM Security Bulletin 6539408 vom 2022-01-11
- IBM Security Bulletin 6538896 vom 2022-01-12