CB-K21/1317 Update 9

Titel:Apache log4j: Schwachstelle ermöglicht CodeausführungDatum:14.01.2022Software:Apache log4j < 2.12.4, Apache log4j < 2.17.1, Apache log4j < 2.3.2, Debian Linux, Apache Struts, IBM WebSphere Application Server, Cisco Application Policy Infrastructure Controller, Cisco Emergency Responder (ER) Director, Cisco Finesse Director, Cisco Firepower, Cisco Identity Services Engine (ISE), Cisco Integrated Management Controller Supervisor, Cisco Network Services Orchestrator, Cisco Nexus Dashboard, Cisco Nexus Insights, Cisco SD-WAN vManage, Cisco Unified Communications Manager (CUCM) Director, Cisco Unified Communications Manager IM & Presence Service Director, Cisco Unified Computing System (UCS), Cisco Unified Computing System (UCS) Director, Cisco Unified Contact Center Enterprise Director, Cisco Unified Contact Center Express (UCCX) Director, Cisco Unified Intelligence Center Director, Cisco Unity Connection Director, Cisco Video Surveillance Operations Manager Director, Cisco WebEx Meetings Server, HPE Intelligent Management Center (IMC), SOS GmbH JobScheduler, IBM Security Guardium, Ubuntu Linux, Red Hat Enterprise LinuxPlattform:CISCO Appliance, Linux, Sonstiges, UNIX, WindowsAuswirkung:Ausführen beliebigen ProgrammcodesRemoteangriff:JaRisiko:mittelCVE Liste:CVE-2021-44832Bezug:

Beschreibung

Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Programmcode auszuführen.

Quellen: