Navigation und Service

CB-K21/1283 Update 30

Risikostufe 4

Titel:Apache log4j: Schwachstelle ermöglicht CodeausführungDatum:04.04.2022Software:Apache log4j < 2.12.2, Apache log4j < 2.16.0, Amazon Linux 2, Debian Linux, HCL Domino, HCL Notes, IBM WebSphere Application Server, Red Hat Enterprise Linux, Ubuntu Linux, Apache Solr, Avaya Analytics, Avaya Aura Application Enablement Services, Avaya Aura Device Services, Avaya Aura Media Server, Avaya Aura Session Manager, Avaya Aura System Manager, Avaya Aura Web Gateway, Avaya Breeze Platform, Avaya Oceana, Avaya Session Border Controller, Cisco Emergency Responder (ER), Cisco Finesse, Cisco Firepower, Cisco Identity Services Engine (ISE), Cisco Integrated Management Controller, Cisco Network Services Orchestrator, Cisco Nexus, Cisco SD-WAN, Cisco Unified Communications Manager (CUCM), Cisco Unified Communications Manager IM & Presence Service, Cisco Unified Computing System (UCS), Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express (UCCX), Cisco Unified Intelligence Center, Cisco Unity Connection, Cisco Video Surveillance Operations Manager, Cisco WebEx Meetings Server, TIBCO Managed File Transfer Server, TIBCO Spotfire, TIBCO Spotfire Statistics Services, Unify OpenScape Contact Center, Unify OpenScape Mediaserver, Unify OpenScape UC Application, Unify OpenScape Voice, Citrix Systems Virtual Apps and Desktops, HCL Commerce, IBM MQ, Cisco Application Policy Infrastructure Controller, Cisco Unified Communications Manager (CUCM) Session Management Edition, IBM Security Guardium Insights, NetApp ActiveIQ Unified Manager, VMware Carbon Black Cloud Workload, VMware Cloud Director Object Storage Extension, VMware Cloud Foundation, VMware Horizon, VMware Identity Manager, VMware NSX Data Center for vSphere, VMware SD-WAN by VeloCloud, VMware vCenter Server, VMware vRealize Log Insight, VMware vRealize Operations, VMware vRealize Operations Cloud Proxy, VMware Workspace One Access, VMware Workspace One Access Connector, Apache log4j < 2.12.3, Apache log4j < 2.3.1, F-Secure Policy Manager, IBM DB2, IBM QRadar SIEM, IBM SPSS, IBM Tivoli Netcool/OMNIbus, Wibu-Systems CodeMeter, IBM Spectrum Protect, IBM Spectrum Scale, Dell Data Protection Advisor, EMC Avamar, EMC Data Domain, EMC Data Domain OS, IBM Security Guardium, IBM MQ Blockchain Bridge, Juniper Junos Space, SmartBear SoapUI, SOS GmbH JobScheduler, IBM Business Automation Workflow, IBM Rational Software Architect, IBM DB2 Big SQLPlattform:Applicance, CISCO Appliance, Hardware Appliance, Juniper Appliance, Linux, Native Hypervisor, NetApp Appliance, Sonstiges, UNIX, WindowsAuswirkung:Ausführen beliebigen ProgrammcodesRemoteangriff:JaRisiko:hochCVE Liste:CVE-2021-45046Bezug:

Beschreibung

Apache log4j ist ein Framework zum Loggen von Anwendungsmeldungen in Java.

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache log4j ausnutzen, um beliebigen Code auszuführen.

Quellen: