9 - CVE-2021-45046

Executive Summary

Informations
Name	CVE-2021-45046	First vendor Publication	2021-12-14
Vendor	Cve	Last vendor Modification	2023-10-26

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Overall CVSS Score	9
Base Score	9	Environmental Score	9
impact SubScore	6	Temporal Score	9
Exploitabality Sub Score	2.2

Attack Vector	Network	Attack Complexity	High
Privileges Required	None	User Interaction	None
Scope	Changed	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score	5.1	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	High
Cvss Expoit Score	4.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache log4j cpe:2.3:a:apache:log4j:2.9.1:rc1:::::: cpe:2.3:a:apache:log4j:2.9.0:-:::::: cpe:2.3:a:apache:log4j:2.9.0:rc1:::::: cpe:2.3:a:apache:log4j:2.8.2:-:::::: cpe:2.3:a:apache:log4j:2.8.2:rc1:::::: cpe:2.3:a:apache:log4j:2.8.1:-:::::: cpe:2.3:a:apache:log4j:2.8.1:rc1:::::: cpe:2.3:a:apache:log4j:2.8:-:::::: cpe:2.3:a:apache:log4j:2.8:rc1:::::: cpe:2.3:a:apache:log4j:2.7:-:::::: cpe:2.3:a:apache:log4j:2.7:rc1:::::: cpe:2.3:a:apache:log4j:2.7:rc2:::::: cpe:2.3:a:apache:log4j:2.6.2:-:::::: cpe:2.3:a:apache:log4j:2.6.2:rc1:::::: cpe:2.3:a:apache:log4j:2.6.1:-:::::: cpe:2.3:a:apache:log4j:2.6.1:rc1:::::: cpe:2.3:a:apache:log4j:2.6:-:::::: cpe:2.3:a:apache:log4j:2.6:rc1:::::: cpe:2.3:a:apache:log4j:2.5:-:::::: cpe:2.3:a:apache:log4j:2.5:rc1:::::: cpe:2.3:a:apache:log4j:2.4.1:::::::* cpe:2.3:a:apache:log4j:2.4:::::::* cpe:2.3:a:apache:log4j:2.3:::::::* cpe:2.3:a:apache:log4j:2.2:::::::* cpe:2.3:a:apache:log4j:2.15.1:rc1:::::: cpe:2.3:a:apache:log4j:2.15.0:-:::::: cpe:2.3:a:apache:log4j:2.15.0:rc1:::::: cpe:2.3:a:apache:log4j:2.15.0:rc2:::::: cpe:2.3:a:apache:log4j:2.14.1:-:::::: cpe:2.3:a:apache:log4j:2.14.1:rc1:::::: cpe:2.3:a:apache:log4j:2.14.0:-:::::: cpe:2.3:a:apache:log4j:2.14.0:rc1:::::: cpe:2.3:a:apache:log4j:2.13.3:-:::::: cpe:2.3:a:apache:log4j:2.13.3:rc1:::::: cpe:2.3:a:apache:log4j:2.13.2:-:::::: cpe:2.3:a:apache:log4j:2.13.2:rc1:::::: cpe:2.3:a:apache:log4j:2.13.1:-:::::: cpe:2.3:a:apache:log4j:2.13.1:rc1:::::: cpe:2.3:a:apache:log4j:2.13.1:rc2:::::: cpe:2.3:a:apache:log4j:2.13.0:-:::::: cpe:2.3:a:apache:log4j:2.13.0:rc1:::::: cpe:2.3:a:apache:log4j:2.13.0:rc2:::::: cpe:2.3:a:apache:log4j:2.12.2:-:::::: cpe:2.3:a:apache:log4j:2.12.2:rc1:::::: cpe:2.3:a:apache:log4j:2.12.1:-:::::: cpe:2.3:a:apache:log4j:2.12.1:rc1:::::: cpe:2.3:a:apache:log4j:2.12.0:-:::::: cpe:2.3:a:apache:log4j:2.12.0:rc1:::::: cpe:2.3:a:apache:log4j:2.12.0:rc2:::::: cpe:2.3:a:apache:log4j:2.11.2:-:::::: cpe:2.3:a:apache:log4j:2.11.2:rc1:::::: cpe:2.3:a:apache:log4j:2.11.2:rc2:::::: cpe:2.3:a:apache:log4j:2.11.2:rc3:::::: cpe:2.3:a:apache:log4j:2.11.1:-:::::: cpe:2.3:a:apache:log4j:2.11.1:rc1:::::: cpe:2.3:a:apache:log4j:2.11.0:-:::::: cpe:2.3:a:apache:log4j:2.11.0:rc1:::::: cpe:2.3:a:apache:log4j:2.10.0:-:::::: cpe:2.3:a:apache:log4j:2.10.0:rc1:::::: cpe:2.3:a:apache:log4j:2.1:-:::::: cpe:2.3:a:apache:log4j:2.1:rc2:::::: cpe:2.3:a:apache:log4j:2.1:rc3:::::: cpe:2.3:a:apache:log4j:2.0.2:::::::* cpe:2.3:a:apache:log4j:2.0.1:::::::* cpe:2.3:a:apache:log4j:2.0:alpha2:::::: cpe:2.3:a:apache:log4j:2.0:beta1:::::: cpe:2.3:a:apache:log4j:2.0:beta2:::::: cpe:2.3:a:apache:log4j:2.0:beta3:::::: cpe:2.3:a:apache:log4j:2.0:beta5:::::: cpe:2.3:a:apache:log4j:2.0:alpha1:::::: cpe:2.3:a:apache:log4j:2.0:beta7:::::: cpe:2.3:a:apache:log4j:2.0:beta8:::::: cpe:2.3:a:apache:log4j:2.0:beta9:::::: cpe:2.3:a:apache:log4j:2.0:rc1:::::: cpe:2.3:a:apache:log4j:2.0:beta4:::::: cpe:2.3:a:apache:log4j:2.0:beta6:::::: cpe:2.3:a:apache:log4j:2.0:rc2:::::: cpe:2.3:a:apache:log4j:2.0:-:::::: cpe:2.3:a:apache:log4j:2.0:beta3-rc1:::::: cpe:2.3:a:apache:log4j:2.0:beta3-rc2:::::: cpe:2.3:a:apache:log4j:2.0:beta4-rc1:::::: cpe:2.3:a:apache:log4j:2.0:beta6-rc1:::::: cpe:2.3:a:apache:log4j:2.0:beta7-rc1:::::: cpe:2.3:a:apache:log4j:2.0:beta7-rc2:::::: cpe:2.3:a:apache:log4j:2.0:beta8-rc1:::::: cpe:2.3:a:apache:log4j:2.0:rc1-rc1:::::: cpe:2.3:a:apache:log4j:1.2:::::::* cpe:2.3:a:apache:log4j::::::::	88
Application	Intel Audio Development Kit cpe:2.3:a:intel:audio_development_kit:-:::::::*	1
Application	Intel Computer Vision Annotation Tool cpe:2.3:a:intel:computer_vision_annotation_tool:-:::::::*	1
Application	Intel Datacenter Manager cpe:2.3:a:intel:datacenter_manager:-:::::::*	1
Application	Intel Genomics Kernel Library cpe:2.3:a:intel:genomics_kernel_library:-:::::::*	1
Application	Intel Oneapi cpe:2.3:a:intel:oneapi:-:::::eclipse::	1
Application	Intel Secure Device Onboard cpe:2.3:a:intel:secure_device_onboard:-:::::::*	1
Application	Intel Sensor Solution Firmware Development Kit cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:::::::*	1
Application	Intel System Debugger cpe:2.3:a:intel:system_debugger:-:::::::*	1
Application	Intel System Studio cpe:2.3:a:intel:system_studio:-:::::::*	1
Application	Siemens Captial cpe:2.3:a:siemens:captial:2019.1:-:::::: cpe:2.3:a:siemens:captial:2019.1:sp1912:::::: cpe:2.3:a:siemens:captial::::::::	3
Application	Siemens Comos cpe:2.3:a:siemens:comos::::::::	1
Application	Siemens Desigo Cc Advanced Reports cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:::::::* cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:::::::* cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:::::::* cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:::::::* cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:::::::*	5
Application	Siemens Desigo Cc Info Center cpe:2.3:a:siemens:desigo_cc_info_center:5.1:::::::* cpe:2.3:a:siemens:desigo_cc_info_center:5.0:::::::*	2
Application	Siemens E-Car Operation Center cpe:2.3:a:siemens:e-car_operation_center::::::::	1
Application	Siemens Energy Engage cpe:2.3:a:siemens:energy_engage:3.1:::::::*	1
Application	Siemens Energyip cpe:2.3:a:siemens:energyip:9.0:::::::* cpe:2.3:a:siemens:energyip:8.7:::::::* cpe:2.3:a:siemens:energyip:8.6:::::::* cpe:2.3:a:siemens:energyip:8.5:::::::*	4
Application	Siemens Energyip Prepay cpe:2.3:a:siemens:energyip_prepay:3.8:::::::* cpe:2.3:a:siemens:energyip_prepay:3.7:::::::*	2
Application	Siemens Gma-Manager cpe:2.3:a:siemens:gma-manager::::::::	1
Application	Siemens Head-End System Universal Device Integration System cpe:2.3:a:siemens:head-end_system_universal_device_integration_system::::::::	1
Application	Siemens Industrial Edge Management cpe:2.3:a:siemens:industrial_edge_management::::::::	1
Application	Siemens Industrial Edge Management Hub cpe:2.3:a:siemens:industrial_edge_management_hub::::::::	1
Application	Siemens Logo! Soft Comfort cpe:2.3:a:siemens:logo!_soft_comfort::::::::	1
Application	Siemens Mendix cpe:2.3:a:siemens:mendix::::::::	1
Application	Siemens Mindsphere cpe:2.3:a:siemens:mindsphere::::::::	1
Application	Siemens Navigator cpe:2.3:a:siemens:navigator::::::::	1
Application	Siemens Nx cpe:2.3:a:siemens:nx::::::::	1
Application	Siemens Opcenter Intelligence cpe:2.3:a:siemens:opcenter_intelligence::::::::	1
Application	Siemens Operation Scheduler cpe:2.3:a:siemens:operation_scheduler::::::::	1
Application	Siemens Sentron Powermanager cpe:2.3:a:siemens:sentron_powermanager:4.2:::::::* cpe:2.3:a:siemens:sentron_powermanager:4.1:::::::*	2
Application	Siemens Siguard Dsa cpe:2.3:a:siemens:siguard_dsa:4.4:::::::* cpe:2.3:a:siemens:siguard_dsa:4.3:::::::* cpe:2.3:a:siemens:siguard_dsa:4.2:::::::*	3
Application	Siemens Sipass Integrated cpe:2.3:a:siemens:sipass_integrated:2.85:::::::* cpe:2.3:a:siemens:sipass_integrated:2.80:::::::*	2
Application	Siemens Siveillance Control Pro cpe:2.3:a:siemens:siveillance_control_pro::::::::	1
Application	Siemens Siveillance Identity cpe:2.3:a:siemens:siveillance_identity:1.6:::::::* cpe:2.3:a:siemens:siveillance_identity:1.5:::::::*	2
Application	Siemens Siveillance Vantage cpe:2.3:a:siemens:siveillance_vantage::::::::	1
Application	Siemens Siveillance Viewpoint cpe:2.3:a:siemens:siveillance_viewpoint::::::::	1
Application	Siemens Solid Edge Cam Pro cpe:2.3:a:siemens:solid_edge_cam_pro::::::::	1
Application	Siemens Solid Edge Harness Design cpe:2.3:a:siemens:solid_edge_harness_design:2020:::::::* cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:::::: cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:::::: cpe:2.3:a:siemens:solid_edge_harness_design::::::::	4
Application	Siemens Spectrum Power 4 cpe:2.3:a:siemens:spectrum_power_4:4.70:-:::::: cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:::::: cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:::::: cpe:2.3:a:siemens:spectrum_power_4:::::::: cpe:2.3:a:siemens:spectrum_power_4:-:::::::*	5
Application	Siemens Spectrum Power 7 cpe:2.3:a:siemens:spectrum_power_7:2.30:::::::* cpe:2.3:a:siemens:spectrum_power_7:2.30:-:::::: cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:::::: cpe:2.3:a:siemens:spectrum_power_7:::::::: cpe:2.3:a:siemens:spectrum_power_7:-:::::::*	5
Application	Siemens Teamcenter cpe:2.3:a:siemens:teamcenter::::::::	1
Application	Siemens Tracealertserverplus cpe:2.3:a:siemens:tracealertserverplus::::::::	1
Application	Siemens Vesys cpe:2.3:a:siemens:vesys:2019.1:::::::* cpe:2.3:a:siemens:vesys:2019.1:-:::::: cpe:2.3:a:siemens:vesys:2019.1:sp1912:::::: cpe:2.3:a:siemens:vesys:::::::: cpe:2.3:a:siemens:vesys:-:::::::*	5
Application	Siemens Xpedition Enterprise cpe:2.3:a:siemens:xpedition_enterprise:-:::::::*	1
Application	Siemens Xpedition Package Integrator cpe:2.3:a:siemens:xpedition_package_integrator:-:::::::*	1
Application	Sonicwall Email Security cpe:2.3:a:sonicwall:email_security:::::::: cpe:2.3:a:sonicwall:email_security::::::email_security_virtual_appliance::* cpe:2.3:a:sonicwall:email_security::::::windows::* cpe:2.3:a:sonicwall:email_security:-:::::::*	4
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:35:::::::* cpe:2.3:o:fedoraproject:fedora:34:::::::*	2
Os	Siemens Mindsphere cpe:2.3:o:siemens:mindsphere:::::cloud:::*	1
Os	Siemens Opcenter Intelligence cpe:2.3:o:siemens:opcenter_intelligence::::::::	1
Os	Siemens Operation Scheduler cpe:2.3:o:siemens:operation_scheduler::::::::	1

Sources (Detail)

Source	Url
CERT-VN	https://www.kb.cert.org/vuls/id/930724
CISCO	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
CONFIRM	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-006... https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
DEBIAN	https://www.debian.org/security/2021/dsa-5022
MISC	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora... https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora... https://logging.apache.org/log4j/2.x/security.html https://security.gentoo.org/glsa/202310-16 https://www.cve.org/CVERecord?id=CVE-2021-44228 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html
MLIST	http://www.openwall.com/lists/oss-security/2021/12/14/4 http://www.openwall.com/lists/oss-security/2021/12/15/3 http://www.openwall.com/lists/oss-security/2021/12/18/1
N/A	https://www.oracle.com/security-alerts/cpujul2022.html

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-10-26 13:28:12	Multiple Updates
2023-06-27 21:27:47	Multiple Updates
2023-06-27 00:27:35	Multiple Updates
2022-10-06 09:27:33	Multiple Updates
2022-07-26 00:29:42	Multiple Updates
2022-07-15 02:05:04	Multiple Updates
2022-04-21 21:23:11	Multiple Updates
2022-04-20 09:23:11	Multiple Updates
2022-02-19 09:23:29	Multiple Updates
2022-02-07 21:23:10	Multiple Updates
2021-12-27 09:23:05	Multiple Updates
2021-12-22 09:23:05	Multiple Updates
2021-12-21 05:22:57	Multiple Updates
2021-12-20 21:22:54	Multiple Updates
2021-12-20 17:22:54	Multiple Updates
2021-12-18 21:22:54	Multiple Updates
2021-12-18 13:22:53	Multiple Updates
2021-12-18 05:22:55	Multiple Updates
2021-12-17 05:22:53	Multiple Updates
2021-12-17 01:50:12	Multiple Updates
2021-12-17 01:50:11	Multiple Updates
2021-12-17 00:23:00	Multiple Updates
2021-12-16 17:22:52	Multiple Updates
2021-12-16 09:22:56	Multiple Updates
2021-12-16 01:51:46	Multiple Updates
2021-12-16 00:22:53	Multiple Updates
2021-12-15 21:22:54	Multiple Updates
2021-12-15 09:23:08	Multiple Updates
2021-12-15 00:22:52	First insertion

Global Informations

Type	Count
CPE ID(s)	174
Sources(s)	21

	Related
10	VU#930724
10	CVE-2021-44228
8.1	CVE-2021-4125
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

9 - CVE-2021-45046

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU