CVE-2021-45046

🗓️ 14 Dec 2021 16:55:09Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 1717 Views

Fix for CVE-2021-44228 in Apache Log4j 2.15.0 incomplete, allowing remote code execution via malicious input data. Log4j 2.16.0 and 2.12.2 remove support for message lookup patterns and disable JNDI functionalit

Reporter	Title	Published	Views	Family All 521
GithubExploit	Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware	17 Dec 202108:32	–	githubexploit
GithubExploit	Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware	13 Dec 202111:34	–	githubexploit
GithubExploit	Exploit for Expression Language Injection in Apache Log4J	20 Dec 202112:07	–	githubexploit
GithubExploit	Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware	13 Dec 202106:09	–	githubexploit
GithubExploit	Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware	13 Dec 202107:24	–	githubexploit
GithubExploit	Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware	29 Sep 202513:53	–	githubexploit
GithubExploit	Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware	13 Dec 202107:24	–	githubexploit
GithubExploit	Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware	20 Dec 202113:41	–	githubexploit
GithubExploit	Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware	22 Dec 202109:15	–	githubexploit
GithubExploit	Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware	13 Dec 202121:47	–	githubexploit

NVD

Vulners

Node

apache log4jRange2.0.1–2.12.2

apache log4jRange2.13.0–2.16.0

apache log4jMatch2.0-

apache log4jMatch2.0beta9

apache log4jMatch2.0rc1

apache log4jMatch2.0rc2

Node

cvat computer_vision_annotation_toolMatch-

intel audio_development_kitMatch-

intel datacenter_managerMatch-

intel genomics_kernel_libraryMatch-

intel oneapiMatch-eclipse

intel secure_device_onboardMatch-

intel sensor_solution_firmware_development_kitMatch-

intel system_debuggerMatch-

intel system_studioMatch-

Node

siemens sppa-t3000_ses3000_firmware

AND

siemens sppa-t3000_ses3000Match-

Node

siemens captialRange<2019.1

siemens captialMatch2019.1-

siemens captialMatch2019.1sp1912

siemens comos

siemens desigo_cc_advanced_reportsMatch4.0

siemens desigo_cc_advanced_reportsMatch4.1

siemens desigo_cc_advanced_reportsMatch4.2

siemens desigo_cc_advanced_reportsMatch5.0

siemens desigo_cc_advanced_reportsMatch5.1

siemens desigo_cc_info_centerMatch5.0

siemens desigo_cc_info_centerMatch5.1

siemens e-car_operation_centerRange<2021-12-13

siemens energy_engageMatch3.1

siemens energyipMatch8.5

siemens energyipMatch8.6

siemens energyipMatch8.7

siemens energyipMatch9.0

siemens energyip_prepayMatch3.7

siemens energyip_prepayMatch3.8

siemens gma-managerRange<8.6.2j-398

siemens head-end_system_universal_device_integration_system

siemens industrial_edge_management

siemens industrial_edge_management_hubRange<2021-12-13

siemens logo!_soft_comfort

siemens mendix

siemens mindsphereRange<2021-12-11

siemens navigatorRange<2021-12-13

siemens nx

siemens opcenter_intelligenceRange≤3.2

siemens operation_schedulerRange≤1.1.3

siemens sentron_powermanagerMatch4.1

siemens sentron_powermanagerMatch4.2

siemens siguard_dsaMatch4.2

siemens siguard_dsaMatch4.3

siemens siguard_dsaMatch4.4

siemens sipass_integratedMatch2.80

siemens sipass_integratedMatch2.85

siemens siveillance_commandRange≤4.16.2.1

siemens siveillance_control_pro

siemens siveillance_identityMatch1.5

siemens siveillance_identityMatch1.6

siemens siveillance_vantage

siemens siveillance_viewpoint

siemens solid_edge_cam_pro

siemens solid_edge_harness_designRange<2020

siemens solid_edge_harness_designMatch2020

siemens solid_edge_harness_designMatch2020-

siemens solid_edge_harness_designMatch2020sp2002

siemens spectrum_power_4Range<4.70

siemens spectrum_power_4Match4.70-

siemens spectrum_power_4Match4.70sp7

siemens spectrum_power_4Match4.70sp8

siemens spectrum_power_7Range<2.30

siemens spectrum_power_7Match2.30

siemens spectrum_power_7Match2.30-

siemens spectrum_power_7Match2.30sp2

siemens teamcenter

siemens tracealertserverplus

siemens vesysRange<2019.1

siemens vesysMatch2019.1

siemens vesysMatch2019.1-

siemens vesysMatch2019.1sp1912

siemens xpedition_enterpriseMatch-

siemens xpedition_package_integratorMatch-

Node

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

sonicwall email_securityRange<10.0.12

Node

fedoraproject fedoraMatch34

fedoraproject fedoraMatch35

Node

siemens 6bk1602-0aa12-0tp0Match-

AND

siemens 6bk1602-0aa12-0tp0_firmwareRange<2.7.0

Node

siemens 6bk1602-0aa22-0tp0Match-

AND

siemens 6bk1602-0aa22-0tp0_firmwareRange<2.7.0

Node

siemens 6bk1602-0aa32-0tp0Match-

AND

siemens 6bk1602-0aa32-0tp0_firmwareRange<2.7.0

Node

siemens 6bk1602-0aa42-0tp0Match-

AND

siemens 6bk1602-0aa42-0tp0_firmwareRange<2.7.0

Node

siemens 6bk1602-0aa52-0tp0Match-

AND

siemens 6bk1602-0aa52-0tp0_firmwareRange<2.7.0

[
  {
    "product": "Apache Log4j",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "2.16.0",
        "status": "affected",
        "version": "Apache Log4j2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
cve	www.cve.org/CVERecord
oracle	www.oracle.com/security-alerts/alert-cve-2021-44228.html
openwall	www.openwall.com/lists/oss-security/2021/12/14/4
openwall	www.openwall.com/lists/oss-security/2021/12/18/1
intel	www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
oracle	www.oracle.com/security-alerts/cpujan2022.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032