Oracle MySQL Enterprise Monitor (Apr 2022 CPU)

2022-04-20T00:00:00

Description

The version of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Log4j)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. (CVE-2022-23305) - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Framework)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. (CVE-2022-22965) - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. (CVE-2021-42340) - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Framework)). Supported versions that are affected are 8.0.29 and prior. The patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. (CVE-2022-22968) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "MYSQL_ENTERPRISE_MONITOR_8_0_30.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle MySQL Enterprise Monitor (Apr 2022 CPU)", "description": "The version of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory.\n\n - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Log4j)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. (CVE-2022-23305)\n\n - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Framework)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. (CVE-2022-22965)\n\n - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. (CVE-2021-42340)\n\n - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Framework)). Supported versions that are affected are 8.0.29 and prior. The patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. (CVE-2022-22968)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-04-20T00:00:00", "modified": "2023-04-20T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/159917", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184", "https://www.oracle.com/docs/tech/security-alerts/cpuapr2022cvrf.xml", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22968", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778", "https://www.oracle.com/security-alerts/cpuapr2022.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23181"], "cvelist": ["CVE-2021-41184", "CVE-2021-42340", "CVE-2021-44832", "CVE-2022-0778", "CVE-2022-22965", "CVE-2022-22968", "CVE-2022-23181", "CVE-2022-23305"], "immutableFields": [], "lastseen": "2023-07-06T14:57:50", "viewCount": 55, "enchantments": {"score": {"value": 8.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY35.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2022:0290", "ALSA-2022:1065", "ALSA-2022:5326"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-0778"]}, {"type": "altlinux", "idList": ["2E3004A50A511D456BFC8F01DA1B9584", "39CFFB87AFC9A591CD6C901CBB002174", "462FD49112FE85163EF025EFB6E6CCFC", "4636D2B913915197381B9E5A8DFDA814", "A53966B4C9ED4C2C9B5D5AAE3C9142B6", "B0664AAC61BC569C35AA9EED702C667A", "B85C8F73B16A47F96ABD5E5F7F645891", "DC52777AA2FD41A330B63B883159C7F5"]}, {"type": "amazon", "idList": ["ALAS-2021-1546", "ALAS-2022-1572", "ALAS-2022-1575", "ALAS-2023-1718", "ALAS2-2022-1734", "ALAS2-2022-1750", "ALAS2-2022-1766"]}, {"type": "apple", "idList": ["APPLE:63CA0F4232480C58A7826938831F5D5B", "APPLE:9A4969F10DDA950938D09FB74CC40FF8", "APPLE:E82A2A3D978FD519CBF58A36F587B070"]}, {"type": "arista", "idList": ["ARISTA:0070", "ARISTA:0075"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-72609", "ATLASSIAN:JRASERVER-72914", "BAM-21603", "BAM-21696", "BAM-21697", "CONFSERVER-78991", "CWD-5802", "FE-7400", "JRASERVER-70993", "JRASERVER-72609", "JRASERVER-72914", "JRASERVER-73070", "JRASERVER-73223", "JRASERVER-73739", "JRASERVER-73885"]}, {"type": "attackerkb", "idList": ["AKB:353D9D87-631E-4F2A-B130-5678B79BBCB4", "AKB:3F7EB772-577A-4EE4-BCBB-6DA9F0EC50F6", "AKB:F4BF02AE-B090-4307-89AA-47E57C92EC8F"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987", "AVLEONOV:D75470B5417CEFEE479C9D8FAE754F1C"]}, {"type": "broadcom", "idList": ["BSA-2021-1658"]}, {"type": "centos", "idList": ["CESA-2022:0442", "CESA-2022:1066"]}, {"type": "cert", "idList": ["VU:970766"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-1011", "CPAI-2021-1288", "CPAI-2022-0088", "CPAI-2022-0104"]}, {"type": "checkpoint_security", "idList": ["CPS:SK176865", "CPS:SK178411", "CPS:SK178605", "CPS:SK179649"]}, {"type": "cisa", "idList": ["CISA:6CCB59AFE6C3747D79017EDD3CC21673", "CISA:BD324839F36411F4FA7E1148D119E368", "CISA:FE8DC06D4609CF6B91DE778FC96E4ECD"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2022-22965"]}, {"type": "cisco", "idList": ["CISCO-SA-APACHE-LOG4J-QRUKNEBD", "CISCO-SA-JAVA-SPRING-RCE-ZX9GUC67"]}, {"type": "citrix", "idList": ["CTX335705"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:451456E80A3A64E506E6D4333659CD7B", "CFOUNDRY:70F6C83FE70C685FC734A73A63029F17", "CFOUNDRY:D24EF96EB1845EA8878001F85C1C2C75"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1643918500", "CLSA-2022:1647550273"]}, {"type": "cnvd", "idList": ["CNVD-2021-83785", "CNVD-2022-08354", "CNVD-2022-08370", "CNVD-2022-68614"]}, {"type": "cve", "idList": ["CVE-2021-41184", "CVE-2021-42340", "CVE-2021-44832", "CVE-2022-0778", "CVE-2022-22965", "CVE-2022-22968", "CVE-2022-23181", "CVE-2022-23305"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2870-1:54673", "DEBIAN:DLA-2905-1:3AD13", "DEBIAN:DLA-2952-1:7651B", "DEBIAN:DLA-2953-1:551CB", "DEBIAN:DLA-3160-1:77FDA", "DEBIAN:DLA-3230-1:233EC", "DEBIAN:DSA-5009-1:0CE0C", "DEBIAN:DSA-5103-1:C47DD", "DEBIAN:DSA-5265-1:55805"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-41184", "DEBIANCVE:CVE-2021-42340", "DEBIANCVE:CVE-2021-44832", "DEBIANCVE:CVE-2022-0778", "DEBIANCVE:CVE-2022-22965", "DEBIANCVE:CVE-2022-22968", "DEBIANCVE:CVE-2022-23181", "DEBIANCVE:CVE-2022-23305"]}, {"type": "drupal", "idList": ["DRUPAL-SA-CORE-2022-001"]}, {"type": "f5", "idList": ["F5:K11510688", "F5:K14122652", "F5:K28409053", "F5:K31323265", "F5:K34002344", "F5:K35802610", "F5:K50455702", "F5:K70052353", "F5:K97120268"]}, {"type": "fedora", "idList": ["FEDORA:33F853184440", "FEDORA:5B9703257D9C", "FEDORA:659033221693", "FEDORA:7DC2630AEB07", "FEDORA:81628313BD04", "FEDORA:978EE3068B61", "FEDORA:9A9A730B7020", "FEDORA:B95F63083D20", "FEDORA:D4D0A3067095", "FEDORA:E468830AF07B", "FEDORA:EA85730AFE74"]}, {"type": "fortinet", "idList": ["FG-IR-21-116", "FG-IR-22-059", "FG-IR-22-072"]}, {"type": "freebsd", "idList": ["27C822A0-ADDC-11ED-A9EE-DCA632B19F10", "ADD683BE-BD76-11EC-A06F-D4C9EF517024", "EA05C456-A4FD-11EC-90DE-1C697AA5A594"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-22:03.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-202208-34", "GLSA-202210-02"]}, {"type": "github", "idList": ["GHSA-36P3-WJMG-H94X", "GHSA-65FG-84F6-3JQ3", "GHSA-8489-44MV-GGJ8", "GHSA-9F3J-PM6F-9FM5", "GHSA-G5MM-VMX4-3RG7", "GHSA-GPQQ-952Q-5327", "GHSA-V57X-GXFJ-484Q", "GHSA-WPH7-X527-W3H5", "GHSA-X3MH-JVJW-3XWX", "GITHUB:070AFCDE1A9C584654244E41373D86D8"]}, {"type": "githubexploit", "idList": ["0018F9FA-176E-52D1-B790-5C67C302BC74", "00F5B330-30A9-5854-B811-41A3DCE5A4F8", "0126EBDA-4ED9-50FA-BDE5-873011FCD9B6", "02390955-9697-5950-8297-164CBB7695F0", "0273F07C-E2F1-5454-85F6-6B58CCA854A3", "0C866B2A-86E3-5C5A-AA62-622683A9A0DA", "0DAD2A7F-FA26-53F7-AB9D-7850BD9C666E", "0E679B3E-C2C3-5C8B-94E1-FC6EDCBB08F0", "16067E19-368D-5FF5-895D-9BA9E14921CE", "17C63238-7AC4-5195-8FAC-88F0AB4E8F77", "18E406F3-7737-558F-9993-BD12421447B4", "1F4670D2-70D1-5F68-B5BB-2674FB754D26", "215EF040-369B-5FBF-A9F5-F81833E29553", "21FA1164-A4AD-57B4-8CFE-6B9B5EE9D199", "2A4F88C2-35A7-5185-ABC0-90D0A5396D8F", "2AF7350D-AB79-5AB5-8AF9-0F351CE13D30", "2DA0FD9C-9E20-5C51-A357-EB46391407F7", "342CC1B7-6E24-5767-A7B1-90B95A91B503", "36B8C1D8-41AC-5238-B870-2254AE996A4C", "38D4A58E-3B24-5D5E-AE07-5568C6A571C4", "397046C4-338E-5CCC-AD0A-687CA3551B7C", "3B4FEC21-04C2-5299-BFD8-3F9AA518E694", "3DB87825-2C58-5ABC-8BA3-E1CB80AFB11E", "402AA694-D65B-59F0-9CAC-8D4AA40893B4", "40B1BD3D-722E-5B72-A0D3-98A5729214D3", "44463794-7940-582A-AFFF-676628A86A72", "52AD8D8E-65ED-5B49-A85D-202C43107E6B", "54E7D93D-9216-5EDE-A4AD-8324A367E67B", "552E4AC2-693D-5E49-B56E-E5473F4241E9", "588C33E5-7CDF-5EC7-9294-74B308DC6535", "5D705C67-17AA-5E5C-A72D-A1ED6F4DEDA7", "608612F7-69E9-5491-B453-5DE098B798CA", "661FCFFE-E5C3-5CF9-9CD5-68869CEDED1E", "66903BCE-DCE3-5FB9-B078-75CC2AD46662", "679F3E9E-1555-5391-86FF-CD3D67D80BDD", "69C8078C-1B8D-5B51-8951-4342A675A93D", "6A9484BA-BE10-5232-91F4-678892E7E6DD", "6D93189D-E2D8-5571-88D5-D778E1CB9C23", "6E5C078B-B2FA-520B-964A-D7055FD4EB0A", "701F758F-BBA0-582C-AE23-AA3C515F6A9F", "75235F83-D7F4-570F-B966-72159CCBA5CB", "7883CC8E-9B35-5C0F-AE2E-271FAC17648B", "79D5BEFA-C5B9-56B6-B78E-4C663DB2A6C9", "7B3BB597-E614-57D3-8CDF-2091D33EB709", "7B9BDDBA-81E8-5739-B3F7-419C0D6E2316", "7D29AFE9-2E1C-597D-80A3-49E03F52D903", "81DFF6A6-4518-543A-B06C-E7A6466ACB88", "85BCA050-E6D6-55FF-A843-F49E52F30346", "866A8BD8-7D36-53DA-AA66-A0064438E2A5", "89B78640-ACE2-5A00-845E-1CEFFFDD4A2E", "8AE63777-720A-5FEB-9A8B-B7A6577008DA", "915DAB75-3A6F-57CC-824E-106D6ACD652D", "91C0D03D-8468-59A7-B3B7-F6B118A62FFB", "9529CA86-8F3A-503D-9D02-94AC19D0CDD4", "9538B7BA-979F-523C-9913-4FE62CF77C5C", "9762BA59-813F-50C2-94CB-842DFAE750D5", "9B3AD93D-3EB7-516A-8F64-439D6260F866", "A0648F78-7165-5CA8-82DC-B34350E2DDC6", "A6262D7C-E486-57FA-BFE3-D7774CB085C9", "A8866ED4-A944-571F-8135-6138A2E9B568", "AE9F0F3B-00DE-5B73-87A1-BA592FA6E616", "AF11EF27-730D-5BA1-8B1D-7676A6FFCEAF", "B0EA173F-FDE3-5401-BE03-BEF429622CF2", "B158F1AE-13DF-5F49-88D5-73B5B6183926", "B71645C4-F039-552B-A3E1-C7376EB2DF53", "C4EB8052-6E91-5327-87BE-51E8490B0A4E", "C6653FFB-B7A6-54D8-83C9-300A13AC41F4", "C68080B0-3163-5E76-AD65-2B454DBB95EE", "C76F7089-967B-5A7F-B8DA-629452876A2A", "C772DCBB-20D0-51DD-A580-F96689E65773", "CAD3F237-9F09-5818-ADE3-DF36E8350D41", "CB56CEFA-343E-5B20-9D5B-C076205FBF6F", "CFF7A226-3523-52E0-8A6C-0D0E6A7BEBD6", "D088978F-AFD3-56B5-A461-39DCB022A11E", "D09EAEC3-7B66-5E76-BF91-64C048C7D58D", "D30073F4-9BB7-54D9-A5F6-DCCA5A005D4D", "DECBAC7B-9235-5E00-81C1-142CD41306FB", "DF61600D-38EB-5DD1-862B-290A1B4D1019", "EA9501F7-CC4E-5C60-ACF3-F636E7F54C6F", "EBD1ED76-3887-570C-86DD-EC9C7ADB1880", "EE4B4CDB-5690-556D-9581-E198CF03A9BE", "EF55EC2D-994E-5971-8941-B595536F5992", "F09161EA-B10D-5DBF-B548-6F9BE7EE20B2", "F46FFDD3-4C3B-5BD6-A69D-43F2CA80D469", "FACAC290-D83E-5B87-B534-640F9C566696", "FF4B608A-EAF3-5EFC-921B-248F48F14720"]}, {"type": "hivepro", "idList": ["HIVEPRO:0D02D133141B167E9F03F4AC4CA5579A", "HIVEPRO:205916945365E4C9EB9829951A82295A", "HIVEPRO:21EBEC4DE35422B57481E3DF94E6EA07", "HIVEPRO:41D5BC8D50B4CA10D9CCDA18E6528C27", "HIVEPRO:9C6CEB2A89436A8E8258183E6D6830FB", "HIVEPRO:B772F2F7B4C9AE8452D1197E2E240204", "HIVEPRO:C037186E3B2166871D34825A7A6719EE"]}, {"type": "huntr", "idList": ["82B8FEB2-2ADB-4D99-9AAF-3D5BEE80B19A"]}, {"type": "ibm", "idList": ["014D42A4B1AF0BC556DD624E07D6BCF5E9F2F23FCE02471BB3F58278DF2FF765", "022A2D60DD1C4A293CF52F8F73A53B3FC2E53AEC5EA7FFEDF9C4763EF2B5B80A", "0402EC8AB4EAC3CD4AE3D765E8C24F6683BD7CA1335A81B6D3B0950A4801A470", "0465751AC2B09E6749CD032D525B17660008B7BDE693E1A430E27B2E32A33438", "05BBDE1FB03AC43275CE3464D408E5E21E63D250E7B0CF0E90D314FBD5991752", "07FEC8A129A779FAB145D3092FB4D733884D03DF23AA13470BF539F0AAE36C84", "0873F460B0C56BEFFB7C20248A3B9104F79891FA48CE8B004739684341A51D1D", "08803B708D4CA95FF8DD68A4DE7FBE7DEAA67387194E25D8CD693B135E7332D9", "08FF14BF18D2D8DEA2BCD9900A4BED9C481C9700F7CF99B6CD1B3F7EDA9C3865", "091D253C3C5F4EDDB1A7482046BA793909C45D2702BF1CCF8D674C8DF0ACEA59", "0A02CE8F8480935E6DF427BB57D104E85B5FC8B8CBB9B30D41DA61284FC0C04F", "0B878F5D9824E894676260088D1B44F3EEACB4DFCA20BC99A6BB6ECFC75A7972", "0CF13F8FB4FD77C6593C265FA8F397D0C4324FC1F07F86C436B4937E98B25DBF", "0D85E5287523B83245752DC2E09287130E098DCDD6446DA2E1DF6BC26D74E767", "102DE7B07E2C763A08E3117F8BAFADC95832E666C453110C7D4275D703394EF5", "12D6D8D7F99A3B7D0C4D8EF9EACD0CBFC5BFAF207DEEAB323ECC16AD5DD105C4", "14108283F9157C4F2A38313CFBD3F47CFDC207CBE84809E04B7E197DA546B8D3", "1827A1B8985F4A2B91EE262D4C17EF01B71CFEA86DB0A386BD1C1B098E2F4B69", "1841E92577ACD6AADDBB49C1995A398D151CBC9679F1BA2B9C77425F2E40A55C", "18A47CF24DAFF468D1B3E48E56A7C723BAAB5077F0C1ED2DC22653DD05320A38", "19E6F6BF59A10C956F5C8D810D4B516674147E88F5FC3EC5B22031456700CB08", "19FC2C39014EED648C0A6D9F7F9D260C28D73DE658FD34F4EEC23ABD59034BC8", "1A98F50E1E735698FFAC4C9A1C23F5B7F50E375BE7EE85508BB03FE656980855", "1D0962C2DB9E45A67BD8161410DDF953960E39C9E80BC2FCF317962372317FA7", "1D375703477B8434B33880D4C2BC54C4F52207A530C550AD113F53DC33F805E9", "1DC1593D1836D1525D6F440ACE74DA3A15D40CF4DB29276718503CD58BB74D54", "1E8EB664DDC627C3309FB200921E9D61D835AF04A5F675805F93C64918337FD4", "1FEF4B25F870CF814735A38118457F007D958810ADCF7C8C553468619FF1337F", "226444D26451741A120880149A9CA946711043C9063C8B5E2B0A7FB4B06432D9", "22F3632F9800C8C7D12EDA0C85AC627F2AABCAA068D310065EEF12F9F4A345C4", "23258712AF0C6FF3D199FB0C84691351D550E3A4E86DEF3F1A107BF53AC16647", "23980F37EDFBF5DFA892E9152EBD5E349FBE79FB2A858C312C9DC9251022F872", "24164D63138835E26730B5EFF1F67A08E2F3A742BD391B31B667B1309546FC6C", "256D7977365CD514F903FC0D0240FD89D47444B078D35EB3DA4DD54AAC8C8661", "28932A2B46E12EA86EB64762E53A114C7EAE97254E4818FFBB7E3706DCBD4C0F", "28AF07FA415EFB4C0600E47198E77EFE267BF4907EB58703528CAAFC4FB07FDE", "2A7A7E36601C6E4D31E8BA0D7AAC60D5687103E89CE9D3C6A19F73E786347129", "2BE1B762E9F077419A696E0C1B88E2D3F236BE3549BFC2182468480E071BF032", "2F4BAE09DDC968B54378720622CC42A34228109494DD0EADFC1A7F899DBA0F6A", "2F810DF5129E61B7AECC07F3698A4E88FEDD4A1E7CA3A999FA93E04C4733C72C", "2FB703AAD3FC5C2BE7EED7EC7E69FEBE209E6C70177FEA76C552605DF83D85ED", "30495EE9B3C48AB51AC589D2A5956D977474A3BCCB9A67B54801DEE7685C5573", "3092B1C0BAC8BA0F65979D37C5545C23B95C45DF35290A26827618ACF0E8B4E8", "30E9FB4250193CA2C5AB02F5095C96F34F2044E06280324E18E38EEFD7C1490E", "32A60A9C1BA6A62100EB71CDFA36BDD4A97E492CAF4EC2F477EF0C0B4B0BBA9B", "364F8FB9BA353F400B4546D33999F70FA4F7E3F35D42B5932DC73C08163112D3", "3669E45D7FE2AA83192FF44FAA60FB349B5D39469F2B30F7D69463B2868B4908", "370CF55655D0DCE5B827E549AA74D877B1D4BA2D531AAEFFDF0A6CA27218326F", "37DEA24D462A4FBAFF5F635701ADD4D7975920B040324F41A7D2C11D55FA659E", "37E104987DDBCB98288C981D0121D7E0E9C8345C5AF2BCE774DAAE155427E747", "37EB0FBFC18EAA8CBA405BA4A0486007287891F661D591E70F8DFD893065763F", "39D96B14EB572D15D163E89AF8FFEB5DBC072EF6E833A83F8DA3B89A5DBB7F82", "3A9B55763C1C0473228A4D4C82FC501C0EAAF3C51E020F75A80CE6CD65CC662F", "3AAC421D0DF5831B3220FCCBA6EA78CC01A191BC68D1B4BF16F97C53C8358B64", "3B5CA39475D73EB1F673FE6D208449037B7B188E0C5761C0C18099C77DD55CC2", "3D44B41FEB67A37C1F1602DF3E14EAB1A680D6DE2E68AAD59DBA34352E7EEAF6", "3F14338CF5893CE4D24AD3EA652BF863BF887AD4702C8D62827FAF3B7BA35B48", "40793F706E8E7D40E73D53F66523BA8AE8718C40C00FCEF117CE8DEAC4566FD6", "42E2A358194D10969A587E1619263DAF26CB9ED7B107D2DF24882326792073A6", "4392547B785774FE9AE5A632B4118A241B21ACF551AB83B4051CA1A5B728E58F", "4395DB4E66F99889DAFD2A4877F5DD63D932E1BAF718AD9DFD8050BE89AE7B39", "46D17052F3251C0B3D153FDD5D0771739B636DF3179C7B0E07B10BDA68CED334", "4AB0975E08BC56107FE408EAB5B5BE88E706B439236C7F566A37398C9C1E0CCB", "4AD144393663479BB64C875B7B04C97712BE791D19F2EDC082CA6236DF4F9F71", "4AF3DEB82989B4E6746A3E3F13D975DBE8BF4FDB968286C60FFA2743AA829CC4", "4AF3F2925FA2FAC4247303F748E1EABFA2DFEF4045F7C3DA1E06B8C833F40639", "4C10A98BEE68D0B96F2823756EDF99AFABFD6558C7AACA794EB853BCFD69F5B6", "4C79E288BC340613D1B1B84DD16C4C5D8F508A64A400E10BDCB88A06FA574EDF", "5303EB56B374789D2F25DD42CDE200B10A36458869D3BC5FB7882728637FFBF5", "537163AF6A43E9635AC6244334A6987334AAAED355BDEC033C662E7748C0C124", "5386FE1271B599B35C07E4CE74602B34BFA6835496174DF0B19F0F6517DF425D", "55BD84BAE8C7A14BA43B1D5F808B6528E4FBEF810015A85F798847837C477C2F", "5662007982BBB6B88D91C6C7393CC2022D9415D2290FD0DA76D55E99204FFF35", "56D177DAE57235B901582E7A9C8B02337D37FFFB7BC7EEC5F14CBE0A9A1900F1", "57C8014122573615025590EC2ECB0090790833D51A381D781A55C4F43EDA278D", "5933EF8E3015054BC951DB682E9526300B741E8D2A0F7151692088DF8A1C8A68", "59E669B8BB67D676E7382F77EAD621E08DFCFBF626C52F337A77A33EF6F33748", "5BB3B8EF53C6357C441C8592F64A284C30E9C1D6F5379087C40684A770A870AA", "5D661EA5B801079F3B7AF6D31A8566154E3150C1E3398EC1CFA32E9398BF38D3", "5D979AFFDF974F2910D0CF8FD15D323A264B0745C0ACF5B78092630C5EB271CE", "5ED570DDC2DC18EDBE3A6F896450F75892C392B6E12D967BD6C8F6E5EB0809E5", "5F1A8E5DEF8C5B0BD8A337785BC9EC92521E4E1FC191BC80CFB2E92B4BEB7686", "5F3C4B37776986C5B6E57B0D357C4691B07BBE4E0615968E249EC3225A3DAC12", "5F4A0C2884928132058FB1F6A2A491E93E6AD59F7652C09398215C3B1702DA1D", "6137CA688C891413F0689149C983EA31FBA87F4C104EEF74658D6F747C2CE707", "624EC50571DDA528048438572DF31F565C12E5D78AC4A7054EB0C733BB3DA3C4", "6276DBA59ED42176EC7E2927F0A75BDBAC09FF340317BE665F741C4CDC851A7B", "6386F8948DEE250045178259A022D70BD9E8E6003BDBD116F95FAADC25DB23C2", "63BFB44F5176AE9CA2A42C60349986E2E0DE79C4290BC4C19CB8C0D33F79EF3F", "6631C04F89A8D2ED4BC1256E62C3AB820EB5DE675CE6766AA9AFAB238EA92F40", "6655F0CA454D34B530E468D672328E7DE915E373D5DF7A2E41376F7E2B588F5F", "666E4FBDA68F1376E7E84944B116ED00320BF80162EF68755AD1CD31AE358231", "6741052F2A7BCCF76F84825C9FE706D98BCF279A0C055A783796DC802C323E13", "674DDEB58033DAB9D03ED4483C0C1118FD09DBE69E73AD0AAC428EBFC61E2474", "677B50D118494C17178E83DB6E0C50351EE6636792748E40043E3B9FBFAD274E", "67A6DAD4F7DB5EFA4D058E5FA0886E6D1185C31EE7AFA1B194E5CA4D0F4A3F5C", "681632DB937D8710D504BF7DCA3C2076B9C8ED4D143CFC32EE98411B96F2B0DF", "6B7E183EC35674B746DB7086B6A65F4C3CF3F256A6A5F607AE65074E1355241E", "6C6D0940826336DDE7832D99EA3E6BDC3CE6950B9638280B5C586B4770666429", "6CAE2D44529EB3ACB88F1CD69BAC17D0CEAF1019A014DB789505665B46AF09B8", "6D2D8D71D69D8461F2745DEFFD034354BC044D7FD0B5D5FBFE539BAF7E45610E", "6DF2E72D03F9AA8435A0A58D154D82EDF5203309F8C81C42E35CBC71D2A79BDD", "7061882A844BC1B159CD9483EEA32DBAF5175CB9800976F7DD1F381723E88538", "71ACC821294C80E8F3B99B72E48078130FBD6C877B71E1CB158D6280A8292D99", "735F09E8DCB7611158B10620052B6DC619504F6C2DD143C4F7A15667EBB2C996", "73A0E3B8972417A5C5268EE0E3803B9B8C2E0463C9659C6C828573AC1D00D1AB", "73DEE30800CCC9325D5F1586487B2795A5B59E4F564CA3DF38C3A192975E9546", "741153628EF3B0375D8A886633F5FA07668F8B150D8171925DAF2833530B50F3", "742165674E677DC9026C3F2D2245AFC118A59A752987D90E7AA7D17B911AC473", "77486B8B5BB16D0AE922BE517509C1AEDA2019428A2A23BADFAE5682D363F74A", "77A5CD46FD3C6940EFC34DE8C8AA831927106A12E0E3EAC862A5D46723F4092E", "78AC818528F1ED5E96DF9765AA477784E752DB03E5EC0169C89AD690326E3F5F", "7A2AB93E7F0DDAB709E04C2A3083F01A78EB3403F2956781D7C650C866D62D59", "7C0C1B9C91F187A3B3103241169E1CDEC8BDE27A306F7430D8C3F1F7EA2D70E4", "7CFF760ED43EACB85DD304FEF6EEAD9D89C48ADE6361641E84EF811056B6811F", "7DE31DC20B322964CB6C48106E631D9D14B3967BD45EF2F7D2C8FA587E1AB212", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E14B22ECA169752ECE98AF6029993D38DAD48CA63B7F7A2541E649258A2178A", "8100CF1B023272EDAFF88ABDE400B8F52CC64F36BC592F575C4E3520F9EF6702", "8107BB155AFB4DEF24A8F7E9A5B84FB121DF87688100C00C435732A2636A741D", "817B7FFB07801BE45BBA7907DB38E30FA02DAEC38ABDAC204FD15158D630635A", "81D1ED08236909BE6784EC61A57AFE79E3FD05C9A8202853C0CB4DC397E0AE2A", "81F73DF562970E5239B639CE59B471B9D34E39C4A5BDD496165656D76C34B09B", "83188B7337A79BED2EE122E55D4C81A473739295B1921C9346E1F37B317DCD40", "837053881E5EA3C6EA980180D7C7511FA7016F0506D6270160A596789757E6E7", "8379030AC78250788BA6A1EC3EE817EC994974E9473C0EECB5D7ACD3FDDA8ED6", "84B9F968C99F1D06D139A9613E0943A5C824556A856DEFE8DEE64E68329DDB5C", "89170AA222353F9A48D8A118FE03328E07C65970B2FBD60979FC33A65AECC8CB", "89E699B806727E33E450302956E4D536B906A5F4CF0C0791EBBC25F005461B6D", "8B18A583802DE934D0ABAD4E3B44AE36DEAE634549737EEE9B825D44B47BD7DA", "8B1D9C3BB3CE6364BD0FE7732D06F394D6218ADAB37D1876856BEEE8923DFA4A", "8BA9843CD049A6B3B2568D750B3B848AF7F394867B3914172C3057506982747A", "8EA98A1ACD7FB64C20AF5E150C5876B7A376F3920E71B4315AC3EAC3F292126E", "8EDC93DA35D9C6EFF30637C4253AC37334E65D3A71F1A7222120AE9F8CB09FCD", "8F4CAEB4814182DEBFBE7DFCA9FC13E3577204C307181835FA0E1CA012CAD9E1", "9052D87C0A77FDE9339BE13D5F9E4733073147348EB17E7CF0F5B741C451ECC3", "906B64791AA71F432F14BB58CCAEE6A9622AD741C3E459C5C2594F4C546B7BA9", "91D7C6C9A5739FEE5F42D389A6790AF75591DE3F4B00792DEC9B2F9736C9AA92", "924107D9B02B18393D3A9C581C7A30F6BF2CE559C23EC57F1E3C3A0DD8F4C7FB", "92A25ACC7CA97D427DA5F098FEAD958217F50C6C07BA13888E0C08A046DD5DA3", "92C22BB80F005566A9B6BC13CEB85433025D25B49B4109FF79DFC90B8A2B7A4A", "9559CE1CF845BE27801B9A76018F0E7FFBD3159BCFFEE9D25526E6D24FA5F367", "9571CC4C328FC49BDE460E3DDB8089A16540E8193A13ACAE69B87BCD550C3EF1", "95B1F80B256487D0B1138355698820E492933E1B787C86EB0300B5F6C159070B", "96004A5F0BCA499E57604F5222E28642F8BB3CC611C03BA8BD6830BAF6767297", "96080ECFBE42CEF2D63B1341838131BE1CCC2B5F08130E2F678CCDCE13FAE376", "967E57EB9FB79991C919380A9DC8DFBFBD7BD669CACE09586C2CCF67B0504A90", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "98283CFA95F6BF8734797F60CE0F1633CDE2F2CFE8B1C29D35562086E63F1486", "990B694F8FEB56054D99331B4B4370CE96BC2A4FD7C4E2B75B5E537A91E83D24", "995F5E76978D4608B874A2D971B720695F0E88D78837491A71B32497C4E691FF", "998E998A37AA40076F35ACE20C7E0016E44B1CC4EFB6AE26D0761C68B7C99657", "99936FAC1F0A73E3167039C2601186519A3F8ED2D368F09EF3B457B2D57462EA", "9ADBDDE58661CDBE895EF30C5FC7969CE502BC90E9C6CAA210F0E36F82C8B330", "9BA7990CC3D9C20113440CD1A4AB058DB6D9EBA8AD303D4021A3D4CAAE12DDA9", "9BDA6E33706D0CA5C43FCD01EF51E48EB25CD2D133A018AEDB2FE563EC3BD7DC", "9C01855DE792DB516073FE7D57766225D3D1F4F50386D124FC6880AE615E0F6A", "9CF440D80F7C3ADDF67027FEB0B656E02CC2277FA267330BADF00CF32A1D4BEF", "9DF953BC7DECA4AEB37E6E5B0033CA33D3284BD52F59162C055604134EA029E5", "9FD1AC6E7F93ABD6198F576C4AC025E8DFA5007533DBD2FE78CC5BE3497FF3D6", "A150C2E017839DE1F5CBC686332D12515358F881E715C75E1B2D5509C5D5362A", "A1610C4151E05207C2B70F00002FE2069C48E736E5F65C67864C8C78D8372D2B", "A1D2EE183CE8C9693B1DCADBA6A6AC4E58CAAD746DE6081E211B0D2080D3C3E4", "A2F7E57DAD21E2D5E4DB804EB652C6CD00E5CDF5B0D67125B95F4E269BA69025", "A339910401C1CBEBCD02CB63650E2A2F954071F79CBC8E8EA704AFBB756CF438", "A38725BEA1F37F363C77BF62693D3464AF491FC41BF719970040AF1D7E0565C9", "A4DED06E2C9F4A28ADEF0AA4C6EEFDDF9D1F431EA3CF997F41E7EA22CA7B12B7", "A5BA8A613951DB71615997A50576EA856CF6F241F65D49864518CC076EDA448D", "A5D273C4869530B1BDDB415E45BEC7D916490C3278ABAC423D76AA509827EAA0", "A654DFD6FE6FCF2884AC0707849B43D4C36CBD6723597614360CB1EFD332EC39", "A6D737ADE03B032A42291D50B5DFC8276AA6AB0C24E9163A9958098D0E9747B6", "A7C08E9177A10AC583EA198F89BF0B091ED0697BF42F39DC0B151F7465C9BAF3", "A8080DF589F1BFC2BF6B98ABD8B92D2C07AAE6F3E14977386069111BB800A09C", "A871939B5F51CA69B0EDBC21D1816A26D5E84C73FB45D47DF354F899F5F6BB9B", "A986F0D7B51C204D69DD897A085F9CB249B65DF7C839AF92D49287ACDEBDA05D", "AC579EF06A63C7679B2D7EC4B67819D5F33EC90E9760AA522990209580D45436", "ACC3D76F92FC79CD7A53AF647386A1BA93AE76E3666CDB9200DA82637A52B25B", "ACEB831DB775B18663FB8C7ED41AB48BFEC59B9270C9444D8DADE42DF02434E0", "AD86702782A27B125C52925B01186F115FDFFD74D9D5E408D9B6FF77D740FAF6", "AE395445C7C7240CD17B06CE58A20D98731AA33DE1AAF047F3A02C424CBD3F87", "AFA0CC2FC2C055F26F871E9C21EE0AA3306230ACECF1CBD6D9CD834A07E53935", "AFF479D95FDAD4900AA4F096E105276FA32246E4CF2C4642D2BFEACB19522885", "AFFC971A929ABC4A5177F4FBA7D32B82C0ACBC71AEFBBD3E440D08B12B022B51", "B1EA708CCF72B8264EA46A7D99E1616E7334C67D440D87A4F97B2B4087696EFD", "B2BF691AA266FF88FFAD2044089D57580EE40D4E84146B077C5D55063FF15586", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B47B01CFCEE320F0AE033C32D22579706D0B59585EDEDF3D908CA06FA3E92084", "B547E4473646186969A14DFF0C2EB7D3D14D2E03EBA009074D6083D7482CB50F", "B58992EA53B96C8C776B82848FDB98622967C138FC24D243C68CB7F40B73EE4E", "B5B6C4769983441433B811EF3AAED6CFC993849D42BC924ECF1CCA5E34838148", "B65E10799869808B38D96576AA4BC705E6DCC5744AAC77554C2319CB82A9DE27", "B673694C2888EE95A6BAB04A5C155DEAA18A41E4DF0C4AE45D1C5C2E3FD7151D", "B97713A9D1C3353360B57D1AD1EC137AB7A100FBE009625EB3FD31558B3B3304", "BEE498D64CA2EADF926E0FE823248FE0159CFE6EC6405F64A375B2DE213482D4", "C0904FD149C70D8A2835DB923B2BF04803388EF83CB969D07F28836C567C672B", "C0C635C3D1BDFFF4279719843730FED33753DFD9A52C5B43AE4A48433A539739", "C4B2A7F25639B468CB0778EA1E561F435356D460FB4D417EEBDD1C83186B56CD", "C596338966F1610A28DC01FBB21502CC71651B70DBC8B96D9603EBE432E4D5E6", "C602AE40F6974D4EE4D596F81D007D4F74282F20DC8B4859AE08925E2CE79326", "C69647146C8A4405C9EC9ED2FB39442FE3398CC6836DB5B0631585B94D9D4079", "C786E96DD673C5766A45B6750BE6B879F3CF37718ACD79668ADC1130AF26E274", "C815D5BA0527F8CF454767B7D16A6B819AF9B998FAC3AFC2A63E79F6A57AD83A", "C9A62458FFCDA7D13068BA51A14F3364875030AD9E3379B54C1EB8EAA4DD8D49", "CA6E62CB32AA91296638D9DAB5072711CB69A35615F7FC69D8B55BD25BE71F67", "CCE2284A1DEFC26817EC9BCCD38DA7A3854365480FF9426304A46C0C98F30195", "CD40DD149C78115FC5E14131A8469B7F2D7DDB0549913613CBD15A792ECBBE37", "CDB95A8580AD247B239607B2769A506C10A81055AF8F4063AA0D26A850A33B58", "CE17FB486A383FDA7CA58E6E9EBC670CBD8C99F75AB7AAF454F6CC73755CB8C6", "CE291DB15FB1A7FDE49870DEF70725290D757902B5EB4009CD8DC9710150329D", "CE5C782D5B6A194605FF1969D54D86EA7B4F5A28ADDE4884D6DC86FF22C94536", "CEBCA68E903EDA603D607844229DFCF4454411F02836A215BCE53BF108AD589B", "CEF374057D7807F5D35968E4C55414081A5A0BD61843509DA73FCFE986EFFD24", "D069D767BFDDACAF36F8AD8149748B1FB801641BF7495317DD2896BA6B1D2E26", "D1B56895A302CB106810B80548010A8993C467A6D8B6EA61EB430703400A5ED8", "D1D43CB4C651EC344A506E76FAFAC5A1C0BA2618CF89E0668701D13B96168171", "D21F7F512A88CA9BDAC1DDEC3EC46B827F8888D53EFBD5E335A27023C7A16EB9", "D259E621EF9ECC71F1E5CA25BD5CC4DDE78CFECBB5FC21F2E4BCB16169E0B602", "D288D5ADF67DE9C3743BE8316D7F496F7CA64A396C1E8E9019178232D17AF15D", "D568FA3B382C6BE9CD6C3F6692E51D4BA042C287F4A6C7DFC1395A1EE4BFA175", "D5953B5AA5D620CA09590EAFE9008DB4A5BD219E8F43809D51B746D7643FA0F7", "D72EC6FCB03104DDC64B007D2272B6986C83232153DF7CA357AA4917CECF708F", "D73990C83DCEFEEFD942F2A50AF426AACD4F1D1610F51C8A150202D7B9EF03C6", "D77134C81C99E57B976FD13B327D499D7859624EF6E1B9534595C21A83A1761B", "D9DA80F42942BF2AE861A25807D73FB3CC5278F385F44A69EDF3332A73B6B7A7", "D9E06E5C382B357DD50008C0D277DB7D1B6D088C158C56C3D022303F1DFC00A4", "DA39104C275021EF88649293DFAF282637E8219443A30527A58A6E25E7ABA491", "DACB3E9783156FCD47517FD5E71AA5A2242EAA043F56F2EA75EC325BA052BDDD", "DD0EE895B8C1D023C4A9C7DA2726D4CAC8D1495A05DF9FE91915F58FF012245D", "DD71E3BE311976CFF7FE89F0916C7047300E0A1E779B1D8D85CA991081F0FBC3", "DDD4AB992BDFCF47B1C63583774DFCACB217D68082641AA2E66EEFE336297568", "DF1F3615A0C3950BF1BCF7F7E12370C0F3A7DBD2E12D656DC66F966233BD6A40", "DF4E13C85EACFEE2051B7981ADDB31432F47A19BDF5522096B79CAE0037CA8D9", "E01E5A9EEAA961C6342F940CEB3A3C922598EBB771E6363B3C7DD8D9E7EB00FD", "E04F9DE1174EFB4A26CD756DF59E4C46606A4BD4063992B465E76804515C6833", "E0AC0F2CEF0686FD5D35D040E442195982E92EF98BDFD841F5F62D37D0337B68", "E2AA9B11D88890FE4ED3C245CC3A519ACAAD11F11F032D2AE032FE428B8C4012", "E2E1AB8B9E10CF0970D428552F10FD3FEA7D405315E7CCA6431E3F0E8079B159", "E3F560319C0EA06228FA2D0D5412CFFD95B8D0963A65CBAC4B6D424BA4B7B434", "E46E249A2A7ED001BEF59F483830A2690EC2B94A16D5E8A1028E94B1AA23DA4C", "E4D093275B3398CF07F3141B553D072C5304E4F560EE4AEFD306FE5B5472E00B", "E4DC5C75AB8DC1EFE3474E65C33B8EED76C2B358258DE3E2C7A0C0EA9FD53126", "E55EB8027358DE1AD27E7050230C732BE83AEBE03071BD5119C4B597942CDB65", "E648FE893730BFA7050949B16F8159E217D9122952837F128792CC653052A172", "E6EE20198BD4C32711820E67FB3A052C1C4BCF0D11A5A4BBA683215A3FA5825E", "E7653A5862D76B5A32167F623532FE5567AFABF9A426F06C2CBA21BE4039657F", "E805A2E822F9F587AC809C6A8CA399694FA0BD883078F64EF001D4B79132B879", "E8825B71ACE31BFAA5662E2357C5EEB425BA842AC21E60C761364799BFD2FEE3", "E9F0B13DD28C1AFA3EA944A83A0281284C2444069758D5085ED5787CB960A8C5", "EA3F9619545419A098A554C6AA49233D406E118A8A2221EEFF0BABB483AAC02B", "EB58ABDFAA1D2A9C4F164D6FC9FD899843DF1F1028ECDA035A0F0C34CD298FAD", "EBCC12197854D7C444B518B80A223576FCB219A088A0CC929C19FF2993DC431A", "ED11CF0606100E816592CB9CC87F176EF4BB64094BA5B7978B3810737572EBA4", "EDAF5143E634E5EF55D5C0186ECF166CE8CE37DFE44681979D15F0D7CA2DAFAD", "EF2166DB5EE8BD87E1440D3823C327B8BCA46A3FD349720520FD40C591911F30", "F022B1455D4614E425E2D78BC02FFB6A7F2D5B177BF3F93F521E8EFBA5BEE1DE", "F0259373A53F6B73B3C7BD9A2F3F10DB053D9CC563866E61F5A496D33B416EA9", "F117DBDFED6B212106F9E2337E83226A94DDA2D7BE2380A5E5AACD18D954EB5B", "F203AF8FB4A9FED8F009C8BF5E3F7D7714130DCBC84CDBF1BE1C83E438B18982", "F243281320AFD7E2710EDC7B3D2DE73901C6546A063CD6DB1074893EA50F7F8E", "F2719E2760E07B98F3971587EEE2002655F8B8F5281074DED92EF416C43F19C8", "F2C60EF9E96AA9B7F20810A32ABE6C58279506718A61C2BD9D6A6DF787CD9EA7", "F3F852CA57F1D635AD9D70D1C461917BDB89BE30E041807BC8773FD8BCD92529", "F426BDEEA0109CBE44C73C53461CE7144BDD04ADCF7EC044CE76723EAE672095", "F532C527613357C6A2A49FB79425351FAA7200585028A4FA9898C13802895FB6", "F5EB55E6DBF388E7CB6C76AFCD8A50A86C1FE6B41E6933749DC88EF56B7E408E", "F77ECBE728239B27998335805016034242537AEADE19138FD401815CAFC7269A", "FB294BF49176D6C142EF1CFE519D56E0B6967174C95D88BDD800F026AD0FBE3B", "FBA658AB7258D6E577137D42B1A2D234254671E3792A2242E92F22B44483BD23", "FC67824EDEA7266EC4ACC4A9FF987D99A6B7A246B5DEA115F33425EDCEE6D155", "FD969E1B5297C32E77779144D221CCB6F17C2996B3074A2123C9148FDE503045", "FDA1C58A907FB5C9F6CD5E9B7632A71F19AA8263ABCC465A805B3F7EE2E1869C", "FE6D95CEEFE9596CD6D6134F8326AB13E3C97D550B3E62F57DECDBDBC51C329A"]}, {"type": "ics", "idList": ["ICSA-22-132-02", "ICSA-22-167-14", "ICSA-22-221-01", "ICSA-22-221-01-0", "ICSA-22-272-02", "ICSA-22-286-05", "ICSA-23-059-01", "ICSA-23-143-02"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:45FA8B88D226614CA46C4FD925A08C8B"]}, {"type": "kaspersky", "idList": ["KLA12436"]}, {"type": "kitploit", "idList": ["KITPLOIT:3050371869908791295", "KITPLOIT:6278364996548285306"]}, {"type": "mageia", "idList": ["MGASA-2021-0485", "MGASA-2022-0002", "MGASA-2022-0113", "MGASA-2023-0138", "MGASA-2023-0141"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:0A61417A438C7DDFAF7749BDD909CF11", "MALWAREBYTES:30F9B0094E0BC177A7D657BF67D87E39"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-MULTI-HTTP-SPRING_FRAMEWORK_RCE_SPRING4SHELL-"]}, {"type": "mmpc", "idList": ["MMPC:07417E2EE012BAE0350B156AD2AE30B3", "MMPC:0FBB61490D4A94C83AEE14DDEE722297", "MMPC:42ECD98DCF925DC4063DE66F75FB5433"]}, {"type": "msrc", "idList": ["MSRC:4016FF02733260CBC5200B5091666FD4", "MSRC:68FA6D02FA64FF61F41A7B1A8E364197", "MSRC:6DA934C9E783C787D408548AA6F1CEC3", "MSRC:A49EE2D875C0E490BD326B3CDDB7399F"]}, {"type": "mssecure", "idList": ["MSSECURE:07417E2EE012BAE0350B156AD2AE30B3", "MSSECURE:0FBB61490D4A94C83AEE14DDEE722297", "MSSECURE:42ECD98DCF925DC4063DE66F75FB5433"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-041.NASL", "AL2022_ALAS2022-2022-044.NASL", "AL2022_ALAS2022-2022-182.NASL", "AL2022_ALAS2022-2022-195.NASL", "AL2022_ALAS2022-2022-225.NASL", "AL2022_ALAS2022-2022-233.NASL", "AL2023_ALAS2023-2023-037.NASL", "AL2023_ALAS2023-2023-051.NASL", "AL2023_ALAS2023-2023-059.NASL", "AL2_ALAS-2022-1750.NASL", "AL2_ALAS-2022-1766.NASL", "AL2_ALASNITRO-ENCLAVES-2022-018.NASL", "ALA_ALAS-2021-1546.NASL", "ALA_ALAS-2022-1572.NASL", "ALA_ALAS-2022-1575.NASL", "ALA_ALAS-2023-1718.NASL", "ALMA_LINUX_ALSA-2022-0290.NASL", "ALMA_LINUX_ALSA-2022-4899.NASL", "ALMA_LINUX_ALSA-2022-5326.NASL", "APACHE_LOG4J_1_X_MULTIPLE_VULNERABILITIES.NASL", "APACHE_LOG4J_2_17_1.NASL", "CENTOS_RHSA-2022-0442.NASL", "CENTOS_RHSA-2022-1066.NASL", "DEBIAN_DLA-2870.NASL", "DEBIAN_DLA-2905.NASL", "DEBIAN_DLA-2952.NASL", "DEBIAN_DLA-2953.NASL", "DEBIAN_DLA-3160.NASL", "DEBIAN_DLA-3230.NASL", "DEBIAN_DSA-5009.NASL", "DEBIAN_DSA-5103.NASL", "DEBIAN_DSA-5265.NASL", "DELL_WYSE_MANAGEMENT_SUITE_DSA-2022-098.NASL", "DELL_WYSE_MANAGEMENT_SUITE_DSA-2022-143.NASL", "DRAC_DSA-2022-154_2_83_83_83_5_10_30_00.NASL", "DRUPAL_9_3_3.NASL", "EULEROS_SA-2022-1330.NASL", "EULEROS_SA-2022-1545.NASL", "EULEROS_SA-2022-1546.NASL", "EULEROS_SA-2022-1547.NASL", "EULEROS_SA-2022-1559.NASL", "EULEROS_SA-2022-1578.NASL", "EULEROS_SA-2022-1744.NASL", "EULEROS_SA-2022-1753.NASL", "EULEROS_SA-2022-1754.NASL", "EULEROS_SA-2022-1795.NASL", "EULEROS_SA-2022-1812.NASL", "EULEROS_SA-2022-1849.NASL", "EULEROS_SA-2022-1853.NASL", "EULEROS_SA-2022-1873.NASL", "EULEROS_SA-2022-1877.NASL", "EULEROS_SA-2022-2032.NASL", "EULEROS_SA-2022-2060.NASL", "EULEROS_SA-2022-2186.NASL", "EULEROS_SA-2022-2190.NASL", "EULEROS_SA-2022-2205.NASL", "EULEROS_SA-2022-2209.NASL", "EULEROS_SA-2022-2525.NASL", "EULEROS_SA-2022-2526.NASL", "EULEROS_SA-2022-2549.NASL", "EULEROS_SA-2022-2578.NASL", "EULEROS_SA-2022-2831.NASL", "EULEROS_SA-2022-2852.NASL", "EULEROS_SA-2022-2857.NASL", "EULEROS_SA-2023-1052.NASL", "EULEROS_SA-2023-1068.NASL", "EULEROS_SA-2023-1155.NASL", "EULEROS_SA-2023-1176.NASL", "EULEROS_SA-2023-1281.NASL", "EULEROS_SA-2023-1748.NASL", "F5_BIGIP_SOL31323265.NASL", "FEDORA_2022-9D655503EA.NASL", "FEDORA_2022-BF18450366.NASL", "FREEBSD_PKG_27C822A0ADDC11EDA9EEDCA632B19F10.NASL", "FREEBSD_PKG_EA05C456A4FD11EC90DE1C697AA5A594.NASL", "GENTOO_GLSA-202208-34.NASL", "GENTOO_GLSA-202210-02.NASL", "JIRA_8_21_0_JRASERVER-73070.NASL", "JIRA_9_0_0_JRASERVER-73885.NASL", "JQUERY-UI_1_13_0.NASL", "JUNIPER_JSA70180.NASL", "LOG4J_VULNERABLE_ECOSYSTEM_LAUNCHER.NASL", "MACOS_HT213255.NASL", "MACOS_HT213256.NASL", "MACOS_HT213257.NASL", "MARIADB_10_2_42.NASL", "MARIADB_10_3_33.NASL", "MARIADB_10_4_23.NASL", "MARIADB_10_5_14.NASL", "MARIADB_10_6_6.NASL", "MARIADB_10_7_2.NASL", "MYSQL_5_7_38.NASL", "MYSQL_8_0_29.NASL", "NESSUS_TNS-2022-11.NASL", "NESSUS_TNS-2022-21.NASL", "NESSUS_TNS_2022_06.NASL", "NEWSTART_CGSL_NS-SA-2022-0076_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2022-0096_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2023-0025_OPENSSL.NASL", "NNM_6_0_1.NASL", "NUTANIX_NXSA-AHV-20201105_2286.NASL", "NUTANIX_NXSA-AHV-20201105_30398.NASL", "NUTANIX_NXSA-AHV-20220304_10013.NASL", "NUTANIX_NXSA-AHV-20220304_242.NASL", "NUTANIX_NXSA-AOS-5_20_3.NASL", "NUTANIX_NXSA-AOS-5_20_3_5.NASL", "NUTANIX_NXSA-AOS-5_20_3_6.NASL", "NUTANIX_NXSA-AOS-5_20_4.NASL", "NUTANIX_NXSA-AOS-5_20_5.NASL", "NUTANIX_NXSA-AOS-6_0_2_5.NASL", "NUTANIX_NXSA-AOS-6_0_2_6.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "NUTANIX_NXSA-AOS-6_6.NASL", "OPENSSL_1_0_2ZD.NASL", "OPENSSL_1_1_1N.NASL", "OPENSSL_3_0_2.NASL", "OPENSUSE-2021-4208.NASL", "OPENSUSE-2022-0002-1.NASL", "OPENSUSE-2022-0038-1.NASL", "OPENSUSE-2022-0214-1.NASL", "OPENSUSE-2022-0226-1.NASL", "OPENSUSE-2022-0818-1.NASL", "OPENSUSE-2022-0856-1.NASL", "ORACLELINUX_ELSA-2022-0290.NASL", "ORACLELINUX_ELSA-2022-0442.NASL", "ORACLELINUX_ELSA-2022-1065.NASL", "ORACLELINUX_ELSA-2022-1066.NASL", "ORACLELINUX_ELSA-2022-4899.NASL", "ORACLELINUX_ELSA-2022-5326.NASL", "ORACLELINUX_ELSA-2022-9224.NASL", "ORACLELINUX_ELSA-2022-9225.NASL", "ORACLELINUX_ELSA-2022-9233.NASL", "ORACLELINUX_ELSA-2022-9237.NASL", "ORACLELINUX_ELSA-2022-9243.NASL", "ORACLELINUX_ELSA-2022-9246.NASL", "ORACLELINUX_ELSA-2022-9249.NASL", "ORACLELINUX_ELSA-2022-9255.NASL", "ORACLELINUX_ELSA-2022-9258.NASL", "ORACLELINUX_ELSA-2022-9272.NASL", "ORACLELINUX_ELSA-2022-9419.NASL", "ORACLE_BI_PUBLISHER_OAS_CPU_JUL_2022.NASL", "ORACLE_BPM_CPU_APR_2022.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2022.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_APR_2022.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_CPU_APR_2022.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_APR_2022.NASL", "ORACLE_JDEVELOPER_CPU_APR_2022.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_APR_2022.NASL", "ORACLE_MYSQL_WORKBENCH_8_0_29.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2022.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2022.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JAN_2022.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2022.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2022.NASL", "ORACLE_RDBMS_CPU_JUL_2022.NASL", "ORACLE_TUXEDO_CPU_APR_2022.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2022.NASL", "ORACLE_WEBCENTER_SITES_CPU_APR_2022.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2022.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JAN_2022.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2022.NASL", "PALO_ALTO_CVE-2022-0778.NASL", "PALO_ALTO_GLOBALPROTECT_AGENT_CVE-2022-0778.NASL", "PHOTONOS_PHSA-2021-4_0-0126_APACHE.NASL", "REDHAT-RHSA-2021-4861.NASL", "REDHAT-RHSA-2022-0289.NASL", "REDHAT-RHSA-2022-0290.NASL", "REDHAT-RHSA-2022-0291.NASL", "REDHAT-RHSA-2022-0294.NASL", "REDHAT-RHSA-2022-0436.NASL", "REDHAT-RHSA-2022-0438.NASL", "REDHAT-RHSA-2022-0439.NASL", "REDHAT-RHSA-2022-0442.NASL", "REDHAT-RHSA-2022-0447.NASL", "REDHAT-RHSA-2022-0448.NASL", "REDHAT-RHSA-2022-0475.NASL", "REDHAT-RHSA-2022-0524.NASL", "REDHAT-RHSA-2022-1065.NASL", "REDHAT-RHSA-2022-1066.NASL", "REDHAT-RHSA-2022-1071.NASL", "REDHAT-RHSA-2022-1073.NASL", "REDHAT-RHSA-2022-1076.NASL", "REDHAT-RHSA-2022-1077.NASL", "REDHAT-RHSA-2022-1078.NASL", "REDHAT-RHSA-2022-1082.NASL", "REDHAT-RHSA-2022-1091.NASL", "REDHAT-RHSA-2022-1112.NASL", "REDHAT-RHSA-2022-1263.NASL", "REDHAT-RHSA-2022-1296.NASL", "REDHAT-RHSA-2022-1297.NASL", "REDHAT-RHSA-2022-1389.NASL", "REDHAT-RHSA-2022-1519.NASL", "REDHAT-RHSA-2022-4711.NASL", "REDHAT-RHSA-2022-4896.NASL", "REDHAT-RHSA-2022-4899.NASL", "REDHAT-RHSA-2022-5326.NASL", "REDHAT-RHSA-2022-5459.NASL", "REDHAT-RHSA-2022-5460.NASL", "REDHAT-RHSA-2022-7272.NASL", "ROCKY_LINUX_RLSA-2022-1065.NASL", "SECURITYCENTER_5_21_0_TNS_2022_04.NASL", "SECURITYCENTER_5_21_0_TNS_2022_04_1.NASL", "SLACKWARE_SSA_2022-076-02.NASL", "SPRING4SHELL.NBIN", "SPRING_CVE-2022-22965_LOCAL.NASL", "SUSE_SU-2022-0212-1.NASL", "SUSE_SU-2022-0214-1.NASL", "SUSE_SU-2022-0226-1.NASL", "SUSE_SU-2022-0694-1.NASL", "SUSE_SU-2022-0695-1.NASL", "SUSE_SU-2022-0784-1.NASL", "SUSE_SU-2022-0818-1.NASL", "SUSE_SU-2022-0851-1.NASL", "SUSE_SU-2022-0853-1.NASL", "SUSE_SU-2022-0854-1.NASL", "SUSE_SU-2022-0856-1.NASL", "SUSE_SU-2022-0857-1.NASL", "SUSE_SU-2022-0859-1.NASL", "SUSE_SU-2022-0860-1.NASL", "SUSE_SU-2022-0935-1.NASL", "SUSE_SU-2022-1459-1.NASL", "SUSE_SU-2022-1461-1.NASL", "SUSE_SU-2022-1462-1.NASL", "SUSE_SU-2022-14881-1.NASL", "SUSE_SU-2022-14915-1.NASL", "SUSE_SU-2022-14916-1.NASL", "TENABLE_NESSUS_AGENT_TNS-2022-07.NASL", "TOMCAT_10_0_12.NASL", "TOMCAT_10_0_16.NASL", "TOMCAT_10_0_20.NASL", "TOMCAT_10_1_0_M10.NASL", "TOMCAT_10_1_0_M6.NASL", "TOMCAT_8_5_72.NASL", "TOMCAT_8_5_75.NASL", "TOMCAT_8_5_78.NASL", "TOMCAT_9_0_54.NASL", "TOMCAT_9_0_58.NASL", "TOMCAT_9_0_62.NASL", "UBUNTU_USN-5222-1.NASL", "UBUNTU_USN-5328-1.NASL", "UBUNTU_USN-5328-2.NASL", "UBUNTU_USN-5998-1.NASL", "WEB_APPLICATION_SCANNING_113042"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:MAR-2022-SECURITY-RELEASES"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2022-0778"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUAPR2023", "ORACLE:CPUJAN2022", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0290", "ELSA-2022-0442", "ELSA-2022-1065", "ELSA-2022-1066", "ELSA-2022-4899", "ELSA-2022-5326", "ELSA-2022-9224", "ELSA-2022-9225", "ELSA-2022-9233", "ELSA-2022-9237", "ELSA-2022-9243", "ELSA-2022-9246", "ELSA-2022-9249", "ELSA-2022-9255", "ELSA-2022-9258", "ELSA-2022-9272", "ELSA-2022-9419"]}, {"type": "osv", "idList": ["OSV:CVE-2022-0778", "OSV:DLA-2953-1", "OSV:DLA-3160-1", "OSV:DLA-3230-1", "OSV:DSA-5265-1", "OSV:GHSA-36P3-WJMG-H94X", "OSV:GHSA-65FG-84F6-3JQ3", "OSV:GHSA-8489-44MV-GGJ8", "OSV:GHSA-9F3J-PM6F-9FM5", "OSV:GHSA-G5MM-VMX4-3RG7", "OSV:GHSA-GPQQ-952Q-5327", "OSV:GHSA-V57X-GXFJ-484Q", "OSV:GHSA-WPH7-X527-W3H5", "OSV:GHSA-X3MH-JVJW-3XWX", "OSV:RUSTSEC-2022-0014"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:167011"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-44228", "PA-CVE-2022-0778", "PA-CVE-2022-22963"]}, {"type": "photon", "idList": ["PHSA-2021-0126", "PHSA-2021-0452", "PHSA-2021-3.0-0327", "PHSA-2021-4.0-0126", "PHSA-2022-0162", "PHSA-2022-0361", "PHSA-2022-0373", "PHSA-2022-0375", "PHSA-2022-0440", "PHSA-2022-0452", "PHSA-2022-0469", "PHSA-2022-0479", "PHSA-2022-0515", "PHSA-2022-3.0-0361", "PHSA-2022-3.0-0373", "PHSA-2022-3.0-0375", "PHSA-2022-4.0-0154", "PHSA-2022-4.0-0162"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0EAB7251347951045CAC549194E33673", "QUALYSBLOG:3F273F13C86516B494271DB7BE04A954", "QUALYSBLOG:42335884011D582222F08AEF81D70B94", "QUALYSBLOG:5FAC1C82A388DBB84ECD7CD43450B624", "QUALYSBLOG:6DE7FC733B2FD13EE70756266FF191D0", "QUALYSBLOG:A0F20902D80081B44813D92C6DCCDAAF", "QUALYSBLOG:D1FC7658A8AB3554F3796CEE14DA3320"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:0576BE6110654A3F9BF7B9DE1118A10A", "RAPID7BLOG:07CA09B4E3B3835E096AA56546C43E8E", "RAPID7BLOG:07EA4EC150B77E4EB3557E1B1BA39725", "RAPID7BLOG:18D49792276E208F17E7D64BCE2FDEF6", "RAPID7BLOG:1C4EBCEAFC7E54954F827CAEDB3291DA", "RAPID7BLOG:3CB617802DB281BCA8BA6057AE3A98E0", "RAPID7BLOG:46F0D57262DABE81708D657F2733AA5D", "RAPID7BLOG:66B9F80A5ED88EFA9D054CBCE8AA19A5", "RAPID7BLOG:80C2CFBF70B3668FC60A8C97D27CA478", "RAPID7BLOG:AB5C0BC130F45073226CC41D25680EA0", "RAPID7BLOG:D185BF677E20E357AFE422CFB80809A5", "RAPID7BLOG:F14526C6852230A4E4CF44ADE151DF49", "RAPID7BLOG:F708A09CA1EFFC0565CA94D5DBC414D5"]}, {"type": "redhat", "idList": ["RHSA-2021:4861", "RHSA-2021:4863", "RHSA-2022:0083", "RHSA-2022:0138", "RHSA-2022:0181", "RHSA-2022:0203", "RHSA-2022:0205", "RHSA-2022:0216", "RHSA-2022:0222", "RHSA-2022:0223", "RHSA-2022:0225", "RHSA-2022:0226", "RHSA-2022:0227", "RHSA-2022:0230", "RHSA-2022:0236", "RHSA-2022:0289", "RHSA-2022:0290", "RHSA-2022:0291", "RHSA-2022:0294", "RHSA-2022:0430", "RHSA-2022:0435", "RHSA-2022:0436", "RHSA-2022:0437", "RHSA-2022:0438", "RHSA-2022:0439", "RHSA-2022:0442", "RHSA-2022:0444", "RHSA-2022:0445", "RHSA-2022:0446", "RHSA-2022:0447", "RHSA-2022:0448", "RHSA-2022:0449", "RHSA-2022:0450", "RHSA-2022:0467", "RHSA-2022:0469", "RHSA-2022:0475", "RHSA-2022:0485", "RHSA-2022:0493", "RHSA-2022:0497", "RHSA-2022:0507", "RHSA-2022:0524", "RHSA-2022:0527", "RHSA-2022:0553", "RHSA-2022:0661", "RHSA-2022:1065", "RHSA-2022:1066", "RHSA-2022:1071", "RHSA-2022:1073", "RHSA-2022:1076", "RHSA-2022:1077", "RHSA-2022:1078", "RHSA-2022:1082", "RHSA-2022:1091", "RHSA-2022:1112", "RHSA-2022:1179", "RHSA-2022:1263", "RHSA-2022:1296", "RHSA-2022:1297", "RHSA-2022:1299", "RHSA-2022:1306", "RHSA-2022:1333", "RHSA-2022:1356", "RHSA-2022:1357", "RHSA-2022:1360", "RHSA-2022:1363", "RHSA-2022:1370", "RHSA-2022:1378", "RHSA-2022:1379", "RHSA-2022:1389", "RHSA-2022:1390", "RHSA-2022:1396", "RHSA-2022:1476", "RHSA-2022:1519", "RHSA-2022:1520", "RHSA-2022:1622", "RHSA-2022:1626", "RHSA-2022:1627", "RHSA-2022:1734", "RHSA-2022:1739", "RHSA-2022:1747", "RHSA-2022:2216", "RHSA-2022:2217", "RHSA-2022:2218", "RHSA-2022:4668", "RHSA-2022:4690", "RHSA-2022:4711", "RHSA-2022:4880", "RHSA-2022:4896", "RHSA-2022:4899", "RHSA-2022:4956", "RHSA-2022:5069", "RHSA-2022:5070", "RHSA-2022:5101", "RHSA-2022:5132", "RHSA-2022:5326", "RHSA-2022:5458", "RHSA-2022:5459", "RHSA-2022:5460", "RHSA-2022:5532", "RHSA-2022:5840", "RHSA-2022:5924", "RHSA-2022:6526", "RHSA-2022:7272", "RHSA-2022:7273", "RHSA-2023:0272"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-41184", "RH:CVE-2021-42340", "RH:CVE-2021-44228", "RH:CVE-2021-44832", "RH:CVE-2022-0778", "RH:CVE-2022-22963", "RH:CVE-2022-22965", "RH:CVE-2022-22968", "RH:CVE-2022-23181", "RH:CVE-2022-23305"]}, {"type": "redos", "idList": ["ROS-20220125-04", "ROS-20220318-02", "ROS-20221103-06"]}, {"type": "rocky", "idList": ["RLSA-2022:0290", "RLSA-2022:1065", "RLSA-2022:4899", "RLSA-2022:5326"]}, {"type": "rustsec", "idList": ["RUSTSEC-2022-0014"]}, {"type": "securelist", "idList": ["SECURELIST:0ED76DA480D73D593C82769757DFD87A", "SECURELIST:11665FFD7075FB9D59316195101DE894", "SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837", "SECURELIST:D9AF9603FDB076FD6351B6ED483A4947", "SECURELIST:E21F9D6D3E5AFD65C99FC385D4B5F1DC"]}, {"type": "slackware", "idList": ["SSA-2022-076-02"]}, {"type": "spring", "idList": ["SPRING:0A31867D9351CED0BD42C5AD9FB90F8C", "SPRING:D9A1E160C61599F24065CC7E5746BD38", "SPRING:DA8F6AA20460EB2D550732A7F74584F6", "SPRING:EA9C08B2E57AC70E90A896D25F4A8BEE"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:4208-1", "OPENSUSE-SU-2022:0002-1", "OPENSUSE-SU-2022:0038-1", "OPENSUSE-SU-2022:0040-1", "OPENSUSE-SU-2022:0214-1", "OPENSUSE-SU-2022:0226-1", "OPENSUSE-SU-2022:0818-1", "OPENSUSE-SU-2022:0856-1", "SUSE-SU-2022:1461-1", "SUSE-SU-2022:1462-1"]}, {"type": "talosblog", "idList": ["TALOSBLOG:3587BB077717B0512A9D0EFCCBE8770B"]}, {"type": "thn", "idList": ["THN:1D10167F5D53B2791D676CF56488D5D9", "THN:4CD6AEBFF705DD178769DA927390CFFD", "THN:7A3DFDA680FEA7FB77640D29F9D3E3E2", "THN:8198C407B889F0B459BC5B078A2D620C", "THN:8FDA592D55831C1C4E3583B81FABA962", "THN:933FE23273AB5250B949633A337D44E1", "THN:9F9D436651F16F99B6EA52F0DB9AE75C", "THN:B878F356832352DE3255B00CFB12A5B7", "THN:EAFAEB28A545DC638924DAC8AAA4FBF2", "THN:ECDABD8FB1E94F5D8AFD13E4C1CB5840"]}, {"type": "threatpost", "idList": ["THREATPOST:3A5F59D56E40560C393A3F69A362A31B", "THREATPOST:4C9E0FFA5C914E395A66D2DC65B16649"]}, {"type": "tomcat", "idList": ["TOMCAT:11C6E48DCBA5EAFD1F9CDDC0358EAA1B", "TOMCAT:134FFF2A5E889835054EC92E557C984D", "TOMCAT:42FCCA1B939943E71978F85565FFC5D2", "TOMCAT:47B91042927062AB4C945C176AD09B02", "TOMCAT:75BDD1762995663D2613C2EC3D1F16DD", "TOMCAT:7E3DBF853D3232754593B8D1B97F1298", "TOMCAT:9B1DDBF633DAFBB1A5BECFE202020044", "TOMCAT:BD106E970B6D4964B80C5CC3715C6DD2"]}, {"type": "trellix", "idList": ["TRELLIX:33C611A7064C89E309C4A45CAE585BD5", "TRELLIX:341471F990B5DC7BFF1C28F924F10E32"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:3BBEDAD3D1AE692D361A31D5E9AE2538", "TRENDMICROBLOG:59C3D813302731E6DE220FB088280F67", "TRENDMICROBLOG:AFF0912EF635E2446F0D546515038F73"]}, {"type": "ubuntu", "idList": ["USN-5181-1", "USN-5222-1", "USN-5328-1", "USN-5328-2", "USN-5998-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-41184", "UB:CVE-2021-42340", "UB:CVE-2021-44832", "UB:CVE-2022-0778", "UB:CVE-2022-22965", "UB:CVE-2022-22968", "UB:CVE-2022-23181", "UB:CVE-2022-23305"]}, {"type": "vaadin", "idList": ["VAADIN:ADVISORY-2022-04-01"]}, {"type": "veracode", "idList": ["VERACODE:32501", "VERACODE:32740", "VERACODE:33476", "VERACODE:33766", "VERACODE:33938", "VERACODE:34716", "VERACODE:34883", "VERACODE:35109"]}, {"type": "vmware", "idList": ["VMSA-2022-0010", "VMSA-2022-0010.1", "VMSA-2022-0010.3", "VMSA-2022-0010.4", "VMSA-2022-0010.5"]}, {"type": "zdt", "idList": ["1337DAY-ID-37692"]}]}, "epss": [{"cve": "CVE-2021-41184", "epss": 0.00264, "percentile": 0.62566, "modified": "2023-05-02"}, {"cve": "CVE-2021-42340", "epss": 0.00781, "percentile": 0.78839, "modified": "2023-05-02"}, {"cve": "CVE-2021-44832", "epss": 0.09463, "percentile": 0.93793, "modified": "2023-05-02"}, {"cve": "CVE-2022-0778", "epss": 0.01367, "percentile": 0.84247, "modified": "2023-05-02"}, {"cve": "CVE-2022-22965", "epss": 0.97527, "percentile": 0.99979, "modified": "2023-05-02"}, {"cve": "CVE-2022-22968", "epss": 0.00052, "percentile": 0.18573, "modified": "2023-05-02"}, {"cve": "CVE-2022-23181", "epss": 0.00043, "percentile": 0.07823, "modified": "2023-05-02"}, {"cve": "CVE-2022-23305", "epss": 0.00357, "percentile": 0.67904, "modified": "2023-05-02"}], "vulnersScore": 8.2}, "_state": {"score": 1688656967, "dependencies": 1688656483, "epss": 0}, "_internal": {"score_hash": "572ef607881af8afe40d461b8674ac85"}, "pluginID": "159917", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159917);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\n \"CVE-2021-41184\",\n \"CVE-2021-42340\",\n \"CVE-2021-44832\",\n \"CVE-2022-0778\",\n \"CVE-2022-22965\",\n \"CVE-2022-22968\",\n \"CVE-2022-23181\",\n \"CVE-2022-23305\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/25\");\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"Oracle MySQL Enterprise Monitor (Apr 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as\nreferenced in the April 2022 CPU advisory.\n\n - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General\n (Apache Log4j)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL\n Enterprise Monitor. (CVE-2022-23305)\n\n - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General\n (Spring Framework)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL\n Enterprise Monitor. (CVE-2022-22965)\n\n - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General\n (Apache Tomcat)). Supported versions that are affected are 8.0.29 and prior. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. (CVE-2021-42340)\n\n - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General\n (Spring Framework)). Supported versions that are affected are 8.0.29 and prior. The patterns for \n disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is \n listed with both upper and lower case for the first character of the field, including upper and lower case for the\n first character of all nested fields within the property path. (CVE-2022-22968)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44832\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Spring Framework Class property RCE (Spring4Shell)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql_enterprise_monitor\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_enterprise_monitor_web_detect.nasl\", \"oracle_mysql_enterprise_monitor_local_nix_detect.nbin\", \"oracle_mysql_enterprise_monitor_local_detect.nbin\", \"macosx_mysql_enterprise_monitor_installed.nbin\");\n script_require_keys(\"installed_sw/MySQL Enterprise Monitor\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'MySQL Enterprise Monitor');\n\nvar constraints = [\n { 'min_version' : '8.0', 'fixed_version' : '8.0.30' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "CGI abuses", "cpe": ["cpe:/a:oracle:mysql_enterprise_monitor"], "solution": "Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-44832", "vendor_cvss2": {"score": 8.5, "vector": "CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.8"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-04-19T00:00:00", "vulnerabilityPublicationDate": "2022-04-19T00:00:00", "exploitableWith": ["Core Impact", "Metasploit(Spring Framework Class property RCE (Spring4Shell))"]}

{"spring": [{"lastseen": "2022-04-27T14:58:04", "description": "## Table of Contents\n\n * Overview\n * Does This Affect My Application?\n * Reassessing Your Data Binding Approach\n\n### Overview\n\nWhile investigating the [Spring Framework RCE vulnerability CVE-2022-22965](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>) and the suggested workaround, we realized that the `disallowedFields` configuration setting on `WebDataBinder` is not intuitive and is not clearly documented. We have fixed that but also decided to be on the safe side and announce a follow-up CVE, in order to ensure application developers are alerted and have a chance to review their configuration.\n\n * [CVE-2022-22968: Spring Framework Data Binding Rules Vulnerability](<https://tanzu.vmware.com/security/cve-2022-22968>)\n\nWe have released [Spring Framework 5.3.19 and 5.2.21](<https://spring.io/blog/2022/04/13/spring-framework-5-3-19-and-5-2-21-available-now>) which contain the fix. Spring Boot 2.6.7 and 2.5.13 are scheduled to be released on April 21, 2022.\n\n> Until Spring Boot 2.6.7 and 2.5.13 have been released, you should manually upgrade the Spring Framework dependency in your Spring Boot application. To override the Spring Framework version in your Maven or Gradle build, you should use the `spring-framework.version` property.\n> \n> Please see the documentation for the Spring Boot [Maven plugin](<https://docs.spring.io/spring-boot/docs/current/maven-plugin/reference/htmlsingle/#using.parent-pom>) and [Gradle plugin](<https://docs.spring.io/spring-boot/docs/current/gradle-plugin/reference/htmlsingle/#managing-dependencies.dependency-management-plugin.customizing>) for details.\n\nPrior to the fix in today's releases, the patterns for `disallowedFields` in a `DataBinder` were _case sensitive_ which means a field was not effectively protected unless patterns were registered with both upper and lower case for the first character of the field, including all combinations of upper and lower case for the first character of all nested fields within the property path.\n\nFor example, if you've seen the [Disallowed Fields](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#disallowed-fields>) workaround for the RCE vulnerability, you might have wondered why the disallowed field patterns included seemingly duplicate entries. Each pattern had to be registered twice, once with the first character in lowercase, and again with the first character in uppercase. The fix we've released today addresses this by ignoring case when matching against disallowed field patterns. This has the added benefit of disallowing binding to a `firstName` property when the registered pattern is `firstname`. In other words, the changes we've made not only fix the vulnerability reported in the CVE, but they also make disallowed field patterns more robust in general.\n\n### Does This Affect My Application?\n\nThese are the necessary conditions for the specific vulnerability:\n\n * Registration of _disallowed field patterns_ in a `DataBinder`\n * `spring-webmvc` or `spring-webflux` dependency\n * Spring Framework versions 5.3.0 to 5.3.18, 5.2.0 to 5.2.20, and older versions\n\nAdditional notes:\n\n * The issue relates to data binding used to populate an object from request parameters (either query parameters or form data). Data binding is used for controller method parameters that are annotated with `@ModelAttribute` or optionally without it, and without any other Spring Web annotation.\n * The issue does not relate to `@RequestBody` controller method parameters (e.g. JSON deserialization). However, such methods may still be vulnerable if they have another method parameter populated via data binding from query parameters.\n * Your Spring MVC or Spring WebFlux application may be susceptible to data binding issues even if you do not register _disallowed field patterns_. We highly encourage you to review your `DataBinder` configuration and more broadly your approach to data binding. For more details, please see the new [Data Binding Model Design](<https://docs.spring.io/spring-framework/docs/current/reference/html/web.html#mvc-ann-initbinder-model-design>) section in the Spring Framework reference manual.\n\n### Reassessing Your Data Binding Approach\n\nIf you're using _disallowed field patterns_ and plan to continue using them, you should definitely update to Spring Framework **5.3.19** and **5.2.21** or greater as soon as possible. \n\nHowever, there are alternatives to relying on _disallowed field patterns_. As discussed in the new [Model Design](<https://docs.spring.io/spring-framework/docs/current/reference/html/web.html#mvc-ann-initbinder-model-design>) section in the reference manual, our recommended approach is to use a _dedicated model object_ that exposes only properties that are relevant for the supported use case. Another alternative is to switch to _allowed field patterns_: instead of supplying a "deny list" via `setDisallowedFields()`, you can supply an explicit "allow list" via `setAllowedFields()` in a `WebDataBinder`.\n\nKeep in mind that it is strongly recommended that you do **not** use types from your domain model such as JPA or Hibernate entities as the model object in data binding scenarios.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-13T13:00:00", "type": "spring", "title": "Spring Framework Data Binding Rules Vulnerability (CVE-2022-22968)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965", "CVE-2022-22968"], "modified": "2022-04-13T13:00:00", "id": "SPRING:0A31867D9351CED0BD42C5AD9FB90F8C", "href": "https://spring.io/blog/2022/04/13/spring-framework-data-binding-rules-vulnerability-cve-2022-22968", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-30T10:55:16", "description": "**Updates**\n\n * **[04-13]** ["Data Binding Rules Vulnerability CVE-2022-22968"](<https://spring.io/blog/2022/04/13/spring-framework-data-binding-rules-vulnerability-cve-2022-22968>) follow-up blog post published, related to the "disallowedFields" from the Suggested Workarounds\n * **[04-08]** [Snyk announces](<https://snyk.io/blog/spring4shell-rce-vulnerability-glassfish-payara/>) an additional attack vector for Glassfish and Payara. See also related Payara, upcoming release [announcement](<https://blog.payara.fish/payara-and-spring4shell>)\n * **[04-04]** Updated [Am I Impacted](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#am-i-impacted>) with improved description for deployment requirements\n * **[04-01]** Updated [Am I Impacted](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#am-i-impacted>) with additional notes\n * **[04-01]** Updated [Suggested Workarounds](<https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds>) section for Apache Tomcat upgrades and Java 8 downgrades\n * **[04-01]** ["Mitigation Alternative"](<https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative>) follow-up blog post published, announcing Apache Tomcat releases versions **10.0.20**, **9.0.62**, and **8.5.78** that close the attack vector on Tomcat\u2019s side\n * **[03-31]** [Spring Boot 2.6.6](<https://spring.io/blog/2022/03/31/spring-boot-2-6-6-available-now>) is available\n * **[03-31]** [Spring Boot 2.5.12](<https://spring.io/blog/2022/03/31/spring-boot-2-5-12-available-now>) is available\n * **[03-31]** [CVE-2022-22965](<https://tanzu.vmware.com/security/cve-2022-22965>) is published\n * **[03-31]** Added section "Misconceptions"\n * **[03-31]** Added section "Am I Impacted"\n * **[03-31]** Fix minor issue in the workaround for adding `disallowedFields`\n * **[03-31]** Spring Framework **5.3.18** and **5.2.20** are available\n\n## Table of Contents\n\n * Overview\n * Vulnerability\n * Am I Impacted\n * Status\n * Suggested Workarounds\n * Misconceptions\n\n### Overview\n\nI would like to announce an RCE vulnerability in the Spring Framework that was leaked out ahead of CVE publication. The issue was first reported to VMware late on Tuesday evening, close to Midnight, GMT time by codeplutos, meizjm3i of AntGroup FG. On Wednesday we worked through investigation, analysis, identifying a fix, testing, while aiming for emergency releases on Thursday. In the mean time, also on Wednesday, details were leaked in full detail online, which is why we are providing this update ahead of the releases and the CVE report.\n\n### Vulnerability\n\nThe vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to be packaged and deployed as a traditional WAR on a Servlet container. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.\n\n### Am I Impacted?\n\nThese are the requirements for the specific scenario from the report:\n\n * Running on JDK 9 or higher\n * [Packaged as a traditional WAR](<https://docs.spring.io/spring-boot/docs/2.5.x/reference/htmlsingle/#howto.traditional-deployment>) and deployed on a standalone Servlet container. Typical Spring Boot deployments using [an embedded Servlet container](<https://docs.spring.io/spring-boot/docs/2.5.x/reference/htmlsingle/#features.developing-web-applications.embedded-container>) or [reactive web server](<https://docs.spring.io/spring-boot/docs/2.5.x/reference/htmlsingle/#features.developing-web-applications.reactive-server>) are not impacted.\n * `spring-webmvc` or `spring-webflux` dependency.\n * Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions.\n\nAdditional notes:\n\n * The vulnerability involves `ClassLoader` access and depends on the actual Servlet Container in use. Tomcat 10.0.19, 9.0.61, 8.5.77, and earlier versions are known to be vulnerable. Payara and Glassfish are also known to be vulnerable. Other Servlet containers may also be vulnerable.\n * The issue relates to data binding used to populate an object from request parameters (either query parameters or form data). Data binding is used for controller method parameters that are annotated with `@ModelAttribute` or optionally without it, and without any other Spring Web annotation.\n * The issues does not relate to `@RequestBody` controller method parameters (e.g. JSON deserialization). However, such methods may still be vulnerable if they have another method parameter populated via data binding from query parameters.\n\n### Status\n\n * Spring Framework 5.3.18 and 5.2.20, which contain the fixes, have been released.\n * Spring Boot 2.6.6 and 2.5.12 that depend on Spring Framework 5.3.18 have been released.\n * [CVE-2022-22965](<https://tanzu.vmware.com/security/cve-2022-22965>) has been published.\n * Apache Tomcat has released versions 10.0.20, 9.0.62, and 8.5.78 which close the attack vector on Tomcat\u2019s side, see [Spring Framework RCE, Mitigation Alternative](<https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative>).\n\n### Suggested Workarounds\n\nThe preferred response is to update to Spring Framework **5.3.18** and **5.2.20** or greater. If you have done this, then no workarounds are necessary. However, some may be in a position where upgrading is not possible to do quickly. For that reason, we have provided some workarounds below.\n\n * Upgrading Tomcat\n * Downgrading to Java 8\n * Disallowed Fields\n\nPlease note that, workarounds are not necessarily mutually exclusive since security is best done "in depth".\n\n#### Upgrading Tomcat\n\nFor older applications, running on Tomcat with an unsupported Spring Framework version, upgrading to Apache Tomcat **10.0.20**, **9.0.62**, or **8.5.78**, provides adequate protection. However, this should be seen as a tactical solution, and the main goal should be to upgrade to a currently supported Spring Framework version as soon as possible. If you take this approach, you should consider setting Disallowed Fields as well for defense in depth approach.\n\n#### Downgrading to Java 8\n\nDowngrading to Java 8 is a viable workaround, if you can neither upgrade the Spring Framework nor upgrade Apache Tomcat. \n\n#### Disallowed Fields\n\nAnother viable workaround is to disable binding to particular fields by setting `disallowedFields`on `WebDataBinder` globally:\n \n \n \n @ControllerAdvice\n @Order(Ordered.LOWEST_PRECEDENCE)\n public class BinderControllerAdvice {\n \n @InitBinder\n public void setAllowedFields(WebDataBinder dataBinder) {\n String[] denylist = new String[]{\"class.*\", \"Class.*\", \"*.class.*\", \"*.Class.*\"};\n dataBinder.setDisallowedFields(denylist);\n }\n \n }\n \n\nThis works generally, but as a centrally applied workaround fix, may leave some loopholes, in particular if a controller sets `disallowedFields` locally through its own `@InitBinder` method, which overrides the global setting.\n\nTo apply the workaround in a more fail-safe way, applications could extend `RequestMappingHandlerAdapter` to update the `WebDataBinder` at the end after all other initialization. In order to do that, a Spring Boot application can declare a `WebMvcRegistrations` bean (Spring MVC) or a `WebFluxRegistrations` bean (Spring WebFlux).\n\nFor example in Spring MVC (and similar in WebFlux):\n \n \n package car.app;\n \n import java.util.ArrayList;\n import java.util.Arrays;\n import java.util.List;\n \n import org.springframework.boot.SpringApplication;\n import org.springframework.boot.autoconfigure.SpringBootApplication;\n import org.springframework.boot.autoconfigure.web.servlet.WebMvcRegistrations;\n import org.springframework.context.annotation.Bean;\n import org.springframework.web.bind.ServletRequestDataBinder;\n import org.springframework.web.context.request.NativeWebRequest;\n import org.springframework.web.method.annotation.InitBinderDataBinderFactory;\n import org.springframework.web.method.support.InvocableHandlerMethod;\n import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter;\n import org.springframework.web.servlet.mvc.method.annotation.ServletRequestDataBinderFactory;\n \n \n @SpringBootApplication\n public class MyApp {\n \n \n \tpublic static void main(String[] args) {\n \t\tSpringApplication.run(CarApp.class, args);\n \t}\n \n \n \t@Bean\n \tpublic WebMvcRegistrations mvcRegistrations() {\n \t\treturn new WebMvcRegistrations() {\n \t\t\t@Override\n \t\t\tpublic RequestMappingHandlerAdapter getRequestMappingHandlerAdapter() {\n \t\t\t\treturn new ExtendedRequestMappingHandlerAdapter();\n \t\t\t}\n \t\t};\n \t}\n \n \n \tprivate static class ExtendedRequestMappingHandlerAdapter extends RequestMappingHandlerAdapter {\n \n \t\t@Override\n \t\tprotected InitBinderDataBinderFactory createDataBinderFactory(List<InvocableHandlerMethod> methods) {\n \n \t\t\treturn new ServletRequestDataBinderFactory(methods, getWebBindingInitializer()) {\n \n \t\t\t\t@Override\n \t\t\t\tprotected ServletRequestDataBinder createBinderInstance(\n \t\t\t\t\t\tObject target, String name, NativeWebRequest request) throws Exception {\n \t\t\t\t\t\n \t\t\t\t\tServletRequestDataBinder binder = super.createBinderInstance(target, name, request);\n \t\t\t\t\tString[] fields = binder.getDisallowedFields();\n \t\t\t\t\tList<String> fieldList = new ArrayList<>(fields != null ? Arrays.asList(fields) : Collections.emptyList());\n \t\t\t\t\tfieldList.addAll(Arrays.asList(\"class.*\", \"Class.*\", \"*.class.*\", \"*.Class.*\"));\n \t\t\t\t\tbinder.setDisallowedFields(fieldList.toArray(new String[] {}));\n \t\t\t\t\treturn binder;\n \t\t\t\t}\n \t\t\t};\n \t\t}\n \t}\n }\n \n \n\nFor Spring MVC without Spring Boot, an application can switch from `@EnableWebMvc` to extending `DelegatingWebMvcConfiguration` directly as described in [Advanced Config](<https://docs.spring.io/spring-framework/docs/current/reference/html/web.html#mvc-config-advanced-java>) section of the documentation, then overriding the `createRequestMappingHandlerAdapter` method.\n\n### Misconceptions\n\nThere was speculation surrounding the commit to deprecate `SerializationUtils`. This class has only one usage within the framework and is not exposed to external input. The deprecation is unrelated to this vulnerability.\n\nThere was confusion with a [CVE for Spring Cloud Function](<https://spring.io/blog/2022/03/29/cve-report-published-for-spring-cloud-function>) which was released just before the report for this vulnerability. It is also unrelated.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T10:27:00", "type": "spring", "title": "Spring Framework RCE, Early Announcement", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965", "CVE-2022-22968"], "modified": "2022-03-31T10:27:00", "id": "SPRING:DA8F6AA20460EB2D550732A7F74584F6", "href": "https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-10T20:55:22", "description": "Hi, Spring fans! Welcome to another installment of _This Week in Spring_! It's been quite the week since we last talked! I flew to Atlanta, GA, for my first in-person show since the pandemic - Devnexus 2022. I loved the experience! Hopefully, the only souvenirs I'll have are the amazing memories and not COVID. I loved to see so many smiling faces. Thanks so much for having me, Devnexus, and for running an amazing show. It was a privilege to return. \n\nAnd now, without further ado, let's dive right into the roundup. \n\n * [A Bootiful Podcast: Cloud guru Tiffany Jernigan](<https://spring.io/blog/2022/04/14/a-bootiful-podcast-cloud-guru-tiffany-jernigan>)\n * [Jacky Chan on Twitter: "My new open source tool httpx, CLI and IDE plugins to test REST API, GraphQL, gRPC, RSocket, Kafka etc services with HTTP DSL <https://t.co/jkvJG2syff> JetBrains/Neovim plugins are all ready. Support by @java and @graalvm" / Twitter](<https://twitter.com/linux_china/status/1506083934068621312?s=21>)\n * [Ngrok Spring Boot Starter - Tunneling The Easy Way](<https://www.i-programmer.info/news/80-java/15369-ngrok-spring-boot-starter-tunneling-the-easy-way.html>)\n * [Spring Boot with Drools Engine. In this blog we would see how Spring integrates with Drools Engine. | CodeX](<https://medium.com/codex/spring-boot-with-drools-engine-7119774c559f>)\n * [Spring Data 2021.2.0-RC1, 2021.1.4, and 2021.0.11 released](<https://spring.io/blog/2022/04/19/spring-data-2021-2-0-rc1-2021-1-4-and-2021-0-11-released>)\n * [Spring Framework 5.3.19 and 5.2.21 available now](<https://spring.io/blog/2022/04/13/spring-framework-5-3-19-and-5-2-21-available-now>)\n * [Spring Framework Data Binding Rules Vulnerability (CVE-2022-22968)](<https://spring.io/blog/2022/04/13/spring-framework-data-binding-rules-vulnerability-cve-2022-22968>)\n * [Spring Security 5.6.3 and 5.5.6 available now](<https://spring.io/blog/2022/04/18/spring-security-5-6-3-and-5-5-6-available-now>)\n * [Spring Security 5.7.0-RC1 released](<https://spring.io/blog/2022/04/18/spring-security-5-7-0-rc1-released>)\n * [Build or migrate great applications that deliver great value to your customers. Register now ](<https://twitter.com/JavaAtMicrosoft/status/1516118110201421828>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-19T19:00:00", "type": "spring", "title": "This Week in Spring - April 19th, 2022", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22968"], "modified": "2022-04-19T19:00:00", "id": "SPRING:D9A1E160C61599F24065CC7E5746BD38", "href": "https://spring.io/blog/2022/04/19/this-week-in-spring-april-19th-2022", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2023-05-18T14:44:37", "description": "The version of Oracle Identity Manager installed on the remote host is missing a security patch and is, therefore affected by multiple vulnerabilities as referenced in the April 2022 Critical Patch Update(CPU) advisory.\n\n - Vulnerability in the Oracle Identity Management Suite product of Oracle Fusion Middleware (component: Centralized Third Party Jars (Apache Log4j)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Management Suite. Successful attacks of this vulnerability can result in takeover of Oracle Identity Management Suite. (CVE-2022-23305)\n\n - Vulnerability in the Oracle Identity Management Suite product of Oracle Fusion Middleware (component: Advanced UI (Apache Log4j)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Identity Management Suite. Successful attacks of this vulnerability can result in takeover of Oracle Identity Management Suite. (CVE-2021-44832)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-25T00:00:00", "type": "nessus", "title": "Oracle Identity Manager (Apr 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44832", "CVE-2022-23305"], "modified": "2022-12-30T00:00:00", "cpe": ["cpe:/a:oracle:identity_manager"], "id": "ORACLE_IDENTITY_MANAGEMENT_CPU_APR_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/160180", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160180);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/30\");\n\n script_cve_id(\"CVE-2021-44832\", \"CVE-2022-23305\");\n script_xref(name:\"IAVA\", value:\"2022-A-0171\");\n\n script_name(english:\"Oracle Identity Manager (Apr 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Identity Manager installed on the remote host is missing a security patch and is,\ntherefore affected by multiple vulnerabilities as referenced in the April 2022 Critical Patch Update(CPU) advisory.\n\n - Vulnerability in the Oracle Identity Management Suite product of Oracle Fusion Middleware (component: Centralized\n Third Party Jars (Apache Log4j)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle\n Identity Management Suite. Successful attacks of this vulnerability can result in takeover of Oracle Identity\n Management Suite. (CVE-2022-23305)\n\n - Vulnerability in the Oracle Identity Management Suite product of Oracle Fusion Middleware (component: Advanced UI\n (Apache Log4j)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit\n vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Identity\n Management Suite. Successful attacks of this vulnerability can result in takeover of Oracle Identity Management\n Suite. (CVE-2021-44832)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44832\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:identity_manager\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_identity_management_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Identity Manager\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Identity Manager');\n\nvar constraints = [\n { 'min_version' : '12.2.1.3.0', 'fixed_version' : '12.2.1.3.220415' },\n { 'min_version' : '12.2.1.4.0', 'fixed_version' : '12.2.1.4.220331' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:48:32", "description": "The version of Dell Wyse Management Suite installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the DSA-2022-098 advisory.\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self- signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. (CVE-2022-22965)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-08T00:00:00", "type": "nessus", "title": "Dell Wyse Management Suite < 3.6.1 Multiple Vulnerabilities (DSA-2022-098)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0778", "CVE-2022-22965"], "modified": "2023-01-18T00:00:00", "cpe": ["cpe:/a:dell:wyse_management_suite"], "id": "DELL_WYSE_MANAGEMENT_SUITE_DSA-2022-098.NASL", "href": "https://www.tenable.com/plugins/nessus/161952", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161952);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/18\");\n\n script_cve_id(\"CVE-2022-0778\", \"CVE-2022-22965\");\n script_xref(name:\"IAVA\", value:\"2022-A-0121-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/25\");\n\n script_name(english:\"Dell Wyse Management Suite < 3.6.1 Multiple Vulnerabilities (DSA-2022-098)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Dell Wyse Management Suite installed on the local host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Dell Wyse Management Suite installed on the remote host is prior to tested version. It is, therefore,\naffected by multiple vulnerabilities as referenced in the DSA-2022-098 advisory.\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop\n forever for non-prime moduli. Internally this function is used when parsing certificates that contain\n elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point\n encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has\n invalid explicit curve parameters. Since certificate parsing happens prior to verification of the\n certificate signature, any process that parses an externally supplied certificate may thus be subject to a\n denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they\n can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients\n consuming server certificates - TLS servers consuming client certificates - Hosting providers taking\n certificates or private keys from customers - Certificate authorities parsing certification requests from\n subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that\n use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS\n issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate\n which makes it slightly harder to trigger the infinite loop. However any operation which requires the\n public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-\n signed certificate to trigger the loop during verification of the certificate signature. This issue\n affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the\n 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected\n 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution\n (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR\n deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not\n vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be\n other ways to exploit it. (CVE-2022-22965)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.dell.com/support/kbdoc/en-us/000198486/dsa-2022-098-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?beac8880\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Dell Wyse Management Suite 3.6.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Spring Framework Class property RCE (Spring4Shell)');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:dell:wyse_management_suite\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"dell_wyse_management_suite_win_installed.nbin\");\n script_require_keys(\"installed_sw/Dell Wyse Management Suite\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\nvar app_info = vcf::get_app_info(app:'Dell Wyse Management Suite', win_local:TRUE);\n\nvar constraints = [\n { 'fixed_version' : '3.6.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:50", "description": "The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory:\n\n - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Oracle JDeveloper (Apache Log4j)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. (CVE-2021-44832)\n\n - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. (CVE-2022-21445)\n\n - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Oracle JDeveloper (Apache Log4j)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. (CVE-2022-23305)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-26T00:00:00", "type": "nessus", "title": "Oracle JDeveloper Multiple Vulnerabilities (April 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44832", "CVE-2022-21445", "CVE-2022-23305"], "modified": "2022-12-30T00:00:00", "cpe": ["cpe:/a:oracle:jdeveloper"], "id": "ORACLE_JDEVELOPER_CPU_APR_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/160204", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160204);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/30\");\n\n script_cve_id(\"CVE-2021-44832\", \"CVE-2022-21445\", \"CVE-2022-23305\");\n script_xref(name:\"IAVA\", value:\"2022-A-0171\");\n\n script_name(english:\"Oracle JDeveloper Multiple Vulnerabilities (April 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by a multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by \nmultiple vulnerabilities as referenced in the April 2022 CPU advisory:\n\n - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Oracle JDeveloper \n (Apache Log4j)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability \n allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper. Successful \n attacks of this vulnerability can result in takeover of Oracle JDeveloper. (CVE-2021-44832)\n\n - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). \n Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability \n allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful \n attacks of this vulnerability can result in takeover of Oracle JDeveloper. (CVE-2022-21445)\n\n - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Oracle JDeveloper \n (Apache Log4j)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability \n allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful \n attacks of this vulnerability can result in takeover of Oracle JDeveloper. (CVE-2022-23305)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2022.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2022cvrf.xml\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44832\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdeveloper\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_jdeveloper_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle JDeveloper\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\nvar app_info = vcf::oracle_jdev::get_app_info();\n\nvar constraints = [\n { 'min_version':'12.2.1.3', 'fixed_version':'12.2.1.3.220310', 'missing_patch':'33949366' },\n { 'min_version':'12.2.1.4', 'fixed_version':'12.2.1.4.220314', 'missing_patch':'33958532' }\n];\n\nvcf::oracle_jdev::check_version_and_report(\n app_info:app_info,\n severity:SECURITY_HOLE,\n constraints:constraints\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:11", "description": "The 13.4.0.0 and 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory.\n\n - Vulnerability in the Oracle Management Service component (Apache Log4j) of the Enterprise Manager Base Platform. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise and take over the Enterprise Manager Base Platform. (CVE-2022-23305)\n\n - Vulnerability in the Enterprise Manager Install component (libxml2) of the Enterprise Manager Base Platform. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise and take over the Enterprise Manager Base Platform. (CVE-2021-3518)\n\n - Vulnerability in the Enterprise Manager Install component (Apache Log4j) of the Enterprise Manager Base Platform. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise and take over the Enterprise Manager Base Platform. (CVE-2021-44832)\n\n - Vulnerability in the UI Framework component of the Enterprise Manager Base Platform. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise the Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data. (CVE-2022-21469)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-29T00:00:00", "type": "nessus", "title": "Oracle Enterprise Manager Cloud Control (Apr 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3518", "CVE-2021-44832", "CVE-2022-21469", "CVE-2022-23305"], "modified": "2022-12-30T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager"], "id": "ORACLE_ENTERPRISE_MANAGER_CPU_APR_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/160377", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160377);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/30\");\n\n script_cve_id(\n \"CVE-2021-3518\",\n \"CVE-2021-44832\",\n \"CVE-2022-21469\",\n \"CVE-2022-23305\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n\n script_name(english:\"Oracle Enterprise Manager Cloud Control (Apr 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The 13.4.0.0 and 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by\nmultiple vulnerabilities as referenced in the April 2022 CPU advisory.\n\n - Vulnerability in the Oracle Management Service component (Apache Log4j) of the Enterprise Manager\n Base Platform. Easily exploitable vulnerability allows unauthenticated attacker with network access\n via HTTP to compromise and take over the Enterprise Manager Base Platform. (CVE-2022-23305)\n\n - Vulnerability in the Enterprise Manager Install component (libxml2) of the Enterprise Manager\n Base Platform. Easily exploitable vulnerability allows unauthenticated attacker with network access\n via HTTP to compromise and take over the Enterprise Manager Base Platform. (CVE-2021-3518)\n\n - Vulnerability in the Enterprise Manager Install component (Apache Log4j) of the Enterprise Manager\n Base Platform. Difficult to exploit vulnerability allows high privileged attacker with network access\n via HTTP to compromise and take over the Enterprise Manager Base Platform. (CVE-2021-44832)\n\n - Vulnerability in the UI Framework component of the Enterprise Manager Base Platform. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise\n the Enterprise Manager Base Platform. Successful attacks require human interaction from a person other\n than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may\n significantly impact additional products (scope change). Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform\n accessible data. (CVE-2022-21469)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44832\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_enterprise_manager_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Cloud Control\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Enterprise Manager Cloud Control');\n\nvar constraints = [\n { 'min_version' : '13.4.0.0', 'fixed_version' : '13.4.0.15', 'fixed_display': '13.4.0.15 (Patch 33726878)'},\n { 'min_version' : '13.5.0.0', 'fixed_version' : '13.5.0.5', 'fixed_display': '13.5.0.5 (Patch 33731694)'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-25T14:58:53", "description": "The version of Atlassian Jira installed on the remote host is prior to 8.13.18 / 8.14.0 < 8.20.6 / 8.21.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-73070 advisory.\n\n - Denial of service via an OutOfMemoryError (Tomcat CVE-2021-42340) (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-06T00:00:00", "type": "nessus", "title": "Atlassian Jira < 8.13.18 / 8.14.0 < 8.20.6 / 8.21.0 (JRASERVER-73070)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-42340"], "modified": "2022-07-27T00:00:00", "cpe": ["cpe:/a:atlassian:jira"], "id": "JIRA_8_21_0_JRASERVER-73070.NASL", "href": "https://www.tenable.com/plugins/nessus/162744", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162744);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/27\");\n\n script_cve_id(\"CVE-2021-42340\");\n\n script_name(english:\"Atlassian Jira < 8.13.18 / 8.14.0 < 8.20.6 / 8.21.0 (JRASERVER-73070)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Atlassian Jira host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Atlassian Jira installed on the remote host is prior to 8.13.18 / 8.14.0 < 8.20.6 / 8.21.0. It is, therefore, affected by a\nvulnerability as referenced in the JRASERVER-73070 advisory.\n\n - Denial of service via an OutOfMemoryError (Tomcat CVE-2021-42340) (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jira.atlassian.com/browse/JRASERVER-73070\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Atlassian Jira version 8.13.18, 8.20.6, 8.21.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-42340\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:atlassian:jira\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jira_detect.nasl\", \"atlassian_jira_win_installed.nbin\", \"atlassian_jira_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Atlassian JIRA\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nvar app_info = vcf::combined_get_app_info(app:'Atlassian JIRA');\n\n# if on LTS release 8.13.x needs the 8.13.18 patch.\n# else if on LTS release 8.20.x needs the 8.20.6 patch\n# if else upgrade to 8.21.0\nvar constraints = [\n { 'fixed_version' : '8.13.18', 'fixed_display' : '8.13.18 / 8.20.6 / 8.21.0' },\n { 'min_version' : '8.14.0', 'fixed_version' : '8.20.6', 'fixed_display' : '8.20.6 / 8.21.0' },\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T16:11:18", "description": "The version of Tomcat installed on the remote host is prior to 10.1.0.M6. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.1.0-m6_security-10 advisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 10.1.0.M1 < 10.1.0.M6 vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-42340"], "modified": "2022-10-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_10_1_0_M6.NASL", "href": "https://www.tenable.com/plugins/nessus/154149", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154149);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\"CVE-2021-42340\");\n script_xref(name:\"IAVA\", value:\"2021-A-0479-S\");\n\n script_name(english:\"Apache Tomcat 10.1.0.M1 < 10.1.0.M6 vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 10.1.0.M6. It is, therefore, affected by a vulnerability\nas referenced in the fixed_in_apache_tomcat_10.1.0-m6_security-10 advisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to\n 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP\n upgrade connections was not released for WebSocket connections once the connection was closed. This\n created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=63362\");\n # https://github.com/apache/tomcat/commit/d5a6660cba7f51589468937bf3bbad4db7810371\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0eca2273\");\n # https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.0-M6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75e2082d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 10.1.0.M6 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-42340\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '10.1.0.M6', min:'10.1.0.M1', severity:SECURITY_WARNING, granularity_regex: \"^(10(\\.1(\\.0)?)?)$\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T16:12:07", "description": "An update of the apache package has been released.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)", "cvss3": {}, "published": "2021-11-12T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Apache PHSA-2021-4.0-0126", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-42340"], "modified": "2022-10-11T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:apache", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0126_APACHE.NASL", "href": "https://www.tenable.com/plugins/nessus/155327", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0126. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155327);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\"CVE-2021-42340\");\n script_xref(name:\"IAVA\", value:\"2021-A-0479-S\");\n\n script_name(english:\"Photon OS 4.0: Apache PHSA-2021-4.0-0126\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the apache package has been released.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to\n 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP\n upgrade connections was not released for WebSocket connections once the connection was closed. This\n created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-0126.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-42340\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', reference:'apache-tomcat-8.5.72-1.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T16:09:55", "description": "The version of Tomcat installed on the remote host is prior to 8.5.72. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_8.5.72_security-8 advisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.60 < 8.5.72 vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-42340"], "modified": "2022-10-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_72.NASL", "href": "https://www.tenable.com/plugins/nessus/154147", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154147);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\"CVE-2021-42340\");\n script_xref(name:\"IAVA\", value:\"2021-A-0479-S\");\n\n script_name(english:\"Apache Tomcat 8.5.60 < 8.5.72 vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 8.5.72. It is, therefore, affected by a vulnerability as\nreferenced in the fixed_in_apache_tomcat_8.5.72_security-8 advisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to\n 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP\n upgrade connections was not released for WebSocket connections once the connection was closed. This\n created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=63362\");\n # https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e57e35e\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.72\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?740768cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 8.5.72 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-42340\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '8.5.72', min:'8.5.60', severity:SECURITY_WARNING, granularity_regex: \"^8(\\.5)?$\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T16:14:51", "description": "The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5009 advisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-12T00:00:00", "type": "nessus", "title": "Debian DSA-5009-1 : tomcat9 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-42340"], "modified": "2022-10-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libtomcat9-embed-java", "p-cpe:/a:debian:debian_linux:libtomcat9-java", "p-cpe:/a:debian:debian_linux:tomcat9", "p-cpe:/a:debian:debian_linux:tomcat9-admin", "p-cpe:/a:debian:debian_linux:tomcat9-common", "p-cpe:/a:debian:debian_linux:tomcat9-docs", "p-cpe:/a:debian:debian_linux:tomcat9-examples", "p-cpe:/a:debian:debian_linux:tomcat9-user", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5009.NASL", "href": "https://www.tenable.com/plugins/nessus/155317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5009. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155317);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\"CVE-2021-42340\");\n script_xref(name:\"IAVA\", value:\"2021-A-0479-S\");\n\n script_name(english:\"Debian DSA-5009-1 : tomcat9 - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5009\nadvisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to\n 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP\n upgrade connections was not released for WebSocket connections once the connection was closed. This\n created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/tomcat9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-5009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-42340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/tomcat9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the tomcat9 packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 9.0.43-2~deb11u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-42340\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat9-embed-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat9-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat9-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat9-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat9-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat9-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libtomcat9-embed-java', 'reference': '9.0.43-2~deb11u3'},\n {'release': '11.0', 'prefix': 'libtomcat9-java', 'reference': '9.0.43-2~deb11u3'},\n {'release': '11.0', 'prefix': 'tomcat9', 'reference': '9.0.43-2~deb11u3'},\n {'release': '11.0', 'prefix': 'tomcat9-admin', 'reference': '9.0.43-2~deb11u3'},\n {'release': '11.0', 'prefix': 'tomcat9-common', 'reference': '9.0.43-2~deb11u3'},\n {'release': '11.0', 'prefix': 'tomcat9-docs', 'reference': '9.0.43-2~deb11u3'},\n {'release': '11.0', 'prefix': 'tomcat9-examples', 'reference': '9.0.43-2~deb11u3'},\n {'release': '11.0', 'prefix': 'tomcat9-user', 'reference': '9.0.43-2~deb11u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtomcat9-embed-java / libtomcat9-java / tomcat9 / tomcat9-admin / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T16:14:51", "description": "The version of tomcat8 installed on the remote host is prior to 8.5.72-1.89. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1546 advisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-05T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat8 (ALAS-2021-1546)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-42340"], "modified": "2022-10-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1546.NASL", "href": "https://www.tenable.com/plugins/nessus/154897", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1546.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154897);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\"CVE-2021-42340\");\n script_xref(name:\"IAVA\", value:\"2021-A-0479-S\");\n script_xref(name:\"ALAS\", value:\"2021-1546\");\n\n script_name(english:\"Amazon Linux AMI : tomcat8 (ALAS-2021-1546)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tomcat8 installed on the remote host is prior to 8.5.72-1.89. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2021-1546 advisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to\n 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP\n upgrade connections was not released for WebSocket connections once the connection was closed. This\n created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1546.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-42340\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update tomcat8' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-42340\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'tomcat8-8.5.72-1.89.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tomcat8-admin-webapps-8.5.72-1.89.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tomcat8-docs-webapp-8.5.72-1.89.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tomcat8-el-3.0-api-8.5.72-1.89.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tomcat8-javadoc-8.5.72-1.89.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tomcat8-jsp-2.3-api-8.5.72-1.89.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tomcat8-lib-8.5.72-1.89.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tomcat8-log4j-8.5.72-1.89.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tomcat8-servlet-3.1-api-8.5.72-1.89.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tomcat8-webapps-8.5.72-1.89.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat8 / tomcat8-admin-webapps / tomcat8-docs-webapp / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T16:11:39", "description": "The version of Tomcat installed on the remote host is prior to 10.0.12. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.0.12_security-10 advisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 10.0.0.M10 < 10.0.12 vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-42340"], "modified": "2022-10-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_10_0_12.NASL", "href": "https://www.tenable.com/plugins/nessus/154151", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154151);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\"CVE-2021-42340\");\n script_xref(name:\"IAVA\", value:\"2021-A-0479-S\");\n\n script_name(english:\"Apache Tomcat 10.0.0.M10 < 10.0.12 vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 10.0.12. It is, therefore, affected by a vulnerability as\nreferenced in the fixed_in_apache_tomcat_10.0.12_security-10 advisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to\n 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP\n upgrade connections was not released for WebSocket connections once the connection was closed. This\n created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=63362\");\n # https://github.com/apache/tomcat/commit/31d62426645824bdfe076a0c0eafa904d90b4fb9\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38609883\");\n # https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.12\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de9a006f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 10.0.12 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-42340\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '10.0.12', min:'10.0.0.M10', severity:SECURITY_WARNING, granularity_regex: \"^10(\\.0)?$\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T16:11:18", "description": "The version of Tomcat installed on the remote host is prior to 9.0.54. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.54_security-9 advisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 9.0.40 < 9.0.54 vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-42340"], "modified": "2022-10-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_9_0_54.NASL", "href": "https://www.tenable.com/plugins/nessus/154150", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154150);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\"CVE-2021-42340\");\n script_xref(name:\"IAVA\", value:\"2021-A-0479-S\");\n\n script_name(english:\"Apache Tomcat 9.0.40 < 9.0.54 vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 9.0.54. It is, therefore, affected by a vulnerability as\nreferenced in the fixed_in_apache_tomcat_9.0.54_security-9 advisory.\n\n - The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to\n 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP\n upgrade connections was not released for WebSocket connections once the connection was closed. This\n created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n (CVE-2021-42340)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=63362\");\n # https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b81cebaf\");\n # https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eef71e4d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 9.0.54 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-42340\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '9.0.54', min:'9.0.40', severity:SECURITY_WARNING, granularity_regex: \"^9(\\.0)?$\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:41", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:4208-1 advisory.\n\n - Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n (CVE-2021-44832)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-31T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4208-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44832"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:log4j", "p-cpe:/a:novell:opensuse:log4j-javadoc", "p-cpe:/a:novell:opensuse:log4j-jcl", "p-cpe:/a:novell:opensuse:log4j-slf4j", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-4208.NASL", "href": "https://www.tenable.com/plugins/nessus/156435", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:4208-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156435);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2021-44832\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n\n script_name(english:\"openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4208-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:4208-1 advisory.\n\n - Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are\n vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI\n LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by\n limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n (CVE-2021-44832)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194127\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QD3TW7GD6PF3ZSKL2TJG3Z462FFFLJND/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56a66ce3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44832\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j, log4j-javadoc, log4j-jcl and / or log4j-slf4j packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44832\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j-jcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j-slf4j\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'log4j-2.17.0-4.16.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j-javadoc-2.17.0-4.16.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j-jcl-2.17.0-4.16.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j-slf4j-2.17.0-4.16.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j / log4j-javadoc / log4j-jcl / log4j-slf4j');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:36", "description": "The version of Tuxedo installed on the remote host is missing a security patch. It is, therefore affected by a remote code execution vulnerability in the bundled Apache Log4J component. Successful exploitation of this vulnerability allow an unauthenticated attacker with network access via HTTP takeover of Oracle Tuxedo.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-25T00:00:00", "type": "nessus", "title": "Oracle Tuxedo RCE (Apr 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23305"], "modified": "2022-12-30T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:tuxedo"], "id": "ORACLE_TUXEDO_CPU_APR_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/160161", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160161);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/30\");\n\n script_cve_id(\"CVE-2022-23305\");\n script_xref(name:\"IAVA\", value:\"2022-A-0171\");\n\n script_name(english:\"Oracle Tuxedo RCE (Apr 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application server installed on the remote host is affected by a remote code execution vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tuxedo installed on the remote host is missing a security patch. It is, therefore affected\nby a remote code execution vulnerability in the bundled Apache Log4J component. Successful exploitation of\nthis vulnerability allow an unauthenticated attacker with network access via HTTP takeover of Oracle Tuxedo.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23305\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:tuxedo\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_tuxedo_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Tuxedo\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Tuxedo');\n\nvar constraints = [\n {'version_regex':\"^12\\.2\\.2\\.0($|\\.|_)\", 'rp_fix': 87}\n];\n\nvcf::oracle_tuxedo::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-04T22:23:22", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 27c822a0-addc-11ed-a9ee-dca632b19f10 advisory.\n\n - Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n (CVE-2021-44832)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-19T00:00:00", "type": "nessus", "title": "FreeBSD : Rundeck3 -- Log4J RCE vulnerability (27c822a0-addc-11ed-a9ee-dca632b19f10)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44832"], "modified": "2023-09-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rundeck3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_27C822A0ADDC11EDA9EEDCA632B19F10.NASL", "href": "https://www.tenable.com/plugins/nessus/171634", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171634);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/04\");\n\n script_cve_id(\"CVE-2021-44832\");\n\n script_name(english:\"FreeBSD : Rundeck3 -- Log4J RCE vulnerability (27c822a0-addc-11ed-a9ee-dca632b19f10)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the 27c822a0-addc-11ed-a9ee-dca632b19f10 advisory.\n\n - Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are\n vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI\n LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by\n limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n (CVE-2021-44832)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832\");\n # https://vuxml.freebsd.org/freebsd/27c822a0-addc-11ed-a9ee-dca632b19f10.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5485f8f2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44832\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rundeck3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'rundeck3<3.4.10'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:39", "description": "The version of Apache Log4j on the remote host is 2.0 < 2.3.2, 2.4 < 2.12.4, or 2.13 < 2.17.1. It is, therefore, affected by a remote code execution vulnerability. Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. \n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-28T00:00:00", "type": "nessus", "title": "Apache Log4j 2.0 < 2.3.2 / 2.4 < 2.12.4 / 2.13 < 2.17.1 RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44832"], "modified": "2022-07-04T00:00:00", "cpe": ["cpe:/a:apache:log4j"], "id": "APACHE_LOG4J_2_17_1.NASL", "href": "https://www.tenable.com/plugins/nessus/156327", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156327);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/04\");\n\n script_cve_id(\"CVE-2021-44832\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n script_xref(name:\"IAVA\", value:\"0001-A-0650\");\n\n script_name(english:\"Apache Log4j 2.0 < 2.3.2 / 2.4 < 2.12.4 / 2.13 < 2.17.1 RCE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A package installed on the remote host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache Log4j on the remote host is 2.0 < 2.3.2, 2.4 < 2.12.4, or 2.13 < 2.17.1. It is, therefore,\naffected by a remote code execution vulnerability. Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security\nfix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission\nto modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data\nsource referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to\nthe java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. \n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://logging.apache.org/log4j/2.x/security.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Log4j version 2.17.1, 2.12.4, or 2.3.2 or later, or apply the vendor mitigation.\n\nUpgrading to the latest versions for Apache Log4j is highly recommended as intermediate \nversions / patches have known high severity vulnerabilities and the vendor is updating \ntheir advisories often as new research and knowledge about the impact of Log4j is \ndiscovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest \nversions.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44832\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:log4j\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_log4j_nix_installed.nbin\", \"apache_log4j_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Log4j\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app = 'Apache Log4j';\n\nvar app_info = vcf::get_app_info(app:app);\n\nif (app_info['JdbcAppender.class association'] == \"Not Found\")\n audit(AUDIT_OS_CONF_NOT_VULN, app, app_info.version);\n\nvar constraints = [\n {'min_version':'2.0', 'fixed_version':'2.3.2'},\n {'min_version':'2.4', 'fixed_version':'2.12.4'},\n {'min_version':'2.13', 'fixed_version':'2.17.1'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:29", "description": "The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2870 advisory.\n\n - Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n (CVE-2021-44832)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-01T00:00:00", "type": "nessus", "title": "Debian DLA-2870-1 : apache-log4j2 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44832"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:liblog4j2-java", "p-cpe:/a:debian:debian_linux:liblog4j2-java-doc", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2870.NASL", "href": "https://www.tenable.com/plugins/nessus/156449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2870. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156449);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2021-44832\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n\n script_name(english:\"Debian DLA-2870-1 : apache-log4j2 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2870\nadvisory.\n\n - Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are\n vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI\n LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by\n limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n (CVE-2021-44832)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002813\");\n # https://security-tracker.debian.org/tracker/source-package/apache-log4j2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a7f9f2b8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-44832\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/apache-log4j2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the apache-log4j2 packages.\n\nFor Debian 9 stretch, this problem has been fixed in version 2.12.4-0+deb9u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44832\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblog4j2-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblog4j2-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'liblog4j2-java', 'reference': '2.12.4-0+deb9u1'},\n {'release': '9.0', 'prefix': 'liblog4j2-java-doc', 'reference': '2.12.4-0+deb9u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'liblog4j2-java / liblog4j2-java-doc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:40:10", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0002-1 advisory.\n\n - Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n (CVE-2021-44832)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-03T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : log4j (openSUSE-SU-2022:0002-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44832"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:log4j", "p-cpe:/a:novell:opensuse:log4j-javadoc", "p-cpe:/a:novell:opensuse:log4j-jcl", "p-cpe:/a:novell:opensuse:log4j-slf4j", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2022-0002-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156450", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0002-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156450);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\"CVE-2021-44832\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n\n script_name(english:\"openSUSE 15 Security Update : log4j (openSUSE-SU-2022:0002-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2022:0002-1 advisory.\n\n - Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are\n vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI\n LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by\n limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n (CVE-2021-44832)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194127\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YBITTL424FAEN3BI2PM3NGBMPREUS3P4/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6a14fa0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44832\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j, log4j-javadoc, log4j-jcl and / or log4j-slf4j packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44832\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j-jcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j-slf4j\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'log4j-2.17.0-lp152.3.15.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j-javadoc-2.17.0-lp152.3.15.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j-jcl-2.17.0-lp152.3.15.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j-slf4j-2.17.0-lp152.3.15.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j / log4j-javadoc / log4j-jcl / log4j-slf4j');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:18:38", "description": "The remote host contains a Spring Framework library version that is prior to 5.2.20 or 5.3.x prior to 5.3.18. It is, therefore, affected by a remote code execution vulnerability:\n - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.\n - These are the prerequisites for the exploit:\n - JDK 9 or higher\n - Apache Tomcat as the Servlet container\n - Packaged as WAR\n - spring-webmvc or spring-webflux dependency", "cvss3": {}, "published": "2022-04-06T00:00:00", "type": "nessus", "title": "Spring Framework Spring4Shell (CVE-2022-22965)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-25T00:00:00", "cpe": ["cpe:/a:pivotal_software:spring_framework", "cpe:/a:vmware:spring_framework"], "id": "SPRING4SHELL.NBIN", "href": "https://www.tenable.com/plugins/nessus/159542", "sourceData": "Binary data spring4shell.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}], "redos": [{"lastseen": "2023-09-09T03:47:18", "description": "The Apache Tomcat application server vulnerability is related to flaws in the validation time, time of\r\n usage when configuring session saving using FileStore. Exploitation of the vulnerability could\r\n allow an attacker to perform certain actions that result in bypassing security restrictions\r\n and privilege escalation (executing code with Tomcat process privileges)\n\nApache Tomcat application server vulnerability is related to memory leak. Exploitation of the vulnerability could\r\n allow an attacker acting remotely to cause a denial of service as a result of patching the\r\n bug 63362\n\nApache Tomcat application server vulnerability is related to incorrect implementation of read/write locking.\r\n writes. Exploitation of the vulnerability could allow an attacker acting remotely to cause an error in the\r\n parallelism error and force client connections to share an instance of Http11Processor, resulting in responses or portions of responses being received.\r\n resulting in responses or portions of responses being received by the wrong client", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-03T00:00:00", "type": "redos", "title": "ROS-20221103-06", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340", "CVE-2022-23181", "CVE-2022-43980"], "modified": "2022-11-03T00:00:00", "id": "ROS-20221103-06", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-apache-tomcat-cve-2021-42340-cve-2022-23181-cve-2022-43980/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-08T15:34:26", "description": "Apache Log4j2 Java program logging library vulnerability is related to the lack of additional\r\n JNDI access controls. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using the JDBC Appender.\r\n remotely execute arbitrary code using the JDBC Appender", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-25T00:00:00", "type": "redos", "title": "ROS-20220125-04", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-25T00:00:00", "id": "ROS-20220125-04", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-biblioteki-zhurnalirovaniya-java-programm-apache-log4j2-cve-2021-44832/", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-06-24T06:03:54", "description": "## Summary\n\nThere are multiple vulnerabilities in Spring Framework (CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950) as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web Query for i by upgrading to Spring Framework v5.3.19. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Db2 Web Query for i| 2.3.0 \nIBM Db2 Web Query for i| 2.2.1 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now.**\n\nDb2 Web Query for i releases 2.2.1 and 2.3.0 are impacted. \n\n**Release 2.2.1 can be fixed by upgrading to release 2.3.0.**\n\nTo request an EZ-Install package, including instructions for the upgrade installation, send an email to [QU2@us.ibm.com](<mailto:QU2@us.ibm.com>). More information for the upgrade is available at <https://ibm.biz/db2wq-install>. \n\n**Release 2.3.0 can be fixed by applying the latest Db2 Web Query for i group Program Temporary Fix (PTF).**\n\nThe PTFs are applied to product ID 5733WQX. The group PTF numbers and minimum level with the fix are:\n\n**Affected Releases**\n\n| \n\n**Group PTF and Minimum Level for Remediation** \n \n---|--- \n \nDb2 Web Query for i 2.3.0 w/ IBM i 7.5\n\n| \n\n[SF99671 level 6](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99671&includeSupersedes=0&source=fc> \"SF99671 level 6\" ) \n \nDb2 Web Query for i 2.3.0 w/ IBM i 7.4\n\n| \n\n[SF99654 level 6](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99654&includeSupersedes=0&source=fc>) \n \nDb2 Web Query for i 2.3.0 w/ IBM i 7.3\n\n| \n\n[SF99533 level 6](<https://www.ibm.com/support/fixcentral/ibmi/quickorder?function=IBMiFixId&fixids=SF99533&includeSupersedes=0&source=fc>) \n \n_**Important note:** \n__IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-10T05:17:19", "type": "ibm", "title": "Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22965", "CVE-2022-22968"], "modified": "2022-06-10T05:17:19", "id": "2FB703AAD3FC5C2BE7EED7EC7E69FEBE209E6C70177FEA76C552605DF83D85ED", "href": "https://www.ibm.com/support/pages/node/6593861", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:13", "description": "## Summary\n\nApache Log4j is used by IBM Telco Network Cloud Manager - Performance for logging and is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832,CVE-2022-23302 and CVE-2022-23305). The fix includes Apache Log4j v2.17.1. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2022-23302](<https://vulners.com/cve/CVE-2022-23302>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217460](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217460>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Telco Network Cloud Manager - Performance (TNCP)| TNC-P 1.4 \nIBM Telco Network Cloud Manager - Performance (TNCP)| TNC-P 1.4.1 \nIBM Telco Network Cloud Manager - Performance (TNCP)| TNC-P 1.3 \nIBM Telco Network Cloud Manager - Performance (TNCP)| TNC-P 1.2 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now. This Security Bulletin is applicable to all IBM Telco Network Cloud Manager - Performance released versions.**\n\nFor IBM Telco Network Cloud Manager - Performance 1.4.1:\n\nPlease download fix from [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Telco+Network+Cloud+Manager+-+Performance&fixids=1.4.1.TIV-TNCP-IF002&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Telco+Network+Cloud+Manager+-+Performance&fixids=1.4.1.TIV-TNCP-IF002&source=SAR>)\n\nFor more information about applying the fix, go to IBM Documentation : <https://www.ibm.com/docs/en/tncm-p/1.4.1?topic=configuring-installing>\n\nFor IBM Telco Network Cloud Manager - Performance 1.4 , 1.3 and 1.2: \n\nIf you have one of the listed affected versions, it is strongly recommended that you apply the most recent security update to UI service:\n\nApply the following updated UI service image by navigating into tncp product namespace -> statefulset -> ui\n\n * **If the product is deployed on Openshift env then use following image => **cp.icr.io/cp/tncp/basecamp-ui:2.4.1.0-166-d77181da@sha256:910ecb867298b343184bcc129c847695c4db3e8196241d52af2ba6c034d012e0\n * **If the product is deployed on Kubernetes environment then use following image :** docker.io/persistentsystems/basecamp-ui:2.4.1.0-166-d77181da@sha256:910ecb867298b343184bcc129c847695c4db3e8196241d52af2ba6c034d012e0\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-02T03:33:47", "type": "ibm", "title": "Security Bulletin: IBM Telco Network Cloud Manager - Performance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832,CVE-2022-23302 and CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832", "CVE-2022-23302", "CVE-2022-23305"], "modified": "2022-06-02T03:33:47", "id": "5BB3B8EF53C6357C441C8592F64A284C30E9C1D6F5379087C40684A770A870AA", "href": "https://www.ibm.com/support/pages/node/6591351", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:03:05", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Tomcat.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23181](<https://vulners.com/cve/CVE-2022-23181>) \n** DESCRIPTION: **Apache Tomcat could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time of check, time of use flaw when configured to persist sessions using the FileStore. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to perform actions with the privileges of Tomcat process. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218221](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218221>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.0.9 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.5.0 \n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-29T02:19:49", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23181"], "modified": "2022-06-29T02:19:49", "id": "E55EB8027358DE1AD27E7050230C732BE83AEBE03071BD5119C4B597942CDB65", "href": "https://www.ibm.com/support/pages/node/6598701", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:48:09", "description": "## Summary\n\nThere is a vulnerability in Apache Tomcat that could allow an attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23181](<https://vulners.com/cve/CVE-2022-23181>) \n** DESCRIPTION: **Apache Tomcat could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time of check, time of use flaw when configured to persist sessions using the FileStore. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to perform actions with the privileges of Tomcat process. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218221](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218221>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| 1.12.0.3 \n \n## Remediation/Fixes\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| 1.12.0.3| \n\n**Upgrade to version 1.12.0.4** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"\" ) \n \n2\\. Search for \n**M05JKML** Process Mining 1.12.0.4 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M05JJML** Process Mining 1.12.0.4 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-01T21:49:48", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining (CVE-2022-23181)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23181"], "modified": "2023-02-01T21:49:48", "id": "56D177DAE57235B901582E7A9C8B02337D37FFFB7BC7EEC5F14CBE0A9A1900F1", "href": "https://www.ibm.com/support/pages/node/6574785", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:49:48", "description": "## Summary\n\nA vulnerability in Apache Tomcat affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details on how to remediate this issue.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23181](<https://vulners.com/cve/CVE-2022-23181>) \n** DESCRIPTION: **Apache Tomcat could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time of check, time of use flaw when configured to persist sessions using the FileStore. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to perform actions with the privileges of Tomcat process. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218221](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218221>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.6 \n \n\n\n## Remediation/Fixes\n\nPlease install IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data Version 4.0.7\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Tomcat affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23181"], "modified": "2023-01-12T21:59:00", "id": "E01E5A9EEAA961C6342F940CEB3A3C922598EBB771E6363B3C7DD8D9E7EB00FD", "href": "https://www.ibm.com/support/pages/node/6573017", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:49:50", "description": "## Summary\n\nVulnerabilities in Apache Tomcat affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-23181). Please see below for details on how to remdiate this issue.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23181](<https://vulners.com/cve/CVE-2022-23181>) \n** DESCRIPTION: **Apache Tomcat could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time of check, time of use flaw when configured to persist sessions using the FileStore. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to perform actions with the privileges of Tomcat process. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218221](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218221>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.7 \n \n\n\n## Remediation/Fixes\n\nPlease upgrade to IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data, version 4.0.8\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-23181)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23181"], "modified": "2023-01-12T21:59:00", "id": "4392547B785774FE9AE5A632B4118A241B21ACF551AB83B4051CA1A5B728E58F", "href": "https://www.ibm.com/support/pages/node/6575481", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:07:37", "description": "## Summary\n\nIBM UrbanCode Build is affected by CVE-2022-23181\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23181](<https://vulners.com/cve/CVE-2022-23181>) \n** DESCRIPTION: **Apache Tomcat could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time of check, time of use flaw when configured to persist sessions using the FileStore. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to perform actions with the privileges of Tomcat process. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218221](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218221>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM UrbanCode Build| 6.1.6.2 - 6.1.7.3 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to IBM UrbanCode Build version 6.1.7.4 or above. \n\n**Affected Supporting Product(s)**| **Remediation/Fix** \n---|--- \nIBM UrbanCode Build 6.1.6.2 - 6.1.7.3| [Download](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FRational&product=ibm/Rational/UrbanCode+Build&release=All&platform=All&function=fixId&fixids=6.1.7.4-IBM-UrbanCode-Build&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=SAR> \"Download\" ) IBM UrbanCode Build 6.1.7.4 \u2013 Includes Apache Tomcat 8.5.75 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-25T17:01:35", "type": "ibm", "title": "Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-23181", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23181"], "modified": "2022-03-25T17:01:35", "id": "F77ECBE728239B27998335805016034242537AEADE19138FD401815CAFC7269A", "href": "https://www.ibm.com/support/pages/node/6566469", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:42:06", "description": "## Summary\n\nAn Apache Tomcat Vulnerability affecting Watson Speech Services has been fixed in the latest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.3\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.3 \n \n\n\n## Remediation/Fixes\n\nDownload and install the newest deployment of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data to your ICP cluster. This deployment includes a Tomcat 9.0.54 upgrade containing the fix for this issue.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: Apache Tomcat Vulnerability Affects Watson Speech Services", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2023-01-12T21:59:00", "id": "81D1ED08236909BE6784EC61A57AFE79E3FD05C9A8202853C0CB4DC397E0AE2A", "href": "https://www.ibm.com/support/pages/node/6524338", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:57:57", "description": "## Summary\n\nApache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nUCD - IBM UrbanCode Deploy| 6.2.7.3 \nUCD - IBM UrbanCode Deploy| 6.2.7.4 \nUCD - IBM UrbanCode Deploy| 6.2.7.5 \nUCD - IBM UrbanCode Deploy| 6.2.7.6 \nUCD - IBM UrbanCode Deploy| 6.2.7.7 \nUCD - IBM UrbanCode Deploy| 6.2.7.8 \nUCD - IBM UrbanCode Deploy| 6.2.7.9 \nUCD - IBM UrbanCode Deploy| 6.2.7.10 \nUCD - IBM UrbanCode Deploy| 6.2.7.11 \nUCD - IBM UrbanCode Deploy| 6.2.7.12 \nUCD - IBM UrbanCode Deploy| 7.0.3.0 \nUCD - IBM UrbanCode Deploy| 7.0.3.1 \nUCD - IBM UrbanCode Deploy| 7.0.3.2 \nUCD - IBM UrbanCode Deploy| 7.0.3.3 \nUCD - IBM UrbanCode Deploy| 7.0.4.0 \nUCD - IBM UrbanCode Deploy| 7.0.4.1 \nUCD - IBM UrbanCode Deploy| 7.0.4.2 \nUCD - IBM UrbanCode Deploy| 7.0.5.0 \nUCD - IBM UrbanCode Deploy| 7.0.5.1 \nUCD - IBM UrbanCode Deploy| 7.0.5.2 \nUCD - IBM UrbanCode Deploy| 7.0.5.3 \nUCD - IBM UrbanCode Deploy| 7.0.5.4 \nUCD - IBM UrbanCode Deploy| 7.0.5.5 \nUCD - IBM UrbanCode Deploy| 7.0.5.6 \nUCD - IBM UrbanCode Deploy| 7.0.5.7 \nUCD - IBM UrbanCode Deploy| 7.1.0.0 \nUCD - IBM UrbanCode Deploy| 7.1.0.1 \nUCD - IBM UrbanCode Deploy| 7.1.0.2 \nUCD - IBM UrbanCode Deploy| 7.1.1.0 \nUCD - IBM UrbanCode Deploy| 7.1.1.1 \nUCD - IBM UrbanCode Deploy| 7.1.1.2 \nUCD - IBM UrbanCode Deploy| 7.1.2.1 \nUCD - IBM UrbanCode Deploy| 7.1.2.2 \nUCD - IBM UrbanCode Deploy| 7.1.2.3 \nUCD - IBM UrbanCode Deploy| 7.2.0.0 \nUCD - IBM UrbanCode Deploy| 7.2.0.1 \nUCD - IBM UrbanCode Deploy| 7.2.0.2 \nUCD - IBM UrbanCode Deploy| 7.2.1.0 \nUCD - IBM UrbanCode Deploy| 7.2.1.1 \n \n \n\n\n## Remediation/Fixes\n\nUpgrade to any of 6.2.7.13, 7.0.5.8, 7.1.2.4, 7.2.0.3 , 7.2.1.2\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-14T21:33:57", "type": "ibm", "title": "Security Bulletin: CVE-2021-42340 Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2022-01-14T21:33:57", "id": "7C0C1B9C91F187A3B3103241169E1CDEC8BDE27A306F7430D8C3F1F7EA2D70E4", "href": "https://www.ibm.com/support/pages/node/6541054", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T18:00:53", "description": "## Summary\n\nApache Tomcat is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>) \n**DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nHMC V10.1.1010.0 | V10.1.1010.0 \nHMC V9.2.950.0 | V9.2.950.0 \n \n## Remediation/Fixes\n\n## Remediation/Fixes\n\nThe following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV9.2.952.0 ppc\n\n| \n\nMB04300\n\n| \n\n[MH01905](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm%7Ehmc%7E9100HMCppc&release=V9R1&platform=All>) \n \nPower HMC\n\n| \n\nV9.2.952.0 x86\n\n| \n\nMB04299\n\n| \n\n[MH01904](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm%7Ehmc%7E9100HMC&release=V9R1&platform=All>) \n \nPower HMC\n\n| \n\nV10.1.1010.0 ppc\n\n| \n\nMB04291\n\n| \n\n[MF68970](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm%7Ehmc%7E9100HMC&release=V9R1&platform=All>) \n \nPower HMC\n\n| \n\nV10.1.1010.0 x86\n\n| \n\nMB04294\n\n| \n\n[MF68994](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm%7Ehmc%7E9100HMC&release=V9R1&platform=All>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-22T05:58:05", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Tomcat (CVE-2021-42340) affects HMC", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-11-22T05:58:05", "id": "FD969E1B5297C32E77779144D221CCB6F17C2996B3074A2123C9148FDE503045", "href": "https://www.ibm.com/support/pages/node/6518310", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:51:39", "description": "## Summary\n\nIBM Rational Build Forge is affected by CVE-2021-42340.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Rational Build Forge| 8.0.0 - 8.0.0.21 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to IBM Rational Build Forge version 8.0.0.22 or above.\n\n**Affected Supporting Product(s)**\n\n| \n\n**Remediation/Fix** \n \n---|--- \n \nIBM Rational Build Forge 8.0.0 to 8.0.0.21\n\n| \n\n[Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=RationalBuildForge-8.0.0.22&source=SAR>) IBM Rational Build Forge 8.0.0.22.\n\nThe fix includes Apache Tomcat - 9.0.59. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-05T11:26:40", "type": "ibm", "title": "Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-42340)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2022-07-05T11:26:40", "id": "8EDC93DA35D9C6EFF30637C4253AC37334E65D3A71F1A7222120AE9F8CB09FCD", "href": "https://www.ibm.com/support/pages/node/6601277", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:38:18", "description": "## Summary\n\nA vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing an attacker to cause a denial of service. The Command Line Interface is unaffected.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>) \n**DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nSAN Volume Controller and Storwize Family | 8.4 \n \nVersions 8.3.1 and earlier are not affected.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000 and V5100, IBM Storwize V5000E, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud, IBM FlashSystem V9000, IBM FlashSystem 9100 Family, IBM FlashSystem 9200, IBM FlashSystem 7200, IBM FlashSystem 5200 and IBM FlashSystem 5000 to the following code levels or higher:\n\n8.4.0.6\n\n8.4.2.1\n\n[Latest IBM SAN Volume Controller Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Storage%20virtualization&product=ibm/StorageSoftware/SAN+Volume+Controller+%282145%29&release=All&platform=All&function=all>) \n[Latest IBM Storwize V7000 Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V7000+%282076%29&release=All&platform=All&function=all>) \n[Latest IBM Storwize V5000 and V5100 Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V5000&release=8.3&platform=All&function=all>) \n[Latest IBM Storwize V5000E Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V5000E&release=8.3&platform=All&function=all>) \n[Latest IBM FlashSystem V9000 Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all>) \n[Latest IBM FlashSystem 9100 Family Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+9100+family&release=8.3&platform=All&function=all> \"\" ) \n[Latest IBM FlashSystem 9200 Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+9200&release=8.3&platform=All&function=all> \"\" ) \n[Latest IBM FlashSystem 7200 Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+7200&release=8.3&platform=All&function=all> \"\" ) \n[Latest IBM FlashSystem 5000 and 5200 Code](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+5000&release=8.3&platform=All&function=all> \"\" ) \n[Latest IBM Spectrum Virtualize Software](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+software&release=8.1&platform=All&function=all>) \n[Latest IBM Spectrum Virtualize for Public Cloud](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)\n\nFor the Storage Nodes of IBM FlashSystem 900, please apply the fixes recommended in the [IBM FlashSystem security bulletin](<https://www.ibm.com/blogs/psirt/?s=FlashSystem+V9000>) for this issue.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2023-03-29T01:48:02", "id": "741153628EF3B0375D8A886633F5FA07668F8B150D8171925DAF2833530B50F3", "href": "https://www.ibm.com/support/pages/node/6541270", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:02:11", "description": "## Summary\n\nApache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23181](<https://vulners.com/cve/CVE-2022-23181>) \n** DESCRIPTION: **Apache Tomcat could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time of check, time of use flaw when configured to persist sessions using the FileStore. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to perform actions with the privileges of Tomcat process. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218221](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218221>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM UrbanCode Release| 6.2.5 - 6.2.5.5 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to IBM UrbanCode Release version 6.2.5.6 or above. \n\n**Affected Supporting Product(s)**| **Remediation/Fix** \n---|--- \nIBM UrbanCode Release 6.2.5 - 6.2.5.5| [Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FUrbanCode+Release&fixids=6.2.5.6-UrbanCode-Release&source=SAR> \"Download\" ) IBM UrbanCode Release 6.2.5.6 \u2013 Includes Apache Tomcat **8.5.79** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-18T15:21:03", "type": "ibm", "title": "Security Bulletin: IBM UrbanCode Release is vulnerable to elevated privileges due to use of Apache Tomcat CVE-2022-23181", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23181"], "modified": "2022-07-18T15:21:03", "id": "D73990C83DCEFEEFD942F2A50AF426AACD4F1D1610F51C8A150202D7B9EF03C6", "href": "https://www.ibm.com/support/pages/node/6605015", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:02:09", "description": "## Summary\n\nA cross-site scripting vulnerability in jQuery-UI used by IBM InfoSphere Information Analyzer was addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-41184](<https://vulners.com/cve/CVE-2021-41184>) \n** DESCRIPTION: **jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the .position() function. A remote attacker could exploit this vulnerability using the of parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212277](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212277>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server| 11.7 \n \n## Remediation/Fixes\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [JR64903](<http://www.ibm.com/support/docview.wss?uid=swg1JR64903> \"JR64903\" )| \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.3](<https://www.ibm.com/support/pages/node/6498109> \"11.7.1.3\" ) \n\\--Apply Information Server [11.7.1.3 Service pack 4](<https://www.ibm.com/support/pages/node/6568469> \"11.7.1.3 Service pack 4\" ) \n\\--Apply Information Analyzer [Security patch](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FIBM+InfoSphere+Information+Server&fixids=is11713_Security_JR64903_IA> \"Security patch\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-07-19T03:08:00", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Analyzer is affected by a cross-site scripting vulnerability in jQuery-UI(CVE-2021-41184)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41184"], "modified": "2022-07-19T03:08:00", "id": "99936FAC1F0A73E3167039C2601186519A3F8ED2D368F09EF3B457B2D57462EA", "href": "https://www.ibm.com/support/pages/node/6603059", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-23T17:51:02", "description": "## Summary\n\nApache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM UrbanCode Release| 6.2.5.3 - 6.2.5.5 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to IBM UrbanCode Release version 6.2.5.6 or above. \n\n**Affected Supporting Product(s)**\n\n| \n\n**Remediation/Fix** \n \n---|--- \n \nIBM UrbanCode Release 6.2.5.3 - 6.2.5.5\n\n| \n\n[**Download** ](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FUrbanCode+Release&fixids=6.2.5.6-UrbanCode-Release&source=SAR> \"Download\" )IBM UrbanCode Release 6.2.5.6 \u2013 Includes Apache Tomcat **8.5.79** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-18T10:19:54", "type": "ibm", "title": "Security Bulletin: IBM UrbanCode Release is vulnerable to a denial of service due to use of Apache Tomcat CVE-2021-42340.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2022-07-18T10:19:54", "id": "D72EC6FCB03104DDC64B007D2272B6986C83232153DF7CA357AA4917CECF708F", "href": "https://www.ibm.com/support/pages/node/6604981", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:55:32", "description": "## Summary\n\nIBM UrbanCode Build is affected by CVE-2021-42340\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM UrbanCode Build| 6.1.4.0 - 6.1.7.3 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to IBM UrbanCode Build version 6.1.7.4 or above. \n\n**Affected Supporting Product(s)**| **Remediation/Fix** \n---|--- \nIBM UrbanCode Build 6.1.4.0 - 6.1.7.3| [Download](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FRational&product=ibm/Rational/UrbanCode+Build&release=All&platform=All&function=fixId&fixids=6.1.7.4-IBM-UrbanCode-Build&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=SAR> \"Download\" ) IBM UrbanCode Build 6.1.7.4 \u2013 Includes Apache Tomcat 8.5.75 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-25T17:03:11", "type": "ibm", "title": "Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-42340", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2022-03-25T17:03:11", "id": "24164D63138835E26730B5EFF1F67A08E2F3A742BD391B31B667B1309546FC6C", "href": "https://www.ibm.com/support/pages/node/6566471", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T05:49:46", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a Spring framework data binding rules vulnerability, where case sensitive patterns for disallowedFields cause weaker than expected security (CVE-2022-22968). Spring Framework is used by some of the java components included in IBM Watson Speech. Please read the details for remediation below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.5.0 \n \n \n\n\n## Remediation/Fixes\n\nIBM recommends addressing the vulnerability now by upgrading. \n\nProduct(s)| Version(s) \n| Remediation/Fix/Instructions \n---|---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.5.1| The fix in 4.5.1 applies to all versions listed (4.0.0-4.5.0). Version 4.5.1 can be downloaded and installed from: \n[https://www.ibm.com/docs/en/cloud-pa](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.5.x?topic=installing>)[ks/cp-data/4.5.x?topic=installing](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.5.x?topic=installing>) \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a data binding rules security weakness in Spring Framework (CVE-2022-22968)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22968"], "modified": "2023-01-12T21:59:00", "id": "A38725BEA1F37F363C77BF62693D3464AF491FC41BF719970040AF1D7E0565C9", "href": "https://www.ibm.com/support/pages/node/6610371", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-24T06:04:29", "description": "## Summary\n\nThere are multiple vulnerabilities in Spring Framework used by SPSS Collaboration and Deployment Services. SPSS Collaboration and Deployment Services is affected but not classified as vulnerable to these issues. The fix includes Spring 5.3.20.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22950](<https://vulners.com/cve/CVE-2022-22950>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223096](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223096>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22970](<https://vulners.com/cve/CVE-2022-22970>) \n** DESCRIPTION: **Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling of file uploads. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226491](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226491>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-22968](<https://vulners.com/cve/CVE-2022-22968>) \n** DESCRIPTION: **Spring Framework could provide weaker than expected security, caused by a data binding rules vulnerability in which the patterns for disallowedFields on a DataBinder are case sensitive. The case sensitivity allows that a field is insufficiently protected unless it is listed with both upper and lower case for the first character of the field. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-22971](<https://vulners.com/cve/CVE-2022-22971>) \n** DESCRIPTION: **Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226492>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSPSS Collaboration and Deployment Services| 8.3 \nSPSS Collaboration and Deployment Services| 8.2.2 \nSPSS Collaboration and Deployment Services| 8.2.1 \nSPSS Collaboration and Deployment Services| 8.2 \nSPSS Collaboration and Deployment Services| 8.1.1 \nSPSS Collaboration and Deployment Services| 8.1 \nSPSS Collaboration and Deployment Services| 8.0 \n \n\n\n## Remediation/Fixes\n\nProduct | VRMF| Remediation/First Fix \n---|---|--- \nSPSS Collaboration and Deployment Services| 8.3.0.0| [8.3.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.3.0.0-IM-SCaDS-IF008&source=SAR> \"8.3.0.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.2.0| [8.2.2.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.2.2.0-IM-SCaDS-IF009&source=SAR> \"8.2.2.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.1.0| [8.2.1.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.2.1.0-IM-SCaDS-IF007&source=SAR> \"8.2.1.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.0.0| [8.2.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.2.0.0-IM-SCaDS-IF007&source=SAR> \"8.2.0.0\" ) \nSPSS Collaboration and Deployment Services| 8.1.1.0 \n| [8.1.1.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.1.1.0-IM-SCaDS-IF008&source=SAR> \"8.1.1.0\" ) \nSPSS Collaboration and Deployment Services| 8.1.0.0 \n| [8.1.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.1.0.0-IM-SCaDS-IF009&source=SAR> \"8.1.0.0\" ) \nSPSS Collaboration and Deployment Services| 8.0.0.0 \n| [8.0.0.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Collaboration+and+Deployment+Services&fixids=8.0.0.0-IM-SCaDS-IF009&source=SAR> \"8.0.0.0\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-30T14:20:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22950", "CVE-2022-22965", "CVE-2022-22968", "CVE-2022-22970", "CVE-2022-22971"], "modified": "2022-05-30T14:20:34", "id": "C602AE40F6974D4EE4D596F81D007D4F74282F20DC8B4859AE08925E2CE79326", "href": "https://www.ibm.com/support/pages/node/6590869", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:07:13", "description": "## Summary\n\nApache Log4j vulnerability\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Order Management| 10.0 \nIBM Sterling Order Management| 9.5.x \n \n\n\n## Remediation/Fixes\n\nOrder Management on premise release notes -[ https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version](<https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version#fp30>)\n\nFix Central Link (**FP details URL)**: \n[https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-SSFF-All-fp30-Installer&product=ibm%2FOther%20software%2FSterling%20Selling%20and%20Fulfillment%20Foundation&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling-SSFF-All-fp30-Installer%20&function=fixId&parent=ibm/Other%20software](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=10.0.0.0-Sterling-SSFF-All-fp30-Installer&product=ibm%2FOther%20software%2FSterling%20Selling%20and%20Fulfillment%20Foundation&source=dbluesearch&mhsrc=ibmsearch_a&mhq=10.0.0.0-Sterling-SSFF-All-fp30-Installer%20&function=fixId&parent=ibm/Other%20software>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-06T19:27:19", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-04-06T19:27:19", "id": "B2BF691AA266FF88FFAD2044089D57580EE40D4E84146B077C5D55063FF15586", "href": "https://www.ibm.com/support/pages/node/6569997", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:58", "description": "## Summary\n\nA vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Protect for Space Management includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j files. The below fix packages include Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect for Space Management| 8.1.11.0-8.1.13.2 \n7.1.8.10-7.1.8.14 \n \nNote: IBM Spectrum Protect for Space Management packages the IBM Spectrum Protect Backup-Archive client which installs the affected Log4j files. However, based on current information and analysis these files are not used. \n\n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing this vulnerability now by upgrading. \n\n**Note: The below fix packages include Log4j 2.17.1.**\n\n**_IBM Spectrum Protect for \nSpace Management Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n8.1.11.0-8.1.13.2 \n| 8.1.13.3| AIX \nLinux| <https://www.ibm.com/support/pages/node/316077> \n7.1.8.10-7.1.8.14| 7.1.8.15| Linux| <https://www.ibm.com/support/pages/node/316075> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-14T14:19:15", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect for Space Management (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-14T14:19:15", "id": "DD0EE895B8C1D023C4A9C7DA2726D4CAC8D1495A05DF9FE91915F58FF012245D", "href": "https://www.ibm.com/support/pages/node/6540846", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:52:37", "description": "## Summary\n\nApache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. Apache Log4j library is used inside the search indexer component by IBM Rational Software Architect RealTime Edition. The fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRSA RT| 10.3 \nRSA RT| 11.0 \nRSA RT| 11.1 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now. **\n\nUpdate RSA RT to v11.1 2022.04 or later versions available through Fix Central.\n\n## Workarounds and Mitigations\n\nIf update to RSA RT v11.1 2022.04 or later versions is not possible, please reach out to [IBM Support](<https://www.ibm.com/mysupport> \"IBM Support\" ).\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-08T12:25:28", "type": "ibm", "title": "Security Bulletin: IBM Rational Software Architect RealTime Edition (RSA RT) is vulnerable to Apache Log4j2 - CVE-2021-44832", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-06-08T12:25:28", "id": "AC579EF06A63C7679B2D7EC4B67819D5F33EC90E9760AA522990209580D45436", "href": "https://www.ibm.com/support/pages/node/6593439", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:23", "description": "## Summary\n\nA vulnerability in Apache Log4j could result in remote code execution. This vulnerability may impact the Help system in IBM Spectrum Protect Plus. The below fix package includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus| 10.1.0.0-10.1.9.2 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing this vulnerability now by upgrading.\n\n**Note: The below fix package includes Log4j 2.17.1.**\n\n**IBM Spectrum Protect Plus ****Affected Versions**| **Fixing \n****Level**| **Platform**| **Link to Fix and Instructions \n** \n---|---|---|--- \n10.1.0.0-10.1.9.2| 10.1.9.3| Linux| <https://www.ibm.com/support/pages/node/6487159> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-31T18:07:42", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may impact IBM Spectrum Protect Plus (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-31T18:07:42", "id": "3F14338CF5893CE4D24AD3EA652BF863BF887AD4702C8D62827FAF3B7BA35B48", "href": "https://www.ibm.com/support/pages/node/6540856", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:45:41", "description": "## Summary\n\nAn Apache Log4j (CVE-2021-44832) vulnerability impacts IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.1.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud | 11.7 \n \nInformation Server 11.5 and 11.3 are affected. Both releases are past end of service.\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now. \n\n**Product**\n\n| **VRMF** | **APAR** | **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud | 11.7 | [JR64468](<http://www.ibm.com/support/docview.wss?uid=swg1JR64468> \"JR64468\" ) | \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.3](<https://www.ibm.com/support/pages/node/6498109> \"11.7.1.3\" ) \n\\--Apply Information Server [11.7.1.3 Service pack 4](<https://www.ibm.com/support/pages/node/6568469> \"11.7.1.3 Service pack 3\" ) \n \n \n**Note**:\n\n \n1\\. For Information Server 11.5 and 11.3, upgrade to a fixed release.\n\n \n2\\. Information Server saves prior versions of jar files to facilitate patch rollbacks and uninstall of components: \na. In the Updates folder within your Information Server location, for each patch installed, a patch folder is created with the name of the patch. The patch folder contains copies of files that are replaced during the patch install. The patch folder name is based on the name of the patch which can be seen in the History section of your Version.xml. The files in this folder are used by the Update installer to roll back a patch installation; they are not needed while Information Server is used. \nb. Each time the Update Installer is updated, the jar files used by the Update Installer that are changed, are saved in a new lib.<timestamp> folder within the Updates folder. \nc. The _uninstall folder contains files that are only used while uninstalling Information Server components.\n\nFor Apache Log4j related patches, the prior vulnerable versions of Apache Log4j could be present within such folders. \nIf you want to remove such Apache Log4j files from the system, take a backup of such a folder and then purge the folder.\n\nAn appropriate backup of the patch folder must be restored before any subsequent patch rollback attempt. \nLikewise, an appropriate backup of the files in _uninstall must be restored before any subsequent uninstall action.\n\n \n3\\. (April 27, 2022) In some configurations (such as when the Services tier is separate), Service Pack 3 might not upgrade all files. For that situation, Service Pack 4 should be installed. You can check your Services tier to see whether any log4j jars with version older than 2.17.1 are present.\n\n4\\. (October 14, 2022) Some open source components usage of log4j version 1 was addressed in Information Server 11.7.1.4.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-14T22:12:43", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-10-14T22:12:43", "id": "1A98F50E1E735698FFAC4C9A1C23F5B7F50E375BE7EE85508BB03FE656980855", "href": "https://www.ibm.com/support/pages/node/6553026", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:34", "description": "## Summary\n\nThe APM v8.1.4.0 Server installs an Online Help application that contains Log4j v2.3. A vulnerability was found in this version of Log4j that is documented by CVE-2021-44832 and fixed in Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud APM, Base Private| 8.1.4 \nIBM Cloud APM, Advanced Private| 8.1.4 \n \n\n\n## Remediation/Fixes\n\nThe vulnerable version of Log4j v2.3 can be replaced by Log4j v2.17.1 by following the procedure described at <https://www.ibm.com/support/pages/node/6526216>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-05T22:36:11", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44832) affects the IBM Performance Management product", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-05T22:36:11", "id": "FB294BF49176D6C142EF1CFE519D56E0B6967174C95D88BDD800F026AD0FBE3B", "href": "https://www.ibm.com/support/pages/node/6538476", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:16", "description": "## Summary\n\nVulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0. An attacker who can control log messages or log message parameters can execute arbitrary code leading to Remote Code Execution (RCE) attacks. IBM App Connect for Manufacturing 2.0 has addressed the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM App Connect for Manufacturing| 2.0.0.5-2.0.0.7 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the patches listed in this table.This superceeds apar IT39379 and IT39451 Product| VRMF| APAR| Remediation/Fixes \n---|---|---|--- \nIBM App Connect for Manufacturing| 2.0.0.5 to 2.0.0.7| IT39568| \n\nInterim fix for APAR ( IT39568 ) is available from\n\n[2.0.0.7 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Manufacturing&release=2.0.0.7&platform=All&function=aparId&apars=IT39568> \"2.0.0.7 IBM Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-11T08:02:44", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0 (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-11T08:02:44", "id": "A1610C4151E05207C2B70F00002FE2069C48E736E5F65C67864C8C78D8372D2B", "href": "https://www.ibm.com/support/pages/node/6539830", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:09:17", "description": "## Summary\n\nApache Log4j is used by IBM Sterling Connect:Direct Web Services as part of its logging infrastructure. JDBCAppender in Apache Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The fix includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct Web Services| 1.0 \nIBM Sterling Connect:Direct Web Services| 6.0 \n \n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **Remediation/Fix \n** \n---|---|--- \nIBM Sterling Connect:Direct Web Services| 1.0, 6.0| Apply 6.0.0.6, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T05:30:10", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to SQL injection due to Apache Log4j (CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-02-18T05:30:10", "id": "C69647146C8A4405C9EC9ED2FB39442FE3398CC6836DB5B0631585B94D9D4079", "href": "https://www.ibm.com/support/pages/node/6557200", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:07:18", "description": "## Summary\n\nApache Log4j v1 is shipped within the ActiveMQ package of IBM Tivoli Netcool Impact. This has been resolved by updating ActiveMQ to version 5.16.4 which removes log4j from ActiveMQ.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact| 7.1.0 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| 7.1.0.25| IJ37697| Upgrade to [IBM Tivoli Netcool Impact 7.1.0 FP25](<https://www.ibm.com/support/pages/node/6560100> \"IBM Tivoli Netcool Impact 7.1.0 FP25\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-04T05:24:19", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Log4j vulnerability (CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-04-04T05:24:19", "id": "0A02CE8F8480935E6DF427BB57D104E85B5FC8B8CBB9B30D41DA61284FC0C04F", "href": "https://www.ibm.com/support/pages/node/6569143", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:09:39", "description": "## Summary\n\nVulnerabilities in Apache Log4j affect the logging infrastructure in the ATNAAudit node and the XDSConsumer pattern in IBM App Connect for Healthcare. IBM App Connect for Healthcare have addressed these vulnerabilities, the fix includes Apache Log4j 2.17.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM App Connect for Healthcare 5.0.0.0 \nIBM App Connect for Healthcare 5.0.0.1 \nIBM App Connect for Healthcare 6.0.1.0\n\n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the patches listed in this table. \n\nProduct| VRMF| APAR| Remediation/Fixes \n---|---|---|--- \nIBM App Connect for Healthcare| 5.0.0.1| IT39653| \n\nInterim fix for APAR (IT39653 ) is available from\n\n[5.0.0.1 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=5.0.0.1&platform=All&function=aparId&apars=IT39653> \"5.0.0.1 IBM Fix Central\" ) \n \nIBM App Connect for Healthcare| 6.0.1.0| IT39653| \n\nInterim fix for APAR (IT39653 ) is available from\n\n[6.0.1.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=6.0.1.0&platform=All&function=aparId&apars=IT39653> \"\" ) \n \n## Workarounds and Mitigations\n\nAs detailed above in the **Remediation / Fixes Section.**\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-04T12:36:36", "type": "ibm", "title": "Security Bulletin: IBM App Connect for Healthcare is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-02-04T12:36:36", "id": "B58992EA53B96C8C776B82848FDB98622967C138FC24D243C68CB7F40B73EE4E", "href": "https://www.ibm.com/support/pages/node/6553876", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-21T05:44:22", "description": "## Summary\n\nRedhat provided Log4j is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable [CVE-2022-23305]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Integrated Analytics System| 1.0.0-1.0.27.0 \n \n## Remediation/Fixes\n\nIBM has fixed the vulnerability in \"7.9.22.01.SP7\" security patch release. IBM strongly recommends addressing the vulnerability now by upgrading to \"7.9.22.01.SP7\" or latest security patch provided below.\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \nIBM Integrated Analytics System| 7.9.22.10.SP14| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FIBM+Integrated+Analytics+System&fixids=7.9.22.10.SP14-IM-IIAS-fp205&source=SAR&function=fixId&parent=ibm/Information%20Management> \"Link to Fix Central\" ) \n \nRelease notes for 7.9.22.10.SP14 : [Security patch release notes - IBM Documentation](<https://www.ibm.com/docs/en/ias?topic=notes-security-patch-release>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-22T06:36:21", "type": "ibm", "title": "Security Bulletin: Vulnerability in Log4j affects IBM Integrated Analytics System [CVE-2022-23305]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2023-02-22T06:36:21", "id": "0B878F5D9824E894676260088D1B44F3EEACB4DFCA20BC99A6BB6ECFC75A7972", "href": "https://www.ibm.com/support/pages/node/6848507", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:02:34", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. This vulnerability has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM OpenPages with Watson versions 8.1 through 8.2.0.3 \n\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n \n\n\n**Product**| **Remediation** \n---|--- \n \nFor IBM OpenPages with Watson **8.1 **or** 8.1.0.1 **\n\n\\- Upgrade to 8.1.0.2 Fix Pack\n\n\\- Apply 8.1.0.2 Interim Fix 3 (**8.1.0.2.3**) or later\n\n| \n\n<https://www.ibm.com/support/pages/openpages-watson-81-fix-pack-2>\n\n<https://ibm.com/support/pages/openpages-watson-8102-interim-fix-3-0> \n \nFor IBM OpenPages with Watson** 8.1.0.2 **\n\n\\- Apply 8.1.0.2 Interim Fix 3 (**8.1.0.2.3**) or later\n\n| \n\n<https://ibm.com/support/pages/openpages-watson-8102-interim-fix-3-0> \n \nFor IBM OpenPages with Watson** 8.2**, **8.2.0.1, 8.2.0.2 **or** 8.2.0.3**\n\n\\- Upgrade to 8.2.0.4 Fix Pack\n\n\\- Apply 8.2.0.4 Interim Fix 6 (**8.2.0.4.6**) or later\n\n| \n\n<https://www.ibm.com/support/pages/openpages-watson-82-fix-pack-4>\n\n<https://www.ibm.com/support/pages/openpages-watson-8204-interim-fix-6> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-11T02:17:07", "type": "ibm", "title": "Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-07-11T02:17:07", "id": "19FC2C39014EED648C0A6D9F7F9D260C28D73DE658FD34F4EEC23ABD59034BC8", "href": "https://www.ibm.com/support/pages/node/6600099", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:07:25", "description": "## Summary\n\nWhen added to the logging configuration, the Log4j JDBCAppender may not be properly encoding content sent to an external SQL database. This is a non-default configuration. The fix removes this component. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nUCD - IBM UrbanCode Deploy| 6.2.7.3 \nUCD - IBM UrbanCode Deploy| 6.2.7.4 \nUCD - IBM UrbanCode Deploy| 6.2.7.5 \nUCD - IBM UrbanCode Deploy| 6.2.7.6 \nUCD - IBM UrbanCode Deploy| 6.2.7.7 \nUCD - IBM UrbanCode Deploy| 6.2.7.8 \nUCD - IBM UrbanCode Deploy| 6.2.7.9 \nUCD - IBM UrbanCode Deploy| 6.2.7.10 \nUCD - IBM UrbanCode Deploy| 6.2.7.11 \nUCD - IBM UrbanCode Deploy| 6.2.7.12 \nUCD - IBM UrbanCode Deploy| 6.2.7.13 \nUCD - IBM UrbanCode Deploy| 7.0.3.0 \nUCD - IBM UrbanCode Deploy| 7.0.3.1 \nUCD - IBM UrbanCode Deploy| 7.0.3.2 \nUCD - IBM UrbanCode Deploy| 7.0.3.3 \nUCD - IBM UrbanCode Deploy| 7.0.4.0 \nUCD - IBM UrbanCode Deploy| 7.0.4.1 \nUCD - IBM UrbanCode Deploy| 7.0.4.2 \nUCD - IBM UrbanCode Deploy| 7.0.5.0 \nUCD - IBM UrbanCode Deploy| 7.0.5.1 \nUCD - IBM UrbanCode Deploy| 7.0.5.2 \nUCD - IBM UrbanCode Deploy| 7.0.5.3 \nUCD - IBM UrbanCode Deploy| 7.0.5.4 \nUCD - IBM UrbanCode Deploy| 7.0.5.5 \nUCD - IBM UrbanCode Deploy| 7.0.5.6 \nUCD - IBM UrbanCode Deploy| 7.0.5.7 \nUCD - IBM UrbanCode Deploy| 7.0.5.8 \nUCD - IBM UrbanCode Deploy| 7.1.0.0 \nUCD - IBM UrbanCode Deploy| 7.1.0.1 \nUCD - IBM UrbanCode Deploy| 7.1.0.2 \nUCD - IBM UrbanCode Deploy| 7.1.1.0 \nUCD - IBM UrbanCode Deploy| 7.1.1.1 \nUCD - IBM UrbanCode Deploy| 7.1.1.2 \nUCD - IBM UrbanCode Deploy| 7.1.2.1 \nUCD - IBM UrbanCode Deploy| 7.1.2.2 \nUCD - IBM UrbanCode Deploy| 7.1.2.3 \nUCD - IBM UrbanCode Deploy| 7.1.2.4 \nUCD - IBM UrbanCode Deploy| 7.2.0.0 \nUCD - IBM UrbanCode Deploy| 7.2.0.1 \nUCD - IBM UrbanCode Deploy| 7.2.0.2 \nUCD - IBM UrbanCode Deploy| 7.2.1.0 \nUCD - IBM UrbanCode Deploy| 7.2.1.1 \nUCD - IBM UrbanCode Deploy| 7.2.1.2 \n \n \n\n\n## Remediation/Fixes\n\nUpgrade to 6.2.7.14, 7.0.5.9, 7.1.2.5, or 7.2.2.0\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T22:43:41", "type": "ibm", "title": "Security Bulletin: IBM Urbancode Deploy impacted by Apache Log4j SQL Injection vulnerability. (CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-03-31T22:43:41", "id": "624EC50571DDA528048438572DF31F565C12E5D78AC4A7054EB0C733BB3DA3C4", "href": "https://www.ibm.com/support/pages/node/6568539", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:52:52", "description": "## Summary\n\nIBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability through the JDBCAppender in Log4j 1.2.x which accepts a SQL statement as a configuration parameter. When JDBCAppender is specifically configured to use, malicious values could be inserted. This allows attackers to exploit this vulnerability by entering crafted SQL strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed on the system.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| 1.3.3 \nIBM Operations Analytics Predictive Insights| 1.3.5 \nIBM Operations Analytics Predictive Insights| 1.3.6 \n \n\n\n## Remediation/Fixes\n\nApache Log4j 1.2 reached the end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. \n\nTo do that please use the instructions and full details from the README that\u2019s in the IBM Operations Analytics Predictive Insights iFix6 tarball, and follow with the upgrade to IBM Operations Analytics Predictive Insights iFix6.\n\nIBM Operations Analytics Predictive Insights iFix6 tarball is available [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=All&platform=Linux+64-bit,x86_64&function=all> \"here\" ). \n \n\n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-17T14:12:35", "type": "ibm", "title": "Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-11-17T14:12:35", "id": "D21F7F512A88CA9BDAC1DDEC3EC46B827F8888D53EFBD5E335A27023C7A16EB9", "href": "https://www.ibm.com/support/pages/node/6840121", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:01:58", "description": "## Summary\n\nApache Log4j is used by IBM Cloud Pak for Multicloud Management Monitoring as part of its logging infrastructure. Apache Log4j v1.2 has been removed and replaced by Log4j v2.17.1. Components that use Apache Log4j v1.2 are not exposed outside the cluster and are not configured to use the vulnerable Log4j v1 classes. Furthermore, it will take extraordinary measures by a malicious insider to attempt to reconfigure the components to be vulnerable. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| 2.0 - 2.3 Fix Pack 4 \n \n\n\n## Remediation/Fixes\n\nTo address the vulnerability, IBM strongly recommends you to upgrade IBM Cloud Pak for Multicloud Management to 2.3 Fix Pack 5. For upgrading instructions, see <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade.>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-21T12:37:52", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is potentially vulnerable to execution of arbitrary code due to its use of Apache Log4j (CVE-2022-23305)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-07-21T12:37:52", "id": "D568FA3B382C6BE9CD6C3F6692E51D4BA042C287F4A6C7DFC1395A1EE4BFA175", "href": "https://www.ibm.com/support/pages/node/6606301", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:00", "description": "## Summary\n\nApache Log4j is used by IBM Sterling Connect:Direct for UNIX as part of its logging infrastructure. There are vulnerabilities in the Apache Log4j open source library versions used by IBM Sterling Connect:Direct for Unix. Based on current information and analysis, IBM Sterling Connect:Direct for Unix is not impacted by CVE-2021-44832. However, out of an abundance of caution, IBM Sterling Connect:Direct for Unix has upgraded Log4j to 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0 \nIBM Sterling Connect:Direct for UNIX| 6.1.0 \nIBM Sterling Connect:Direct for UNIX| 6.0.0 \nIBM Sterling Connect:Direct for UNIX| 4.3.0 \n \n## Remediation/Fixes\n\nIBM recommends addressing the possible vulnerability now by upgrading.\n\n**Product(s)**| **Version(s)**| **Remediation/Fix** \n---|---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0| Apply 6.2.0.1.iFix020, available in cumulative 6.2.0.2.iFix001 on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.2.0.2&platform=All&function=fixId&fixids=6.2.0.2*iFix001*&includeSupersedes=0> \"Fix Central\" ) \nIBM Sterling Connect:Direct for UNIX| 6.2.0 IBM Certified Container| Apply 6.2.0.2, see [Downloading the Certified Container Software](<https://www.ibm.com/docs/en/connect-direct/6.2.0?topic=tasks-downloading-certified-container-software> \"Downloading the Certified Container Software\" ) \nIBM Sterling Connect:Direct for UNIX| 6.1.0| Apply 6.1.0.4.iFix037, available in cumulative iFix040 on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.4*iFix040*&includeSupersedes=0> \"Fix Central\" ) \nIBM Sterling Connect:Direct for UNIX| 6.0.0| Apply 6.0.0.2.iFix127, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.0.0.2&platform=All&function=fixId&fixids=6.0.0.2*iFix127*&includeSupersedes=0> \"Fix Central\" ) \nIBM Sterling Connect:Direct for UNIX| 4.3.0| Apply 4.3.0.1.iFix092, available in cumulative iFix094 on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=4.3.0.1&platform=All&function=fixId&fixids=4.3.0.1*iFix094*&includeSupersedes=0> \"Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-12T01:30:58", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for UNIX may be vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-02-12T01:30:58", "id": "7E14B22ECA169752ECE98AF6029993D38DAD48CA63B7F7A2541E649258A2178A", "href": "https://www.ibm.com/support/pages/node/6555402", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:00", "description": "## Summary\n\nOperations Dashboard is vulnerable to arbitrary code execution in Log4j CVE-2021-44832 with details below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nOperations Dashboard| 2020.4.1 \n2021.1.1 \n2021.2.1 \n2021.3.1 \n2021.4.1 \n \n\n\n## Remediation/Fixes\n\n**Operations Dashboard version 2020.4.1 in IBM Cloud Pak for Integration** \nUpgrade Operations Dashboard to 2020.4.1-7-eus using the Operator upgrade process described in the IBM Documentation \n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2020.4?topic=components-upgrading-operations-dashboard> \n \n**Operations Dashboard version 2021.1.1, 2021.2.1, 2021.3.1, and 2021.4.1 in IBM Cloud Pak for Integration** \nUpgrade Operations Dashboard to 2021.4.1-3 using the Operator upgrade process described in the IBM Documentation \n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2021.4?topic=capabilities-upgrading-integration-tracing>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-11T13:54:51", "type": "ibm", "title": "Security Bulletin: Operations Dashboard is vulnerable to arbitrary code execution in Log4j CVE-2021-44832", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-02-11T13:54:51", "id": "3A9B55763C1C0473228A4D4C82FC501C0EAAF3C51E020F75A80CE6CD65CC662F", "href": "https://www.ibm.com/support/pages/node/6555356", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:50", "description": "## Summary\n\nAutomation Assets in IBM Cloud Pak for Integration is vulnerable to CVE-2021-44832 with details below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAutomation Assets in IBM Cloud Pak for Integration (CP4I)| 2021.2.1 \n2021.4.1 \n \n\n\n## Remediation/Fixes\n\n**Automation Assets version 2021.2.1 or 2021.4.1 in IBM Cloud Pak for Integration**\n\nUpgrade Automation Assets to 2021.4.1-2 using the Operator upgrade process described in the IBM Documentation\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2021.4?topic=capabilities-upgrading-automation-assets>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-17T16:16:00", "type": "ibm", "title": "Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Apache Log4j (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-17T16:16:00", "id": "23980F37EDFBF5DFA892E9152EBD5E349FBE79FB2A858C312C9DC9251022F872", "href": "https://www.ibm.com/support/pages/node/6541290", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:52:20", "description": "## Summary\n\nApache Log4j is used by as part of its logging infrastructure by IBM Analytic Accelerator Framework for Communication Service Providers (AAF) and IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA). These products are vulnerable to CVE-2021-44832. The fix includes includes Apache Log4j v2.17.0\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Analytic Accelerator Framework for Communication Service Providers (AAF)| 4.0.0.0.0 \nIBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) | 10.0.0.0.0 \n \n\n\n## Remediation/Fixes\n\nCustomers who have installed the affected versions should immediately upgrade to: \n\nIBM Analytic Accelerator Framework for Communication Service Providers (AAF) v4.0.0.2\n\nIBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) v10.0.0.2\n\nThe above software packages can be downloaded from IBM Passport Advantage.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-17T01:00:31", "type": "ibm", "title": "Security Bulletin: IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics for Communications Service Providers and Datasets Impacted by Log4j Vulnerabilities ( CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-06-17T01:00:31", "id": "E805A2E822F9F587AC809C6A8CA399694FA0BD883078F64EF001D4B79132B879", "href": "https://www.ibm.com/support/pages/node/6595967", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:52:29", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library. The library is used by IBM Event Streams.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Event Streams| 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.4.0 \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading \n\n**IBM Event Streams (Continuous Delivery)**\n\n * Upgrade to IBM Event Streams 10.5.0 by following the [upgrading and migrating](<https://ibm.github.io/event-streams/installing/upgrading/> \"\" ) documentation.\n\n**IBM Event Streams (Extended Update Support)**\n\n * Upgrade to IBM Event Streams 10.2.1 by following the [upgrading and migrating](<https://ibm.github.io/event-streams/10.2/installing/upgrading/> \"\" ) documentation.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-10T15:52:27", "type": "ibm", "title": "Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-06-10T15:52:27", "id": "EA3F9619545419A098A554C6AA49233D406E118A8A2221EEFF0BABB483AAC02B", "href": "https://www.ibm.com/support/pages/node/6594159", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:13", "description": "## Summary\n\nA vulnerabilitiy in Apache Log4j could result in remote code execution. This vulnerability may affect IBM Spectrum Protect Snapshot for VMware due to its use of Log4j for logging of messages and traces. The below fix package includes Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Snapshot for VMware| 4.1.6.10-4.1.6.14 \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing this vulnerability now by upgrading. \n\n**Note: The below fix package includes Log4j 2.17.1.**\n\n**_IBM Spectrum Protect Snapshot for VMware Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n4.1.6.10-4.1.6.14| 4.1.6.15| Linux| <https://www.ibm.com/support/pages/node/6540240> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T11:37:31", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Snapshot for VMware (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-02-01T11:37:31", "id": "F532C527613357C6A2A49FB79425351FAA7200585028A4FA9898C13802895FB6", "href": "https://www.ibm.com/support/pages/node/6540874", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:28", "description": "## Summary\n\nA security vulnerability has been identified in the Apache Log4j library that could allow a remote attacker to execute arbitrary code on the system. The Log4j library is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact| 7.1.0 \n \n\n\n## Remediation/Fixes\n\nProduct Name| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nIBM Tivoli Netcool Impact| 7.1.0.18 ~ 7.1.0.24| IJ36910| ** \n****For 7.1.0.18 through 7.1.0.24:** \nApply Interim Fix [7.1.0-TIV-NCI-IF0010](<https://www.ibm.com/support/pages/node/6536702> \"7.1.0-TIV-NCI-IF0010\" ) \n \n \n \n## Workarounds and Mitigations\n\nThe default log4j configuration for IBM Tivoli Netcool Impact does not use a JDBC Appender. If the configuration has been changed to load a JDBC Appender, IBM recommends removing it.\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T15:23:59", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-06T15:23:59", "id": "39D96B14EB572D15D163E89AF8FFEB5DBC072EF6E833A83F8DA3B89A5DBB7F82", "href": "https://www.ibm.com/support/pages/node/6538696", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:56:08", "description": "## Summary\n\nThere is a security vulnerability in the Apache Log4j open source library used by IBM OpenPages with Watson. This impacts the IBM OpenPages logging framework. This vulnerability has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffects IBM OpenPages with Watson 8.2.0.4 through 8.2.0.4 Interim Fix 2 (8.2.0.4.2) \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by upgrading.**\n\nA fix has been created for the affected versions of the named product. Fix and installation instructions are provided at the URL listed below: \n \n\n\n**Affected Product and Version \n**| **Remediation/Fix** \n---|--- \n \nIBM OpenPages with Watson **8.2.0.4, 8.2.0.4.1, 8.2.0.4.2** \n \n\n\n| \n\n\\- Apply 8.2.0.4 Interim Fix 3 (**8.2.0.4.3**)\n\n<https://www.ibm.com/support/pages/openpages-watson-8204-interim-fix-3> \n \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-02T02:17:50", "type": "ibm", "title": "Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-03-02T02:17:50", "id": "E4DC5C75AB8DC1EFE3474E65C33B8EED76C2B358258DE3E2C7A0C0EA9FD53126", "href": "https://www.ibm.com/support/pages/node/6560620", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:30", "description": "## Summary\n\nA potential vulnerability inApache Log4j - CVE-2021-44832 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Several components of IBM Watson Assistant for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. Refer to details for additional information.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWA for ICP| 1.5.0, 4.0.0, 4.0.2, 4.0.4 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to the upcoming latest (v4.0.5) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above. \n\nLatest Version| Link to Release (v4.0.5 release information) \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.0.5| <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=assistant-installing-watson> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-27T18:08:51", "type": "ibm", "title": "Security Bulletin: Vulnerability inApache Log4j - CVE-2021-44832 may affect IBM Watson Assistant for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-27T18:08:51", "id": "84B9F968C99F1D06D139A9613E0943A5C824556A856DEFE8DEE64E68329DDB5C", "href": "https://www.ibm.com/support/pages/node/6551436", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:07:49", "description": "## Summary\n\nApache Log4j used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE (CVE-2022-23305)\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>) \n** DESCRIPTION: **Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCPDS| 1.0.0.0- 1.0.7.7 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying below security patch.**\n\nProduct| VRMF| Remediation / First Fix \n---|---|--- \nIBM Cloud Pak for Data System 1.0| 7.9.22.02.SP10| [Link to fix central](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&fixids=7.9.22.02.SP10-WS-ICPDS-fp152&source=SAR>) \n \nPlease follow the steps given in **[release notes](<https://www.ibm.com/docs/en/cloud-paks/cloudpak-data-system/1.0?topic=new-security-patch-release-notes> \"release notes\" )** to upgrade system with security patches \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-21T08:34:42", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Pak for Data System 1.0", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-03-21T08:34:42", "id": "95B1F80B256487D0B1138355698820E492933E1B787C86EB0300B5F6C159070B", "href": "https://www.ibm.com/support/pages/node/6565005", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:54", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the vulnerability (CVE-2021-44832). \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.2 CD \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading.**\n\nThe recommended solution involves the IBM Cloud Private ibm-icplogging component. It is recommended that you follow the instructions for the component in the links listed below:\n\nFor IBM Cloud Private 3.2.1: [IBM Cloud Private 3.2.1 Patch](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1-build601012-52063&includeSupersedes=0> \"IBM Cloud Private 3.2.1 Patch\" )\n\nFor IBM Cloud Private 3.2.2: [IBM Cloud Private 3.2.2 Patch](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1-build601012-52063&includeSupersedes=0> \"IBM Cloud Private 3.2.2 Patch\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T21:05:55", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-03-14T21:05:55", "id": "77486B8B5BB16D0AE922BE517509C1AEDA2019428A2A23BADFAE5682D363F74A", "href": "https://www.ibm.com/support/pages/node/6563309", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:00", "description": "## Summary\n\nA vulnerability in Apache Log4j could result in remote code execution. This vulnerability may impact the IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments due to their uses of Apache Log4j for logging of messages and traces. The below fix packages include Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Backup-Archive Client - see Note 1| \n\n8.1.11.0-8.1.13.2 \n7.1.8.10-7.1.8.14 \n \n \nIBM Spectrum Protect for Virtual Environments: Data Protection for VMware| 8.1.11.0-8.1.13.2 see Note 2 \n7.1.8.10-7.1.8.14 \nIBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V| 8.1.11.0-8.1.13.2 see Note 2 \n \n \nNote 1: \nIBM Spectrum Protect includes the client and server. The IBM Spectrum Protect Backup-Archive Client installs the affected Apache Log4j files. Based on current analysis and information, only the Web GUI will use the affected files.\n\nNote 2: \nThe Data Movers in 8.1.11 and above are affected.\n\n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing these vulnerabilities now by upgrading to the fixed level instead of using the manual process described under Workarounds and Mitigations. \n\n**Note: The below fix packages include Apache Log4j 2.17.1.**\n\n**_IBM Spectrum Protect Backup-Archive Client Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n8.1.11.0-8.1.13.2 | 8.1.13.3| AIX \nLinux \nWindows| <https://www.ibm.com/support/pages/node/589103> \n7.1.8.10-7.1.8.14| \n\n7.1.8.15\n\n| Linux \nWindows| \n\n<https://www.ibm.com/support/pages/node/316619> \n \n**_IBM Spectrum Protect for Virtual Environments: Data Protection for VMware Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n8.1.11.0-8.1.13.2 | 8.1.13.3| Linux \nWindows| [https://www.ibm.com/support/pages/node/6487157 ](<https://www.ibm.com/support/pages/node/6487157> \"\" ) \n7.1.8.10-7.1.8.14| 7.1.8.15| Linux \nWindows| <https://www.ibm.com/support/pages/node/316625> \n \n**_IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n8.1.11.0-8.1.13.2| 8.1.13.3| Windows| <https://www.ibm.com/support/pages/node/6487157> \n \n## Workarounds and Mitigations\n\nIBM strongly recommends addressing this vulnerability now by upgrading to the fixed level using the links provided in the Remediation/Fixes section instead of using the manual process below. \n\n**Procedure to Manually Replace log4j jar files**\n\nThe following products/components can use this procedure:\n\n * IBM Spectrum Protect for Virtual Environments: Data Protection for VMware\n * IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V\n * IBM Spectrum Protect Backup-Archive Client\n * Data Movers used by IBM Spectrum Protect for Virtual Environments \n \n\n\nThe five impacted components are:\n\n**Component**\n\n| \n\n**Products Using Component** \n \n---|--- \n \nvmcli\n\n| \n\nIBM Spectrum Protect for Virtual Environments: Data Protection for VMware \n \nFile Restore\n\n| \n\nIBM Spectrum Protect for Virtual Environments: Data Protection for VMware, IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V, and the Data Movers used by IBM Spectrum Protect for Virtual Environments \n \nData Protection for VMware UI\n\n| \n\nIBM Spectrum Protect for Virtual Environments: Data Protection for VMware \n \nvCloud Suite SDK (tagging)\n\n| \n\nIBM Spectrum Protect for Virtual Environments: Data Protection for VMware \n \nWeb GUI\n\n| \n\nIBM Spectrum Protect Backup-Archive Client \n \nThe Web GUI is tied to the following items in the IBM Spectrum Protect Backup-Archive Client -\n\n * Windows \u2013 \u201cClient Web Server\u201d feature\n * Linux - TIVsm-WEBGUI** package\n * AIX - tivoli.tsm.client.webgui fileset\n\n**>Directions to replace the log4j jars files:**\n\n**Windows steps \u2013**\n\n1\\. Download the following from Apache - Apache Log4j 2.17.1 or later can be used.\n\nApache Log4j 2.17.1 is used in these directions as an example.\n\nApache Log4j 2 binary(zip): apache-log4j-2.17.1-bin.zip\n\n<https://logging.apache.org/log4j/2.0/download.html>\n\n2\\. In Windows Services, switch the following services if present to manual to avoid automatic restarts during patching process:\n\nIBM Spectrum Protect for Virtual Environments Derby Database(vmcli)\n\nIBM Spectrum Protect for Virtual Environments Web Server\n\nIBM Spectrum Protect for BAClient Web Server\n\nIBM Spectrum Protect Recovery Agent\n\n3\\. Stop the following Windows services if present:\n\nIBM Spectrum Protect for Virtual Environments Derby Database(vmcli)\n\nIBM Spectrum Protect for Virtual Environments Web Server\n\nIBM Spectrum Protect for BAClient Web Server\n\nIBM Spectrum Protect Recovery Agent\n\n4\\. Unzip the apache-log4j-2.17.1-bin.zip file\n\n5\\. Remove the following log4j files from the following locations:\n\nC:\\IBM\\SpectrumProtect\\webserver\\usr\\servers\\veProfile\\apps\\FR_API.war\\WEB-INF\\lib\n\nC:\\Program Files\\IBM\\SpectrumProtect\\Framework\\VEGUI\\Lib\n\nC:\\Program Files\\Tivoli\\TSM\\baclient\\plugins\\vcloudsuite\\sdk\n\nNote: Given the potential for the IBM Spectrum Protect Backup-Archive Client to be installed in a non-default location, it may be beneficial to simply search against locations of log4j*.jar and remove prior versions accordingly against locations where Spectrum Protect has placed these files. \n\nThe files to be removed are the following:\n\nFor 8.1.11.0-8.1.13.0 and 7.1.8.10-7.1.8.12 \nlog4j-api-2.13.3.jar \nlog4j-1.2-api-2.13.3.jar \nlog4j-core-2.13.3.jar \nlog4j-jcl-2.13.3.jar \nlog4j-slf4j-impl-2.13.3.jar\n\nFor 8.1.13.1 and 7.1.8.13 \nlog4j-api-2.15.0.jar \nlog4j-1.2-api-2.15.0.jar \nlog4j-core-2.15.0.jar \nlog4j-jcl-2.15.0.jar \nlog4j-slf4j-impl-2.15.0.jar\n\nFor 8.1.13.2 and 7.1.8.14 \nlog4j-api-2.17.0.jar \nlog4j-1.2-api-2.17.0.jar \nlog4j-core-2.17.0.jar \nlog4j-jcl-2.17.0.jar \nlog4j-slf4j-impl-2.17.0.jar\n\n6\\. For the workarea folder locations, for example:\n\nC:\\IBM\\SpectrumProtect\\webserver\\usr\\servers\\veProfile\\workarea\\org.eclipse.osgi\\90\\data\\cacheAdapt\\com.ibm.ws.app.manager_60\\WEB-INF\\lib\n\nC:\\IBM\\SpectrumProtect\\webserver\\usr\\servers\\veProfile\\workarea\\org.eclipse.osgi\\90\\data\\cacheAdapt\\com.ibm.ws.app.manager_68\\WEB-INF\\lib\n\nC:\\IBM\\SpectrumProtect\\webserver\\usr\\servers\\veProfile\\workarea\\org.eclipse.osgi\\90\\data\\cacheOverlay\\com.ibm.ws.app.manager_67\\WEB-INF\\lib\\\\.cache\n\nC:\\IBM\\SpectrumProtect\\webserver\\usr\\servers\\veProfile\\workarea\\org.eclipse.osgi\\90\\data\\cacheOverlay\\com.ibm.ws.app.manager_68\\WEB-INF\\lib\\\\.cache\n\nFolders with the log4j jar names will be created, for example:\n\nC:\\IBM\\SpectrumProtect\\webserver\\usr\\servers\\veProfile\\workarea\\org.eclipse.osgi\\90\\data\\cacheAdapt\\com.ibm.ws.app.manager_60\\WEB-INF\\lib\\log4j-1.2-api-2.13.3.jar\\\n\nPlease remove these folders in the workarea location. The values specified by _XY will vary, for example _60 vs _67: \n \n\n\nC:\\IBM\\SpectrumProtect\\webserver\\usr\\servers\\veProfile\\workarea\\org.eclipse.osgi\\90\\data\\cacheAdapt\\com.ibm.ws.app.manager_60\\WEB-INF\\lib\n\nC:\\IBM\\SpectrumProtect\\webserver\\usr\\servers\\veProfile\\workarea\\org.eclipse.osgi\\90\\data\\cacheAdapt\\com.ibm.ws.app.manager_67\\WEB-INF\\lib\n\n7\\. Replace the removed files with the updated versions from the zip file where they are 2.17.1 or later.\n\nlog4j-api-2.17.1.jar \nlog4j-1.2-api-2.17.1.jar \nlog4j-core-2.17.1.jar \nlog4j-jcl-2.17.1.jar \nlog4j-slf4j-impl-2.17.1.jar\n\n8\\. Restart the following services where applicable:\n\nIBM Spectrum Protect for Virtual Environments Derby Database (vmcli)\n\nIBM Spectrum Protect for Virtual Environments Web Server\n\nIBM Spectrum Protect Recovery Agent\n\nIBM Spectrum Protect for BAClient Web Server\n\n9\\. In Windows Services, switch the following services back to automatic to allow automatic restarts on reboot as needed:\n\nIBM Spectrum Protect for Virtual Environments Derby Database(vmcli)\n\nIBM Spectrum Protect for Virtual Environments Web Server\n\nIBM Spectrum Protect Recovery Agent\n\nIBM Spectrum Protect for BAClient Web Server\n\n**Linux steps** \u2013\n\n1\\. Download the following from Apache - Apache Log4j 2.17.1 or later can be used.\n\nApache Log4j 2.17.1 is used in these directions as an example.\n\nApache Log4j 2 binary(zip): apache-log4j-2.17.1-bin.tar.gz \n<https://logging.apache.org/log4j/2.0/download.html> \n\n\n2\\. Stop the following services if present:\n\nsystemctl stop webserver / [SLES 12.3: /etc/init.d/webserver stop] \nkill the vmclid process --> not for Web 3.0\n\n3\\. Extract the files from apache-log4j-2.17.1-bin.tar.gz\n\n4\\. Remove the following log4j files from the following locations:\n\n/opt/tivoli/tsm/tdpvmware/common/webserver/usr/servers/veProfile/apps/FR_API.war/WEB-INF/lib/\n\n/opt/tivoli/tsm/tdpvmware/common/webserver/usr/servers/veProfile/apps/tsmVmGUI.war/WEB-INF/lib/\n\n/opt/tivoli/tsm/tdpvmware/common/lib/\n\n/opt/tivoli/tsm/client/ba/bin/plugins/vcloudsuite/sdk/\n\n/opt/tivoli/tsm/tdpvmware/common/webserver/usr/servers/veProfile/workarea/org.eclipse.osgi/88/data/cacheAdapt/com.ibm.ws.app.manager_51/WEB-INF/lib/\n\n/opt/tivoli/tsm/tdpvmware/common/webserver/usr/servers/veProfile/workarea/org.eclipse.osgi/88/data/cacheOverlay/com.ibm.ws.app.manager_51/WEB-INF/lib/.cache/\n\nNote: Given the potential for the B/A Client to be installed in a non-default location, it may be beneficial to simply search against locations of log4j*.jar and remove prior versions accordingly against locations where Spectrum Protect has placed these files. For the workarea folders listed above, the values may vary. \n\nThe files to be removed are the following:\n\nFor 8.1.11.0-8.1.13.0 and 7.1.8.10-7.1.8.12 \nlog4j-api-2.13.3.jar \nlog4j-1.2-api-2.13.3.jar \nlog4j-core-2.13.3.jar \nlog4j-jcl-2.13.3.jar \nlog4j-slf4j-impl-2.13.3.jar\n\nFor 8.1.13.1 and 7.1.8.13 \nlog4j-api-2.15.0.jar \nlog4j-1.2-api-2.15.0.jar \nlog4j-core-2.15.0.jar \nlog4j-jcl-2.15.0.jar \nlog4j-slf4j-impl-2.15.0.jar\n\nFor 8.1.13.2 and 7.1.8.14 \nlog4j-api-2.17.0.jar \nlog4j-1.2-api-2.17.0.jar \nlog4j-core-2.17.0.jar \nlog4j-jcl-2.17.0.jar \nlog4j-slf4j-impl-2.17.0.jar\n\n \n5\\. Replace the removed files with the updated versions from the tar.gz file where they are 2.17.1 or later.\n\nlog4j-api-2.17.1.jar \nlog4j-1.2-api-2.17.1.jar \nlog4j-core-2.17.1.jar \nlog4j-jcl-2.17.1.jar \nlog4j-slf4j-impl-2.17.1.jar\n\n6\\. Start the stopped services: \n\nvmclid daemon\n\n\"systemctl start webserver\" / [SLES 12.3: /etc/init.d/webserver start]\n\n**AIX steps** \u2013\n\n1\\. Download the following from Apache - Apache Log4j 2.17.1 or later can be used.\n\nApache Log4j 2.17.1 is used in these directions as an example.\n\nApache Log4j 2 binary(zip): apache-log4j-2.17.1-bin.tar.gz\n\n<https://logging.apache.org/log4j/2.0/download.html> \n\n\n2\\. Stop the following process as root via the following command:\n\n/usr/tivoli/tsm/tdpvmware/common/webserver/bin/server stop veProfile\n\n3\\. Extract the files from apache-log4j-2.17.1-bin.tar.gz\n\n4\\. Remove the following log4j files from the following locations:\n\n/usr/tivoli/tsm/tdpvmware/common/webserver/usr/servers/veProfile/apps/FR_API.war/WEB-INF/lib/\n\n/usr/tivoli/tsm/tdpvmware/common/lib/\n\n/usr/tivoli/tsm/tdpvmware/common/webserver/usr/servers/veProfile/workarea/org.eclipse.osgi/88/data/cacheAdapt/com.ibm.ws.app.manager_51/WEB-INF/lib/\n\n/usr/tivoli/tsm/tdpvmware/common/webserver/usr/servers/veProfile/workarea/org.eclipse.osgi/88/data/cacheOverlay/com.ibm.ws.app.manager_51/WEB-INF/lib/.cache/\n\nNote: Given the potential for the B/A Client to be installed in a non-default location, it may be beneficial to simply search against locations of log4j*.jar and remove prior versions accordingly against locations where Spectrum Protect has placed these files. For the workarea folders listed above, the values may vary. \n\nThe files to be removed are the following:\n\nFor 8.1.11.0-8.1.13.0 and 7.1.8.10-7.1.8.12 \nlog4j-api-2.13.3.jar \nlog4j-1.2-api-2.13.3.jar \nlog4j-core-2.13.3.jar \nlog4j-jcl-2.13.3.jar \nlog4j-slf4j-impl-2.13.3.jar\n\nFor 8.1.13.1 and 7.1.8.13 \nlog4j-api-2.15.0.jar \nlog4j-1.2-api-2.15.0.jar \nlog4j-core-2.15.0.jar \nlog4j-jcl-2.15.0.jar \nlog4j-slf4j-impl-2.15.0.jar\n\nFor 8.1.13.2 and 7.1.8.14 \nlog4j-api-2.17.0.jar \nlog4j-1.2-api-2.17.0.jar \nlog4j-core-2.17.0.jar \nlog4j-jcl-2.17.0.jar \nlog4j-slf4j-impl-2.17.0.jar\n\n5\\. Replace the removed files with the updated versions from the tar.gz file where they are 2.17.1 or later.\n\nlog4j-api-2.17.1.jar \nlog4j-1.2-api-2.17.1.jar \nlog4j-core-2.17.1.jar \nlog4j-jcl-2.17.1.jar \nlog4j-slf4j-impl-2.17.1.jar\n\n6\\. Start the stopped process as root via the following command:\n\n/usr/tivoli/tsm/tdpvmware/common/webserver/bin/server start veProfile --clean\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-14T14:10:57", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j impacts IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-14T14:10:57", "id": "89E699B806727E33E450302956E4D536B906A5F4CF0C0791EBBC25F005461B6D", "href": "https://www.ibm.com/support/pages/node/6540692", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:39", "description": "## Summary\n\nApache Log4j remote code execution vulnerability affects IBM Sterling Control Center. Customers are strongly encouraged to take action and apply the fix below. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Control Center| 6.2.1.0 \nIBM Sterling Control Center| 6.2.0.0 \nIBM Sterling Control Center| 6.1.3.0 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**iFix**\n\n| \n\n**Remediation** \n \n---|---|---|--- \n \nIBM Sterling Control Center\n\n| \n\n6.2.1.0\n\n| \n\niFix05\n\n| \n\n[Fix Central - 6.2.1.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.2.1.0&platform=All&function=all>) \n \nIBM Sterling Control Center\n\n| \n\n6.2.0.0\n\n| \n\niFix15\n\n| \n\n[Fix Central - 6.2.0.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.2.0.0&platform=All&function=all>) \n \nIBM Sterling Control Center\n\n| \n\n6.1.3.0\n\n| \n\niFix11\n\n| \n\n[Fix Central - 6.1.3.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.1.3.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-21T22:48:20", "type": "ibm", "title": "Security Bulletin: IBM Sterling Control Center is vulnerable to remote code execution due to Apache Log4j (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-21T22:48:20", "id": "A2F7E57DAD21E2D5E4DB804EB652C6CD00E5CDF5B0D67125B95F4E269BA69025", "href": "https://www.ibm.com/support/pages/node/6549894", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:02", "description": "## Summary\n\nApache Log4j is used by IBM Cloud Pak for Data System 1.0 in openshift-logging. This bulletin provides a remediation for the Apache Log4j vulnerability (CVE-2021-44832). \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Data System (ICPDS) 1.0 - Openshift Container Platform 3.11| 1.0.0.0- 1.0.7.7 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying below patch. **\n\n**Product**| VRMF| Remediation / Fix \n---|---|--- \n \nIBM Cloud Pak for Data System 1.0 - Openshift Container Platform 3.11\n\n| 1.0.0.1-openshift-3.11.log4j-WS-ICPDS-fp140| [Link to Fix Central](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&fixids=1.0.0.1-openshift-3.11.log4j-WS-ICPDS-fp140&source=SAR>) \n \n * Please follow the steps given in **[release notes](<https://www.ibm.com/docs/en/cloud-paks/cloudpak-data-system/1.0?topic=new-log4j-vulnerability-patch-1001> \"release notes\" )** to apply above remediation. Please replace fpxxx in the release note with fp140.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-14T05:33:09", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to remote code execution due to Apache Log4j (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-02-14T05:33:09", "id": "3B5CA39475D73EB1F673FE6D208449037B7B188E0C5761C0C18099C77DD55CC2", "href": "https://www.ibm.com/support/pages/node/6556406", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:50:42", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. Information about security vulnerabilities affecting WAS have been published in security bulletins, and IBM recommends that these remediations are applied to all instances of IBM Workload Scheduler.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Workload Scheduler| 9.4 \nIBM Workload Scheduler| 9.3.x \n \n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Workload Scheduler. IBM recommends that these remediations are applied to all instances of IBM Workload Scheduler.\n\n<https://www.ibm.com/support/pages/node/6538148>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-01-10T14:48:43", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44832) shipped with IBM Workload Scheduler", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-10T14:48:43", "id": "46D17052F3251C0B3D153FDD5D0771739B636DF3179C7B0E07B10BDA68CED334", "href": "https://www.ibm.com/support/pages/node/6539478", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T17:58:11", "description": "## Summary\n\nThere are vulnerabilities in Apache log4j2 used by IBM Spectrum LSF Suite, IBM Spectrum LSF Suite for HPA, IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center. IBM Spectrum LSF Suite, IBM Spectrum LSF Suite for HPA, IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center have addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Spectrum Suite for HPA| 10.2.0.12 \nIBM Spectrum LSF Explorer| 10.2.0.12 \nIBM Spectrum LSF Application Center| 10.2.0.12 \nIBM Spectrum LSF Suite| 10.2.0.12 \n \n\n\n## Remediation/Fixes\n\nIBM Spectrum LSF Suite for Enterprise: \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF+Suite+for+Enterprise&release=All&platform=All&function=fixId&fixids=suite-10.2.0.12-build600958&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF+Suite+for+Enterprise&release=All&platform=All&function=fixId&fixids=suite-10.2.0.12-build600958&includeSupersedes=0>)\n\nIBM Spectrum LSF Suite for HPC: \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF+Suite+for+HPC&release=All&platform=All&function=fixId&fixids=suite-10.2.0.12-build600958&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF+Suite+for+HPC&release=All&platform=All&function=fixId&fixids=suite-10.2.0.12-build600958&includeSupersedes=0>)\n\nIBM Spectrum LSF Suite for Workgroups: \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF+Suite+for+Workgroups&release=All&platform=All&function=fixId&fixids=suite-10.2.0.12-build600958&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF+Suite+for+Workgroups&release=All&platform=All&function=fixId&fixids=suite-10.2.0.12-build600958&includeSupersedes=0>)\n\nIBM Spectrum LSF Explorer: \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF+Explorer&release=All&platform=All&function=fixId&fixids=explorer-10.2-build600931&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF+Explorer&release=All&platform=All&function=fixId&fixids=explorer-10.2-build600931&includeSupersedes=0>)\n\nIBM Spectrum LSF Application Center: \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF+Application+Center&release=All&platform=All&function=fixId&fixids=pac-10.2-build600931&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF+Application+Center&release=All&platform=All&function=fixId&fixids=pac-10.2-build600931&includeSupersedes=0>)\n\nIBM Spectrum Suite for HPA:\n\nRefer to IBM Spectrum LSF Application Center and IBM Spectrum LSF Explorer\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-12T09:48:48", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Log4j2 affect IBM Spectrum LSF Suite, IBM Spectrum LSF Suite for HPA, IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-12T09:48:48", "id": "A4DED06E2C9F4A28ADEF0AA4C6EEFDDF9D1F431EA3CF997F41E7EA22CA7B12B7", "href": "https://www.ibm.com/support/pages/node/6540236", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:56:26", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Log4j.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.0.5 \nWatson Discovery| 2.0.0-2.2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.0.6 \n\nUpgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-8\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-23T17:54:41", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-02-23T17:54:41", "id": "9052D87C0A77FDE9339BE13D5F9E4733073147348EB17E7CF0F5B741C451ECC3", "href": "https://www.ibm.com/support/pages/node/6556974", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:54:27", "description": "## Summary\n\nCrypto Hardware Initialization and Maintenance (CHIM) as shipped with IBM Common Cryptographic Architecture (CCA) for MTM 4769 is affected by a vulnerability in Apache Log4j (CVE-2021-44832). CHIM is using Apache Log4j for internal logging purposes of regular user activity. The fix includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCrypto Hardware Initialization and Maintenance (CHIM)| CHIM 3.0.0 for CCA 7.2.55 for MTM 4769 for Linux (setup4769_7.2.55.bin) \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading:**\n\n**Product(s)**| **Fixed Version(s)** \n---|--- \nCrypto Hardware Initialization and Maintenance (CHIM)| \n\nCHIM 3.0.1 for CCA MTM 4769 for Linux x86-64 version 7.2.55 or later (setup4769_chim_log4j_patch_7.2.55.bin)\n\nNote: CCA MTM 4769 version 7.2.55 is no longer available for download; it has been superseded by version 7.3.44 (setup4769_7.3.44.bin) \n \nThe fixed version can be obtained from the [CCA Software Download Page](<https://www.ibm.com/security/cryptocards/pciecc4/software> \"CCA Software Download Page\" ).\n\n## Workarounds and Mitigations\n\nFor local administrative purposes the Crypto Node Management (CNM) tool can be used instead of Crypto Hardware Initialization and Maintenance (CHIM) for most administrative tasks.\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T13:41:43", "type": "ibm", "title": "Security Bulletin: Crypto Hardware Initialization and Maintenance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-04-25T13:41:43", "id": "96004A5F0BCA499E57604F5222E28642F8BB3CC611C03BA8BD6830BAF6767297", "href": "https://www.ibm.com/support/pages/node/6574773", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:23", "description": "## Summary\n\nA vulnerability in Apache Log4j could result in remote code execution. This vulnerability may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift due to its use of the Strimzi operator. The below fix package includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus Container Backup and Restore for Kubernetes| 10.1.9.0-10.1.9.2 \nIBM Spectrum Protect Plus Container Backup and Restore for OpenShift| 10.1.9.0-10.1.9.2 \n \n## Remediation/Fixes\n\n**Note: The below fix package includes Log4j 2.17.1 Customers running 10.1.9.0, 10.1.9.1, or 10.1.9.2 will need to uninstall before installing 10.1.9.3. \n \n**\n\n**IBM Spectrum Protect \nPlus ****Affected Versions**| **Fixing \n****Level**| **Platform**| **Link to Fix and Instructions \n** \n---|---|---|--- \n10.1.9.0-10.1.9.2| 10.1.9.3| Linux| \n\n<https://www.ibm.com/support/pages/node/6487159>\n\nNote that customers running 10.1.9.0, 10.1.9.1, or 10.1.9.2 will need to uninstall before installing 10.1.9.3. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-31T19:08:45", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-31T19:08:45", "id": "5D979AFFDF974F2910D0CF8FD15D323A264B0745C0ACF5B78092630C5EB271CE", "href": "https://www.ibm.com/support/pages/node/6540860", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:38", "description": "## Summary\n\nA vulnerability in Apache Log4j could result in remote code execution. This vulnerability may affect the Help system in IBM Spectrum Copy Data Management . The below fix package includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Copy Data Management| 2.2.14.0-2.2.14.2 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing this vulnerability now by upgrading.\n\n**Note: The below fix package includes Log4j 2.17.1.**\n\n**IBM Spectrum Copy Data Management** \n**Affected Versions**| **Fixing** \n**Level**| **Platform**| **Link to Fix and Instructions \n** \n---|---|---|--- \n2.2.14.0-2.2.14.2| 2.2.14.3| Linux| <https://www.ibm.com/support/pages/node/6507419> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-24T20:02:49", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Copy Data Management (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-24T20:02:49", "id": "A8080DF589F1BFC2BF6B98ABD8B92D2C07AAE6F3E14977386069111BB800A09C", "href": "https://www.ibm.com/support/pages/node/6540862", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:45:49", "description": "## Summary\n\nIBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability in the Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) allowing a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| 1.3.3 \nIBM Operations Analytics Predictive Insights| 1.3.5 \nIBM Operations Analytics Predictive Insights| 1.3.6 \n \n\n\n## Remediation/Fixes\n\nPlease use the instructions and full details from the README that\u2019s in the IBM Operations Analytics Predictive Insights iFix6 tarball, and follow with the upgrade to IBM Operations Analytics Predictive Insight iFix6.\n\nThe IBM Operations Analytics Predictive Insights iFix6 tarball is available [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=All&platform=Linux+64-bit,x86_64&function=all> \"here\" ). \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-12T08:35:28", "type": "ibm", "title": "Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-10-12T08:35:28", "id": "F2719E2760E07B98F3971587EEE2002655F8B8F5281074DED92EF416C43F19C8", "href": "https://www.ibm.com/support/pages/node/6828737", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:41", "description": "## Summary\n\nA vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Archive Enterprise Edition includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j files. The below fix package includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nEnterprise Edition| 1.3.1.0 - 1.3.2.3 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing this vulnerability now by upgrading.**\n\n**Note: The fix includes Log4j v2.17.1**\n\nAffected Versions| Fixing Level| Platform \n---|---|--- \n1.3.1.0-1.3.2.3| 1.3.2.4 - [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tape%20drivers%20and%20software&product=ibm/Storage_Tape/LTFS+Enterprise+Edition+%28EE%29&release=All&platform=All&function=all> \"Fix Central\" )| Linux \n \nBased on current analysis and information, IBM Spectrum Archive Library Edition (LE) and Single Drive Edition (SDE) are not affected. \n\n## Workarounds and Mitigations\n\n**For Log4j in Elasticsearch and Logstash, which were previously redistributed by IBM Spectrum Archive Enterprise Edition, between version 1.3.0.0 to 1.3.2.1, IBM strongly recommends addressing the vulnerability now by executing the Workarounds and Mitigations in <https://www.ibm.com/support/pages/node/6527808>**\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-21T02:17:19", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Archive Enterprise Edition (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-21T02:17:19", "id": "6631C04F89A8D2ED4BC1256E62C3AB820EB5DE675CE6766AA9AFAB238EA92F40", "href": "https://www.ibm.com/support/pages/node/6549768", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:23", "description": "## Summary\n\nBased on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-44832. However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are used in the application. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3 \n \n\n\n## Remediation/Fixes\n\n**Affected JazzSM Version**| **Recommended Fix.** \n---|--- \nJazz for Service Management versions 1.1.3 - 1.1.3.6| \n\n1\\. Upgrade to any of the following: [1.1.3-TIV-JazzSM-multi-FP007, ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )[1.1.3-TIV-JazzSM-multi-FP008, ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )[1.1.3-TIV-JazzSM-multi-FP009, ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )[1.1.3-TIV-JazzSM-multi-FP010](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" ), [1.1.3-TIV-JazzSM-multi-FP011](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" ), [1.1.3-TIV-JazzSM-multi-FP012](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" ), [1.1.3-TIV-JazzSM-multi-FP013](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )\n\n2\\. Install [1.1.3.13-TIV-JazzSM-DASH-iFix-0003](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0003\" ) (This fix supersedes 1.1.3.13-TIV-JazzSM-DASH-iFix-0001) \n \nJazz for Service Management versions 1.1.3.7 - 1.1.3.13| \n\n1\\. Install [1.1.3.13-TIV-JazzSM-DASH-iFix-0003. ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0003\" )(This fix supersedes 1.1.3.13-TIV-JazzSM-DASH-iFix-0001,1.1.3.13-TIV-JazzSM-DASH-iFix-0002) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-10T05:47:43", "type": "ibm", "title": "Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-10T05:47:43", "id": "7CFF760ED43EACB85DD304FEF6EEAD9D89C48ADE6361641E84EF811056B6811F", "href": "https://www.ibm.com/support/pages/node/6539412", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:27", "description": "## Summary\n\nVulnerabilities in Apache Log4j affect the logging infrastructure in the Kafka Nodes in IBM App Connect Enterprise v11, v12 and IBM Integration Bus v10 and the logging infrastructure in the TADataCollector command line tool in IBM App Connect Enterprise v11, v12. IBM App Connect Enterprise V11, V12 and IBM Integration Bus v10 have addressed the applicable CVE. Given current information and analysis, IBM Integration Bus V9 is not affected\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM App Connect Enterprise V12.0.1.0 to V12.0.3.0\n\nIBM App Connect Enterprise V11.0.0.0 to V11.0.0.15.** (Note the mitigation described in Workarounds and Mitigations should also be applied to IBM App Connect Enterprise V11.0.0.16)**\n\n \nIBM Integration Bus V10.0.0.6 to V10.0.0.25\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability in the Kafka Nodes and TADataCollector command line tool now by applying the patches listed in this table and the work around if applicable.** **Fix and instruction information is available on Fix Central.** \nNote: This supersedes APARs IT39377 and IT39458\n\n**Product**\n\n| \n\n**VRMF**\n\n| **APAR**| \n\n**Remediation / Fix** \n \n---|---|---|--- \nIBM App Connect Enterprise V12 \n| V12.0.1.0 to V12.0.3.0| IT39515| \n\nInterim fix for APAR (IT39515) ) is available from\n\n[IBM Fix Central (distributed platforms)](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.3.0&platform=All&function=aparId&apars=IT39515> \"IBM Fix Central \$distributed platforms\$\" )\n\nInterim APAR fix for Windows is available from\n\n[12.0.3.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.3.0&platform=Windows+64-bit,+x86&function=aparId&apars=IT39515> \"12.0.3.0 IBM Fix Central\" )\n\n[12.0.2.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.2.0&platform=Windows+64-bit,+x86&function=aparId&apars=IT39515> \"12.0.2.0 IBM Fix Central\" )\n\n[12.0.1.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.1.0&platform=Windows+64-bit,+x86&function=aparId&apars=IT39515> \"12.0.1.0 IBM Fix Central\" ) \n \nIBM App Connect Enterprise V11| V11.0.0.0 to V11.0.0.15| IT39515| \n\nInterim fix for APAR (IT39515) is available for v11.0.0.10-11.0.0.15 from\n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=11.0.0.15&platform=All&function=aparId&apars=IT39515> \"IBM Fix Central\" ) \n \nIBM Integration Bus \n| V10.0.0.6 - V10.0.0.25| IT39515| \n\nInterim fix for APAR (IT39515) is available for 10.0.0.25 from\n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.25&platform=All&function=aparId&apars=IT39515> \"IBM Fix Central\" ) \n \n## Workarounds and Mitigations\n\n**In addition to the fix listed in the table above IBM also strongly recommends applying the remediation described below to the Integration Toolkit.** **Note this remediation should be applied to IBM App Connect Enterprise V11.0.0.0 to V11.0.0.16** \n \nDelete the following file: \n$MQSI_FILEPATH/tools/plugins/org.apache.log4j_<version>.v<datestamp>.jar \n \nWhere version is a 3 digit log4j version number and <datestamp> is the build date of the plugin. For example: \norg.apache.log4j_1.2.15.v201012070815.jar \n \nNote that after applying this remediation it is not possible to install new patterns in the pattern explorer or install new features / software using the eclipse \"Install Software or Update\" dialog boxes.\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-28T10:25:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus V10 (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-28T10:25:01", "id": "12D6D8D7F99A3B7D0C4D8EF9EACD0CBFC5BFAF207DEEAB323ECC16AD5DD105C4", "href": "https://www.ibm.com/support/pages/node/6538914", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:56:58", "description": "## Summary\n\nApache Log4j is used by IBM Sterling Connect:Direct for Microsoft Windows as part of its logging infrastructure. There are vulnerabilities in the Apache Log4j open source library versions used by IBM Sterling Connect:Direct for Microsoft Windows. Based on current information and analysis, IBM Sterling Connect:Direct for Microsoft Windows is not impacted by CVE-2021-44832. However, out of an abundance of caution, IBM Sterling Connect:Direct for Microsoft Windows has upgraded Log4j to 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 4.8.0.3 - 4.8.0.3_iFix041 \nIBM Sterling Connect Direct for Microsoft Windows| 6.0.0.3 - 6.0.0.4_iFix047 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.1.0.1 - 6.1.0.2_iFix035 \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.2_iFix012 \n \n \n\n\n## Remediation/Fixes\n\nIBM recommends addressing the possible vulnerability now by upgrading. \n\n**Affected Product(s)**| **Version(s)**| **APAR**| **Remediation / First Fix** \n---|---|---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| \n\n4.8\n\n| [IT39949](<https://www.ibm.com/support/pages/apar/IT39949> \"IT39949\" )| Apply [4.8.0.3_iFix042](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=4.8.0.3&platform=All&function=aparId&apars=IT39949> \"4.8.0.3_iFix042\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| \n\n6.0\n\n| [IT39949](<https://www.ibm.com/support/pages/apar/IT39949> \"IT39949\" )| Apply [6.0.0.4_iFix048](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.0.0.4&platform=All&function=aparId&apars=IT39949> \"6.0.0.4_iFix048\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| \n\n6.1\n\n| [IT39949](<https://www.ibm.com/support/pages/apar/IT39949> \"IT39949\" )| Apply [6.1.0.2_iFix036](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.1.0.2&platform=All&function=aparId&apars=IT39464> \"6.1.0.2_iFix036\" ), available on Fix Central \nIBM Sterling Connect:Direct for Microsoft Windows| \n\n6.2\n\n| [IT39949](<https://www.ibm.com/support/pages/apar/IT39949> \"IT39949\" )| Apply [6.2.0.2_iFix013](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.2.0.2&platform=All&function=aparId&apars=IT39949> \"6.2.0.2_iFix013\" ), available on Fix Central \n \nFor unsupported versions IBM recommends upgrading to a fixed, supported version of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-15T14:24:57", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows may be vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-02-15T14:24:57", "id": "1DC1593D1836D1525D6F440ACE74DA3A15D40CF4DB29276718503CD58BB74D54", "href": "https://www.ibm.com/support/pages/node/6556796", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:58", "description": "## Summary\n\nA vulnerability in Apache Log4j could result in remote code execution. This vulnerability may affect the Help system in IBM Spectrum Protect Operations Center. The below fix packages include Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Operations Center| 8.1.0.000-8.1.13.200 \n7.1.0.000-7.1.14.200 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing this vulnerability now by upgrading to the fixed level instead of using the manual process described under Workarounds and Mitigations section.**\n\n**Note: The below fix packages include Log4j 2.17.1**\n\n**_IBM Spectrum Protect Operations Center Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n \n8.1.0.000-8.1.13.200| \n8.1.13.300| AIX \nLinux \nWindows| \n<https://www.ibm.com/support/pages/node/6527288> \n \n7.1.0.000-7.1.14.200\n\n| 7.1.14.300| AIX \nLinux \nWindows| <https://www.ibm.com/support/pages/node/6527284> \n \n## Workarounds and Mitigations\n\n**Manual Procedure to Update the Help system**\n\nThe Help system shipped along with the Operations Center includes the affected log4j versions. To manually update the Help system: \n\n\n1\\. Download the following from Apache:\n\nApache Log4j 2 binary(zip) apache-log4j-2.17.1-bin.zip\n\n<https://logging.apache.org/log4j/2.0/download.html>\n\n2\\. Stop the Operations Center service (which also stops the Help system)\n\nAIX - /opt/tivoli/tsm/ui/utils/stopserver.sh\n\nLinux -\n\n8.1.9 and Lower (including v7) - service opscenter.rc stop\n\n8.1.10 and higher - systemctl stop opscenter.service\n\nWindows - From the Services window, stop the IBM Spectrum\u00ae Protect Operations Center service.\n\n3\\. Unzip the apache-log4j-2.17.1-bin.zip\n\n4\\. From the unzipped directory apache-log4j-2.17.1-bin copy the log4j2.17.1 jars and remove the earlier ones\n\n5\\. From\n\nAIX and Linux - /opt/tivoli/tsm/ui/Liberty/usr/servers/guiServer/apps/TSM_HELP.war/WEB-INF/lib/\n\nWindows - c:\\Program Files\\Tivoli\\TSM\\\\\\ui\\Liberty\\usr\\servers\\guiServer\\apps/TSM_HELP.war/WEB-INF/lib\\\n\nReplace:\n\nlog4j-api-2.x.x.jar\n\nlog4j-1.2-api-2.x.x.jar\n\nlog4j-core-2.x.x.jar\n\nlog4j-slf4j-impl-2.x.x.jar\n\nwith\n\nlog4j-api-2.17.1.jar\n\nlog4j-1.2-api-2.17.1.jar\n\nlog4j-core-2.17.1.jar\n\nlog4j-slf4j-impl-2.17.1.jar\n\n6\\. Restart OC service\n\nAIX - /opt/tivoli/tsm/ui/utils/startserver.sh\n\nLinux -\n\n8.1.9 and Lower (including v7) - service opscenter.rc start\n\n8.1.10 and higher - systemctl start opscenter.service\n\nWindows - From the Services window, start the IBM Spectrum\u00ae Protect Operations Center service.\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-14T14:34:35", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Operations Center (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-14T14:34:35", "id": "E3F560319C0EA06228FA2D0D5412CFFD95B8D0963A65CBAC4B6D424BA4B7B434", "href": "https://www.ibm.com/support/pages/node/6540560", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:11", "description": "## Summary\n\nIBM PowerVM Novalink, which consumes Apache Log4j, is subject to CVE-2021-44832, which allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code.. IBM strongly recommends addressing the vulnerability now by applying the fix below which provides upgrade to Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM PowerVM NovaLink| 1.0.0.16 \nIBM PowerVM NovaLink| 2.0.0.0 \nIBM PowerVM NovaLink| 2.0.1 \nIBM PowerVM NovaLink| 2.0.2 \nIBM PowerVM NovaLink| 2.0.2.1 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading based on the table below.**\n\n**Product**| **Version**| **Remediation** \n---|---|--- \nIBM PowerVM NovaLink| 1.0.0.16| [Update to pvm-novalink 1.0.0.16-220104 ](<https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_1.0.0.16_readme.html> \"Update to pvm-novalink 1.0.0.16-211212\" ) \nIBM PowerVM NovaLink| 2.0.0.0| [Update to pvm-novalink 2.0.1-220104](<https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_2.0.1_readme.html> \"Update to pvm-novalink 2.0.1-211212\" ) \nIBM PowerVM NovaLink| 2.0.1| [Update to pvm-novalink 2.0.1-220104 ](<https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_2.0.1_readme.html> \"Update to pvm-novalink 2.0.1-211212\" ) \nIBM PowerVM NovaLink| 2.0.2| [Update to pvm-novalink 2.0.2.1-220104](<https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_2.0.2.1_readme.html> \"Update to pvm-novalink 2.0.2.1-211212\" ) \nIBM PowerVM NovaLink| 2.0.2.1| [Update to pvm-novalink 2.0.2.1-220104](<https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_2.0.2.1_readme.html> \"Update to pvm-novalink 2.0.2.1-211212\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-12T07:04:55", "type": "ibm", "title": "Security Bulletin: IBM PowerVM Novalink is vulnerable to allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system due to Apache Log4j (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-12T07:04:55", "id": "1FEF4B25F870CF814735A38118457F007D958810ADCF7C8C553468619FF1337F", "href": "https://www.ibm.com/support/pages/node/6540228", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:56:07", "description": "## Summary\n\nApache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSterling Connect Direct Web Services| 1.0 \nIBM Sterling Connect:Direct Web Services| 6.1.0 \nIBM Sterling Connect:Direct Web Services| 6.2.0 \nIBM Connect:Direct Web Services| 6.0 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **Remediation \n** \n---|---|--- \nSterling Connect Direct Web Services| 1.0| Apply 6.0.0.7, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Connect:Direct Web Services| 6.0| Apply 6.0.0.7, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Connect:Direct Web Services| 6.1| Apply 6.1.0.10, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Connect:Direct Web Services| 6.2| Apply 6.2.0.4, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-01T19:16:11", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to remote attacker due to Apache Log4j (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-03-01T19:16:11", "id": "92C22BB80F005566A9B6BC13CEB85433025D25B49B4109FF79DFC90B8A2B7A4A", "href": "https://www.ibm.com/support/pages/node/6560418", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:46", "description": "## Summary\n\nIBM Cloud Pak for Multicloud Management has applied security fixes for its use of Log4j for CVE-2021-44832. Log4j is used by various microservices either directly or indirectly through dependent open source software for logging messages to files. The fix includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| Before 2.3 Fixpack 4 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Cloud Pak for Multicloud Management 2.3 Fix Pack 4 by following the instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade>. \n\n## Workarounds and Mitigations\n\nIBM recommends clients should configure their firewalls to block unauthorized outbound connections to mitigate against this and similar vulnerabilities.\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T13:57:17", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerability affects IBM Cloud Pak for Multicloud Management (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-18T13:57:17", "id": "57C8014122573615025590EC2ECB0090790833D51A381D781A55C4F43EDA278D", "href": "https://www.ibm.com/support/pages/node/6541478", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:15", "description": "## Summary\n\nA vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is not used by IBM Spectrum Protect Snapshot on Wiindows. The below fix package includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Snapshot for Windows (formerly IBM Tivoli Storage FlashCopy Manager for Windows)| 8.1.11.0-8.1.13.2 \nIBM Tivoli Storage FlashCopy Manager for Windows| \n\n4.1.6.10-4.1.6.x \n \nNote: IBM Spectrum Protect Snapshot for Windows packages the IBM Spectrum Protect Backup-Archive client which installs the affected Log4j files but these files are not used. \n\n## Remediation/Fixes\n\nIBM strongly recommends addressing this vulnerability now by upgrading.\n\n**Note: The below fix packages include Log4j 2.17.1.**\n\n**IBM Spectrum Protect** \n**Snapshot for Windows Affected Versions**| **Fixing** \n**Level**| **Platform**| **Link to Fix and Instructions \n** \n---|---|---|--- \n8.1.11.0-8.1.13.2| 8.1.13.3| Windows| <https://www.ibm.com/support/pages/node/6540262> \n4.1.6.10-4.1.6.x| Client Fixing Level is 7.1.8.15| Windows| \n\nApply the IBM Spectrum Protect Client 7.1.8.15 fix using this link \n<https://www.ibm.com/support/pages/node/316619> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T11:37:31", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Snapshot on Windows (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-02-01T11:37:31", "id": "7061882A844BC1B159CD9483EEA32DBAF5175CB9800976F7DD1F381723E88538", "href": "https://www.ibm.com/support/pages/node/6540676", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:07:04", "description": "## Summary\n\nIBM Maximo For Civil infrastructure is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring Boot 2.6.6 that depends on Spring Framework 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Maximo for Civil Infrastructure| 7.6.2.1, 7.6.3, 7.6.3.1 \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [IBM Maximo for Civil Infrastructure V7.6.3.2 Fix Pack](<https://www.ibm.com/support/pages/node/6569525> \"IBM Maximo for Civil Infrastructure V7.6.3.2 Fix Pack\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T15:15:01", "type": "ibm", "title": "Security Bulletin: IBM Maximo For Civil infrastructure is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-11T15:15:01", "id": "22F3632F9800C8C7D12EDA0C85AC627F2AABCAA068D310065EEF12F9F4A345C4", "href": "https://www.ibm.com/support/pages/node/6570913", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:55:42", "description": "## Summary\n\nIBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]. To be vulnerable a product must meet all of the following criterias: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Cloud connector service if enabled will use only the spring, as in a client to make only the REST calls with IBM Cloud Mangement Console. The fix includes Spring 5.3.18. IBM Case Manager doesn't meet all of the criterias and, therefore, is not vulnerable.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3CD \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the affected versions by applying the appropriate interim fix or upgrading.**\n\nAffected Product(s)| Version(s)| Remediation / Fix \n---|---|--- \nIBM Case Manager| V5.3.0 - V5.3.3| Apply IBM Case Manager interim fix for [DT143005](<https://www.ibm.com/mysupport/aCI3p000000Xio5> \"DT143005\" ) or upgrade to IBM Business Automation Workflow 22.0.1 or later. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-01T00:45:52", "type": "ibm", "title": "Security Bulletin: IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-10-01T00:45:52", "id": "B547E4473646186969A14DFF0C2EB7D3D14D2E03EBA009074D6083D7482CB50F", "href": "https://www.ibm.com/support/pages/node/6825845", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:49", "description": "## Summary\n\nIBM InfoSphere Information Server is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used in our Rest apis, application deployment inside containers. The fix includes Spring 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server, \nInformation Server on Cloud| 11.7 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [JR64760](<http://www.ibm.com/support/docview.wss?uid=swg1JR64760> \"JR64760\" )| \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.3](<https://www.ibm.com/support/pages/node/6498109> \"11.7.1.3\" ) \n\\--Apply Information Server [11.7.1.3 Service pack 4](<https://www.ibm.com/support/pages/node/6568469> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T23:09:44", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-27T23:09:44", "id": "55BD84BAE8C7A14BA43B1D5F808B6528E4FBEF810015A85F798847837C477C2F", "href": "https://www.ibm.com/support/pages/node/6575577", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:36", "description": "## Summary\n\nIBM Watson Assistant for IBM Cloud Pak for Data is affected but not vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring Framework is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its developement infrastructure. The fix includes Spring version 5.3.18, 5.2.20 or later.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Assistant for IBM Cloud Pack for Data| 1.5.0, 4.0.0. 4.0.2, 4.0.4, 4.0.5, 4.0.6, 4.0.7 \n \n\n\n## Remediation/Fixes\n\nFor all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.0.8) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above. \n\n**Product Latest Version**| **Remediation/Fix/Instructions** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.0.8| \n\nFollow instructions for Installing Watson Assistant in Link to Release (v4.0.8 release information)\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=assistant-installing-watson> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-05T07:36:23", "type": "ibm", "title": "Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-05T07:36:23", "id": "DD71E3BE311976CFF7FE89F0916C7047300E0A1E779B1D8D85CA991081F0FBC3", "href": "https://www.ibm.com/support/pages/node/6581969", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:02:46", "description": "## Summary\n\nIBM Tivoli Netcool Impact is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965).Spring is shipped as part of ActiveMQ package but is not used by the product. The fix removes Spring from the product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact| 7.1.0 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading: \n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| 7.1.0.26| IJ39753| Upgrade to [IBM Tivoli Netcool Impact 7.1.0 FP26](<https://www.ibm.com/support/pages/node/6587919> \"IBM Tivoli Netcool Impact 7.1.0 FP26\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-05T14:00:50", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool Impact is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-07-05T14:00:50", "id": "73A0E3B8972417A5C5268EE0E3803B9B8C2E0463C9659C6C828573AC1D00D1AB", "href": "https://www.ibm.com/support/pages/node/6601301", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:22", "description": "## Summary\n\nHMC is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Cloud connector service if enabled will use only the spring, as in a client to make only the REST calls with IBM Cloud Mangement Console. The fix includes Spring 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nHMC V10.1.1010.0| V10.1.1010.0 and later \nHMC V9.2.950.0| V9.2.950.0 and later \n \n\n\n## Remediation/Fixes\n\nThe following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV9.2.952.0 ppc\n\n| \n\nMB04331\n\n| \n\n[MH01925](<https://www.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMCppc&release=V9R2&platform=All> \"MH01913\" ) \n \nPower HMC\n\n| \n\nV9.2.952.0 x86\n\n| \n\nMB04330\n\n| \n\n[MH01924](<https://www.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V9R2&platform=All> \"MH01912\" ) \n \nPower HMC\n\n| \n\nV10.1.1010.0 ppc\n\n| \n\nMB04335\n\n| \n\n[MF69724](<https://www.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMCppc&release=V10R1&platform=All> \"\" ) \n \nPower HMC\n\n| \n\nV10.1.1010.0 x86\n\n| \n\nMB04334\n\n| \n\n[MF69722](<https://www.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~vHMC&release=V10R1&platform=All> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-01T07:22:34", "type": "ibm", "title": "Security Bulletin: HMC is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-06-01T07:22:34", "id": "3AAC421D0DF5831B3220FCCBA6EA78CC01A191BC68D1B4BF16F97C53C8358B64", "href": "https://www.ibm.com/support/pages/node/6591147", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:23", "description": "## Summary\n\nIBM Security SOAR is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Access to the Spring Framework is through internal, trusted APIs only. The fix includes Spring version 5.2.20.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n**DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM\u00ae Security SOAR | \n\nIBM Security SOAR versions 26 - 44.1 \n \n## Remediation/Fixes\n\nIBM encourages customers to promptly update their systems.\n\nUsers must upgrade to v44.2.0 or higher of IBM SOAR in order to obtain a fix for this vulnerability. You can upgrade the platform and apply the security updates by following the instructions in the \"**Upgrade Procedure**\" section in the [IBM Documentation](<https://www.ibm.com/docs/en/rsoa-and-rp/42?topic=guide-upgrading-platform> \"IBM Documentation\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-01T00:13:20", "type": "ibm", "title": "Security Bulletin: IBM Security SOAR is affected but not classified as vulnerable to remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-06-01T00:13:20", "id": "2F810DF5129E61B7AECC07F3698A4E88FEDD4A1E7CA3A999FA93E04C4733C72C", "href": "https://www.ibm.com/support/pages/node/6571299", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:04:29", "description": "## Summary\n\nIBM Common Licensing is affected but not classified as vulnerable to a remote code execution in Spring Framework (220575, CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. In IBM Common Licensing Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 and is Spring- webmvc dependent. The fix includes Spring 5.3.19.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** IBM X-Force ID: **220575 \n** DESCRIPTION: **Spring Framework could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the SerializableTypeWrapper class. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220575 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220575>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Common Licensing| ART 8.1.6 \nIBM Common Licensing| ART 9.0 \nIBM Common Licensing| Agent 9.0 \n \n\n\n## Remediation/Fixes\n\nThe 220575,CVE-2022-22965 flaw lies in Spring Framework. Spring has provided update fixes (Spring Framework 5.2.20 & 5.3.18+). The advisory cautions that the vulnerability is \"general, and there may be other ways to exploit it.\" \nIBM strongly recommends addressing the Spring framework vulnerability now by applying the suggested fix that uses Spring Framework 5.3.19. \n\n \nApply the ART and Agent ifix from fix central :\n\n[IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Common+Licensing&fixids=IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1&source=SAR> \"IBM_LKS_Administration_And_Reporting_Tool_And_Agent_90_Spring_ART_LDAP_iFix_1\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-30T08:57:45", "type": "ibm", "title": "Security Bulletin:IBM Common Licensing is affected but not classified as vulnerable by a remote code execution in Spring Framework (220575,CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-30T08:57:45", "id": "81F73DF562970E5239B639CE59B471B9D34E39C4A5BDD496165656D76C34B09B", "href": "https://www.ibm.com/support/pages/node/6590823", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:05:34", "description": "## Summary\n\nIBM API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it meets all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. This Spring vulnerability only exists, if clients installed the optional API Connect V10 Application Test and Monitor function. The fix includes Spring-boot 2.6.6, Spring-core 5.3.18 and Spring-framework 5.3.18.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-22965](<https://vulners.com/cve/CVE-2022-22965>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAPI Connect| API Connect V10.0.0.0 - V10.0.1.1 \n---|--- \n| \n| \n \n\n\n## Remediation/Fixes\n\nAffected Product| Addressed in VRMF| APAR| Remediation/First Fix \n---|---|---|--- \n \nIBM API Connect \n\nV10.0.0.0-V10.0.1.1\n\n| 10.0.1.**<X>**| | Please see links to various resources for a quick ref. \n\n10.0.1.6-ifix1 \nRelease Announce notes: <https://www.ibm.com/support/pages/node/6571315> \nIBM Docs: <https://www.ibm.com/docs/en/api-connect/10.0.1.x?topic=aco-whats-new-in-latest-release-version-10016-ifix1-eus> \nFix Central: [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=10.0.1.6&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=10.0.1.6&platform=All&function=all>)\n\n10.0.4.0-ifix3 \nRelease Announce notes: <https://www.ibm.com/support/pages/node/6571313> \nIBM Docs: <https://www.ibm.com/docs/en/api-connect/10.0.x?topic=aco-whats-new-in-latest-release-version-10040-ifix3> \nFix Central: [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=10.0.4.0&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=10.0.4.0&platform=All&function=all>) (Filter fix details: 10.0.4.0-ifix3 ) \n \n| | | \n| | | \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-05T16:59:52", "type": "ibm", "title": "Security Bulletin: API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-05T16:59:52", "id": "F243281320AFD7E2710EDC7B3D2DE73901C6546A063CD6DB1074893EA50F7F8E", "href": "https://www.ibm.com/support/pages/node/6583065", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-07-27T20:31:01", "description": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older\nunsupported versions, the patterns for disallowedFields on a DataBinder are\ncase sensitive which means a field is not effectively protected unless it\nis listed with both upper and lower case for the first character of the\nfield, including upper and lower case for the first character of all nested\nfields within the property path.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-14T00:00:00", "type": "ubuntucve", "title": "CVE-2022-22968", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22968"], "modified": "2022-04-14T00:00:00", "id": "UB:CVE-2022-22968", "href": "https://ubuntu.com/security/CVE-2022-22968", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-07-27T22:42:17", "description": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5,\n10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a\nmemory leak. The object introduced to collect metrics for HTTP upgrade\nconnections was not released for WebSocket connections once the connection\nwas closed. This created a memory leak that, over time, could lead to a\ndenial of service via an OutOfMemoryError.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-14T00:00:00", "type": "ubuntucve", "title": "CVE-2021-42340", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-10-14T00:00:00", "id": "UB:CVE-2021-42340", "href": "https://ubuntu.com/security/CVE-2021-42340", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-08T15:56:11", "description": "jQuery-UI is the official jQuery user interface library. Prior to version\n1.13.0, accepting the value of the `of` option of the `.position()` util\nfrom untrusted sources may execute untrusted code. The issue is fixed in\njQuery UI 1.13.0. Any string value passed to the `of` option is now treated\nas a CSS selector. A workaround is to not accept the value of the `of`\noption from untrusted sources.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-10-26T00:00:00", "type": "ubuntucve", "title": "CVE-2021-41184", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41184"], "modified": "2021-10-26T00:00:00", "id": "UB:CVE-2021-41184", "href": "https://ubuntu.com/security/CVE-2021-41184", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-29T13:41:43", "description": "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a\nconfiguration parameter where the values to be inserted are converters from\nPatternLayout. The message converter, %m, is likely to always be included.\nThis allows attackers to manipulate the SQL by entering crafted strings\ninto input fields or headers of an application that are logged allowing\nunintended SQL queries to be executed. Note this issue only affects Log4j\n1.x when specifically configured to use the JDBCAppender, which is not the\ndefault. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced\nwith proper support for parameterized SQL queries and further customization\nover the columns written to in logs. Apache Log4j 1.2 reached end of life\nin August 2015. Users should upgrade to Log4j 2 as it addresses numerous\nother issues from the previous versions.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T00:00:00", "type": "ubuntucve", "title": "CVE-2022-23305", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-01-18T00:00:00", "id": "UB:CVE-2022-23305", "href": "https://ubuntu.com/security/CVE-2022-23305", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-29T13:43:00", "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix\nreleases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE)\nattack when a configuration uses a JDBC Appender with a JNDI LDAP data\nsource URI when an attacker has control of the target LDAP server. This\nissue is fixed by limiting JNDI data source names to the java protocol in\nLog4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-28T00:00:00", "type": "ubuntucve", "title": "CVE-2021-44832", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2021-12-28T00:00:00", "id": "UB:CVE-2021-44832", "href": "https://ubuntu.com/security/CVE-2021-44832", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-07-27T20:40:04", "description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be\nvulnerable to remote code execution (RCE) via data binding. The specific\nexploit requires the application to run on Tomcat as a WAR deployment. If\nthe application is deployed as a Spring Boot executable jar, i.e. the\ndefault, it is not vulnerable to the exploit. However, the nature of the\nvulnerability is more general, and there may be other ways to exploit it.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2022-22965", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-01T00:00:00", "id": "UB:CVE-2022-22965", "href": "https://ubuntu.com/security/CVE-2022-22965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2023-06-14T15:47:38", "description": "# spring-rce-poc\nTesting CVE-2022-22968 \nSimple app vulnerable ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-05-12T18:25:18", "type": "githubexploit", "title": "Exploit for Improper Handling of Case Sensitivity in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22968"], "modified": "2022-12-12T04:39:34", "id": "7B3BB597-E614-57D3-8CDF-2091D33EB709", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "privateArea": 1}, {"lastseen": "2023-07-25T18:25:09", "description": "# CVE-2022-23305 Log4j JDBCAppender sql injection POC\n\nThis is a...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-07-24T18:52:15", "type": "githubexploit", "title": "Exploit for SQL Injection in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2023-07-25T11:23:32", "id": "7EBB252B-ED12-585F-86E9-BE348721984E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:34:19", "description": "# Log4j 2.17.0 RCE -- CVE-2021-44832\n\n## \u590d\u73b0\n\n1. \u542f\u52a8\u6076\u610fjndi server\n...", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-29T07:50:05", "type": "githubexploit", "title": "Exploit for Improper Input Validation in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-02-11T09:28:41", "id": "9529CA86-8F3A-503D-9D02-94AC19D0CDD4", "href": "", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-02-10T00:00:00", "description": "# CVE-2021-44832\nCVE-2021-44832 is not really a vulnerability.\n\n...", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-30T20:24:07", "type": "githubexploit", "title": "Exploit for Improper Input Validation in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-01T14:18:33", "id": "66903BCE-DCE3-5FB9-B078-75CC2AD46662", "href": "", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-15T14:03:11", "description": "# Log4j Scanner\n\nDiscover Log4Shell vulnerability [CVE-2021-4483...", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-29T08:22:41", "type": "githubexploit", "title": "Exploit for Improper Input Validation in Apache Log4J", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2023-09-15T13:40:43", "id": "02390955-9697-5950-8297-164CBB7695F0", "href": "", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:23", "description": "# spring-rec-demo\n\nThe demo code showing the recent Spring4Shell...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-06T04:17:51", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-26T19:31:44", "id": "69C8078C-1B8D-5B51-8951-4342A675A93D", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:53:41", "description": "# spring-core-rce \nspring core rce \u7b80\u5355\u5229\u7528 \n\nwar\u53ef\u4ee5\u4f7f\u7528 \nhttps://gi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T13:02:18", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:31", "id": "81DFF6A6-4518-543A-B06C-E7A6466ACB88", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-20T05:19:51", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-19T23:16:40", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-05-21T06:41:10", "id": "91C0D03D-8468-59A7-B3B7-F6B118A62FFB", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-21T09:11:44", "description": "# CVE-2022-22965-rexbb\nspringboot core \u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0cCVE-2022-22965\u6f0f\u6d1e\u5229\u7528...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-28T04:50:16", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-20T23:21:07", "id": "5D705C67-17AA-5E5C-A72D-A1ED6F4DEDA7", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:14:41", "description": "# Spring Boot CVE-2022-22965\nDocker PoC for CVE-2022-22965 with ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-28T14:34:51", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-11-29T04:29:29", "id": "AE9F0F3B-00DE-5B73-87A1-BA592FA6E616", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T14:50:56", "description": "# Spring RCE CVE-2022-22965\n\n### \u6f0f\u6d1e\u73af\u5883\n\n\u73af\u5883\u4fe1\u606f\n* springboot\n* jdk11...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-07T09:02:50", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-06-08T03:38:35", "id": "7D29AFE9-2E1C-597D-80A3-49E03F52D903", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T01:56:20", "description": "## CVE-2022-22965: Spring-Core-Rce \n\n## EXP\n\n\u7279\u6027:\n\n1. \u6f0f\u6d1e\u63a2\u6d4b(\u4e0d\u5199\u5165 we...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-30T14:35:00", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2023-09-16T21:52:29", "id": "9762BA59-813F-50C2-94CB-842DFAE750D5", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:56:00", "description": "# spring-framework-rce\nCVE-2022-22965\n\n## \u73af\u5883\u9700\u6c42\n\n1. tomcat8 <=8.5...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T13:46:55", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-02T12:40:55", "id": "38D4A58E-3B24-5D5E-AE07-5568C6A571C4", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:55:37", "description": "<h1 align=\"center\">\n <br>\n spring4shell_victim\n <br>\n <br>...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-04T13:35:56", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-11-09T18:15:40", "id": "21FA1164-A4AD-57B4-8CFE-6B9B5EE9D199", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-14T15:56:40", "description": "# CVE-2022-22965\n\nCVE-2022-22965 Enviro...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T12:18:29", "type": "githubexploit", "title": "Exploit for Code Injection in Vmware Spring Framework", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-02T02:08:46", "id": "36B8C1D8-41AC-5238-B870-2254AE996A4C", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "redhat": [{"lastseen": "2023-06-14T14:52:24", "description": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.7.2.SP1 serves as a replacement for Red Hat support for Spring Boot 2.7.2, and includes security, bug fixes, and enhancements. For more information, see the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* tomcat: local privilege escalation vulnerability (CVE-2022-23181)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-06T14:37:05", "type": "redhat", "title": "(RHSA-2023:0272) Moderate: Red Hat support for Spring Boot 2.7.2.SP1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23181"], "modified": "2023-02-06T14:37:27", "id": "RHSA-2023:0272", "href": "https://access.redhat.com/errata/RHSA-2023:0272", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-27T10:23:09", "description": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.6.7 serves as a replacement for Red Hat AMQ Streams 1.6.6, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\n* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-08T12:43:39", "type": "redhat", "title": "(RHSA-2022:0467) Important: Red Hat AMQ Streams 1.6.7 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4178", "CVE-2021-44832", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-02-08T12:44:29", "id": "RHSA-2022:0467", "href": "https://access.redhat.com/errata/RHSA-2022:0467", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-25T12:20:40", "description": "Openshift Logging Bug Fix Release (5.0.12)\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T21:04:07", "type": "redhat", "title": "(RHSA-2022:0225) Moderate: Red Hat OpenShift Enterprise Logging bug fix and security update (5.0.12)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-20T21:04:20", "id": "RHSA-2022:0225", "href": "https://access.redhat.com/errata/RHSA-2022:0225", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.8.6 serves as a replacement for Red Hat AMQ Broker 7.8.5, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T09:45:11", "type": "redhat", "title": "(RHSA-2022:1626) Low: Red Hat AMQ Broker 7.8.6 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-27T09:45:24", "id": "RHSA-2022:1626", "href": "https://access.redhat.com/errata/RHSA-2022:1626", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.9.4 serves as a replacement for Red Hat AMQ Broker 7.9.3, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-27T09:45:16", "type": "redhat", "title": "(RHSA-2022:1627) Low: Red Hat AMQ Broker 7.9.4 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22965"], "modified": "2022-04-27T09:45:46", "id": "RHSA-2022:1627", "href": "https://access.redhat.com/errata/RHSA-2022:1627", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-06-14T14:38:00", "description": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-14T21:15:00", "type": "debiancve", "title": "CVE-2022-22968", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22968"], "modified": "2022-04-14T21:15:00", "id": "DEBIANCVE:CVE-2022-22968", "href": "https://security-tracker.debian.org/tracker/CVE-2022-22968", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-24T10:12:33", "description": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-14T20:15:00", "type": "debiancve", "title": "CVE-2021-42340", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-10-14T20:15:00", "id": "DEBIANCVE:CVE-2021-42340", "href": "https://security-tracker.debian.org/tracker/CVE-2021-42340", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-08T00:22:10", "description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-10-26T15:15:00", "type": "debiancve", "title": "CVE-2021-41184", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41184"], "modified": "2021-10-26T15:15:00", "id": "DEBIANCVE:CVE-2021-41184", "href": "https://security-tracker.debian.org/tracker/CVE-2021-41184", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-14T14:34:29", "description": "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T16:15:00", "type": "debiancve", "title": "CVE-2022-23305", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-01-18T16:15:00", "id": "DEBIANCVE:CVE-2022-23305", "href": "https://security-tracker.debian.org/tracker/CVE-2022-23305", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-24T10:08:12", "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-28T20:15:00", "type": "debiancve", "title": "CVE-2021-44832", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2021-12-28T20:15:00", "id": "DEBIANCVE:CVE-2021-44832", "href": "https://security-tracker.debian.org/tracker/CVE-2021-44832", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2023-04-11T01:43:33", "description": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-15T18:51:34", "type": "osv", "title": "Missing Release of Resource after Effective Lifetime in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2023-04-11T01:43:31", "id": "OSV:GHSA-WPH7-X527-W3H5", "href": "https://osv.dev/vulnerability/GHSA-wph7-x527-w3h5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-04T21:56:26", "description": "### Impact\nAccepting the value of the `of` option of the [`.position()`](https://api.jqueryui.com/position/) util from untrusted sources may execute untrusted code. For example, invoking the following code:\n```js\n$( \"#element\" ).position( {\n\tmy: \"left top\",\n\tat: \"right bottom\",\n\tof: \"<img onerror='doEvilThing()' src='/404' />\",\n\tcollision: \"none\"\n} );\n```\nwill call the `doEvilThing()` function.\n\n### Patches\nThe issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector.\n\n### Workarounds\nA workaround is to not accept the value of the `of` option from untrusted sources.\n\n### For more information\nIf you have any questions or comments about this advisory, search for a relevant issue in [the jQuery UI repo](https://github.com/jquery/jquery-ui/issues). If you don't find an answer, open a new issue.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-10-26T14:55:12", "type": "osv", "title": "XSS in the `of` option of the `.position()` util in jquery-ui", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41184"], "modified": "2022-10-04T21:36:19", "id": "OSV:GHSA-GPQQ-952Q-5327", "href": "https://osv.dev/vulnerability/GHSA-gpqq-952q-5327", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-04-11T01:46:49", "description": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. Versions 5.3.19 and 5.2.21 contain a patch for this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-15T00:00:32", "type": "osv", "title": "Improper handling of case sensitivity in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22968"], "modified": "2023-04-11T01:46:44", "id": "OSV:GHSA-G5MM-VMX4-3RG7", "href": "https://osv.dev/vulnerability/GHSA-g5mm-vmx4-3rg7", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-04-11T01:40:11", "description": "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-21T23:26:47", "type": "osv", "title": "SQL Injection in Log4j 1.2.x", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2023-04-11T01:40:07", "id": "OSV:GHSA-65FG-84F6-3JQ3", "href": "https://osv.dev/vulnerability/GHSA-65fg-84f6-3jq3", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:37:39", "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n\n\n# Affected packages\nOnly the `org.apache.logging.log4j:log4j-core` package is directly affected by this vulnerability. The `org.apache.logging.log4j:log4j-api` should be kept at the same version as the `org.apache.logging.log4j:log4j-core` package to ensure compatability if in use.\n\nThis issue does not impact default configurations of Log4j2 and requires an attacker to have control over the Log4j2 configuration, which reduces the likelihood of being exploited.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-04T16:14:20", "type": "osv", "title": "Improper Input Validation and Injection in Apache Log4j2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2023-04-11T01:37:36", "id": "OSV:GHSA-8489-44MV-GGJ8", "href": "https://osv.dev/vulnerability/GHSA-8489-44mv-ggj8", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2022-08-21T12:51:05", "description": "tomcat-websocket is vulnerable to denial of service (DoS) attacks. An out of memory (OOM) occurs as the internal upgrade handler doesn't close the associated web connection on destroy causing an application crash. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-15T08:23:36", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2022-07-25T21:04:31", "id": "VERACODE:32501", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32501/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T06:30:44", "description": "tomcat-catalina is vulnerable to time of check to time of use. The vulnerability exists in `file` function of `FileStore.java` which allows an attacker to perform unauthenticated actions causing a race condition.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-28T04:38:08", "type": "veracode", "title": "Time Of Check To Time Of Use (TOCTOU)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23181"], "modified": "2022-11-07T20:40:17", "id": "VERACODE:33938", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33938/summary", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T06:17:20", "description": "spring-context is vulnerable to binding rules bypass. The vulnerability exists due to lack of sanitization of HTTP request parameters which allows an attacker to bypass the `disallowedFields` and bind malicious HTTP request parameters. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-14T13:40:29", "type": "veracode", "title": "Binding Rules Bypass", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22968"], "modified": "2022-11-14T05:30:37", "id": "VERACODE:35109", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-35109/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-10-25T13:07:19", "description": "jQuery-UI is vulnerable to cross-site scripting. The value of 'of' option of the '.position()' in 'position.js' is not properly encoded, which allows a malicious attacker to inject and execute arbitrary Javascript.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-10-27T05:33:22", "type": "veracode", "title": "Cross-site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41184"], "modified": "2022-10-24T16:15:19", "id": "VERACODE:32740", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32740/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-04-18T06:04:40", "description": "JDBCAppender in Log4j is vulnerable to SQL injection attacks. An attacker is able to execute arbitrary SQL commands via entering crafted strings into input fields and headers where the values to be inserted are converters from `PatternLayout`\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-19T12:47:45", "type": "veracode", "title": "SQL Injection", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2023-02-24T17:56:51", "id": "VERACODE:33766", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33766/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-13T00:41:11", "description": "log4j-core is vulnerable to remote code execution. Lack of limiting JNDI access to data source names allows an attacker with privilege to modify logging configuration to send malicious configuration via JDBC Appender with a data source referencing a JNDI URI.\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-29T01:02:12", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-08-09T06:22:24", "id": "VERACODE:33476", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33476/summary", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "photon": [{"lastseen": "2023-09-27T19:42:55", "description": "Updates of ['apache-tomcat'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0416", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-11-29T00:00:00", "id": "PHSA-2021-0416", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-416", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-24T12:12:35", "description": "Updates of ['apache-tomcat'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-24T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0452", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-11-24T00:00:00", "id": "PHSA-2021-0452", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-452", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "kaspersky": [{"lastseen": "2023-06-14T15:27:12", "description": "### *Detect date*:\n01/20/2022\n\n### *Severity*:\nWarning\n\n### *Description*:\nPrivilege escalation vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to gain privileges.\n\n### *Affected products*:\nApache Tomcat 10.0.x earlier than 10.0.16 \nApache Tomcat 9.x earlier than 9.0.58 \nApache Tomcat 8.5.x earlier than 8.5.75\n\n### *Solution*:\nUpdate to the latest version \n[Tomcat 8.5 Software Downloads](<https://tomcat.apache.org/download-80.cgi>) \n[Tomcat 9 Software Downloads](<https://tomcat.apache.org/download-90.cgi>) \n[Tomcat 10.0 Software Downloads](<https://tomcat.apache.org/download-10.cgi>)\n\n### *Original advisories*:\n[Apache Tomcat 8.5.x vulnerabilities](<https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.75>) \n[Apache Tomcat 9.x vulnerabilities](<https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.58>) \n[Apache Tomcat 10.0.x vulnerabilities](<https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.16>) \n\n\n### *Impacts*:\nPE \n\n### *Related products*:\n[Apache Tomcat](<https://threats.kaspersky.com/en/product/Apache-Tomcat/>)\n\n### *CVE-IDS*:\n[CVE-2022-23181](<https://vulners.com/cve/CVE-2022-23181>)5.0Critical", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T00:00:00", "type": "kaspersky", "title": "KLA12436 PE vulnerability in Apache Tomcat", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23181"], "modified": "2022-01-28T00:00:00", "id": "KLA12436", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12436/", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-08-15T15:52:19", "description": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-14T21:15:00", "type": "prion", "title": "CVE-2022-22968", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22968"], "modified": "2022-10-19T15:15:00", "id": "PRION:CVE-2022-22968", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22968", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-08-16T07:42:25", "description": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-14T20:15:00", "type": "prion", "title": "DoS via memory leak with WebSocket connections", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2022-10-27T01:09:00", "id": "PRION:CVE-2021-42340", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-42340", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T07:17:14", "description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-10-26T15:15:00", "type": "prion", "title": "CVE-2021-41184", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41184"], "modified": "2023-08-11T14:47:00", "id": "PRION:CVE-2021-41184", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-41184", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-08-15T15:55:10", "description": "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T16:15:00", "type": "prion", "title": "SQL injection in JDBC Appender in Apache Log4j V1", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2023-02-24T15:30:00", "id": "PRION:CVE-2022-23305", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-23305", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T08:12:23", "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-28T20:15:00", "type": "prion", "title": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-08-09T01:24:00", "id": "PRION:CVE-2021-44832", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-44832", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2023-09-01T00:02:46", "description": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-14T08:54:00", "type": "redhatcve", "title": "CVE-2022-22968", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22968"], "modified": "2023-08-30T23:42:49", "id": "RH:CVE-2022-22968", "href": "https://access.redhat.com/security/cve/cve-2022-22968", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-01T01:12:38", "description": "A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from this vulnerability is to system availability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-15T02:51:28", "type": "redhatcve", "title": "CVE-2021-42340", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2023-08-31T16:12:11", "id": "RH:CVE-2021-42340", "href": "https://access.redhat.com/security/cve/cve-2021-42340", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-08T00:51:35", "description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-11-01T17:41:18", "type": "redhatcve", "title": "CVE-2021-41184", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41184"], "modified": "2023-04-06T08:31:09", "id": "RH:CVE-2021-41184", "href": "https://access.redhat.com/security/cve/cve-2021-41184", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-01T00:44:01", "description": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.\n#### Mitigation\n\nThese are the possible mitigations for this flaw for releases version 1.x: \n\n\n\\- Comment out or remove JDBCAppender in the Log4j configuration if it is used \n\\- Remove the JDBCAppender class from the server's jar files. For example: \n\n \n \n zip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class \n \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T16:16:17", "type": "redhatcve", "title": "CVE-2022-23305", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2023-08-31T16:16:45", "id": "RH:CVE-2022-23305", "href": "https://access.redhat.com/security/cve/cve-2022-23305", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cnvd": [{"lastseen": "2022-11-05T09:21:57", "description": "Apache Tomcat is a lightweight Web application server from the Apache Foundation (USA). The program implements support for Servlet and JavaServer Page (JSP).A security vulnerability exists in Apache Tomcat, which stems from a web system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations being performed to other memory locations associated with it. An attacker could use this vulnerability to cause a buffer overflow or heap overflow, among other things.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-18T00:00:00", "type": "cnvd", "title": "Apache Tomcat Resource Management Error Vulnerability (CNVD-2021-83785)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-11-04T00:00:00", "id": "CNVD-2021-83785", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-83785", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-04T14:15:07", "description": "Apache Tomcat is a lightweight web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page (JSP). Apache Tomcat is vulnerable to privilege permission and access control issues, and an attacker can bypass Apache Tomcat's restrictions via FileStore Sessions to elevate his privileges.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-28T00:00:00", "type": "cnvd", "title": "Apache Tomcat permission permission and access control issues vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23181"], "modified": "2022-02-05T00:00:00", "id": "CNVD-2022-08354", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-08354", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-04T14:16:07", "description": "Apache Log4j, a Java-based open source logging tool from the Apache Foundation, is vulnerable to SQL injection, which stems from a JDBCAppender in Log4j 1.2.x that accepts a SQL statement as a configuration parameter, where the value to be inserted is from the PatternLayout's converter. The message converter \\\\%m may always be included. An attacker could exploit this vulnerability to manipulate SQL by entering crafted strings into the input fields or headers of the logged application, allowing unexpected SQL queries to be executed.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T00:00:00", "type": "cnvd", "title": "Apache Log4j SQL Injection Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-02-05T00:00:00", "id": "CNVD-2022-08370", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-08370", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-05-25T14:24:16", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5009-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nNovember 12, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat9\nCVE ID : CVE-2021-42340\n\nApache Tomcat, the servlet and JSP engine, did not properly release an HTTP\nupgrade connection for WebSocket connections once the WebSocket connection was\nclosed. This created a memory leak that, over time, could lead to a denial of\nservice via an OutOfMemoryError.\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 9.0.43-2~deb11u3.\n\nWe recommend that you upgrade your tomcat9 packages.\n\nFor the detailed security status of tomcat9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-12T14:35:56", "type": "debian", "title": "[SECURITY] [DSA 5009-1] tomcat9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-11-12T14:35:56", "id": "DEBIAN:DSA-5009-1:0CE0C", "href": "https://lists.debian.org/debian-security-announce/2021/msg00195.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-02T19:23:42", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2870-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nDecember 29, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : apache-log4j2\nVersion : 2.12.4-0+deb9u1\nCVE ID : CVE-2021-44832\nDebian Bug : 1002813\n\nApache Log4j2, a Java Logging Framework, is vulnerable to a remote code\nexecution (RCE) attack where an attacker with permission to modify the logging\nconfiguration file can construct a malicious configuration using a JDBC\nAppender with a data source referencing a JNDI URI which can execute remote\ncode. This issue is fixed by limiting JNDI data source names to the java\nprotocol.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2.12.4-0+deb9u1.\n\nWe recommend that you upgrade your apache-log4j2 packages.\n\nFor the detailed security status of apache-log4j2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache-log4j2\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-29T22:57:42", "type": "debian", "title": "[SECURITY] [DLA 2870-1] apache-log4j2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2021-12-29T22:57:42", "id": "DEBIAN:DLA-2870-1:54673", "href": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "github": [{"lastseen": "2023-05-23T17:13:26", "description": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-15T18:51:34", "type": "github", "title": "Missing Release of Resource after Effective Lifetime in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2023-02-03T05:04:43", "id": "GHSA-WPH7-X527-W3H5", "href": "https://github.com/advisories/GHSA-wph7-x527-w3h5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-27T23:27:14", "description": "### Impact\nAccepting the value of the `of` option of the [`.position()`](https://api.jqueryui.com/position/) util from untrusted sources may execute untrusted code. For example, invoking the following code:\n```js\n$( \"#element\" ).position( {\n\tmy: \"left top\",\n\tat: \"right bottom\",\n\tof: \"<img onerror='doEvilThing()' src='/404' />\",\n\tcollision: \"none\"\n} );\n```\nwill call the `doEvilThing()` function.\n\n### Patches\nThe issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector.\n\n### Workarounds\nA workaround is to not accept the value of the `of` option from untrusted sources.\n\n### For more information\nIf you have any questions or comments about this advisory, search for a relevant issue in [the jQuery UI repo](https://github.com/jquery/jquery-ui/issues). If you don't find an answer, open a new issue.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-10-26T14:55:12", "type": "github", "title": "XSS in the `of` option of the `.position()` util in jquery-ui", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41184"], "modified": "2023-09-25T23:47:21", "id": "GHSA-GPQQ-952Q-5327", "href": "https://github.com/advisories/GHSA-gpqq-952q-5327", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-14T15:09:24", "description": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. Versions 5.3.19 and 5.2.21 contain a patch for this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-15T00:00:32", "type": "github", "title": "Improper handling of case sensitivity in Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22968"], "modified": "2023-04-03T18:44:59", "id": "GHSA-G5MM-VMX4-3RG7", "href": "https://github.com/advisories/GHSA-g5mm-vmx4-3rg7", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-14T15:09:39", "description": "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-21T23:26:47", "type": "github", "title": "SQL Injection in Log4j 1.2.x", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2023-01-27T05:02:33", "id": "GHSA-65FG-84F6-3JQ3", "href": "https://github.com/advisories/GHSA-65fg-84f6-3jq3", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:13:20", "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n\n\n# Affected packages\nOnly the `org.apache.logging.log4j:log4j-core` package is directly affected by this vulnerability. The `org.apache.logging.log4j:log4j-api` should be kept at the same version as the `org.apache.logging.log4j:log4j-core` package to ensure compatability if in use.\n\nThis issue does not impact default configurations of Log4j2 and requires an attacker to have control over the Log4j2 configuration, which reduces the likelihood of being exploited.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-04T16:14:20", "type": "github", "title": "Improper Input Validation and Injection in Apache Log4j2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2023-01-27T05:05:28", "id": "GHSA-8489-44MV-GGJ8", "href": "https://github.com/advisories/GHSA-8489-44mv-ggj8", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "cisa": [{"lastseen": "2021-11-26T18:10:56", "description": "The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to cause a denial of service condition.\n\nCISA encourages users and administrators to review Apache\u2019s [security advisory for CVE-2021-42340](<http://mail-archives.us.apache.org/mod_mbox/www-announce/202110.mbox/%3C9b8b83e3-7fec-a26d-7780-e5d4a85f7df6%40apache.org%3E>) and apply the necessary updates.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2021/10/15/apache-releases-security-advisory-tomcat>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-10-15T00:00:00", "type": "cisa", "title": "Apache Releases Security Advisory for Tomcat\u202f\u202f", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-10-15T00:00:00", "id": "CISA:BD324839F36411F4FA7E1148D119E368", "href": "https://us-cert.cisa.gov/ncas/current-activity/2021/10/15/apache-releases-security-advisory-tomcat", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "tomcat": [{"lastseen": "2023-05-24T14:15:33", "description": "**Important: Denial of Service** [CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>)\n\nThe fix for bug [63362](<https://bz.apache.org/bugzilla/show_bug.cgi?id=63362>) introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n\nThis was fixed with commit [d27535bd](<https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a>).\n\nThe memory leak was reported publicly via the users mailing list on 23 September 2021. The security implications were identified by the Tomcat Security team the same day. The issue was made public on 14 October 2021.\n\nAffects: 8.5.60 to 8.5.71", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-06T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 8.5.72", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-10-06T00:00:00", "id": "TOMCAT:9B1DDBF633DAFBB1A5BECFE202020044", "href": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.72", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-24T14:15:31", "description": "**Important: Denial of Service** [CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>)\n\nThe fix for bug [63362](<https://bz.apache.org/bugzilla/show_bug.cgi?id=63362>) introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n\nThis was fixed with commit [80f1438e](<https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47>).\n\nThe memory leak was reported publicly via the users mailing list on 23 September 2021. The security implications were identified by the Tomcat Security team the same day. The issue was made public on 14 October 2021.\n\nAffects: 9.0.40 to 9.0.53", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-01T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 9.0.54", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-10-01T00:00:00", "id": "TOMCAT:42FCCA1B939943E71978F85565FFC5D2", "href": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-24T14:15:31", "description": "**Important: Denial of Service** [CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>)\n\nThe fix for bug [63362](<https://bz.apache.org/bugzilla/show_bug.cgi?id=63362>) introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n\nThis was fixed with commit [31d62426](<https://github.com/apache/tomcat/commit/31d62426645824bdfe076a0c0eafa904d90b4fb9>).\n\nThe memory leak was reported publicly via the users mailing list on 23 September 2021. The security implications were identified by the Tomcat Security team the same day. The issue was made public on 14 October 2021.\n\nAffects: 10.0.0-M10 to 10.0.11", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-01T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 10.0.12", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-10-01T00:00:00", "id": "TOMCAT:11C6E48DCBA5EAFD1F9CDDC0358EAA1B", "href": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-24T14:15:31", "description": "**Important: Denial of Service** [CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>)\n\nThe fix for bug [63362](<https://bz.apache.org/bugzilla/show_bug.cgi?id=63362>) introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\n\nThis was fixed with commit [d5a6660c](<https://github.com/apache/tomcat/commit/d5a6660cba7f51589468937bf3bbad4db7810371>).\n\nThe memory leak was reported publicly via the users mailing list on 23 September 2021. The security implications were identified by the Tomcat Security team the same day. The issue was made public on 14 October 2021.\n\nAffects: 10.1.0-M1 to 10.1.0-M5", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-01T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 10.1.0-M6", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-10-01T00:00:00", "id": "TOMCAT:7E3DBF853D3232754593B8D1B97F1298", "href": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.0-M6", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "atlassian": [{"lastseen": "2023-05-24T10:32:21", "description": "h3. Issue Summary\r\nJira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError (Base Score: 7.5 HIGH)\r\nbq. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. \r\n\r\nThe recently disclosed vulnerability regarding Tomcat [CVE-2021-42340|https://nvd.nist.gov/vuln/detail/CVE-2021-42340] affects the following versions:\r\n * Apache Tomcat 8.5.60 to 8.5.71\r\n * Apache Tomcat 9.0.40 to 9.0.53\r\n * Apache Tomcat 10.0.0-M10 to 10.0.11\r\n\r\nMitigation:\r\n Users of the affected versions should apply one of the following mitigations:\r\n * Upgrade to Apache Tomcat 8.5.72 or later\r\n * Upgrade to Apache Tomcat 9.0.54 or later\r\n * Upgrade to Apache Tomcat 10.0.12 or later\r\n * Upgrade to Apache Tomcat 10.1.0-M6 or later\r\n\r\nh3. Steps to Reproduce\r\n\r\nSee more at: [https://nvd.nist.gov/vuln/detail/CVE-2021-42340] and [https://vulners.com/cve/CVE-2021-42340]\r\nh3. Expected Results\r\n * Not applicable.\r\n\r\nh3. Actual Results\r\n * Not applicable.\r\n\r\n\r\n*Affected Jira versions:*\r\n8.15 to 8.19\r\n\r\nh3. Workaround\r\n * You can manually upgrade the Apache Tomcat version used by Jira following the procedures outlined in the following article: [How to Upgrade Apache Tomcat version in Jira|https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-in-jira-7-x-879957866.html].", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-17T11:13:57", "type": "atlassian", "title": "Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2022-03-22T13:07:28", "id": "JRASERVER-72914", "href": "https://jira.atlassian.com/browse/JRASERVER-72914", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-24T10:32:02", "description": "Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to impact the application's availability via CVE-2021-42340, a Denial of Service (DoS) vulnerability in Apache Tomcat.\r\n\r\nThe affected versions of Atlassian Jira Server and Data Center are before version 8.21.0.\r\n\r\n*Affected versions:*\r\n * version < 8.21.0\r\n\r\n*Fixed versions:*\r\n * 8.21.0\r\n\r\nh3. Workaround\r\n * You can manually upgrade the Apache Tomcat version used by Jira following the procedures outlined in the following article:\u00a0[How to Upgrade Apache Tomcat version in Jira|https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-used-by-jira-879957866.html].", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-30T18:48:53", "type": "atlassian", "title": "Denial of service via an OutOfMemoryError (Tomcat CVE-2021-42340)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2022-05-19T14:25:01", "id": "JRASERVER-73070", "href": "https://jira.atlassian.com/browse/JRASERVER-73070", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-13T14:44:46", "description": "h3. Issue Summary\r\nJira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError (Base Score: 7.5 HIGH)\r\nbq. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. \r\n\r\nThe recently disclosed vulnerability regarding Tomcat [CVE-2021-42340|https://nvd.nist.gov/vuln/detail/CVE-2021-42340] affects the following versions:\r\n * Apache Tomcat 8.5.60 to 8.5.71\r\n * Apache Tomcat 9.0.40 to 9.0.53\r\n * Apache Tomcat 10.0.0-M10 to 10.0.11\r\n\r\nMitigation:\r\n Users of the affected versions should apply one of the following mitigations:\r\n * Upgrade to Apache Tomcat 8.5.72 or later\r\n * Upgrade to Apache Tomcat 9.0.54 or later\r\n * Upgrade to Apache Tomcat 10.0.12 or later\r\n * Upgrade to Apache Tomcat 10.1.0-M6 or later\r\n\r\nh3. Steps to Reproduce\r\n\r\nSee more at: [https://nvd.nist.gov/vuln/detail/CVE-2021-42340] and [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340]\r\nh3. Expected Results\r\n * Not applicable.\r\n\r\nh3. Actual Results\r\n * Not applicable.\r\n\r\n\r\n*Affected Jira versions:*\r\n8.15 to 8.19\r\n\r\nh3. Workaround\r\n * You can manually upgrade the Apache Tomcat version used by Jira following the procedures outlined in the following article: [How to Upgrade Apache Tomcat version in Jira|https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-in-jira-7-x-879957866.html].", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-10-17T11:13:57", "type": "atlassian", "title": "Jira is affected by Tomcat CVE-2021-42340 - Denial of service via an OutOfMemoryError", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-12-13T13:57:40", "id": "ATLASSIAN:JRASERVER-72914", "href": "https://jira.atlassian.com/browse/JRASERVER-72914", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:39:43", "description": "An update that solves one vulnerability and has one errata\n is now available.\n\nDescription:\n\n This update for tomcat fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2022-23181: Make calculation of session storage location more robust\n (bsc#1195255)\n - Remove log4j (bsc#1196137)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-818=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-818=1", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T00:00:00", "type": "suse", "title": "Security update for tomcat (important)", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.7, "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23181"], "modified": "2022-03-14T00:00:00", "id": "OPENSUSE-SU-2022:0818-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4SBF2QAXCDZCB26LZTI2RH7Q33DJRIB/", "cvss": {"score": 3.7, "vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T06:10:02", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for log4j fixes the following issues:\n\n - CVE-2021-44832: Fixes a remote code execution via JDBC Appender\n (bsc#1194127)\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2022-2=1", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-02T00:00:00", "type": "suse", "title": "Security update for log4j (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-02T00:00:00", "id": "OPENSUSE-SU-2022:0002-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YBITTL424FAEN3BI2PM3NGBMPREUS3P4/", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-11-08T06:10:06", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for log4j fixes the following issues:\n\n - CVE-2021-44832: Fixes a remote code execution via JDBC Appender\n (bsc#1194127)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-4208=1", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-30T00:00:00", "type": "suse", "title": "Security update for log4j (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2021-12-30T00:00:00", "id": "OPENSUSE-SU-2021:4208-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QD3TW7GD6PF3ZSKL2TJG3Z462FFFLJND/", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-09-07T22:18:47", "description": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-10-26T15:15:00", "type": "cve", "title": "CVE-2021-41184", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41184"], "modified": "2023-08-31T03:15:00", "cpe": ["cpe:/a:oracle:communications_operations_monitor:4.4", "cpe:/a:oracle:hospitality_inventory_management:9.1.0", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:35", "cpe:/a:oracle:communications_operations_monitor:5.0", "cpe:/o:fedoraproject:fedora:34", "cpe:/a:oracle:primavera_unifier:17.12", "cpe:/a:oracle:banking_platform:2.12.0", "cpe:/o:netapp:h410s_firmware:-", "cpe:/a:oracle:communications_interactive_session_recorder:6.4", "cpe:/a:oracle:weblogic_server:14.1.1.0.0", "cpe:/a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3", "cpe:/a:oracle:big_data_spatial_and_graph:23.1", "cpe:/a:oracle:rest_data_services:22.1.1", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:communications_operations_monitor:4.3", "cpe:/a:oracle:primavera_unifier:21.12", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/o:fedoraproject:fedora:36", "cpe:/o:netapp:h500s_firmware:-", "cpe:/o:netapp:h700e_firmware:-", "cpe:/a:oracle:primavera_unifier:19.12", "cpe:/a:oracle:hospitality_suite8:8.10.2", "cpe:/a:oracle:agile_plm:9.3.6", "cpe:/a:oracle:banking_platform:2.9.0", "cpe:/o:netapp:h300e_firmware:-", "cpe:/o:netapp:h300s_firmware:-", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.59", "cpe:/a:oracle:hospitality_materials_control:18.1", "cpe:/a:oracle:primavera_unifier:18.8", "cpe:/o:netapp:h410c_firmware:-", "cpe:/o:netapp:h700s_firmware:-", "cpe:/a:oracle:hospitality_suite8:8.14.0", "cpe:/o:netapp:h500e_firmware:-", "cpe:/a:oracle:policy_automation:12.2.25", "cpe:/a:oracle:primavera_unifier:20.12", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.58"], "id": "CVE-2021-41184", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41184", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:policy_automation:12.2.25:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:46:22", "description": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-14T20:15:00", "type": "cve", "title": "CVE-2021-42340", "cwe": ["CWE-772"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2022-10-27T01:09:00", "cpe": ["cpe:/a:apache:tomcat:10.1.0", "cpe:/a:netapp:hci:-", "cpe:/a:oracle:managed_file_transfer:12.2.1.4.0", "cpe:/a:oracle:agile_engineering_data_management:6.2.1.0", "cpe:/a:oracle:retail_eftlink:21.0.0", "cpe:/a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0", "cpe:/a:netapp:management_services_for_element_software:-", "cpe:/a:oracle:sd-wan_edge:9.1", "cpe:/a:apache:tomcat:10.0.0", "cpe:/o:debian:debian_linux:11.0", "cpe:/a:oracle:retail_data_extractor_for_merchandising:16.0.2", "cpe:/a:oracle:communications_diameter_signaling_router:8.5.0.2", "cpe:/a:oracle:retail_data_extractor_for_merchandising:15.0.2", "cpe:/a:oracle:payment_interface:20.3", "cpe:/a:oracle:retail_store_inventory_management:14.0.4.13", "cpe:/a:oracle:managed_file_transfer:12.2.1.3.0", "cpe:/a:oracle:retail_financial_integration:19.0.0", "cpe:/a:oracle:retail_customer_insights:16.0.2", "cpe:/a:oracle:retail_store_inventory_management:14.1.3.14", "cpe:/a:oracle:retail_store_inventory_management:15.0.3.3", "cpe:/a:oracle:sd-wan_edge:9.0", "cpe:/a:oracle:retail_customer_insights:15.0.2", "cpe:/a:oracle:taleo_platform:*", "cpe:/a:oracle:retail_financial_integration:16.0.1", "cpe:/a:oracle:retail_store_inventory_management:14.1.3.5", "cpe:/a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0", "cpe:/a:oracle:payment_interface:19.1", "cpe:/a:oracle:retail_store_inventory_management:16.0.3.7", "cpe:/a:oracle:retail_store_inventory_management:15.0.3.8"], "id": "CVE-2021-42340", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42340", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:16.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:26:54", "description": "In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-14T21:15:00", "type": "cve", "title": "CVE-2022-22968", "cwe": ["CWE-178"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22968"], "modified": "2022-10-19T15:15:00", "cpe": ["cpe:/a:netapp:active_iq_unified_manager:-", "cpe:/a:netapp:cloud_secure_agent:-", "cpe:/a:vmware:spring_framework:5.2.20", "cpe:/a:netapp:snap_creator_framework:-", "cpe:/a:netapp:metrocluster_tiebreaker:-", "cpe:/a:netapp:snapmanager:-", "cpe:/a:vmware:spring_framework:5.3.18", "cpe:/a:oracle:mysql_enterprise_monitor:8.0.29"], "id": "CVE-2022-22968", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22968", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "cpe:2.3:a:netapp:metrocluster_tiebreaker:-:*:*:*:*:clustered_data_ontap:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:spring_framework:5.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:spring_framework:5.2.20:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-14T14:28:54", "description": "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T16:15:00", "type": "cve", "title": "CVE-2022-23305", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2023-02-24T15:30:00", "cpe": ["cpe:/a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0", "cpe:/a:oracle:jdeveloper:12.2.1.3.0", "cpe:/a:oracle:advanced_supply_chain_planning:12.1", "cpe:/a:oracle:business_process_management_suite:12.2.1.4.0", "cpe:/a:oracle:business_intelligence:12.2.1.3.0", "cpe:/a:oracle:e-business_suite_information_discovery:12.2.11", "cpe:/a:netapp:snapmanager:-", "cpe:/a:oracle:mysql_enterprise_monitor:8.0.29", "cpe:/a:oracle:identity_management_suite:12.2.1.3.0", "cpe:/a:apache:log4j:1.2.17", "cpe:/a:oracle:communications_offline_mediation_controller:12.0.0.5.0", "cpe:/a:oracle:communications_eagle_ftp_table_base_retrieval:4.5", "cpe:/a:oracle:communications_unified_inventory_management:7.4.1", "cpe:/a:oracle:identity_management_suite:12.2.1.4.0", "cpe:/a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0", "cpe:/a:oracle:advanced_supply_chain_planning:12.2", "cpe:/a:oracle:business_intelligence:12.2.1.4.0", "cpe:/a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1", "cpe:/a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1", "cpe:/a:oracle:enterprise_manager_base_platform:13.4.0.0", "cpe:/a:oracle:communications_messaging_server:8.1", "cpe:/a:oracle:communications_unified_inventory_management:7.4.2", "cpe:/a:oracle:communications_instant_messaging_server:10.0.1.5.0", "cpe:/a:oracle:identity_manager_connector:11.1.1.5.0", "cpe:/a:oracle:enterprise_manager_base_platform:13.5.0.0", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:business_process_management_suite:12.2.1.3.0", "cpe:/a:oracle:tuxedo:12.2.2.0.0", "cpe:/a:oracle:retail_extract_transform_and_load:13.2.5", "cpe:/a:broadcom:brocade_sannav:-", "cpe:/a:oracle:business_intelligence:5.9.0.0.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:healthcare_foundation:8.1.0", "cpe:/a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0", "cpe:/a:oracle:communications_network_integrity:7.3.6"], "id": "CVE-2022-23305", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23305", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite_information_discovery:12.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:50:24", "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-28T20:15:00", "type": "cve", "title": "CVE-2021-44832", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-08-09T01:24:00", "cpe": ["cpe:/a:oracle:primavera_gateway:18.8.13", "cpe:/a:apache:log4j:2.0", "cpe:/a:oracle:primavera_unifier:18.8", "cpe:/o:fedoraproject:fedora:35", "cpe:/a:oracle:communications_interactive_session_recorder:6.3", "cpe:/a:oracle:retail_order_broker:19.1", "cpe:/a:oracle:product_lifecycle_analytics:3.6.1", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.18.0", "cpe:/a:oracle:policy_automation_for_mobile_devices:12.2.24", "cpe:/a:oracle:primavera_unifier:19.12", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:cisco:cloudcenter:4.10.0.16", "cpe:/a:oracle:retail_order_broker:18.0", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:20.12.12.0", "cpe:/a:oracle:policy_automation:12.2.24", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0", "cpe:/a:oracle:primavera_gateway:19.12.12", "cpe:/a:oracle:health_sciences_data_management_workbench:2.5.2.1", "cpe:/a:oracle:primavera_gateway:17.12.11", "cpe:/a:oracle:retail_assortment_planning:16.0.3", "cpe:/a:oracle:primavera_unifier:20.12", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:retail_xstore_point_of_service:21.0.1", "cpe:/a:oracle:retail_xstore_point_of_service:17.0.4", "cpe:/a:oracle:retail_xstore_point_of_service:19.0.2", "cpe:/a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0", "cpe:/a:oracle:communications_interactive_session_recorder:6.4", "cpe:/a:oracle:communications_diameter_signaling_router:8.5.1.0", "cpe:/a:oracle:retail_fiscal_management:14.2", "cpe:/a:oracle:health_sciences_data_management_workbench:3.1.0.3", "cpe:/a:oracle:primavera_unifier:21.12", "cpe:/a:oracle:communications_offline_mediation_controller:12.0.0.5.0", "cpe:/a:oracle:retail_xstore_point_of_service:18.0.3", "cpe:/o:fedoraproject:fedora:34", "cpe:/a:oracle:flexcube_private_banking:12.1.0", "cpe:/a:oracle:health_sciences_data_management_workbench:3.0.0.0", "cpe:/a:oracle:retail_xstore_point_of_service:20.0.1", "cpe:/a:oracle:primavera_gateway:20.12.7", "cpe:/a:oracle:siebel_ui_framework:21.12", "cpe:/a:oracle:primavera_gateway:21.12.0"], "id": "CVE-2021-44832", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44832", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:19.12.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:20.12.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:20.12.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:18.8.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:policy_automation:12.2.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:17.12.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*"]}], "amazon": [{"lastseen": "2023-05-23T17:21:00", "description": "**Issue Overview:**\n\nA memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-42340)\n\n \n**Affected Packages:** \n\n\ntomcat8\n\n \n**Issue Correction:** \nRun _yum update tomcat8_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 tomcat8-log4j-8.5.72-1.89.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-lib-8.5.72-1.89.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-javadoc-8.5.72-1.89.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-jsp-2.3-api-8.5.72-1.89.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-webapps-8.5.72-1.89.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-admin-webapps-8.5.72-1.89.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-el-3.0-api-8.5.72-1.89.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-servlet-3.1-api-8.5.72-1.89.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-docs-webapp-8.5.72-1.89.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-8.5.72-1.89.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 tomcat8-8.5.72-1.89.amzn1.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2021-42340](<https://access.redhat.com/security/cve/CVE-2021-42340>)\n\nMitre: [CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-29T16:37:00", "type": "amazon", "title": "Important: tomcat8", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-11-04T18:54:00", "id": "ALAS-2021-1546", "href": "https://alas.aws.amazon.com/ALAS-2021-1546.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T17:48:07", "description": "**Issue Overview:**\n\nApache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. (CVE-2021-44832)\n\n \n**Affected Packages:** \n\n\naws-kinesis-agent\n\n \n**Issue Correction:** \nRun _yum update aws-kinesis-agent_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 aws-kinesis-agent-2.0.6-1.amzn2.noarch \n \n src: \n \u00a0\u00a0\u00a0 aws-kinesis-agent-2.0.6-1.amzn2.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2021-44832](<https://access.redhat.com/security/cve/CVE-2021-44832>)\n\nMitre: [CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>)\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T21:37:00", "type": "amazon", "title": "Medium: aws-kinesis-agent", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-20T19:32:00", "id": "ALAS2-2022-1734", "href": "https://alas.aws.amazon.com/AL2/ALAS-2022-1734.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2023-02-08T16:46:17", "description": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. ([CVE-2021-42340](<https://vulners.com/cve/CVE-2021-42340>))\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-21T21:12:00", "type": "f5", "title": "Apache Tomcat vulnerability CVE-2021-42340", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42340"], "modified": "2021-10-21T21:12:00", "id": "F5:K70052353", "href": "https://support.f5.com/csp/article/K70052353", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-14T16:55:55", "description": "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. ([CVE-2022-23305](<https://vulners.com/cve/CVE-2022-23305>))\n\nImpact\n\nAttackers may be able to enter crafted strings into input fields or headers of an application that are logged. This allows unintended SQL queries to be executed.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-31T22:20:00", "type": "f5", "title": "Apache Log4j SQL injection vulnerability CVE-2022-23305", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-02-07T19:00:00", "id": "F5:K97120268", "href": "https://support.f5.com/csp/article/K97120268", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-01T22:28:21", "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. ([CVE-2021-44832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>)) \n\nImpact\n\nAn attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code.\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-30T02:06:00", "type": "f5", "title": "Apache Log4j2 vulnerability CVE-2021-44832", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-02-04T20:41:00", "id": "F5:K14122652", "href": "https://support.f5.com/csp/article/K14122652", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "drupal": [{"lastseen": "2023-09-10T14:02:49", "description": "jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issue that may affect Drupal 9 and 7: CVE-2021-41184: XSS in the `of` option of the `.position()` util It is possible that this vulnerability is exploitable with some Drupal modules. As a precaution, this Drupal security release applies the fix for the above cross-site description issue, without making any of the other changes to the jQuery version that is included in Drupal. This advisory is not covered by Drupal Steward.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-01-19T00:00:00", "type": "drupal", "title": "Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-001\n", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41184"], "modified": "2022-01-19T00:00:00", "id": "DRUPAL-SA-CORE-2022-001", "href": "https://www.drupal.org/sa-core-2022-001", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "checkpoint_advisories": [{"lastseen": "2022-10-20T22:02:02", "description": "A cross-site scripting vulnerability exists in jQuery UI. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-10-19T00:00:00", "type": "checkpoint_advisories", "title": "jQuery UI Cross-site Scripting (CVE-2021-41184)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41184"], "modified": "2022-10-19T00:00:00", "id": "CPAI-2021-1288", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-01T22:02:16", "description": "A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-03T00:00:00", "type": "checkpoint_advisories", "title": "Apache Log4j Remote Code Execution (CVE-2021-44832)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-03T00:00:00", "id": "CPAI-2021-1011", "href": "", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2023-05-23T16:23:44", "description": "\n\nThe Rundeck project reports:\n\nThis release updates both Community and Enterprise with the latest Log4J\n\t to address CVE-2021-44832 by updating it to 2.17.1.\n\n\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-11T00:00:00", "type": "freebsd", "title": "Rundeck3 -- Log4J RCE vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2021-12-11T00:00:00", "id": "27C822A0-ADDC-11ED-A9EE-DCA632B19F10", "href": "https://vuxml.freebsd.org/freebsd/27c822a0-addc-11ed-a9ee-dca632b19f10.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2023-05-23T16:24:17", "description": "Apache Log4j2 is vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol \n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-03T07:36:40", "type": "mageia", "title": "Updated log4j packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-03T07:36:40", "id": "MGASA-2022-0002", "href": "https://advisories.mageia.org/MGASA-2022-0002.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "cloudlinux": [{"lastseen": "2023-06-14T14:59:16", "description": "- CVE-2022-23305: disable JDBCAppender by default. Add optional parameter for\n enabling it.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T20:01:40", "type": "cloudlinux", "title": "Fix of CVE: CVE-2022-23305", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23305"], "modified": "2022-02-03T20:01:40", "id": "CLSA-2022:1643918500", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "huntr": [{"lastseen": "2023-02-08T15:38:14", "description": "# Description\n\"play-samples\" project uses the vulnerable log4j library (2.17.0). This can cause potential RCE vulnerability on the project. Vulnerability: [CVE-2021-44832](https://vulners.com/cve/CVE-2021-44832) (Remote Code Execution). Another reference from [Apache](https://logging.apache.org/log4j/2.x/security.html) for CVE-2021-44832. You should upgrade the log4j library to latest version.\n\n # Proof of Concept\nYou can see the version of the used log4j library from this [file](https://github.com/playframework/play-samples/blob/2.8.x/play-scala-log4j2-example/build.sbt):\n```\nval log4jVersion = \"2.17.0\"\n\nlazy val root = (project in file(\".\"))\n .enablePlugins(PlayScala)\n .disablePlugins(PlayLogback)\n .settings(\n name := \"\"\"play-scala-log4j2-example\"\"\",\n version := \"1.0-SNAPSHOT\",\n scalaVersion := \"2.13.6\",\n libraryDependencies ++= Seq(\n guice,\n \"org.apache.logging.log4j\" % \"log4j-slf4j-impl\" % log4jVersion,\n \"org.apache.logging.log4j\" % \"log4j-api\" % log4jVersion,\n \"org.apache.logging.log4j\" % \"log4j-core\" % log4jVersion,\n \"org.scalatestplus.play\" %% \"scalatestplus-play\" % \"5.0.0\" % Test,\n ),\n scalacOptions ++= Seq(\n \"-feature\",\n \"-deprecation\",\n \"-Xfatal-warnings\"\n )\n )\n```\n# Impact\nThis vulnerable library can cause Remote Code Execution vulnerability on the \"play-samples\" project. You should upgrade this library.", "cvss3": {}, "published": "2022-01-16T20:00:18", "type": "huntr", "title": " Static Code Injection in playframework/play-samples", "bulletinFamily": "bugbounty", "cvss2": {}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-19T23:21:21", "id": "82B8FEB2-2ADB-4D99-9AAF-3D5BEE80B19A", "href": "https://www.huntr.dev/bounties/82b8feb2-2adb-4d99-9aaf-3d5bee80b19a/", "cvss": {"score": 0.0, "vector": "NONE"}}], "broadcom": [{"lastseen": "2022-03-10T21:28:32", "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n\nMore information is available at the link below. \n** Apache : **<https://logging.apache.org/log4j/2.x/security.html>** \n** \nBrocade has investigated its product line to determine the exposure of Brocade Fibre Channel products from Broadcom.", "cvss3": {}, "published": "2021-12-30T00:00:00", "type": "broadcom", "title": "BSA-2021-1658", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-44832"], "modified": "2021-12-30T00:00:00", "id": "BSA-2021-1658", "href": "https://www.broadcom.com//support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1658", "cvss": {"score": "6.8", "vector": "(CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)"}}], "attackerkb": [{"lastseen": "2023-09-27T05:47:23", "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-10T00:00:00", "type": "attackerkb", "title": "CVE-2021-44832", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-10T00:00:00", "id": "AKB:353D9D87-631E-4F2A-B130-5678B79BBCB4", "href": "https://attackerkb.com/topics/zN2aPHGzXq/cve-2021-44832", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2023-05-23T16:36:18", "description": "Log4j is a tool to help the programmer output log statements to a variety of output targets. ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T01:12:26", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: log4j-2.17.1-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-06T01:12:26", "id": "FEDORA:E468830AF07B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T16:36:18", "description": "Log4j is a tool to help the programmer output log statements to a variety of output targets. ", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T00:51:53", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: log4j-2.17.1-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44832"], "modified": "2022-01-06T00:51:53", "id": "FEDORA:7DC2630AEB07", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2022-04-08T19:28:48", "description": "We discovered active exploitation of a vulnerability in the Spring Framework designated as CVE-2022-22965 that allows malicious actors to download the Mirai botnet malware.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-08T00:00:00", "type": "trendmicroblog", "title": "CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 1