Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-400,CWE-502,CWE-917,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | unified_customer_voice_portal | 12.0 |
| cisco | wan_automation_engine | 7.6 |
| cisco | wan_automation_engine | 7.4 |
| cisco | unified_intelligence_center | * |
| siemens | mendix | * |
| siemens | operation_scheduler | * |
| siemens | desigo_cc_advanced_reports | 5.0 |
| cisco | virtual_topology_system | * |
| siemens | siguard_dsa | 4.3 |
| cisco | unified_contact_center_express | 12.5(1) |
| cisco | integrated_management_controller_supervisor | 002.003(002.000) |
| cisco | unified_communications_manager_im_&_presence_service | 11.5(1) |
| cisco | unified_contact_center_enterprise | * |
| siemens | logo!_soft_comfort | * |
| cisco | ucs_central_software | 2.0(1d) |
| cisco | network_assurance_engine | * |
| netapp | cloud_secure_agent | - |
| siemens | spectrum_power_4 | * |
| siemens | comos | * |
| siemens | head-end_system_universal_device_integration_system | * |
| intel | secure_device_onboard | - |
| cisco | crosswork_network_controller | * |
| cisco | network_insights_for_data_center | 6.0(2.1914) |
| cisco | nexus_dashboard | * |
| cisco | paging_server | 8.5(1) |
| cisco | dna_center | * |
| debian | debian_linux | 9.0 |
| siemens | solid_edge_harness_design | 2020 |
| cisco | unified_communications_manager | 11.5(1.18900.97) |
| cisco | common_services_platform_collector | 002.009(001.002) |
| cisco | cloudcenter_suite | 5.3.0 |
| cisco | automated_subsea_tuning | * |
| cisco | cloudcenter_suite | 5.5(0) |
| siemens | siguard_dsa | * |
| netapp | cloud_insights | - |
| cisco | unified_customer_voice_portal | 11.6 |
| cisco | common_services_platform_collector | 002.009(001.000) |
| cisco | firepower_threat_defense | 6.2.3 |
| cisco | ucs_central_software | 2.0(1g) |
| cisco | virtualized_infrastructure_manager | * |
| cisco | virtual_topology_system | 2.6.6 |
| cisco | intersight_virtual_appliance | 1.0.9-343 |
| cisco | firepower_threat_defense | 6.3.0 |
| netapp | cloud_manager | - |
| cisco | paging_server | * |
| cisco | ucs_central_software | 2.0(1b) |
| cisco | smart_phy | 3.1.4 |
| netapp | active_iq_unified_manager | - |
| cisco | sd-wan_vmanage | 20.8 |
| cisco | connected_analytics_for_network_deployment | 006.005.000. |
| siemens | xpedition_package_integrator | - |
| cisco | smart_phy | 3.1.3 |
| cisco | integrated_management_controller_supervisor | * |
| cisco | crosswork_network_controller | 3.0.0 |
| bentley | synchro | * |
| siemens | sppa-t3000_ses3000_firmware | * |
| cisco | unified_communications_manager_im_&_presence_service | 11.5(1.22900.6) |
| cisco | connected_analytics_for_network_deployment | 007.003.001.001 |
| cisco | unified_workforce_optimization | 11.5(1) |
| cisco | unified_sip_proxy | 010.000(001) |
| cisco | video_surveillance_manager | 7.14(3.025) |
| siemens | desigo_cc_advanced_reports | 4.1 |
| cisco | smart_phy | 3.1.5 |
| siemens | siveillance_identity | 1.6 |
| siemens | solid_edge_cam_pro | * |
| siemens | industrial_edge_management | * |
| cisco | smart_phy | * |
| cisco | finesse | 12.5(1) |
| cisco | virtualized_voice_browser | * |
| cisco | network_dashboard_fabric_controller | 11.5(2) |
| cisco | crosswork_platform_infrastructure | 4.1.0 |
| cisco | mobility_services_engine | - |
| cisco | cx_cloud_agent | 001.012 |
| cisco | cloudcenter_suite | 5.4(1) |
| cisco | fxos | 6.4.0 |
| debian | debian_linux | 11.0 |
| siemens | mindsphere | * |
| cisco | emergency_responder | 11.5(4.66000.14) |
| cisco | data_center_network_manager | * |
| siemens | sentron_powermanager | 4.2 |
| siemens | vesys | 2021.1 |
| cisco | firepower_threat_defense | 6.7.0 |
| siemens | e-car_operation_center | * |
| cisco | enterprise_chat_and_email | 12.5(1) |
| cisco | prime_service_catalog | * |
| cisco | fxos | 7.1.0 |
| siemens | captial | 2019.1 |
| cisco | connected_mobile_experiences | - |
| cisco | optical_network_controller | * |
| fedoraproject | fedora | 34 |
| siemens | energyip_prepay | 3.7 |
| siemens | xpedition_enterprise | - |
| cisco | ucs_director | * |
| cisco | unified_contact_center_enterprise | 12.5(1) |
| cisco | webex_meetings_server | 4.0 |
| cisco | cloudcenter_cost_optimizer | * |
| cisco | crosswork_network_automation | 3.0.0 |
| siemens | spectrum_power_7 | 2.30 |
| cisco | network_dashboard_fabric_controller | 11.3(1) |
| percussion | rhythmyx | * |
| siemens | sentron_powermanager | 4.1 |
| cisco | customer_experience_cloud_agent | * |
| cisco | cloudcenter_suite | 4.10(0.15) |
| intel | system_debugger | - |
| cisco | unified_communications_manager | 11.5(1.22900.28) |
| siemens | energyip | 8.6 |
| cisco | fxos | 6.5.0 |
| cisco | optical_network_controller | 1.1 |
| siemens | teamcenter | * |
| cisco | unified_communications_manager_im_and_presence_service | * |
| cisco | network_assurance_engine | 6.0(2.1912) |
| siemens | captial | * |
| cisco | ucs_central_software | 2.0(1h) |
| cisco | webex_meetings_server | * |
| cisco | common_services_platform_collector | 002.009(000.000) |
| cisco | enterprise_chat_and_email | 12.0(1) |
| netapp | brocade_san_navigator | - |
| siemens | energyip | 8.5 |
| siemens | 6bk1602-0aa12-0tp0_firmware | * |
| cisco | evolved_programmable_network_manager | * |
| cisco | connected_analytics_for_network_deployment | 008.000.000 |
| cisco | sd-wan_vmanage | 20.6.1 |
| siemens | navigator | * |
| cisco | emergency_responder | 11.5(4.65000.14) |
| cisco | crosswork_network_automation | 4.1.0 |
| cisco | wan_automation_engine | 7.2.3 |
| siemens | siveillance_command | * |
| cisco | cloudcenter | * |
| cisco | crosswork_optimization_engine | * |
| siemens | spectrum_power_7 | * |
| intel | audio_development_kit | - |
| cisco | broadworks | * |
| siemens | solid_edge_harness_design | * |
| netapp | oncommand_insight | - |
| siemens | vesys | * |
| cisco | wan_automation_engine | 7.3 |
| siemens | sipass_integrated | 2.85 |
| cisco | ucs_central | * |
| cisco | emergency_responder | * |
| cisco | smart_phy | 3.1.2 |
| cisco | firepower_threat_defense | 6.4.0 |
| apple | xcode | * |
| cisco | paging_server | 8.3(1) |
| siemens | opcenter_intelligence | * |
| cisco | unified_contact_center_express | * |
| cisco | packaged_contact_center_enterprise | * |
| cisco | identity_services_engine | 003.002(000.116) |
| cisco | unified_communications_manager | 11.5(1.17900.52) |
| cisco | wan_automation_engine | * |
| cisco | firepower_threat_defense | 7.0.0 |
| cisco | cloudcenter_suite | 5.5(1) |
| cisco | unified_sip_proxy | * |
| cisco | prime_service_catalog | 12.1 |
| cisco | sd-wan_vmanage | 20.4 |
| cisco | cloud_connect | * |
| cisco | common_services_platform_collector | 002.010(000.000) |
| cisco | fxos | 6.2.3 |
| cisco | common_services_platform_collector | 002.009(001.001) |
| cisco | crosswork_network_automation | 2.0.0 |
| cisco | network_dashboard_fabric_controller | 11.5(1) |
| cisco | unified_sip_proxy | 010.002(001) |
| cisco | unity_connection | * |
| cisco | cloudcenter_suite | 5.5.0 |
| cisco | unified_contact_center_express | 12.6(2) |
| cisco | finesse | 12.6(1) |
| cisco | unified_customer_voice_portal | * |
| siemens | 6bk1602-0aa32-0tp0_firmware | * |
| cisco | connected_analytics_for_network_deployment | 007.000.001 |
| cisco | cyber_vision | 4.0.2 |
| cisco | fxos | 7.0.0 |
| cisco | connected_analytics_for_network_deployment | 008.000.000.000.004 |
| siemens | vesys | 2019.1 |
| siemens | 6bk1602-0aa22-0tp0_firmware | * |
| siemens | energyip | 9.0 |
| cisco | crosswork_zero_touch_provisioning | * |
| siemens | sipass_integrated | 2.80 |
| cisco | connected_analytics_for_network_deployment | 007.003.000 |
| cisco | crosswork_zero_touch_provisioning | 3.0.0 |
| cisco | common_services_platform_collector | 002.009(000.001) |
| netapp | ontap_tools | - |
| siemens | siveillance_identity | 1.5 |
| cisco | dna_spaces | - |
| cisco | ucs_central_software | 2.0(1l) |
| siemens | nx | * |
| cisco | unity_connection | 11.5(1.10000.6) |
| cisco | fxos | 6.3.0 |
| netapp | snapcenter | - |
| cisco | crosswork_data_gateway | 3.0.0 |
| cisco | data_center_network_manager | 11.3(1) |
| cisco | connected_analytics_for_network_deployment | 007.003.003 |
| cisco | evolved_programmable_network_manager | 5.1 |
| cisco | firepower_threat_defense | 6.6.0 |
| cisco | wan_automation_engine | 7.2.2 |
| cisco | identity_services_engine | 2.4.0 |
| cisco | advanced_malware_protection_virtual_private_cloud_appliance | * |
| siemens | 6bk1602-0aa52-0tp0_firmware | * |
| siemens | siveillance_viewpoint | * |
| cisco | unified_computing_system | 006.008(001.000) |
| cisco | video_surveillance_manager | 7.14(1.26) |
| cisco | crosswork_platform_infrastructure | * |
| cisco | evolved_programmable_network_manager | 3.0 |
| cisco | crosswork_data_gateway | * |
| cisco | connected_analytics_for_network_deployment | 7.3 |
| cisco | unified_customer_voice_portal | 11.6(1) |
| cisco | emergency_responder | 11.5 |
| cisco | cyber_vision_sensor_management_extension | * |
| cisco | dna_center | 2.2.2.8 |
| cisco | unified_communications_manager | 11.5(1)su3 |
| cisco | identity_services_engine | 002.006(000.156) |
| cisco | ucs_central_software | 2.0(1a) |
| siemens | desigo_cc_info_center | 5.1 |
| cisco | unified_workforce_optimization | * |
| cisco | unified_customer_voice_portal | 12.5(1) |
| cisco | contact_center_management_portal | * |
| cisco | video_surveillance_manager | 7.14(4.018) |
| siemens | vesys | 2020.1 |
| cisco | paging_server | 14.0(1) |
| cisco | unified_contact_center_express | 12.6(1) |
| siemens | desigo_cc_advanced_reports | 4.0 |
| siemens | energyip_prepay | 3.8 |
| cisco | unified_customer_voice_portal | 12.0(1) |
| siemens | capital | * |
| fedoraproject | fedora | 35 |
| cisco | sd-wan_vmanage | 20.6 |
| cisco | unified_contact_center_enterprise | 12.0(1) |
| cisco | identity_services_engine | 003.001(000.518) |
| cisco | unified_sip_proxy | 010.002(000) |
| siemens | siguard_dsa | 4.2 |
| cisco | integrated_management_controller_supervisor | 2.3.2.0 |
| siemens | siguard_dsa | 4.4 |
| cisco | identity_services_engine | 002.004(000.914) |
| cisco | webex_meetings_server | 3.0 |
| cisco | sd-wan_vmanage | * |
| cisco | nexus_insights | * |
| siemens | spectrum_power_4 | 4.70 |
| siemens | siveillance_vantage | * |
| cisco | connected_analytics_for_network_deployment | 006.005.000.000 |
| cisco | paging_server | 12.5(2) |
| cisco | cloudcenter_suite | 4.10.0.15 |
| cisco | paging_server | 9.0(2) |
| cisco | firepower_threat_defense | 7.1.0 |
| apache | log4j | 2.0 |
| siemens | energy_engage | 3.1 |
| cisco | network_dashboard_fabric_controller | 11.1(1) |
| cisco | broadworks | - |
| cisco | crosswork_network_automation | - |
| cisco | unified_intelligence_center | 12.6(2) |
| siemens | energyip | 8.7 |
| cisco | ucs_central_software | 2.0 |
| cisco | wan_automation_engine | 7.2.1 |
| cisco | sd-wan_vmanage | 20.5 |
| cisco | network_dashboard_fabric_controller | 11.5(3) |
| cisco | connected_analytics_for_network_deployment | 007.002.000 |
| cisco | evolved_programmable_network_manager | 4.0 |
| cisco | connected_analytics_for_network_deployment | 006.004.000.003 |
| cisco | video_surveillance_operations_manager | * |
| cisco | fxos | 6.7.0 |
| cisco | workload_optimization_manager | * |
| cisco | automated_subsea_tuning | 02.01.00 |
| cisco | enterprise_chat_and_email | 12.6(1) |
| cisco | unified_contact_center_enterprise | 12.6(2) |
| netapp | solidfire_enterprise_sds | - |
| bentley | synchro_4d | * |
| cisco | cloudcenter_workload_manager | * |
| intel | sensor_solution_firmware_development_kit | - |
| cisco | wan_automation_engine | 7.1.3 |
| cisco | unified_communications_manager_im_and_presence_service | 11.5(1) |
| cisco | common_services_platform_collector | 002.009(000.002) |
| cisco | crosswork_network_automation | 4.1.1 |
| cisco | paging_server | 9.1(1) |
| siemens | desigo_cc_advanced_reports | 5.1 |
| cisco | enterprise_chat_and_email | * |
| intel | genomics_kernel_library | - |
| cisco | crosswork_optimization_engine | 3.0.0 |
| cisco | evolved_programmable_network_manager | 5.0 |
| intel | system_studio | - |
| cisco | wan_automation_engine | 7.5 |
| cisco | common_services_platform_collector | * |
| siemens | desigo_cc_advanced_reports | 3.0 |
| snowsoftware | vm_access_proxy | * |
| cisco | unified_communications_manager | 11.5(1) |
| cisco | ucs_central_software | 2.0(1e) |
| cisco | cloudcenter_suite_admin | * |
| cisco | unified_contact_center_enterprise | 12.6(1) |
| cisco | unified_contact_center_management_portal | 12.6(1) |
| intel | computer_vision_annotation_tool | - |
| siemens | desigo_cc_info_center | 5.0 |
| intel | datacenter_manager | * |
| cisco | intersight_virtual_appliance | * |
| snowsoftware | snow_commander | * |
| cisco | unified_contact_center_enterprise | 11.6(2) |
| cisco | ucs_central_software | 2.0(1f) |
| siemens | 6bk1602-0aa42-0tp0_firmware | * |
| siemens | gma-manager | * |
| intel | data_center_manager | * |
| cisco | evolved_programmable_network_manager | 4.1 |
| siemens | energyip_prepay | * |
| cisco | cloudcenter_suite | 5.4.1 |
| netapp | solidfire_&_hci_storage_node | - |
| cisco | identity_services_engine | 003.000(000.458) |
| sonicwall | email_security | * |
| cisco | dna_spaces_connector | - |
| cisco | dna_spaces:_connector | * |
| cisco | ucs_central_software | 2.0(1c) |
| cisco | fog_director | - |
| cisco | sd-wan_vmanage | 20.3 |
| cisco | cloudcenter_suite | 5.5.1 |
| cisco | finesse | * |
| cisco | network_services_orchestrator | - |
| cisco | unified_intelligence_center | 12.6(1) |
| cisco | packaged_contact_center_enterprise | 11.6(1) |
| siemens | industrial_edge_management_hub | * |
| debian | debian_linux | 10.0 |
| cisco | unified_communications_manager | 11.5(1.21900.40) |
| cisco | unity_connection | 11.5 |
| cisco | smart_phy | 3.2.1 |
| cisco | unified_communications_manager | * |
| cisco | unified_communications_manager | 11.5(1.18119.2) |
| cisco | network_dashboard_fabric_controller | 11.0(1) |
| cisco | unified_customer_voice_portal | 12.6(1) |
| intel | oneapi_sample_browser | - |
| cisco | ucs_central_software | 2.0(1k) |
| cisco | identity_services_engine | 002.007(000.356) |
| cisco | smart_phy | 21.3 |
| cisco | business_process_automation | * |
| cisco | network_dashboard_fabric_controller | 11.2(1) |
| cisco | network_dashboard_fabric_controller | 11.4(1) |
| cisco | unified_sip_proxy | 010.000(000) |
| cisco | connected_analytics_for_network_deployment | 007.001.000 |
| cisco | contact_center_domain_manager | * |
| cisco | paging_server | 9.0(1) |
| cisco | video_surveillance_manager | 7.14(2.26) |
| siemens | capital | 2019.1 |
| cisco | network_services_orchestrator | * |
| cisco | cloudcenter_suite | 5.3(0) |
| cisco | iot_operations_dashboard | - |
| cisco | paging_server | 8.4(1) |
| apache | log4j | * |
| cisco | unified_customer_voice_portal | 12.5 |
| siemens | siveillance_control_pro | * |
| siemens | desigo_cc_advanced_reports | 4.2 |
| cisco | evolved_programmable_network_manager | 3.1 |
| cisco | firepower_threat_defense | 6.5.0 |
| cisco | identity_services_engine | * |
| cisco | fxos | 6.6.0 |
| cisco | sd-wan_vmanage | 20.7 |
| cisco | cyber_vision_sensor_management_extension | 4.0.2 |