Published: 16/12/2021 Updated: 12/12/2022

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

CVSS v3 Base Score: 6.6 | Impact Score: 5.9 | Exploitability Score: 0.7

VMScore: 758

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qos logback 1.3.0
qos logback
redhat satellite 6.0
netapp snap creator framework -
netapp service level manager -
netapp cloud manager -
siemens sinec nms

Synopsis Moderate: Red Hat Decision Manager 7121 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Decision ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

Synopsis Moderate: Red Hat Process Automation Manager 7121 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...

Synopsis Moderate: Satellite 611 Release Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 611 Description Red Hat Satellite is a systems management tool for Linux-basedin ...

Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...

Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer contain the following vulnerability: CVE-2021-42550 Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint contain the following vulnerabilities: CVE-2021-23214, CVE-2021-23222, CVE-2021-39226, CVE-2021-42550, CVE-2021-43813 Affected products and vers ...

Critical Infrastructure Sectors: Energy

Apache POI for JPHP! WARNING this product use Log4J Package from maven (Apache Log4j Core » 2171) Vulnerabilities from dependencies: CVE-2021-42550 CVE-2021-4104 CVE-2021-23463 CVE-2019-17571

Log4Shell & Logback This project is dependent on logback v119 through Spring Boot v151 The version of Logback contains the vulnerbality CVE-2021-42550 (logbackqosch/newshtml) We will not migrate the project to a newer version of Spring Boot or Logback due to the increased effort involved CardBoard A Project for managing simple cards on multiple card bo

The contents of my tech-blog

SW_Knowledge ✋ My Naver Technical Blog - Click Here ✋ [Clean Architecture] [Clean Architecture] The Clean Architecture 번역 및 이해 [Clean Architecture] 1장 설계와 아키텍처란? [Clean Architecture] 2장 두 가지 가치에 대한 이야기 [Clean Architecture] 컴포넌트 설계 원칙 (1) [Network] OSI Reference Model HTTP [Database] 데이터베이�

직관적인 실시간 로그뷰어 Catlogging.

Quick start Just start Default Current Path > java -jar catloggingjar Option Start (recommend) > nohup java -Dfileencoding=UTF-8 -Djavaawtheadless=true -Djavasecurityegd=file:/dev//urandom -Xms2048M -Xmx2096M -server -XX:+UseParallelGC -DcatloggingvalidationPath=/etc/ -Dcatlogginghome=/home/XXX -jar ca

DICOM gateway for publishing images in Kheops and for de-identification

Karnak is a DICOM gateway for data de-identification and DICOM attribute normalization Karnak manages a continuous DICOM flow with a DICOM listener as input and a DICOM and/or DICOMWeb as output For more information, see the online Karnak user guide ⚠️ Security: Karnak is using Logback and is not affected by CVE-2021-44228 CVE-2021-42550 has been fixed since v099 Appli

CUBETIQ Security Advisors and Guidelines for Response and Resolves Common Vulnerabilities and Exposures

CUBETIQ Security Advisors CUBETIQ Security Advisors and Guidelines for Response and Resolves Common Vulnerabilities and Exposures Alerts CVE-2021-44228 (10/12/2021) CVE-2021-45046 (14/12/2021) CVE-2021-45105 (18/12/2021) CVE-2021-42550 (16/12/2021) Contributors Sambo Chea sombochea@cubetiqscom

CUBETIQ Security Advisors and Guidelines for Response and Resolves Common Vulnerabilities and Exposures

CUBETIQ Security Advisors CUBETIQ Security Advisors and Guidelines for Response and Resolves Common Vulnerabilities and Exposures Alerts CVE-2021-44228 (10/12/2021) CVE-2021-45046 (14/12/2021) CVE-2021-45105 (18/12/2021) CVE-2021-42550 (16/12/2021) Contributors Sambo Chea sombochea@cubetiqscom

CWE-502 https://github.com/cn-panda/logbackRceDemo https://jira.qos.ch/browse/LOGBACK-1591 http://logback.qos.ch/news.html https://security.netapp.com/advisory/ntap-20211229-0001/http://seclists.org/fulldisclosure/2022/Jul/11 http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html https://cert-portal.siemens.com/productcert/pdf/ssa-371761.pdf https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:1110 https://github.com/Dokyeongyun/SW_Knowledge https://www.cisa.gov/uscert/ics/advisories/icsa-22-314-03 https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-107/index.html

CVE-2021-42550

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect