Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| siemens | 6bk1602-0aa12-0tp0_firmware | 2.7.0 | - |
| siemens | 6bk1602-0aa22-0tp0_firmware | 2.7.0 |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
373
Affected Products
103
References
siemens / 6bk1602-0aa12-0tp0_firmware
| - |
| siemens | 6bk1602-0aa32-0tp0_firmware | 2.7.0 | - |
| siemens | 6bk1602-0aa42-0tp0_firmware | 2.7.0 | - |
| siemens | 6bk1602-0aa52-0tp0_firmware | 2.7.0 | - |
| apache | log4j | 2.0.1 - 2.3.1 | - |
| apache | log4j | 2.4.0 - 2.12.2 | - |
| apache | log4j | 2.13.0 - 2.15.0 | - |
| apache | log4j | - | - |
| apache | log4j | - | - |
| apache | log4j | - | - |
| apache | log4j | - | - |
| siemens | sppa-t3000_ses3000_firmware | - | - |
| siemens | capital | 2019.1 | - |
| siemens | capital | - | - |
| siemens | capital | - | - |
| siemens | comos | 10.4.2 | - |
| siemens | desigo_cc_advanced_reports | - | - |
| siemens | desigo_cc_advanced_reports | - | - |
| siemens | desigo_cc_advanced_reports | - | - |
| siemens | desigo_cc_advanced_reports | - | - |
| siemens | desigo_cc_advanced_reports | - | - |
| siemens | desigo_cc_advanced_reports | - | - |
| siemens | desigo_cc_info_center | - | - |
| siemens | desigo_cc_info_center | - | - |
| siemens | e-car_operation_center | 2021-12-13 | - |
| siemens | energy_engage | - | - |
| siemens | energyip | - | - |
| siemens | energyip | - | - |
| siemens | energyip | - | - |
| siemens | energyip | - | - |
| siemens | energyip_prepay | 3.8.0.12 | - |
| siemens | gma-manager | 8.6.2j-398 | - |
| siemens | head-end_system_universal_device_integration_system | - | - |
| siemens | industrial_edge_management | - | - |
| siemens | industrial_edge_management_hub | 2021-12-13 | - |
| siemens | logo\!_soft_comfort | - | - |
| siemens | mendix | - | - |
| siemens | mindsphere | 2021-12-16 | - |
| siemens | navigator | 2021-12-13 | - |
| siemens | nx | - | - |
| siemens | opcenter_intelligence | 3.2 - 3.5 | - |
| siemens | operation_scheduler | 1.1.3 | - |
| siemens | sentron_powermanager | - | - |
| siemens | sentron_powermanager | - | - |
| siemens | siguard_dsa | 4.2 - 4.4.1 | - |
| siemens | sipass_integrated | - | - |
| siemens | sipass_integrated | - | - |
| siemens | siveillance_command | 4.16.2.1 | - |
| siemens | siveillance_control_pro | - | - |
| siemens | siveillance_identity | - | - |
| siemens | siveillance_identity | - | - |
| siemens | siveillance_vantage | - | - |
| siemens | siveillance_viewpoint | - | - |
| siemens | solid_edge_cam_pro | - | - |
| siemens | solid_edge_harness_design | 2020 | - |
| siemens | solid_edge_harness_design | - | - |
| siemens | solid_edge_harness_design | - | - |
| siemens | solid_edge_harness_design | - | - |
| siemens | spectrum_power_4 | 4.70 | - |
| siemens | spectrum_power_4 | - | - |
| siemens | spectrum_power_4 | - | - |
| siemens | spectrum_power_4 | - | - |
| siemens | spectrum_power_7 | 2.30 | - |
| siemens | spectrum_power_7 | - | - |
| siemens | spectrum_power_7 | - | - |
| siemens | spectrum_power_7 | - | - |
| siemens | teamcenter | - | - |
| siemens | vesys | 2019.1 | - |
| siemens | vesys | - | - |
| siemens | vesys | - | - |
| siemens | vesys | - | - |
| siemens | vesys | - | - |
| siemens | vesys | - | - |
| siemens | xpedition_enterprise | - | - |
| siemens | xpedition_package_integrator | - | - |
| intel | computer_vision_annotation_tool | - | - |
| intel | datacenter_manager | 5.1 | - |
| intel | genomics_kernel_library | - | - |
| intel | oneapi_sample_browser | - | - |
| intel | secure_device_onboard | - | - |
| intel | system_studio | - | - |
| debian | debian_linux | - | - |
| debian | debian_linux | - | - |
| debian | debian_linux | - | - |
| fedoraproject | fedora | - | - |
| fedoraproject | fedora | - | - |
| sonicwall | email_security | 10.0.13 | - |
| netapp | active_iq_unified_manager | - | - |
| netapp | active_iq_unified_manager | - | - |
| netapp | active_iq_unified_manager | - | - |
| netapp | brocade_san_navigator | - | - |
| netapp | cloud_insights | - | - |
| netapp | cloud_manager | - | - |
| netapp | cloud_secure_agent | - | - |
| netapp | oncommand_insight | - | - |
| netapp | ontap_tools | - | - |
| netapp | snapcenter | - | - |
| netapp | solidfire_\&_hci_storage_node | - | - |
| netapp | solidfire_enterprise_sds | - | - |
| cisco | advanced_malware_protection_virtual_private_cloud_appliance | 3.5.4 | - |
| cisco | automated_subsea_tuning | 2.1.0 | - |
| cisco | broadworks | 2021.11_1.162 | - |
| cisco | business_process_automation | 3.0.000.115 | - |
| cisco | business_process_automation | 3.1.000.000 - 3.1.000.044 | - |
| cisco | business_process_automation | 3.2.000.000 - 3.2.000.009 | - |
| cisco | cloud_connect | 12.6\(1\) | - |
| cisco | cloudcenter | 4.10.0.16 | - |
| cisco | cloudcenter_cost_optimizer | 5.5.2 | - |
| cisco | cloudcenter_suite_admin | 5.3.1 | - |
| cisco | cloudcenter_workload_manager | 5.5.2 | - |
| cisco | common_services_platform_collector | 2.9.1.3 | - |
| cisco | common_services_platform_collector | 2.10.0 - 2.10.0.1 | - |
| cisco | connected_mobile_experiences | - | - |
| cisco | contact_center_domain_manager | 12.5\(1\) | - |
| cisco | contact_center_management_portal | 12.5\(1\) | - |
| cisco | crosswork_data_gateway | 2.0.2 | - |
| cisco | crosswork_data_gateway | - | - |
| cisco | crosswork_network_controller | 2.0.1 | - |
| cisco | crosswork_network_controller | - | - |
| cisco | crosswork_optimization_engine | 2.0.1 | - |
| cisco | crosswork_optimization_engine | - | - |
| cisco | crosswork_platform_infrastructure | 4.0.1 | - |
| cisco | crosswork_platform_infrastructure | - | - |
| cisco | crosswork_zero_touch_provisioning | 2.0.1 | - |
| cisco | crosswork_zero_touch_provisioning | - | - |
| cisco | customer_experience_cloud_agent | 1.12.1 | - |
| cisco | cyber_vision_sensor_management_extension | 4.0.3 | - |
| cisco | data_center_network_manager | 11.3\(1\) | - |
| cisco | data_center_network_manager | - | - |
| cisco | dna_center | 2.1.2.8 | - |
| cisco | dna_center | 2.2.2.0 - 2.2.2.8 | - |
| cisco | dna_center | 2.2.3.0 - 2.2.3.4 | - |
| cisco | dna_spaces\ | 2.5 | - |
| cisco | emergency_responder | 11.5\(4\) | - |
| cisco | enterprise_chat_and_email | 12.0\(1\) | - |
| cisco | evolved_programmable_network_manager | 4.1.1 | - |
| cisco | finesse | 12.6\(1\) | - |
| cisco | finesse | - | - |
| cisco | fog_director | - | - |
| cisco | identity_services_engine | 2.4.0 | - |
| cisco | identity_services_engine | - | - |
| cisco | integrated_management_controller_supervisor | 2.3.2.1 | - |
| cisco | intersight_virtual_appliance | 1.0.9-361 | - |
| cisco | iot_operations_dashboard | - | - |
| cisco | network_assurance_engine | 6.0.2 | - |
| cisco | network_services_orchestrator | 5.3.5.1 | - |
| cisco | network_services_orchestrator | 5.4 - 5.4.5.2 | - |
| cisco | network_services_orchestrator | 5.5 - 5.5.4.1 | - |
| cisco | network_services_orchestrator | 5.6 - 5.6.3.1 | - |
| cisco | nexus_dashboard | 2.1.2 | - |
| cisco | nexus_insights | 6.0.2 | - |
| cisco | optical_network_controller | 1.1.0 | - |
| cisco | packaged_contact_center_enterprise | 11.6 | - |
| cisco | packaged_contact_center_enterprise | - | - |
| cisco | paging_server | 14.4.1 | - |
| cisco | prime_service_catalog | 12.1 | - |
| cisco | sd-wan_vmanage | 20.3.4.1 | - |
| cisco | sd-wan_vmanage | 20.4 - 20.4.2.1 | - |
| cisco | sd-wan_vmanage | 20.5 - 20.5.1.1 | - |
| cisco | sd-wan_vmanage | 20.6 - 20.6.2.1 | - |
| cisco | smart_phy | 3.2.1 | - |
| cisco | ucs_central | 2.0\(1p\) | - |
| cisco | ucs_director | 6.8.2.0 | - |
| cisco | unified_communications_manager | 11.5\(1\) | - |
| cisco | unified_communications_manager | 11.5\(1\) | - |
| cisco | unified_communications_manager | - | - |
| cisco | unified_communications_manager | - | - |
| cisco | unified_communications_manager | - | - |
| cisco | unified_communications_manager | - | - |
| cisco | unified_communications_manager_im_and_presence_service | 11.5\(1\) | - |
| cisco | unified_communications_manager_im_and_presence_service | - | - |
| cisco | unified_contact_center_enterprise | 11.6\(2\) | - |
| cisco | unified_contact_center_enterprise | - | - |
| cisco | unified_contact_center_express | 12.5\(1\) | - |
| cisco | unified_customer_voice_portal | 11.6 | - |
| cisco | unified_customer_voice_portal | - | - |
| cisco | unified_customer_voice_portal | - | - |
| cisco | unified_customer_voice_portal | - | - |
| cisco | unified_intelligence_center | 12.6\(1\) | - |
| cisco | unity_connection | 11.5\(1\) | - |
| cisco | video_surveillance_operations_manager | 7.14.4 | - |
| cisco | virtual_topology_system | 2.6.7 | - |
| cisco | virtualized_infrastructure_manager | 3.2.0 | - |
| cisco | virtualized_infrastructure_manager | 3.4.0 - 3.4.4 | - |
| cisco | virtualized_voice_browser | 12.5\(1\) | - |
| cisco | wan_automation_engine | 7.3.0.2 | - |
| cisco | webex_meetings_server | 3.0 | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | workload_optimization_manager | 3.2.1 | - |
| cisco | unified_sip_proxy | 10.2.1v2 | - |
| cisco | unified_workforce_optimization | 11.5\(1\) | - |
| cisco | fxos | - | - |
| cisco | fxos | - | - |
| cisco | fxos | - | - |
| cisco | fxos | - | - |
| cisco | fxos | - | - |
| cisco | fxos | - | - |
| cisco | fxos | - | - |
| cisco | fxos | - | - |
| cisco | automated_subsea_tuning | - | - |
| cisco | broadworks | - | - |
| cisco | cloudcenter_suite | - | - |
| cisco | cloudcenter_suite | - | - |
| cisco | cloudcenter_suite | - | - |
| cisco | cloudcenter_suite | - | - |
| cisco | cloudcenter_suite | - | - |
| cisco | common_services_platform_collector | - | - |
| cisco | common_services_platform_collector | - | - |
| cisco | common_services_platform_collector | - | - |
| cisco | common_services_platform_collector | - | - |
| cisco | common_services_platform_collector | - | - |
| cisco | common_services_platform_collector | - | - |
| cisco | common_services_platform_collector | - | - |
| cisco | crosswork_network_automation | - | - |
| cisco | crosswork_network_automation | - | - |
| cisco | crosswork_network_automation | - | - |
| cisco | crosswork_network_automation | - | - |
| cisco | crosswork_network_automation | - | - |
| cisco | cx_cloud_agent | - | - |
| cisco | cyber_vision | - | - |
| cisco | cyber_vision_sensor_management_extension | - | - |
| cisco | dna_center | - | - |
| cisco | dna_spaces | - | - |
| cisco | dna_spaces_connector | - | - |
| cisco | emergency_responder | - | - |
| cisco | emergency_responder | - | - |
| cisco | emergency_responder | - | - |
| cisco | enterprise_chat_and_email | - | - |
| cisco | enterprise_chat_and_email | - | - |
| cisco | enterprise_chat_and_email | - | - |
| cisco | evolved_programmable_network_manager | - | - |
| cisco | evolved_programmable_network_manager | - | - |
| cisco | evolved_programmable_network_manager | - | - |
| cisco | evolved_programmable_network_manager | - | - |
| cisco | evolved_programmable_network_manager | - | - |
| cisco | evolved_programmable_network_manager | - | - |
| cisco | finesse | - | - |
| cisco | finesse | - | - |
| cisco | finesse | - | - |
| cisco | finesse | - | - |
| cisco | finesse | - | - |
| cisco | finesse | - | - |
| cisco | firepower_threat_defense | - | - |
| cisco | firepower_threat_defense | - | - |
| cisco | firepower_threat_defense | - | - |
| cisco | firepower_threat_defense | - | - |
| cisco | firepower_threat_defense | - | - |
| cisco | firepower_threat_defense | - | - |
| cisco | firepower_threat_defense | - | - |
| cisco | firepower_threat_defense | - | - |
| cisco | identity_services_engine | - | - |
| cisco | identity_services_engine | - | - |
| cisco | identity_services_engine | - | - |
| cisco | identity_services_engine | - | - |
| cisco | identity_services_engine | - | - |
| cisco | identity_services_engine | - | - |
| cisco | integrated_management_controller_supervisor | - | - |
| cisco | integrated_management_controller_supervisor | - | - |
| cisco | intersight_virtual_appliance | - | - |
| cisco | mobility_services_engine | - | - |
| cisco | network_assurance_engine | - | - |
| cisco | network_dashboard_fabric_controller | - | - |
| cisco | network_dashboard_fabric_controller | - | - |
| cisco | network_dashboard_fabric_controller | - | - |
| cisco | network_dashboard_fabric_controller | - | - |
| cisco | network_dashboard_fabric_controller | - | - |
| cisco | network_dashboard_fabric_controller | - | - |
| cisco | network_dashboard_fabric_controller | - | - |
| cisco | network_dashboard_fabric_controller | - | - |
| cisco | network_insights_for_data_center | - | - |
| cisco | network_services_orchestrator | - | - |
| cisco | optical_network_controller | - | - |
| cisco | paging_server | - | - |
| cisco | paging_server | - | - |
| cisco | paging_server | - | - |
| cisco | paging_server | - | - |
| cisco | paging_server | - | - |
| cisco | paging_server | - | - |
| cisco | paging_server | - | - |
| cisco | paging_server | - | - |
| cisco | prime_service_catalog | - | - |
| cisco | sd-wan_vmanage | - | - |
| cisco | sd-wan_vmanage | - | - |
| cisco | sd-wan_vmanage | - | - |
| cisco | sd-wan_vmanage | - | - |
| cisco | sd-wan_vmanage | - | - |
| cisco | sd-wan_vmanage | - | - |
| cisco | sd-wan_vmanage | - | - |
| cisco | smart_phy | - | - |
| cisco | smart_phy | - | - |
| cisco | smart_phy | - | - |
| cisco | smart_phy | - | - |
| cisco | smart_phy | - | - |
| cisco | smart_phy | - | - |
| cisco | ucs_central_software | - | - |
| cisco | ucs_central_software | - | - |
| cisco | ucs_central_software | - | - |
| cisco | ucs_central_software | - | - |
| cisco | ucs_central_software | - | - |
| cisco | ucs_central_software | - | - |
| cisco | ucs_central_software | - | - |
| cisco | ucs_central_software | - | - |
| cisco | ucs_central_software | - | - |
| cisco | ucs_central_software | - | - |
| cisco | ucs_central_software | - | - |
| cisco | unified_communications_manager | - | - |
| cisco | unified_communications_manager | - | - |
| cisco | unified_communications_manager | - | - |
| cisco | unified_communications_manager | - | - |
| cisco | unified_communications_manager | - | - |
| cisco | unified_communications_manager_im_\&_presence_service | - | - |
| cisco | unified_communications_manager_im_\&_presence_service | - | - |
| cisco | unified_computing_system | - | - |
| cisco | unified_contact_center_enterprise | - | - |
| cisco | unified_contact_center_enterprise | - | - |
| cisco | unified_contact_center_enterprise | - | - |
| cisco | unified_contact_center_enterprise | - | - |
| cisco | unified_contact_center_enterprise | - | - |
| cisco | unified_contact_center_express | - | - |
| cisco | unified_contact_center_express | - | - |
| cisco | unified_contact_center_express | - | - |
| cisco | unified_contact_center_express | - | - |
| cisco | unified_contact_center_management_portal | - | - |
| cisco | unified_customer_voice_portal | - | - |
| cisco | unified_customer_voice_portal | - | - |
| cisco | unified_customer_voice_portal | - | - |
| cisco | unified_customer_voice_portal | - | - |
| cisco | unified_intelligence_center | - | - |
| cisco | unified_intelligence_center | - | - |
| cisco | unified_intelligence_center | - | - |
| cisco | unified_intelligence_center | - | - |
| cisco | unified_sip_proxy | - | - |
| cisco | unified_sip_proxy | - | - |
| cisco | unified_sip_proxy | - | - |
| cisco | unified_sip_proxy | - | - |
| cisco | unified_workforce_optimization | - | - |
| cisco | unity_connection | - | - |
| cisco | unity_connection | - | - |
| cisco | video_surveillance_manager | - | - |
| cisco | video_surveillance_manager | - | - |
| cisco | video_surveillance_manager | - | - |
| cisco | video_surveillance_manager | - | - |
| cisco | virtual_topology_system | - | - |
| cisco | wan_automation_engine | - | - |
| cisco | wan_automation_engine | - | - |
| cisco | wan_automation_engine | - | - |
| cisco | wan_automation_engine | - | - |
| cisco | wan_automation_engine | - | - |
| cisco | wan_automation_engine | - | - |
| cisco | wan_automation_engine | - | - |
| cisco | wan_automation_engine | - | - |
| cisco | webex_meetings_server | - | - |
| cisco | webex_meetings_server | - | - |
| snowsoftware | snow_commander | 8.10.0 | - |
| snowsoftware | vm_access_proxy | 3.6 | - |
| bentley | synchro | 6.1 - 6.2.4.2 | - |
| bentley | synchro_4d | 6.4.3.2 | - |
| percussion | rhythmyx | 7.3.2 | - |
| apple | xcode | 13.3 | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability
Impact