Vulnerability CVE-2021-4104 - CERT Civis.Net

Vulnerability Name:

CVE-2021-4104 (CCN-215048)

Assigned:

2021-12-10

Published:

2021-12-10

Updated:

2022-10-05

Summary:

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-502
CWE-502
CWE-20

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-4104

Source: CCN
Type: US-CERT VU#930724
Apache Log4j allows insecure JNDI lookups

Source: MLIST
Type: Mailing List
[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x

Source: MISC
Type: Mitigation, Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-4104

Source: CCN
Type: Red Hat Bugzilla - Bug 2031667
Bug 2031667 (CVE-2021-4104) - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

Source: XF
Type: UNKNOWN
apache-cve20214104-code-exec(215048)

Source: CCN
Type: logging-log4j2 GIT Repository
Restrict LDAP access via JNDI #608

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126

Source: CCN
Type: Apache Web site
Apache log4j 1.2

Source: CONFIRM
Type: Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033

Source: CCN
Type: oss-sec Mailing List, Mon, 13 Dec 2021 20:22:29 +0100
Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2

Source: CCN
Type: oss-sec Mailing List, Mon, 13 Dec 2021 16:10:57 +0000
CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-02

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20211223-0007/

Source: CCN
Type: F5 Security Advisory K24554520
Apache Log4j Remote Code Execution vulnerability CVE-2021-4104

Source: MISC
Type: Not Applicable, Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2021-44228

Source: CCN
Type: IBM Security Bulletin 6526166 (Integrated Analytics System)
Log4j vulnerability affects IBM Integrated Analytics System.

Source: CCN
Type: IBM Security Bulletin 6526432 (Security Access Manager Appliance)
IBM Security Access Manager has fixed a vulnerability in the log4j library shipped with the product. (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6526478 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j 1.2

Source: CCN
Type: IBM Security Bulletin 6526688 (Sterling Connect:Direct File Agent)
Apache Log4j Affects IBM Sterling Connect:Direct File Agent (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6526750 (WebSphere Application Server)
Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)

Source: CCN
Type: IBM Security Bulletin 6527728 (Watson Explorer)
Vulnerability exists in Watson Explorer (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6527820 (Netezza Analytics)
Log4j vulnerability (CVE-2021-4104) affects IBM Netezza Analytics and IBM Netezza Analytics for NPS

Source: CCN
Type: IBM Security Bulletin 6527834 (InfoSphere Change Data Capture)
Vulnerability in Apache Log4j (CVE-2021-4104) affects InfoSphere Data Replication

Source: CCN
Type: IBM Security Bulletin 6527844 (Kenexa LMS on premise)
IBM Kenexa LMS On Premise -Log4j - CVE-2021-4104 (Publicly disclosed vulnerability)

Source: CCN
Type: IBM Security Bulletin 6527876 (Kenexa LCMS Premier on premise)
IBM Kenexa LCMS Premier On Premise - Log4j - CVE-2021-4104 (Publicly disclosed vulnerability)

Source: CCN
Type: IBM Security Bulletin 6527952 (SPSS Statistics)
Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6528678 (DB2 for Linux, UNIX and Windows)
Vulnerability in Apache Log4j affects some features of IBM Db2 (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6529056 (App Connect Enterprise)
Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6536646 (App Connect for Manufacturing)
Vulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0 (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6536708 (Tivoli Netcool/Impact)
Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6536868 (Tivoli Netcool/OMNIbus)
Multiple vulnerabilities have been identified in Apache Log4j shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228)

Source: CCN
Type: IBM Security Bulletin 6537016 (Spectrum Control)
Vulnerability in Apache Log4j affects IBM Spectrum Control (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6538068 (StoredIQ for Legal)
Stored IQ for Legal is vulnerable to multiple Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6538414 (Tivoli Monitoring V6)
Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j

Source: CCN
Type: IBM Security Bulletin 6538590 (UrbanCode Deploy)
IBM Urbancode Deploy server/agent/relay releases before 7.1.2.1 impacted by Apache Log4j vulnerabilities. (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6538954 (Sterling External Authentication Server)
Apache Log4j vulnerability affects IBM Secure External Authentication Server (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6539162 (i)
IBM i components are affected by CVE-2021-4104 (log4j version 1.x)

Source: CCN
Type: IBM Security Bulletin 6539408 (Security Key Lifecycle Manager)
Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)

Source: CCN
Type: IBM Security Bulletin 6539552 (InfoSphere Master Data Management)
Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Source: CCN
Type: IBM Security Bulletin 6540480 (Rational Asset Analyzer)
Rational Asset Analyzer (RAA) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6540688 (OpenPages with Watson)
IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6540892 (SPSS Analytic Server)
Vulnerability in Apache Log4j affects some features of IBM SPSS Analytic Server (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6540924 (Cloud Application Performance Monitoring Base Extension)
Vulnerability in Apache Log4j affects some features of Internet Service Monitoring Agent for IBM Application Performance Management(CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6550448 (Data Studio Client)
Vulnerability in Apache Log4j affects IBM Data Studio Client (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6550822 (Db2 Web Query for i)
Due to use of Apache Log4j, IBM Db2 Web Query for i is vulnerable to arbitrary code execution (CVE-2021-4104, CVE-2022-23302, and CVE-2022-23307) and SQL injection (CVE-2022-23305)

Source: CCN
Type: IBM Security Bulletin 6551074 (Spectrum Archive Enterprise Edition)
Vulnerability in Apache Log4j may affect IBM Spectrum Archive Enterprise Edition (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6551146 (MegaRAID Storage Manager)
IBM MegaRAID Storage Manager is affected by a vulnerability in Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6551170 (Watson Speech Services Cartridge for Cloud Pak for Data)
Vulnerability in Apache Log4j may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6551452 (Tivoli Monitoring)
Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6551880 (Spectrum Scale)
Vulnerability in Apache Log4j affects IBM Spectrum Scale (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6551882 (InfoSphere Data Architect)
Vulnerability in Apache Log4j affects InfoSphere Data Architect (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6552272 (App Connect for Healthcare)
IBM App Connect for Healthcare is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6553622 (Informix Dynamic Server)
IBM Informix Dynamic Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Source: CCN
Type: IBM Security Bulletin 6553626 (Informix Dynamic Server on Cloud Pak for Data)
Log4j Vulnerability ( CVE-2021-44228 ) in IBM Informix Dynamic Server in Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6554174 (Curam SPM)
Vulnerability in Apache Log4j may affect Curam Social Program Management (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6554466 (Netezza Analytics)
Log4j vulnerabilities affect IBM Netezza Analytics

Source: CCN
Type: IBM Security Bulletin 6555376 (Cognos Command Center)
IBM Cognos Command Center is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6556758 (Cloud Pak for Data System)
IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6556996 (Cloud Pak for Data System)
IBM Cloud Pak for Data System 2.0 (ICPDS 2.0 ) is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104

Source: CCN
Type: IBM Security Bulletin 6557198 (Sterling Connect:Direct Web Services)
IBM Sterling Connect:Direct Web Services is vulnerable to untrusted data deserialization due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6559630 (Netezza for Cloud Pak for Data)
IBM Netezza for Cloud Pak for Data is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6559980 (Datacap Taskmaster Capture)
Due to use of Apache Log4j, IBM Datacap is vulnerable to arbitrary code execution (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6561601 (Security Directory Integrator)
IBM Security Directory Integrator has upgraded log4j

Source: CCN
Type: IBM Security Bulletin 6562237 (i)
Due to use of Apache Log4j, OmniFind Text Search Server for DB2 for i is vulnerable to arbitrary code execution (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6562361 (Integration Designer)
IBM Integration Designer is vulnerable to arbitrary code execution because of Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6562867 (SPSS Collaboration and Deployment Services)
Vulnerability in Apache Log4j affects SPSS Collaboration and Deployment Services (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6562871 (Analytical Decision Management)
Vulnerability in Apache Log4j affects IBM Analytical Decision Management (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6563275 (MobileFirst Platform Foundation)
Mobilefirst is affected by a log4j vulnerability (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6563291 (Copy Services Manager)
Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Source: CCN
Type: IBM Security Bulletin 6563537 (Cloud Pak for Network Automation)
Vulnerability in Apache Log4j affects IBM Cloud Pak for Network Automation (CVE-2021-44228)

Source: CCN
Type: IBM Security Bulletin 6563561 (Security Guardium)
IBM Security Guardium is vulnerable to arbitrary code execution due to Apache log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6564027 (Cloud Automation Manager)
A security vulnerability in log4j v1.2 affects IBM Cloud Automation Manager

Source: CCN
Type: IBM Security Bulletin 6564317 (Engineering Requirements Quality Assistant)
There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2021-4104, CVE-2021-29469, CVE-2021-44531, CVE-2021-44531, CVE-2022-21824, CVE-2021-29899, CVE-2021-27290 )

Source: CCN
Type: IBM Security Bulletin 6565031 (DB2 Recovery Expert for LUW)
Vulnerability in Apache Log4j affects DB2 Recovery Expert for Linux, Unix and Windows

Source: CCN
Type: IBM Security Bulletin 6565309 (Transformation Extender Advanced)
IBM Transformation Extender Advanced is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6565387 (WebSphere Service Registry and Repository)
Vulnerability in Apache log4j affects WebSphere Service Registry and Repository (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6565395 (Elastic Storage System)
Vulnerability in Apache Log4j affects IBM Elastic Storage System (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6566913 (Maximo Application Suite)
MAS Monitor 8.4, 8.5, and 8.6 log4j

Source: CCN
Type: IBM Security Bulletin 6568203 (Security Access Manager for Enterprise Single Sign-On)
IBM Security Access Manager for Enterprise Single Sign-On may be vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6568675 (Spectrum Discover)
IBM Spectrum Discover is vulnerable to Docker CLI (CVE-2021-41092) and Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) weaknesses

Source: CCN
Type: IBM Security Bulletin 6569189 (Maximo Asset Management)
IBM Maximo Asset Management may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6570741 (DS8900F)
Vulnerabilities have been identified in Apache Log4j and the application code shipped with the DS8000 Hardware Management Console (HMC)

Source: CCN
Type: IBM Security Bulletin 6574035 (TPF Operations Server)
The Apache Log4j (CVE-2021-4104) vulnerability affects TPF Operations Server

Source: CCN
Type: IBM Security Bulletin 6575541 (InfoSphere Information Server)
IBM InfoSphere Information Server may be affected by vulnerabilities in Apache log4j 1.x version

Source: CCN
Type: IBM Security Bulletin 6585004 (CCA for MTM 4767 for Linux x64)
Crypto Hardware Initialization and Maintenance is vulnerable to arbitrary code execution due to Apache Log4j (CVE 2021-4104, CVE 2022-23302, CVE 2022-23305, CVE 2022-23307)

Source: CCN
Type: IBM Security Bulletin 6586510 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6586512 (Security Identity Governance and Intelligence)
IBM Security Identity Governance and Intelligence is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6590835 (Cloud Pak System)
Multiple vulnerabilities in Apache Log4j affect IBM Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6591309 (Cognos Controller)
IBM Cognos Controller is affected but not vulnerable to arbitrary code execution and SQL injection due to Apache Log4j v1 vulnerabilities (CVE-2022-23305, CVE-2022-23302, CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6596147 (StoredIQ)
StoredIQ Is Vulnerable To Arbitrary Code Execution Due To Apache Log4j (CVE-2021-4104).

Source: CCN
Type: IBM Security Bulletin 6597519 (Global High Availability Mailbox)
IBM Sterling Global Mailbox is vulnerable to remote code execution due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6598713 (Common Licensing)
A Remote Attack Vulnerability in Apache Log4j affects IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent(CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915).

Source: CCN
Type: IBM Security Bulletin 6601145 (Cloud Pak for Multicloud Management)
A security vulnerability in log4j v1.2 affects IBM Cloud Pak for Multicloud Management Infrastructure Management Appliance

Source: CCN
Type: IBM Security Bulletin 6602251 (Content Manager Enterprise Edition)
IBM Content Manager Enterprise Edition is is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6603367 (Cloud Pak for Multicloud Management)
IBM Cloud Pak for Multicloud Management Monitoring is potentially vulnerable to execution of arbitrary code due to its use of Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6604669 (Tivoli Netcool Configuration Manager)
IBM Tivoli Netcool Configuration Manager is affected by vulnerability that could allow a remote attacker to execute arbitrary code on the system due to Apache Log4j earlier than 2.0 version (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6606605 (Log Analysis)
Multiple vulnerabilities in log4j-1.2.16.jar used by IBM Operations Analytics - Log Analysis

Source: CCN
Type: IBM Security Bulletin 6608552 (Sterling Secure Proxy)
IBM Secure Proxy is vulnerable to remote code execution due to Apache Log4j (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6610078 (Security Identity Manager Virtual Appliance)
IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j and issues in other open source components (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6610084 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x

Source: CCN
Type: IBM Security Bulletin 6610729 (QRadar User Behavior Analytics)
Apache log4j vulnerabilities in Spark and Zookeeper affect QRadar User Behavior Analytics(CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6612331 (Security Identity Manager Virtual Appliance)
IBM Security Identity Manager Virtual Appliance is vulnerable to arbitrary code execution due to Apache Log4j and other issues (CVE-2021-4104, CVE-2021-45046, CVE-2021-38951)

Source: CCN
Type: IBM Security Bulletin 6615337 (Security Directory Server)
IBM Security Directory Integrator as shipped with IBM Security Directory Suite is affected by Apache Log4j vulnerability (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6616245 (Engineering Lifecycle Management Base)
The IBM Engineering Lifecycle Engineering products on IBM Jazz Technology contains additional security fixes for Log4j vulnerabilities CVE-2021-4104

Source: CCN
Type: IBM Security Bulletin 6825095 (Engineering Requirements Management DOORS)
The IBM Engineering Requirements Management DOORS/DWA fixes for Log4j vulnerabilities CVE-2021-4104

Source: CCN
Type: IBM Security Bulletin 6825215 (Engineering Systems Design Rhapsody)
The IBM Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for Log4j vulnerabilities CVE-2021-4104

Source: CCN
Type: IBM Security Bulletin 6828741 (Operations Analytics Predictive Insights)
IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6829357 (InfoSphere Information Server)
IBM InfoSphere Information Server may be affected by vulnerabilities in Apache log4j 1.x version

Source: CCN
Type: IBM Security Bulletin 6830971 (Sterling Order Management)
IBM Sterling Order Management migration strategy to Apache Log4j vulnerability (see CVEs below)

Source: CCN
Type: IBM Security Bulletin 6831267 (Security Identity Manager)
IBM Security Identity Manager is affected by log4j vulnerability. (CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6832160 (QRadar SIEM)
Due to use of Apache Log4j, IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104)

Source: CCN
Type: IBM Security Bulletin 6845492 (Tivoli Application Dependency Discovery Manager)
TADDM log4j vulnerable to CVE-2021-4104 (Publicly disclosed vulnerability)

Source: CCN
Type: IBM Security Bulletin 6848225 (Netcool Operations Insight)
Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6955863 (B2B Advanced Communications)
IBM B2B Advanced Communications is vulnerable to remote code execution due to Apache Log4j (CVE-2021-4104)

Source: CERT-VN
Type: Mitigation, Patch, Third Party Advisory, US Government Resource
VU#930724

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: N/A
Type: Third Party Advisory
N/A

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:log4j:1.2:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:software_collections:-:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:process_automation:7.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*

OR cpe:/a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*

OR cpe:/a:redhat:integration_camel_k:-:*:*:*:*:*:*:*

OR cpe:/a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*

OR cpe:/a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*

OR cpe:/a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_a-mq_streaming:-:*:*:*:*:*:*:*

OR cpe:/a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:* (Version < 11.2.8.0)

OR cpe:/a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* (Version <= 8.0.29)

OR cpe:/a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:* (Version < 11.2.8.0)

OR cpe:/a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:timesten_grid:-:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:* (Version < 12.0.0.4.0)

OR cpe:/a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:stream_analytics:-:*:*:*:*:*:*:*

OR cpe:/a:oracle:goldengate:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:log4j:1.2:-:*:*:*:*:*:*

AND

cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:10.5:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:10.5:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:10.5:*:*:*:*:windows:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:b2b_advanced_communications:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:10.1:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:10.1:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:10.1:*:*:*:*:windows:*:*

OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode_deploy:6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:transformation_extender:9.0:*:advanced:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:integration_designer:8.5.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*

OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool_configuration_manager:6.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager:8.2.2:*:enterprise_single_sign-on:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_key_lifecycle_manager:3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:::~~liberty~~~:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:spss_analytic_server:3.1.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_secure_proxy:3.4.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:integration_designer:19.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:storediq:7.6.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_key_lifecycle_manager:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:*

OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:7.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_manager:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

OR cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.23:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_external_authentication_server:2.4.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_key_lifecycle_manager:4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2_recovery_expert:5.5.0.1:*:*:*:linux:*:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*

OR cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:integration_designer:20.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:elastic_storage_system:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_change_data_capture:11.4:*:*:*:*:z/os:*:*

OR cpe:/a:ibm:infosphere_change_data_capture:11.3.3:*:*:*:*:z/os:*:*

OR cpe:/a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:informix_dynamic_server:12.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_secure_proxy:6.0.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_governance:10.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:maximo_application_suite:8.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:maximo_application_suite:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:multi-enterprise_integration_gateway:1.0.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8038	P	log4j12-javadoc-1.2.17-4.9.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7713	P	log4j-2.17.2-150200.4.24.13 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7714	P	log4j12-1.2.17-4.9.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51998	P	Security update for openssl-1_1 (Important)	2023-02-07
oval:org.opensuse.security:def:3121	P	krb5-appl-clients-1.0.3-1.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3407	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3551	P	libSoundTouch0-1.7.1-5.11.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3120	P	krb5-1.12.5-40.37.7 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3737	P	pam_krb5-2.4.4-4.4 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94751	P	log4j12-1.2.17-4.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94663	P	libmp3lame0-3.100-1.33 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95037	P	log4j12-javadoc-1.2.17-4.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94938	P	libexempi-devel-2.4.5-3.3.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94750	P	log4j-2.17.1-4.20.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:4597	P	Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5) (Important)	2022-05-09
oval:org.opensuse.security:def:100093	P	(Important)	2022-03-10
oval:org.opensuse.security:def:101651	P	Security update for wireshark (Important)	2022-03-04
oval:com.redhat.rhsa:def:20220290	P	RHSA-2022:0290: parfait:0.5 security update (Important)	2022-01-26
oval:org.opensuse.security:def:112955	P	log4j-2.16.0-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112060	P	chainsaw-1.2.17-5.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112488	P	kafka-kit-2.1.0-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:88272	P	Security update for openstack-monasca-agent, spark, spark-kit, zookeeper (Important) (in QA)	2022-01-13
oval:org.opensuse.security:def:88589	P	Security update for openstack-monasca-agent, spark, spark-kit, zookeeper (Important) (in QA)	2022-01-13
oval:org.opensuse.security:def:84290	P	Security update for openstack-monasca-agent, spark, spark-kit, zookeeper (Important) (in QA)	2022-01-13
oval:org.opensuse.security:def:84748	P	Security update for openstack-monasca-agent, spark, spark-kit, zookeeper (Important) (in QA)	2022-01-13
oval:org.opensuse.security:def:111527	P	Security update for kafka (Important)	2021-12-28
oval:org.opensuse.security:def:11162	P	Security update for kafka (Important)	2021-12-28
oval:org.opensuse.security:def:111180	P	Security update for log4j12 (Important)	2021-12-24
oval:org.opensuse.security:def:84258	P	Security update for logstash (Important)	2021-12-24
oval:org.opensuse.security:def:84716	P	Security update for logstash (Important)	2021-12-24
oval:org.opensuse.security:def:88238	P	Security update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh (Important)	2021-12-22
oval:org.opensuse.security:def:88555	P	Security update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh (Important)	2021-12-22
oval:com.redhat.rhsa:def:20215206	P	RHSA-2021:5206: log4j security update (Moderate)	2021-12-20
oval:org.opensuse.security:def:23736	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:74754	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:92239	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:98994	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:126811	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:108042	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:9833	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:67361	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:6271	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:60438	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:85798	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:34015	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:56107	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:84254	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:100367	P	(Important)	2021-12-17
oval:org.opensuse.security:def:30164	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:43628	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:99782	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:39198	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:73762	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:70333	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:117556	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:106273	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:9078	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:65686	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:94211	P	(Important)	2021-12-17
oval:org.opensuse.security:def:111842	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:4529	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:58887	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:84712	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:836	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:32250	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:83371	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:102185	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:24010	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:76081	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:92434	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:99189	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:127208	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:108317	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:10193	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:69579	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:105684	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:6272	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:64640	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:86185	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:34615	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:57157	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:100699	P	(Important)	2021-12-17
oval:org.opensuse.security:def:30284	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:44983	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:40553	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:73948	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:70524	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:89235	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:117831	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:106472	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:9439	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:67013	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:88235	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:94422	P	(Important)	2021-12-17
oval:org.opensuse.security:def:59580	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:1146	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:33064	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:55285	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:83491	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:26184	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:76428	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:92633	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:99384	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:108851	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:10384	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:69774	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:88552	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:5171	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:105879	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:8692	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:64826	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:86714	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:93785	P	(Important)	2021-12-17
oval:org.opensuse.security:def:57544	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:101567	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:31334	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:45978	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:95472	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:101376	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:41548	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:74686	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:92044	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:89493	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:125643	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:106759	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:9634	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:67360	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:5924	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:59838	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:33757	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:55987	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:100033	P	(Important)	2021-12-17
oval:org.opensuse.security:def:29462	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:76429	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:92832	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:99583	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:38223	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:69973	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:5937	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:106074	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:8883	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:65618	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:87528	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:94000	P	(Important)	2021-12-17
oval:org.opensuse.security:def:111841	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:58073	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:101824	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:31721	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:51724	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:82669	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:88234	P	Security update for storm-kit (Critical)	2021-12-15
oval:org.opensuse.security:def:88551	P	Security update for storm-kit (Critical)	2021-12-15
oval:org.opensuse.security:def:84253	P	Security update for storm (Critical)	2021-12-15
oval:org.opensuse.security:def:84711	P	Security update for storm (Critical)	2021-12-15