| Vulnerability Name: | CVE-2021-42550 (CCN-215533) | ||||||||||||
| Assigned: | 2021-12-16 | ||||||||||||
| Published: | 2021-12-16 | ||||||||||||
| Updated: | 2022-12-12 | ||||||||||||
| Summary: | Logback could allow a remote authenticated attacker to execute arbitrary code on the system. By using a specially-crafted configuration, an attacker could exploit this vulnerability to execute arbitrary code loaded from LDAP servers. | ||||||||||||
| CVSS v3 Severity: | 6.6 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) 5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 8.5 High (CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-42550 Source: vulnerability@ncsc.ch Type: Vendor Advisory vulnerability@ncsc.ch Source: vulnerability@ncsc.ch Type: Exploit, Third Party Advisory, VDB Entry vulnerability@ncsc.ch Source: vulnerability@ncsc.ch Type: Mailing List, Third Party Advisory vulnerability@ncsc.ch Source: vulnerability@ncsc.ch Type: Third Party Advisory vulnerability@ncsc.ch Source: XF Type: UNKNOWN logback-cve202142550-code-exec(215533) Source: CCN Type: GitHub Web site logbackRceDemo Source: vulnerability@ncsc.ch Type: Exploit, Third Party Advisory vulnerability@ncsc.ch Source: CCN Type: LOGBACK-1591 Possibility of vulnerability - registered as CVE-2021-42550 Source: vulnerability@ncsc.ch Type: Exploit, Issue Tracking, Patch, Third Party Advisory vulnerability@ncsc.ch Source: vulnerability@ncsc.ch Type: Third Party Advisory vulnerability@ncsc.ch Source: CCN Type: IBM Security Bulletin 6556972 (Watson Discovery) IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Logback Source: CCN Type: IBM Security Bulletin 6575511 (Watson Speech Services Cartridge for Cloud Pak for Data) A vulnerability in logback-classic affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-42550) Source: CCN Type: IBM Security Bulletin 6606297 (Cloud Pak for Multicloud Management) IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to arbitrary code execution due to its use of Logback (CVE-2021-42550) Source: CCN Type: IBM Security Bulletin 6621115 (Spectrum Protect Server) Vulnerabilities in IBM Db2, Golang Go, and Logback may affect the IBM Spectrum Protect Server (CVE-2022-30631, CVE-2022-30633, CVE-2022-1705, CVE-2022-22389, CVE-2022-22390, CVE-2021-42550, CVE-2022-30629) Source: CCN Type: IBM Security Bulletin 6956539 (MobileFirst Platform Foundation) Multiple vulnerabilities found with third-party libraries used by IBM MobileFirst Platform Source: CCN Type: IBM Security Bulletin 6957836 (Planning Analytics Workspace) IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149) Source: CCN Type: IBM Security Bulletin 6967183 (Cloud Pak System Software Suite) Multiple vulnerabilities in Open Source software used by Cloud Pak System Source: CCN Type: IBM Security Bulletin 7006819 (Spectrum Scale) IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability which can allow an attacker to execute arbitrary code | ||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||