CVE-2021-42550

CVSS v3.1 6.6 (Medium)

CVSS v2.0 8.5 (High)

EPSS 1.55 % (87^th)

Affected Products 6

Advisories 3

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

Weaknesses

CWE-502: Deserialization of Untrusted Data

CVE Status: PUBLISHED
CNA: Switzerland Government Common Vulnerability Program
Published Date: 2021-12-16 19:15:08
(2 years ago)
Updated Date: 2022-12-12 21:13:07
(21 months ago)

Affected Products

Netapp

Configuration #1

	CPE23	Up To
Qos Logback 1.2.7 and prior versions	cpe:2.3:a:qos:logback	<= 1.2.7
Qos Logback 1.3.0 Alpha0	cpe:2.3:a:qos:logback:1.3.0:alpha0
Qos Logback 1.3.0 Alpha1	cpe:2.3:a:qos:logback:1.3.0:alpha1
Qos Logback 1.3.0 Alpha10	cpe:2.3:a:qos:logback:1.3.0:alpha10
Qos Logback 1.3.0 Alpha2	cpe:2.3:a:qos:logback:1.3.0:alpha2
Qos Logback 1.3.0 Alpha3	cpe:2.3:a:qos:logback:1.3.0:alpha3
Qos Logback 1.3.0 Alpha4	cpe:2.3:a:qos:logback:1.3.0:alpha4
Qos Logback 1.3.0 Alpha5	cpe:2.3:a:qos:logback:1.3.0:alpha5
Qos Logback 1.3.0 Alpha6	cpe:2.3:a:qos:logback:1.3.0:alpha6
Qos Logback 1.3.0 Alpha7	cpe:2.3:a:qos:logback:1.3.0:alpha7
Qos Logback 1.3.0 Alpha8	cpe:2.3:a:qos:logback:1.3.0:alpha8
Qos Logback 1.3.0 Alpha9	cpe:2.3:a:qos:logback:1.3.0:alpha9

Configuration #2

		CPE23	From	Up To
	Redhat Satellite 6.0	cpe:2.3:a:redhat:satellite:6.0

Configuration #3

		CPE23	From	Up To
	Netapp Cloud Manager	cpe:2.3:a:netapp:cloud_manager:-
	Netapp Service Level Manager	cpe:2.3:a:netapp:service_level_manager:-
	Netapp Snap Creator Framework	cpe:2.3:a:netapp:snap_creator_framework:-

Configuration #4

		CPE23	From	Up To
	Siemens Sinec Nms prior 1.0.3 version	cpe:2.3:a:siemens:sinec_nms		< 1.0.3