CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3,
Description
Description
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| siemens | 6bk1602-0aa12-0tp0_firmware | to 2.7.0 (exc) |
| siemens | 6bk1602-0aa12-0tp0 | * |
| siemens | 6bk1602-0aa22-0tp0_firmware | to 2.7.0 (exc) |
| siemens | 6bk1602-0aa22-0tp0 | * |
| siemens | 6bk1602-0aa32-0tp0_firmware | to 2.7.0 (exc) |
| siemens | 6bk1602-0aa32-0tp0 | * |
| siemens | 6bk1602-0aa42-0tp0_firmware | to 2.7.0 (exc) |
| siemens | 6bk1602-0aa42-0tp0 | * |
| siemens | 6bk1602-0aa52-0tp0_firmware | to 2.7.0 (exc) |
| siemens | 6bk1602-0aa52-0tp0 | * |
| apache | log4j | From 2.0.1 (inc) to 2.3.1 (exc) |
| apache | log4j | From 2.4.0 (inc) to 2.12.2 (exc) |
| apache | log4j | From 2.13.0 (inc) to 2.15.0 (exc) |
| apache | log4j | 2.0 |
| apache | log4j | 2.0 |
| apache | log4j | 2.0 |
| apache | log4j | 2.0 |
| siemens | sppa-t3000_ses3000_firmware | * |
| siemens | sppa-t3000_ses3000 | * |
| siemens | capital | to 2019.1 (exc) |
| siemens | capital | 2019.1 |
| siemens | capital | 2019.1 |
| siemens | comos | to 10.4.2 (exc) |
| siemens | desigo_cc_advanced_reports | 3.0 |
| siemens | desigo_cc_advanced_reports | 4.0 |
| siemens | desigo_cc_advanced_reports | 4.1 |
| siemens | desigo_cc_advanced_reports | 4.2 |
| siemens | desigo_cc_advanced_reports | 5.0 |
| siemens | desigo_cc_advanced_reports | 5.1 |
| siemens | desigo_cc_info_center | 5.0 |
| siemens | desigo_cc_info_center | 5.1 |
| siemens | e-car_operation_center | to 2021-12-13 (exc) |
| siemens | energy_engage | 3.1 |
| siemens | energyip | 8.5 |
| siemens | energyip | 8.6 |
| siemens | energyip | 8.7 |
| siemens | energyip | 9.0 |
| siemens | energyip_prepay | to 3.8.0.12 (exc) |
| siemens | gma-manager | to 8.6.2j-398 (exc) |
| siemens | head-end_system_universal_device_integration_system | * |
| siemens | industrial_edge_management | * |
| siemens | industrial_edge_management_hub | to 2021-12-13 (exc) |
| siemens | logo\!_soft_comfort | * |
| siemens | mendix | * |
| siemens | mindsphere | to 2021-12-16 (exc) |
| siemens | navigator | to 2021-12-13 (exc) |
| siemens | nx | * |
| siemens | opcenter_intelligence | From 3.2 (inc) to 3.5 (exc) |
| siemens | operation_scheduler | to 1.1.3 (inc) |
| siemens | sentron_powermanager | 4.1 |
| siemens | sentron_powermanager | 4.2 |
| siemens | siguard_dsa | From 4.2 (inc) to 4.4.1 (exc) |
| siemens | sipass_integrated | 2.80 |
| siemens | sipass_integrated | 2.85 |
| siemens | siveillance_command | to 4.16.2.1 (inc) |
| siemens | siveillance_control_pro | * |
| siemens | siveillance_identity | 1.5 |
| siemens | siveillance_identity | 1.6 |
| siemens | siveillance_vantage | * |
| siemens | siveillance_viewpoint | * |
| siemens | solid_edge_cam_pro | * |
| siemens | solid_edge_harness_design | to 2020 (exc) |
| siemens | solid_edge_harness_design | 2020 |
| siemens | solid_edge_harness_design | 2020 |
| siemens | solid_edge_harness_design | 2020 |
| siemens | spectrum_power_4 | to 4.70 (exc) |
| siemens | spectrum_power_4 | 4.70 |
| siemens | spectrum_power_4 | 4.70 |
| siemens | spectrum_power_4 | 4.70 |
| siemens | spectrum_power_7 | to 2.30 (exc) |
| siemens | spectrum_power_7 | 2.30 |
| siemens | spectrum_power_7 | 2.30 |
| siemens | spectrum_power_7 | 2.30 |
| siemens | teamcenter | * |
| siemens | vesys | to 2019.1 (exc) |
| siemens | vesys | 2019.1 |
| siemens | vesys | 2019.1 |
| siemens | vesys | 2019.1 |
| siemens | vesys | 2020.1 |
| siemens | vesys | 2021.1 |
| siemens | xpedition_enterprise | * |
| siemens | xpedition_package_integrator | * |
| intel | computer_vision_annotation_tool | * |
| intel | datacenter_manager | to 5.1 (exc) |
| intel | genomics_kernel_library | * |
| intel | oneapi_sample_browser | * |
| intel | secure_device_onboard | * |
| intel | system_studio | * |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| fedoraproject | fedora | 34 |
| fedoraproject | fedora | 35 |
| sonicwall | email_security | to 10.0.13 (exc) |
| netapp | active_iq_unified_manager | * |
| netapp | active_iq_unified_manager | * |
| netapp | active_iq_unified_manager | * |
| netapp | brocade_san_navigator | * |
| netapp | cloud_insights | * |
| netapp | cloud_manager | * |
| netapp | cloud_secure_agent | * |
| netapp | oncommand_insight | * |
| netapp | ontap_tools | * |
| netapp | snapcenter | * |
| netapp | solidfire_\&_hci_storage_node | * |
| netapp | solidfire_enterprise_sds | * |
| cisco | advanced_malware_protection_virtual_private_cloud_appliance | to 3.5.4 (exc) |
| cisco | automated_subsea_tuning | to 2.1.0 (exc) |
| cisco | broadworks | to 2021.11_1.162 (exc) |
| cisco | business_process_automation | to 3.0.000.115 (exc) |
| cisco | business_process_automation | From 3.1.000.000 (inc) to 3.1.000.044 (exc) |
| cisco | business_process_automation | From 3.2.000.000 (inc) to 3.2.000.009 (exc) |
| cisco | cloud_connect | to 12.6\(1\) (exc) |
| cisco | cloudcenter | to 4.10.0.16 (exc) |
| cisco | cloudcenter_cost_optimizer | to 5.5.2 (exc) |
| cisco | cloudcenter_suite_admin | to 5.3.1 (exc) |
| cisco | cloudcenter_workload_manager | to 5.5.2 (exc) |
| cisco | common_services_platform_collector | to 2.9.1.3 (exc) |
| cisco | common_services_platform_collector | From 2.10.0 (inc) to 2.10.0.1 (exc) |
| cisco | connected_mobile_experiences | * |
| cisco | contact_center_domain_manager | to 12.5\(1\) (exc) |
| cisco | contact_center_management_portal | to 12.5\(1\) (exc) |
| cisco | crosswork_data_gateway | to 2.0.2 (exc) |
| cisco | crosswork_data_gateway | 3.0.0 |
| cisco | crosswork_network_controller | to 2.0.1 (exc) |
| cisco | crosswork_network_controller | 3.0.0 |
| cisco | crosswork_optimization_engine | to 2.0.1 (exc) |
| cisco | crosswork_optimization_engine | 3.0.0 |
| cisco | crosswork_platform_infrastructure | to 4.0.1 (exc) |
| cisco | crosswork_platform_infrastructure | 4.1.0 |
| cisco | crosswork_zero_touch_provisioning | to 2.0.1 (exc) |
| cisco | crosswork_zero_touch_provisioning | 3.0.0 |
| cisco | customer_experience_cloud_agent | to 1.12.1 (exc) |
| cisco | cyber_vision_sensor_management_extension | to 4.0.3 (exc) |
| cisco | data_center_network_manager | to 11.3\(1\) (exc) |
| cisco | data_center_network_manager | 11.3\(1\) |
| cisco | dna_center | to 2.1.2.8 (exc) |
| cisco | dna_center | From 2.2.2.0 (inc) to 2.2.2.8 (exc) |
| cisco | dna_center | From 2.2.3.0 (inc) to 2.2.3.4 (exc) |
| cisco | dna_spaces\ | _connector |
| cisco | emergency_responder | to 11.5\(4\) (exc) |
| cisco | enterprise_chat_and_email | to 12.0\(1\) (exc) |
| cisco | evolved_programmable_network_manager | to 4.1.1 (inc) |
| cisco | finesse | to 12.6\(1\) (exc) |
| cisco | finesse | 12.6\(1\) |
| cisco | fog_director | * |
| cisco | identity_services_engine | to 2.4.0 (exc) |
| cisco | identity_services_engine | 2.4.0 |
| cisco | integrated_management_controller_supervisor | to 2.3.2.1 (exc) |
| cisco | intersight_virtual_appliance | to 1.0.9-361 (exc) |
| cisco | iot_operations_dashboard | * |
| cisco | network_assurance_engine | to 6.0.2 (exc) |
| cisco | network_services_orchestrator | to 5.3.5.1 (exc) |
| cisco | network_services_orchestrator | From 5.4 (inc) to 5.4.5.2 (exc) |
| cisco | network_services_orchestrator | From 5.5 (inc) to 5.5.4.1 (exc) |
| cisco | network_services_orchestrator | From 5.6 (inc) to 5.6.3.1 (exc) |
| cisco | nexus_dashboard | to 2.1.2 (exc) |
| cisco | nexus_insights | to 6.0.2 (exc) |
| cisco | optical_network_controller | to 1.1.0 (exc) |
| cisco | packaged_contact_center_enterprise | to 11.6 (exc) |
| cisco | packaged_contact_center_enterprise | 11.6\(1\) |
| cisco | paging_server | to 14.4.1 (exc) |
| cisco | prime_service_catalog | to 12.1 (exc) |
| cisco | sd-wan_vmanage | to 20.3.4.1 (exc) |
| cisco | sd-wan_vmanage | From 20.4 (inc) to 20.4.2.1 (exc) |
| cisco | sd-wan_vmanage | From 20.5 (inc) to 20.5.1.1 (exc) |
| cisco | sd-wan_vmanage | From 20.6 (inc) to 20.6.2.1 (exc) |
| cisco | smart_phy | to 3.2.1 (exc) |
| cisco | ucs_central | to 2.0\(1p\) (exc) |
| cisco | ucs_director | to 6.8.2.0 (exc) |
| cisco | unified_communications_manager | to 11.5\(1\) (exc) |
| cisco | unified_communications_manager | to 11.5\(1\) (exc) |
| cisco | unified_communications_manager | 11.5\(1\) |
| cisco | unified_communications_manager | 11.5\(1\) |
| cisco | unified_communications_manager | 11.5\(1\) |
| cisco | unified_communications_manager | 11.5\(1\)su3 |
| cisco | unified_communications_manager_im_and_presence_service | to 11.5\(1\) (exc) |
| cisco | unified_communications_manager_im_and_presence_service | 11.5\(1\) |
| cisco | unified_contact_center_enterprise | to 11.6\(2\) (exc) |
| cisco | unified_contact_center_enterprise | 11.6\(2\) |
| cisco | unified_contact_center_express | to 12.5\(1\) (exc) |
| cisco | unified_customer_voice_portal | to 11.6 (exc) |
| cisco | unified_customer_voice_portal | 11.6 |
| cisco | unified_customer_voice_portal | 12.0 |
| cisco | unified_customer_voice_portal | 12.5 |
| cisco | unified_intelligence_center | to 12.6\(1\) (exc) |
| cisco | unity_connection | to 11.5\(1\) (exc) |
| cisco | video_surveillance_operations_manager | to 7.14.4 (exc) |
| cisco | virtual_topology_system | to 2.6.7 (exc) |
| cisco | virtualized_infrastructure_manager | to 3.2.0 (exc) |
| cisco | virtualized_infrastructure_manager | From 3.4.0 (inc) to 3.4.4 (exc) |
| cisco | virtualized_voice_browser | to 12.5\(1\) (exc) |
| cisco | wan_automation_engine | to 7.3.0.2 (exc) |
| cisco | webex_meetings_server | to 3.0 (exc) |
| cisco | webex_meetings_server | 3.0 |
| cisco | webex_meetings_server | 3.0 |
| cisco | webex_meetings_server | 3.0 |
| cisco | webex_meetings_server | 3.0 |
| cisco | webex_meetings_server | 3.0 |
| cisco | webex_meetings_server | 3.0 |
| cisco | webex_meetings_server | 3.0 |
| cisco | webex_meetings_server | 3.0 |
| cisco | webex_meetings_server | 3.0 |
| cisco | webex_meetings_server | 3.0 |
| cisco | webex_meetings_server | 4.0 |
| cisco | webex_meetings_server | 4.0 |
| cisco | webex_meetings_server | 4.0 |
| cisco | webex_meetings_server | 4.0 |
| cisco | workload_optimization_manager | to 3.2.1 (exc) |
| cisco | unified_sip_proxy | to 10.2.1v2 (exc) |
| cisco | unified_workforce_optimization | to 11.5\(1\) (exc) |
| cisco | firepower_1010 | * |
| cisco | firepower_1120 | * |
| cisco | firepower_1140 | * |
| cisco | firepower_1150 | * |
| cisco | firepower_2110 | * |
| cisco | firepower_2120 | * |
| cisco | firepower_2130 | * |
| cisco | firepower_2140 | * |
| cisco | firepower_4110 | * |
| cisco | firepower_4112 | * |
| cisco | firepower_4115 | * |
| cisco | firepower_4120 | * |
| cisco | firepower_4125 | * |
| cisco | firepower_4140 | * |
| cisco | firepower_4145 | * |
| cisco | firepower_4150 | * |
| cisco | firepower_9300 | * |
| cisco | fxos | 6.2.3 |
| cisco | fxos | 6.3.0 |
| cisco | fxos | 6.4.0 |
| cisco | fxos | 6.5.0 |
| cisco | fxos | 6.6.0 |
| cisco | fxos | 6.7.0 |
| cisco | fxos | 7.0.0 |
| cisco | fxos | 7.1.0 |
| cisco | automated_subsea_tuning | 02.01.00 |
| cisco | broadworks | * |
| cisco | cloudcenter_suite | 4.10\(0.15\) |
| cisco | cloudcenter_suite | 5.3\(0\) |
| cisco | cloudcenter_suite | 5.4\(1\) |
| cisco | cloudcenter_suite | 5.5\(0\) |
| cisco | cloudcenter_suite | 5.5\(1\) |
| cisco | common_services_platform_collector | 002.009\(000.000\) |
| cisco | common_services_platform_collector | 002.009\(000.001\) |
| cisco | common_services_platform_collector | 002.009\(000.002\) |
| cisco | common_services_platform_collector | 002.009\(001.000\) |
| cisco | common_services_platform_collector | 002.009\(001.001\) |
| cisco | common_services_platform_collector | 002.009\(001.002\) |
| cisco | common_services_platform_collector | 002.010\(000.000\) |
| cisco | connected_analytics_for_network_deployment | 006.004.000.003 |
| cisco | connected_analytics_for_network_deployment | 006.005.000. |
| cisco | connected_analytics_for_network_deployment | 006.005.000.000 |
| cisco | connected_analytics_for_network_deployment | 007.000.001 |
| cisco | connected_analytics_for_network_deployment | 007.001.000 |
| cisco | connected_analytics_for_network_deployment | 007.002.000 |
| cisco | connected_analytics_for_network_deployment | 7.3 |
| cisco | connected_analytics_for_network_deployment | 007.003.000 |
| cisco | connected_analytics_for_network_deployment | 007.003.001.001 |
| cisco | connected_analytics_for_network_deployment | 007.003.003 |
| cisco | connected_analytics_for_network_deployment | 008.000.000 |
| cisco | connected_analytics_for_network_deployment | 008.000.000.000.004 |
| cisco | crosswork_network_automation | * |
| cisco | crosswork_network_automation | 2.0.0 |
| cisco | crosswork_network_automation | 3.0.0 |
| cisco | crosswork_network_automation | 4.1.0 |
| cisco | crosswork_network_automation | 4.1.1 |
| cisco | cx_cloud_agent | 001.012 |
| cisco | cyber_vision | 4.0.2 |
| cisco | cyber_vision_sensor_management_extension | 4.0.2 |
| cisco | dna_center | 2.2.2.8 |
| cisco | dna_spaces | * |
| cisco | dna_spaces_connector | * |
| cisco | emergency_responder | 11.5 |
| cisco | emergency_responder | 11.5\(4.65000.14\) |
| cisco | emergency_responder | 11.5\(4.66000.14\) |
| cisco | enterprise_chat_and_email | 12.0\(1\) |
| cisco | enterprise_chat_and_email | 12.5\(1\) |
| cisco | enterprise_chat_and_email | 12.6\(1\) |
| cisco | evolved_programmable_network_manager | 3.0 |
| cisco | evolved_programmable_network_manager | 3.1 |
| cisco | evolved_programmable_network_manager | 4.0 |
| cisco | evolved_programmable_network_manager | 4.1 |
| cisco | evolved_programmable_network_manager | 5.0 |
| cisco | evolved_programmable_network_manager | 5.1 |
| cisco | finesse | 12.5\(1\) |
| cisco | finesse | 12.5\(1\) |
| cisco | finesse | 12.6\(1\) |
| cisco | finesse | 12.6\(1\) |
| cisco | finesse | 12.6\(1\) |
| cisco | finesse | 12.6\(1\) |
| cisco | firepower_threat_defense | 6.2.3 |
| cisco | firepower_threat_defense | 6.3.0 |
| cisco | firepower_threat_defense | 6.4.0 |
| cisco | firepower_threat_defense | 6.5.0 |
| cisco | firepower_threat_defense | 6.6.0 |
| cisco | firepower_threat_defense | 6.7.0 |
| cisco | firepower_threat_defense | 7.0.0 |
| cisco | firepower_threat_defense | 7.1.0 |
| cisco | identity_services_engine | 002.004\(000.914\) |
| cisco | identity_services_engine | 002.006\(000.156\) |
| cisco | identity_services_engine | 002.007\(000.356\) |
| cisco | identity_services_engine | 003.000\(000.458\) |
| cisco | identity_services_engine | 003.001\(000.518\) |
| cisco | identity_services_engine | 003.002\(000.116\) |
| cisco | integrated_management_controller_supervisor | 002.003\(002.000\) |
| cisco | integrated_management_controller_supervisor | 2.3.2.0 |
| cisco | intersight_virtual_appliance | 1.0.9-343 |
| cisco | mobility_services_engine | * |
| cisco | network_assurance_engine | 6.0\(2.1912\) |
| cisco | network_dashboard_fabric_controller | 11.0\(1\) |
| cisco | network_dashboard_fabric_controller | 11.1\(1\) |
| cisco | network_dashboard_fabric_controller | 11.2\(1\) |
| cisco | network_dashboard_fabric_controller | 11.3\(1\) |
| cisco | network_dashboard_fabric_controller | 11.4\(1\) |
| cisco | network_dashboard_fabric_controller | 11.5\(1\) |
| cisco | network_dashboard_fabric_controller | 11.5\(2\) |
| cisco | network_dashboard_fabric_controller | 11.5\(3\) |
| cisco | network_insights_for_data_center | 6.0\(2.1914\) |
| cisco | network_services_orchestrator | * |
| cisco | optical_network_controller | 1.1 |
| cisco | paging_server | 8.3\(1\) |
| cisco | paging_server | 8.4\(1\) |
| cisco | paging_server | 8.5\(1\) |
| cisco | paging_server | 9.0\(1\) |
| cisco | paging_server | 9.0\(2\) |
| cisco | paging_server | 9.1\(1\) |
| cisco | paging_server | 12.5\(2\) |
| cisco | paging_server | 14.0\(1\) |
| cisco | prime_service_catalog | 12.1 |
| cisco | sd-wan_vmanage | 20.3 |
| cisco | sd-wan_vmanage | 20.4 |
| cisco | sd-wan_vmanage | 20.5 |
| cisco | sd-wan_vmanage | 20.6 |
| cisco | sd-wan_vmanage | 20.6.1 |
| cisco | sd-wan_vmanage | 20.7 |
| cisco | sd-wan_vmanage | 20.8 |
| cisco | smart_phy | 3.1.2 |
| cisco | smart_phy | 3.1.3 |
| cisco | smart_phy | 3.1.4 |
| cisco | smart_phy | 3.1.5 |
| cisco | smart_phy | 3.2.1 |
| cisco | smart_phy | 21.3 |
| cisco | ucs_central_software | 2.0 |
| cisco | ucs_central_software | 2.0\(1a\) |
| cisco | ucs_central_software | 2.0\(1b\) |
| cisco | ucs_central_software | 2.0\(1c\) |
| cisco | ucs_central_software | 2.0\(1d\) |
| cisco | ucs_central_software | 2.0\(1e\) |
| cisco | ucs_central_software | 2.0\(1f\) |
| cisco | ucs_central_software | 2.0\(1g\) |
| cisco | ucs_central_software | 2.0\(1h\) |
| cisco | ucs_central_software | 2.0\(1k\) |
| cisco | ucs_central_software | 2.0\(1l\) |
| cisco | unified_communications_manager | 11.5\(1.17900.52\) |
| cisco | unified_communications_manager | 11.5\(1.18119.2\) |
| cisco | unified_communications_manager | 11.5\(1.18900.97\) |
| cisco | unified_communications_manager | 11.5\(1.21900.40\) |
| cisco | unified_communications_manager | 11.5\(1.22900.28\) |
| cisco | unified_communications_manager_im_\&_presence_service | 11.5\(1\) |
| cisco | unified_communications_manager_im_\&_presence_service | 11.5\(1.22900.6\) |
| cisco | unified_computing_system | 006.008\(001.000\) |
| cisco | unified_contact_center_enterprise | 11.6\(2\) |
| cisco | unified_contact_center_enterprise | 12.0\(1\) |
| cisco | unified_contact_center_enterprise | 12.5\(1\) |
| cisco | unified_contact_center_enterprise | 12.6\(1\) |
| cisco | unified_contact_center_enterprise | 12.6\(2\) |
| cisco | unified_contact_center_express | 12.5\(1\) |
| cisco | unified_contact_center_express | 12.5\(1\) |
| cisco | unified_contact_center_express | 12.6\(1\) |
| cisco | unified_contact_center_express | 12.6\(2\) |
| cisco | unified_contact_center_management_portal | 12.6\(1\) |
| cisco | unified_customer_voice_portal | 11.6\(1\) |
| cisco | unified_customer_voice_portal | 12.0\(1\) |
| cisco | unified_customer_voice_portal | 12.5\(1\) |
| cisco | unified_customer_voice_portal | 12.6\(1\) |
| cisco | unified_intelligence_center | 12.6\(1\) |
| cisco | unified_intelligence_center | 12.6\(1\) |
| cisco | unified_intelligence_center | 12.6\(1\) |
| cisco | unified_intelligence_center | 12.6\(2\) |
| cisco | unified_sip_proxy | 010.000\(000\) |
| cisco | unified_sip_proxy | 010.000\(001\) |
| cisco | unified_sip_proxy | 010.002\(000\) |
| cisco | unified_sip_proxy | 010.002\(001\) |
| cisco | unified_workforce_optimization | 11.5\(1\) |
| cisco | unity_connection | 11.5 |
| cisco | unity_connection | 11.5\(1.10000.6\) |
| cisco | video_surveillance_manager | 7.14\(1.26\) |
| cisco | video_surveillance_manager | 7.14\(2.26\) |
| cisco | video_surveillance_manager | 7.14\(3.025\) |
| cisco | video_surveillance_manager | 7.14\(4.018\) |
| cisco | virtual_topology_system | 2.6.6 |
| cisco | wan_automation_engine | 7.1.3 |
| cisco | wan_automation_engine | 7.2.1 |
| cisco | wan_automation_engine | 7.2.2 |
| cisco | wan_automation_engine | 7.2.3 |
| cisco | wan_automation_engine | 7.3 |
| cisco | wan_automation_engine | 7.4 |
| cisco | wan_automation_engine | 7.5 |
| cisco | wan_automation_engine | 7.6 |
| cisco | webex_meetings_server | 3.0 |
| cisco | webex_meetings_server | 4.0 |
| snowsoftware | snow_commander | to 8.10.0 (exc) |
| snowsoftware | vm_access_proxy | to 3.6 (exc) |
| bentley | synchro | From 6.1 (inc) to 6.2.4.2 (exc) |
| bentley | synchro_4d | to 6.4.3.2 (exc) |
| percussion | rhythmyx | to 7.3.2 (inc) |
| apple | xcode | to 13.3 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-917 | The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. |
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me?
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?
What immediate steps should I take to mitigate this vulnerability?
Can you explain this vulnerability to me?
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2021-12-10
CVE Last Modified Date:
2025-10-27
Report Generation Date:
2025-11-02
AI Powered Q&A Generation:
2024-11-28
EPSS Last Evaluated Date:
2025-08-20
NVD Report Link: