Vulnerability Details CVE-2021-42550
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.7%
CVSS Severity
CVSS v3 Score 6.6
CVSS v2 Score 8.5
References
- http://logback.qos.ch/news.html
- http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
- http://seclists.org/fulldisclosure/2022/Jul/11
- https://cert-portal.siemens.com/productcert/pdf/ssa-371761.pdf
- https://github.com/cn-panda/logbackRceDemo
- https://jira.qos.ch/browse/LOGBACK-1591
- https://security.netapp.com/advisory/ntap-20211229-0001/
- http://logback.qos.ch/news.html
- http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
- http://seclists.org/fulldisclosure/2022/Jul/11
- https://cert-portal.siemens.com/productcert/pdf/ssa-371761.pdf
- https://github.com/cn-panda/logbackRceDemo
- https://jira.qos.ch/browse/LOGBACK-1591
- https://security.netapp.com/advisory/ntap-20211229-0001/
Products affected by CVE-2021-42550
-
cpe:2.3:a:netapp:cloud_manager:-
-
cpe:2.3:a:netapp:service_level_manager:-
-
cpe:2.3:a:netapp:snap_creator_framework:-
-
cpe:2.3:a:qos:logback:0.1
-
cpe:2.3:a:qos:logback:0.2
-
cpe:2.3:a:qos:logback:0.2.5
-
cpe:2.3:a:qos:logback:0.3
-
cpe:2.3:a:qos:logback:0.4
-
cpe:2.3:a:qos:logback:0.5
-
cpe:2.3:a:qos:logback:0.6
-
cpe:2.3:a:qos:logback:0.7
-
cpe:2.3:a:qos:logback:0.7.1
-
cpe:2.3:a:qos:logback:0.8
-
cpe:2.3:a:qos:logback:0.8.1
-
cpe:2.3:a:qos:logback:0.9
-
cpe:2.3:a:qos:logback:0.9.1
-
cpe:2.3:a:qos:logback:0.9.10
-
cpe:2.3:a:qos:logback:0.9.11
-
cpe:2.3:a:qos:logback:0.9.12
-
cpe:2.3:a:qos:logback:0.9.13
-
cpe:2.3:a:qos:logback:0.9.14
-
cpe:2.3:a:qos:logback:0.9.15
-
cpe:2.3:a:qos:logback:0.9.16
-
cpe:2.3:a:qos:logback:0.9.17
-
cpe:2.3:a:qos:logback:0.9.18
-
cpe:2.3:a:qos:logback:0.9.19
-
cpe:2.3:a:qos:logback:0.9.2
-
cpe:2.3:a:qos:logback:0.9.20
-
cpe:2.3:a:qos:logback:0.9.21
-
cpe:2.3:a:qos:logback:0.9.22
-
cpe:2.3:a:qos:logback:0.9.23
-
cpe:2.3:a:qos:logback:0.9.24
-
cpe:2.3:a:qos:logback:0.9.25
-
cpe:2.3:a:qos:logback:0.9.26
-
cpe:2.3:a:qos:logback:0.9.27
-
cpe:2.3:a:qos:logback:0.9.28
-
cpe:2.3:a:qos:logback:0.9.29
-
cpe:2.3:a:qos:logback:0.9.3
-
cpe:2.3:a:qos:logback:0.9.30
-
cpe:2.3:a:qos:logback:0.9.4
-
cpe:2.3:a:qos:logback:0.9.5
-
cpe:2.3:a:qos:logback:0.9.6
-
cpe:2.3:a:qos:logback:0.9.7
-
cpe:2.3:a:qos:logback:0.9.8
-
cpe:2.3:a:qos:logback:0.9.9
-
cpe:2.3:a:qos:logback:1.0.0
-
cpe:2.3:a:qos:logback:1.0.1
-
cpe:2.3:a:qos:logback:1.0.10
-
cpe:2.3:a:qos:logback:1.0.11
-
cpe:2.3:a:qos:logback:1.0.12
-
cpe:2.3:a:qos:logback:1.0.13
-
cpe:2.3:a:qos:logback:1.0.2
-
cpe:2.3:a:qos:logback:1.0.3
-
cpe:2.3:a:qos:logback:1.0.4
-
cpe:2.3:a:qos:logback:1.0.5
-
cpe:2.3:a:qos:logback:1.0.6
-
cpe:2.3:a:qos:logback:1.0.7
-
cpe:2.3:a:qos:logback:1.0.8
-
cpe:2.3:a:qos:logback:1.0.9
-
cpe:2.3:a:qos:logback:1.1.0
-
cpe:2.3:a:qos:logback:1.1.1
-
cpe:2.3:a:qos:logback:1.1.10
-
cpe:2.3:a:qos:logback:1.1.11
-
cpe:2.3:a:qos:logback:1.1.2
-
cpe:2.3:a:qos:logback:1.1.3
-
cpe:2.3:a:qos:logback:1.1.4
-
cpe:2.3:a:qos:logback:1.1.5
-
cpe:2.3:a:qos:logback:1.1.6
-
cpe:2.3:a:qos:logback:1.1.7
-
cpe:2.3:a:qos:logback:1.1.8
-
cpe:2.3:a:qos:logback:1.1.9
-
cpe:2.3:a:qos:logback:1.2.0
-
cpe:2.3:a:qos:logback:1.2.1
-
cpe:2.3:a:qos:logback:1.2.2
-
cpe:2.3:a:qos:logback:1.2.3
-
cpe:2.3:a:qos:logback:1.2.4
-
cpe:2.3:a:qos:logback:1.2.5
-
cpe:2.3:a:qos:logback:1.2.6
-
cpe:2.3:a:qos:logback:1.2.7
-
cpe:2.3:a:qos:logback:1.3.0
-
cpe:2.3:a:redhat:satellite:6.0
-
cpe:2.3:a:siemens:sinec_nms:1.0