Lucene search

NCSC.chCVE-2021-42550

HistoryDec 16, 2021 - 7:15 p.m.

CVE-2021-42550

2021-12-1619:15:08

CWE-502

NCSC.ch

web.nvd.nist.gov

212

logback

cve-2021-42550

arbitrary code execution

ldap

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.016

Percentile

87.2%

JSON

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

Affected configurations

Nvd

Node

qoslogbackRange≤1.2.7

qoslogbackMatch1.3.0alpha0

qoslogbackMatch1.3.0alpha1

qoslogbackMatch1.3.0alpha10

qoslogbackMatch1.3.0alpha2

qoslogbackMatch1.3.0alpha3

qoslogbackMatch1.3.0alpha4

qoslogbackMatch1.3.0alpha5

qoslogbackMatch1.3.0alpha6

qoslogbackMatch1.3.0alpha7

qoslogbackMatch1.3.0alpha8

qoslogbackMatch1.3.0alpha9

Node

redhatsatelliteMatch6.0

Node

netappcloud_managerMatch-

netappservice_level_managerMatch-

netappsnap_creator_frameworkMatch-

Node

siemenssinec_nmsRange<1.0.3

VendorProductVersionCPE
qoslogback*cpe:2.3:a:qos:logback:*:*:*:*:*:*:*:*
qoslogback1.3.0cpe:2.3:a:qos:logback:1.3.0:alpha0:*:*:*:*:*:*
qoslogback1.3.0cpe:2.3:a:qos:logback:1.3.0:alpha1:*:*:*:*:*:*
qoslogback1.3.0cpe:2.3:a:qos:logback:1.3.0:alpha10:*:*:*:*:*:*
qoslogback1.3.0cpe:2.3:a:qos:logback:1.3.0:alpha2:*:*:*:*:*:*
qoslogback1.3.0cpe:2.3:a:qos:logback:1.3.0:alpha3:*:*:*:*:*:*
qoslogback1.3.0cpe:2.3:a:qos:logback:1.3.0:alpha4:*:*:*:*:*:*
qoslogback1.3.0cpe:2.3:a:qos:logback:1.3.0:alpha5:*:*:*:*:*:*
qoslogback1.3.0cpe:2.3:a:qos:logback:1.3.0:alpha6:*:*:*:*:*:*
qoslogback1.3.0cpe:2.3:a:qos:logback:1.3.0:alpha7:*:*:*:*:*:*

Vendor	Product	Version	CPE
qos	logback	*	cpe:2.3:a:qos:logback::::::::
qos	logback	1.3.0	cpe:2.3:a:qos:logback:1.3.0:alpha0::::::
qos	logback	1.3.0	cpe:2.3:a:qos:logback:1.3.0:alpha1::::::
qos	logback	1.3.0	cpe:2.3:a:qos:logback:1.3.0:alpha10::::::
qos	logback	1.3.0	cpe:2.3:a:qos:logback:1.3.0:alpha2::::::
qos	logback	1.3.0	cpe:2.3:a:qos:logback:1.3.0:alpha3::::::
qos	logback	1.3.0	cpe:2.3:a:qos:logback:1.3.0:alpha4::::::
qos	logback	1.3.0	cpe:2.3:a:qos:logback:1.3.0:alpha5::::::
qos	logback	1.3.0	cpe:2.3:a:qos:logback:1.3.0:alpha6::::::
qos	logback	1.3.0	cpe:2.3:a:qos:logback:1.3.0:alpha7::::::

Rows per page:

1-10 of 171

CNA Affected

[
  {
    "vendor": "QOS.ch",
    "product": "logback",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.2.9",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThan": "1.3.0-alpha11",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]