2021-12-10
|
CVE-2021-44228
|
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along...
|
Log4j, Xcode, Synchro, Synchro_4d, Advanced_malware_protection_virtual_private_cloud_appliance, Automated_subsea_tuning, Broadworks, Business_process_automation, Cloud_connect, Cloudcenter, Cloudcenter_cost_optimizer, Cloudcenter_suite, Cloudcenter_suite_admin, Cloudcenter_workload_manager, Common_services_platform_collector, Connected_analytics_for_network_deployment, Connected_mobile_experiences, Contact_center_domain_manager, Contact_center_management_portal, Crosswork_data_gateway, Crosswork_network_automation, Crosswork_network_controller, Crosswork_optimization_engine, Crosswork_platform_infrastructure, Crosswork_zero_touch_provisioning, Customer_experience_cloud_agent, Cx_cloud_agent, Cyber_vision, Cyber_vision_sensor_management_extension, Data_center_network_manager, Dna_center, Dna_spaces, Dna_spaces\:_connector, Dna_spaces_connector, Emergency_responder, Enterprise_chat_and_email, Evolved_programmable_network_manager, Finesse, Firepower_threat_defense, Fog_director, Fxos, Identity_services_engine, Integrated_management_controller_supervisor, Intersight_virtual_appliance, Iot_operations_dashboard, Mobility_services_engine, Network_assurance_engine, Network_dashboard_fabric_controller, Network_insights_for_data_center, Network_services_orchestrator, Nexus_dashboard, Nexus_insights, Optical_network_controller, Packaged_contact_center_enterprise, Paging_server, Prime_service_catalog, Sd\-Wan_vmanage, Smart_phy, Ucs_central, Ucs_central_software, Ucs_director, Unified_communications_manager, Unified_communications_manager_im_\&_presence_service, Unified_communications_manager_im_and_presence_service, Unified_computing_system, Unified_contact_center_enterprise, Unified_contact_center_express, Unified_contact_center_management_portal, Unified_customer_voice_portal, Unified_intelligence_center, Unified_sip_proxy, Unified_workforce_optimization, Unity_connection, Video_surveillance_manager, Video_surveillance_operations_manager, Virtual_topology_system, Virtualized_infrastructure_manager, Virtualized_voice_browser, Wan_automation_engine, Webex_meetings_server, Workload_optimization_manager, Debian_linux, Fedora, Audio_development_kit, Computer_vision_annotation_tool, Data_center_manager, Genomics_kernel_library, Oneapi_sample_browser, Secure_device_onboard, Sensor_solution_firmware_development_kit, System_debugger, System_studio, Active_iq_unified_manager, Cloud_insights, Cloud_manager, Cloud_secure_agent, Oncommand_insight, Ontap_tools, Snapcenter, Rhythmyx, Captial, Comos, Desigo_cc_advanced_reports, Desigo_cc_info_center, E\-Car_operation_center, Energy_engage, Energyip, Energyip_prepay, Gma\-Manager, Head\-End_system_universal_device_integration_system, Industrial_edge_management, Industrial_edge_management_hub, Logo\!_soft_comfort, Mendix, Mindsphere, Navigator, Nx, Opcenter_intelligence, Operation_scheduler, Sentron_powermanager, Siguard_dsa, Sipass_integrated, Siveillance_command, Siveillance_control_pro, Siveillance_identity, Siveillance_vantage, Siveillance_viewpoint, Solid_edge_cam_pro, Solid_edge_harness_design, Spectrum_power_4, Spectrum_power_7, Sppa\-T3000_ses3000_firmware, Teamcenter, Vesys, Xpedition_enterprise, Xpedition_package_integrator, Snow_commander, Vm_access_proxy, Email_security
|
10.0
|
|
|
2021-12-14
|
CVE-2021-45046
|
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code...
|
Log4j, Computer_vision_annotation_tool, Debian_linux, Fedora, Audio_development_kit, Datacenter_manager, Genomics_kernel_library, Oneapi, Secure_device_onboard, Sensor_solution_firmware_development_kit, System_debugger, System_studio, 6bk1602\-0aa12\-0tp0_firmware, 6bk1602\-0aa22\-0tp0_firmware, 6bk1602\-0aa32\-0tp0_firmware, 6bk1602\-0aa42\-0tp0_firmware, 6bk1602\-0aa52\-0tp0_firmware, Captial, Comos, Desigo_cc_advanced_reports, Desigo_cc_info_center, E\-Car_operation_center, Energy_engage, Energyip, Energyip_prepay, Gma\-Manager, Head\-End_system_universal_device_integration_system, Industrial_edge_management, Industrial_edge_management_hub, Logo\!_soft_comfort, Mendix, Mindsphere, Navigator, Nx, Opcenter_intelligence, Operation_scheduler, Sentron_powermanager, Siguard_dsa, Sipass_integrated, Siveillance_command, Siveillance_control_pro, Siveillance_identity, Siveillance_vantage, Siveillance_viewpoint, Solid_edge_cam_pro, Solid_edge_harness_design, Spectrum_power_4, Spectrum_power_7, Sppa\-T3000_ses3000_firmware, Teamcenter, Tracealertserverplus, Vesys, Xpedition_enterprise, Xpedition_package_integrator, Email_security
|
9.0
|
|
|
2022-05-20
|
CVE-2022-24290
|
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash.
|
Teamcenter
|
7.5
|
|
|
2022-05-20
|
CVE-2022-29801
|
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
|
Teamcenter
|
7.5
|
|
|
2022-06-14
|
CVE-2022-31619
|
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially...
|
Teamcenter
|
8.8
|
|
|
2022-08-10
|
CVE-2022-34660
|
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution.
|
Teamcenter
|
9.8
|
|
|
2022-08-10
|
CVE-2022-34661
|
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition.
|
Teamcenter
|
7.5
|
|
|