CVE-2021-45046

Source
https://cve.org/CVERecord?id=CVE-2021-45046
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45046.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-45046
Aliases
Downstream
Related
Published
2021-12-14T19:15:07.733Z
Modified
2026-07-08T05:59:41.577904563Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:captial",
            "extracted_events": [
                {
                    "fixed": "2019.1"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "fixed": "2021-12-13"
                }
            ],
            "vendor_product": "siemens:e-car_operation_center",
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:gma-manager",
            "extracted_events": [
                {
                    "fixed": "8.6.2j-398"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:industrial_edge_management_hub",
            "extracted_events": [
                {
                    "fixed": "2021-12-13"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:mindsphere",
            "extracted_events": [
                {
                    "fixed": "2021-12-11"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:navigator",
            "extracted_events": [
                {
                    "fixed": "2021-12-13"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:opcenter_intelligence",
            "extracted_events": [
                {
                    "last_affected": "3.2"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "1.1.3"
                }
            ],
            "vendor_product": "siemens:operation_scheduler",
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:siveillance_command",
            "extracted_events": [
                {
                    "last_affected": "4.16.2.1"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "fixed": "2020"
                }
            ],
            "vendor_product": "siemens:solid_edge_harness_design",
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:spectrum_power_4",
            "extracted_events": [
                {
                    "fixed": "4.70"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "fixed": "2019.1"
                }
            ],
            "vendor_product": "siemens:vesys",
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "fixed": "10.0.12"
                }
            ],
            "vendor_product": "sonicwall:email_security",
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*",
                "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*",
                "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "2.0-beta9"
                },
                {
                    "last_affected": "2.0-beta9"
                },
                {
                    "introduced": "2.0-rc1"
                },
                {
                    "last_affected": "2.0-rc1"
                },
                {
                    "introduced": "2.0-rc2"
                },
                {
                    "last_affected": "2.0-rc2"
                }
            ],
            "vendor_product": "apache:log4j",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "10.0"
                },
                {
                    "last_affected": "10.0"
                },
                {
                    "introduced": "11.0"
                },
                {
                    "last_affected": "11.0"
                }
            ],
            "vendor_product": "debian:debian_linux",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "34"
                },
                {
                    "last_affected": "34"
                },
                {
                    "introduced": "35"
                },
                {
                    "last_affected": "35"
                }
            ],
            "vendor_product": "fedoraproject:fedora",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:captial",
            "extracted_events": [
                {
                    "introduced": "2019.1-NA"
                },
                {
                    "last_affected": "2019.1-NA"
                },
                {
                    "introduced": "2019.1-sp1912"
                },
                {
                    "last_affected": "2019.1-sp1912"
                }
            ],
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:desigo_cc_advanced_reports",
            "extracted_events": [
                {
                    "introduced": "4.0"
                },
                {
                    "last_affected": "4.0"
                },
                {
                    "introduced": "4.1"
                },
                {
                    "last_affected": "4.1"
                },
                {
                    "introduced": "4.2"
                },
                {
                    "last_affected": "4.2"
                },
                {
                    "introduced": "5.0"
                },
                {
                    "last_affected": "5.0"
                },
                {
                    "introduced": "5.1"
                },
                {
                    "last_affected": "5.1"
                }
            ],
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "5.0"
                },
                {
                    "last_affected": "5.0"
                },
                {
                    "introduced": "5.1"
                },
                {
                    "last_affected": "5.1"
                }
            ],
            "vendor_product": "siemens:desigo_cc_info_center",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "3.1"
                },
                {
                    "last_affected": "3.1"
                }
            ],
            "vendor_product": "siemens:energy_engage",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "8.5"
                },
                {
                    "last_affected": "8.5"
                },
                {
                    "introduced": "8.6"
                },
                {
                    "last_affected": "8.6"
                },
                {
                    "introduced": "8.7"
                },
                {
                    "last_affected": "8.7"
                },
                {
                    "introduced": "9.0"
                },
                {
                    "last_affected": "9.0"
                }
            ],
            "vendor_product": "siemens:energyip",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:energyip_prepay",
            "extracted_events": [
                {
                    "introduced": "3.7"
                },
                {
                    "last_affected": "3.7"
                },
                {
                    "introduced": "3.8"
                },
                {
                    "last_affected": "3.8"
                }
            ],
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:sentron_powermanager",
            "extracted_events": [
                {
                    "introduced": "4.1"
                },
                {
                    "last_affected": "4.1"
                },
                {
                    "introduced": "4.2"
                },
                {
                    "last_affected": "4.2"
                }
            ],
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "4.2"
                },
                {
                    "last_affected": "4.2"
                },
                {
                    "introduced": "4.3"
                },
                {
                    "last_affected": "4.3"
                },
                {
                    "introduced": "4.4"
                },
                {
                    "last_affected": "4.4"
                }
            ],
            "vendor_product": "siemens:siguard_dsa",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "2.80"
                },
                {
                    "last_affected": "2.80"
                },
                {
                    "introduced": "2.85"
                },
                {
                    "last_affected": "2.85"
                }
            ],
            "vendor_product": "siemens:sipass_integrated",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "2020"
                },
                {
                    "last_affected": "2020"
                },
                {
                    "introduced": "2020-NA"
                },
                {
                    "last_affected": "2020-NA"
                },
                {
                    "introduced": "2020-sp2002"
                },
                {
                    "last_affected": "2020-sp2002"
                }
            ],
            "vendor_product": "siemens:solid_edge_harness_design",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "4.70-NA"
                },
                {
                    "last_affected": "4.70-NA"
                },
                {
                    "introduced": "4.70-sp7"
                },
                {
                    "last_affected": "4.70-sp7"
                },
                {
                    "introduced": "4.70-sp8"
                },
                {
                    "last_affected": "4.70-sp8"
                }
            ],
            "vendor_product": "siemens:spectrum_power_4",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "2.30-sp2"
                },
                {
                    "last_affected": "2.30-sp2"
                }
            ],
            "vendor_product": "siemens:spectrum_power_7",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*"
            ],
            "vendor_product": "siemens:vesys",
            "extracted_events": [
                {
                    "introduced": "2019.1"
                },
                {
                    "last_affected": "2019.1"
                },
                {
                    "introduced": "2019.1-NA"
                },
                {
                    "last_affected": "2019.1-NA"
                },
                {
                    "introduced": "2019.1-sp1912"
                },
                {
                    "last_affected": "2019.1-sp1912"
                }
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/apache/logging-log4j2

Affected ranges

Type
GIT
Repo
https://github.com/apache/logging-log4j2
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "2.0.1"
        },
        {
            "fixed": "2.12.2"
        },
        {
            "introduced": "2.13.0"
        },
        {
            "fixed": "2.16.0"
        },
        {
            "introduced": "2.0-NA"
        },
        {
            "last_affected": "2.0-NA"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

2.*
2.0-NA
log4j-2.*
log4j-2.0
log4j-2.13.0-rc2
log4j-2.13.1
log4j-2.13.1-rc1
log4j-2.13.1-rc2
log4j-2.13.2
log4j-2.13.2-rc1
log4j-2.13.3
log4j-2.13.3-rc1
log4j-2.14.0-rc1
log4j-2.14.1-rc1
log4j-2.15.0-rc1
log4j-2.15.0-rc2
log4j-2.15.1-rc1
rel/2.*
rel/2.0
rel/2.13.0
rel/2.13.1
rel/2.13.2
rel/2.13.3
rel/2.14.0
rel/2.14.1
rel/2.15.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45046.json"

Git / github.com/cvat-ai/cvat

Affected ranges

Type
GIT
Repo
https://github.com/cvat-ai/cvat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Introduced
Last affected
Database specific
{
    "cpe": [
        "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*",
        "cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*",
        "cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*",
        "cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*",
        "cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*",
        "cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*",
        "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.30"
        },
        {
            "fixed": "2.7.0"
        },
        {
            "introduced": "1.5"
        },
        {
            "last_affected": "1.5"
        },
        {
            "introduced": "1.6"
        },
        {
            "last_affected": "1.6"
        },
        {
            "introduced": "2.30"
        },
        {
            "last_affected": "2.30"
        },
        {
            "introduced": "2.30-NA"
        },
        {
            "last_affected": "2.30-NA"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

1.*
1.5
1.6
2.*
2.30
v1.*
v1.5.0
v1.6.0
v1.7.0
v2.*
v2.0.0
v2.1.0
v2.10.0
v2.10.1
v2.10.2
v2.10.3
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.12.0
v2.12.1
v2.13.0
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.14.4
v2.15.0
v2.16.0
v2.16.1
v2.16.2
v2.16.3
v2.17.0
v2.18.0
v2.19.0
v2.19.1
v2.2.0
v2.20.0
v2.21.0
v2.21.1
v2.21.2
v2.21.3
v2.22.0
v2.23.0
v2.23.1
v2.24.0
v2.25.0
v2.26.0
v2.26.1
v2.27.0
v2.28.0
v2.29.0
v2.3.0
v2.30.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.8.0
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v2.9.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45046.json"