CVE-2021-42550
published 2021-12-16CVE-2021-42550: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration…
medium6.6CVSS 3.1
AVNACHPRHUINSUCHIHAH
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | logback | < logback 1:1.2.8-1 (bookworm) | logback 1:1.2.8-1 (bookworm) |
| qos.ch | logback | >= unspecified < 1.2.9 | 1.2.9 |
| qos.ch | logback | >= unspecified < 1.3.0-alpha11 | 1.3.0-alpha11 |
| qos | logback | <= 1.2.7 | — |
| qos | logback | — | — |
| qos | logback | >= 0 < 1:1.2.8-1 | 1:1.2.8-1 |
| qos | logback | >= 0 < 1:1.2.8-1 | 1:1.2.8-1 |
| qos | logback | >= 0 < 1:1.2.8-1 | 1:1.2.8-1 |
| qos | logback | >= 0 < 1:1.1.3-2ubuntu0.1~esm1 | 1:1.1.3-2ubuntu0.1~esm1 |
| qos | logback | >= 0 < 1:1.2.3-2ubuntu1~18.04.1+esm1 | 1:1.2.3-2ubuntu1~18.04.1+esm1 |
| qos | logback | >= 0 < 1:1.2.3-5ubuntu0.1~esm1 | 1:1.2.3-5ubuntu0.1~esm1 |
| qos | logback | >= 0 < 1:1.2.10-1ubuntu0.1~esm1 | 1:1.2.10-1ubuntu0.1~esm1 |
| redhat | satellite | — | — |
| siemens | sinec_nms | < 1.0.3 | 1.0.3 |
CVSS provenance
nvdv3.16.6MEDIUMCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
osv6.6MEDIUM