CVE-2021-42550
Description
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Risk Information
Base Score
6.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.604
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-42550 are fixed in QOS.ch-logback-core 1.2.9 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15 | Windows |
| Vulnerabilities CVE-2021-42550 are affected in Siemens SINEC NMS 1.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.5.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.12.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Spectrum Protect Server 8.1.15 | Windows |
| (RHSA-2022:5498) Satellite 6.11 Release foreman-cli-3.1.1.21-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release foreman-cli-3.1.1.21-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-clamp-1.1.2-7.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-clamp-1.1.2-7.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-hashie-3.6.0-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-highline-2.0.3-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-highline-2.0.3-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-jwt-2.2.2-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-locale-2.0.9-15.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-logging-2.3.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-netrc-0.11.0-6.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-oauth-0.5.4-5.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unf-0.1.3-9.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-cli-6.11.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-cli-6.11.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-clone-3.1.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-clone-3.1.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-maintain-0.0.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release satellite-maintain-0.0.1-1.el8sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2022:5498) Satellite 6.11 Release tfm-runtime-7.0-1.el7sat.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debugsource-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-debugsource-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-syms-5.14.21-150400.24.49.4.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-devel-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-docs-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-macros-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-source-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) maven-3.8.6-150200.4.9.8.x86_64.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) maven-lib-3.8.6-150200.4.9.8.x86_64.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) xmvn-4.0.0-150200.3.7.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) xmvn-minimal-4.0.0-150200.3.7.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) minlog-1.3.1-150200.3.7.8.noarch.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) xmvn-api-4.0.0-150200.3.7.1.noarch.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) xmvn-connector-4.0.0-150200.3.7.3.noarch.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) xmvn-core-4.0.0-150200.3.7.1.noarch.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) xmvn-install-4.0.0-150200.3.7.1.noarch.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) xmvn-mojo-4.0.0-150200.3.7.8.noarch.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) xmvn-resolve-4.0.0-150200.3.7.1.noarch.rpm | Linux |
| SUSE-SU-2023:2097-1(Development Tools Module 15-SP4 ) xmvn-subst-4.0.0-150200.3.7.1.noarch.rpm | Linux |
| Vulnerabilities CVE-2021-42550 are fixed in QOS.ch-logback-core for Linux 1.2.9 | Linux |
| Deserialization of Untrusted Data Vulnerability (CVE-2021-42550) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234