CVE-2021-42550

Published Dec 16, 2021

Last updated 2 years ago

CVSS medium 6.6

Overview

Description: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Source: vulnerability@ncsc.ch
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.6
Impact score: 5.9
Exploitability score: 0.7
Vector string: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 8.5
Impact score: 10
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-502
vulnerability@ncsc.ch: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:qos:logback:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84B21ABD-4A81-4F45-976A-8DDAA69BA58F",
            "versionEndIncluding": "1.2.7"
          },
          {
            "criteria": "cpe:2.3:a:qos:logback:1.3.0:alpha0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B60F4B4-FC1D-4F39-A711-10EE7A647AF0"
          },
          {
            "criteria": "cpe:2.3:a:qos:logback:1.3.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "327949AE-037B-4D44-948E-4CAF03908843"
          },
          {
            "criteria": "cpe:2.3:a:qos:logback:1.3.0:alpha10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7004378F-35B1-45D6-953E-C87A568680F4"
          },
          {
            "criteria": "cpe:2.3:a:qos:logback:1.3.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3814C3CD-2D1D-43E2-ADDB-14CA7EDC21D7"
          },
          {
            "criteria": "cpe:2.3:a:qos:logback:1.3.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF6F97D2-0D95-4A9A-8C97-C7A778312CF7"
          },
          {
            "criteria": "cpe:2.3:a:qos:logback:1.3.0:alpha4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F7E9E7E-4E7F-42E6-ACBA-2B854CFC955D"
          },
          {
            "criteria": "cpe:2.3:a:qos:logback:1.3.0:alpha5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45EDB2D9-634B-4706-8911-67188EDC24DF"
          },
          {
            "criteria": "cpe:2.3:a:qos:logback:1.3.0:alpha6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3085EDDC-2B3E-4508-9FDA-DDA4153221F7"
          },
          {
            "criteria": "cpe:2.3:a:qos:logback:1.3.0:alpha7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7083CE23-C937-428B-AD51-48C6DB9F8BE2"
          },
          {
            "criteria": "cpe:2.3:a:qos:logback:1.3.0:alpha8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50ECFEED-C263-4B74-9A27-D03115D03C0A"
          },
          {
            "criteria": "cpe:2.3:a:qos:logback:1.3.0:alpha9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "672A9525-EFC1-479F-9192-C7D45FF42384"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067"
          },
          {
            "criteria": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7081652A-D28B-494E-94EF-CA88117F23EE"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEF5E6CF-BBA5-4CCF-ACB1-BEF8D2C372B8",
            "versionEndExcluding": "1.0.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References