RSS   Podatności dla 'Silver peak orchestrator'   RSS

2021-12-14
 
CVE-2021-45046

CWE-502
 

 
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

 

 >>> Vendor: Arubanetworks 19 Produkty
Aruba mobility controller
Arubaos
Clearpass
Clearpass guest
Clearpass policy manager
Airwave
Instant access point firmware
Web management portal
Sd-wan
203r firmware
203rp firmware
Ap-300 series access points firmware
Ap-300 series instant access points firmware
Aruba instant
Airwave network management
Analytics and location engine
Airwave glass
Instant
Silver peak orchestrator


Copyright 2024, cxsecurity.com

 

Back to Top