{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T09:56:08.545","vulnerabilities":[{"cve":{"id":"CVE-2021-42550","sourceIdentifier":"vulnerability@ncsc.ch","published":"2021-12-16T19:15:08.297","lastModified":"2024-11-21T06:27:47.313","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers."},{"lang":"es","value":"En logback versiones 1.2.7 y anteriores, un atacante con los privilegios necesarios para editar archivos de configuración podría diseñar una configuración maliciosa que permitiera ejecutar código arbitrario cargado desde servidores LDAP"}],"metrics":{"cvssMetricV31":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:C/I:C/A:C","baseScore":8.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":6.8,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.7","matchCriteriaId":"84B21ABD-4A81-4F45-976A-8DDAA69BA58F"},{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:1.3.0:alpha0:*:*:*:*:*:*","matchCriteriaId":"8B60F4B4-FC1D-4F39-A711-10EE7A647AF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:1.3.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"327949AE-037B-4D44-948E-4CAF03908843"},{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:1.3.0:alpha10:*:*:*:*:*:*","matchCriteriaId":"7004378F-35B1-45D6-953E-C87A568680F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:1.3.0:alpha2:*:*:*:*:*:*","matchCriteriaId":"3814C3CD-2D1D-43E2-ADDB-14CA7EDC21D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:1.3.0:alpha3:*:*:*:*:*:*","matchCriteriaId":"DF6F97D2-0D95-4A9A-8C97-C7A778312CF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:1.3.0:alpha4:*:*:*:*:*:*","matchCriteriaId":"1F7E9E7E-4E7F-42E6-ACBA-2B854CFC955D"},{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:1.3.0:alpha5:*:*:*:*:*:*","matchCriteriaId":"45EDB2D9-634B-4706-8911-67188EDC24DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:1.3.0:alpha6:*:*:*:*:*:*","matchCriteriaId":"3085EDDC-2B3E-4508-9FDA-DDA4153221F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:1.3.0:alpha7:*:*:*:*:*:*","matchCriteriaId":"7083CE23-C937-428B-AD51-48C6DB9F8BE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:1.3.0:alpha8:*:*:*:*:*:*","matchCriteriaId":"50ECFEED-C263-4B74-9A27-D03115D03C0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:qos:logback:1.3.0:alpha9:*:*:*:*:*:*","matchCriteriaId":"672A9525-EFC1-479F-9192-C7D45FF42384"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*","matchCriteriaId":"848C92A9-0677-442B-8D52-A448F2019903"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"197D0D80-6702-4B61-B681-AFDBA7D69067"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"7081652A-D28B-494E-94EF-CA88117F23EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*","matchCriteriaId":"9F4754FB-E3EB-454A-AB1A-AE3835C5350C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.3","matchCriteriaId":"BEF5E6CF-BBA5-4CCF-ACB1-BEF8D2C372B8"}]}]}],"references":[{"url":"http://logback.qos.ch/news.html","source":"vulnerability@ncsc.ch","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html","source":"vulnerability@ncsc.ch","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2022/Jul/11","source":"vulnerability@ncsc.ch","tags":["Mailing List","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-371761.pdf","source":"vulnerability@ncsc.ch","tags":["Third Party Advisory"]},{"url":"https://github.com/cn-panda/logbackRceDemo","source":"vulnerability@ncsc.ch","tags":["Exploit","Third Party Advisory"]},{"url":"https://jira.qos.ch/browse/LOGBACK-1591","source":"vulnerability@ncsc.ch","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20211229-0001/","source":"vulnerability@ncsc.ch","tags":["Third Party Advisory"]},{"url":"http://logback.qos.ch/news.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2022/Jul/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-371761.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/cn-panda/logbackRceDemo","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://jira.qos.ch/browse/LOGBACK-1591","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20211229-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}