UNIFY Security Advisory Report - Critical vulnerability in Apache Log4j
This is preliminary information about new Security Advisory OBSO-2111-01
please find all details in attached document
Summary:
Apache Log4j2 <= 2.14.1 has a JNDI feature that allows it to look up the contents of a log message by
using a name, via the LDAP protocol. Unfortunately though, it doesn't protect against attacker-controlled
LDAP endpoints, which means that if an attacker can control log messages (or log message parameters)
they can trigger a lookup to a malicious LDAP server, and subsequent loading and execution of arbitrary
Java code.
The vulnerability is rated critical with an initial CVSS3 score of 10.(NVD has not been assigned a score
yet)
Affected Products
Confirmed Affected products
Hipath DS-Win 4 R6.29.0 and higher (fixed in V4 R6.31.0 / available)
Atos Unify OpenScape UC V10.2.9.0 and higher (fix planned for V10.3.10) This is not the UC of OSBiz
Atos Unify First Response OpenScape Policy Store (fix planned for 01/2022)
Atos Unify OpenScape Voice (simplex deployments, fix for embedded OS UC planned for V10 R2)
Atos Unify OpenScape Contact Center V9 and higher (find solution attached)
Atos Unify OpenScape Contact Media Service V9 and higher (find solution attached)
Confirmed not affected products
Circuit
Atos Unify OpenScape SBC
Atos Unify OpenScape Branch
Atos Unify OpenScape BCF
Atos Unify OpenScape Desk Phones / OpenStage Phones
Atos Unify First Response Emergency Services Applicaction
Atos Unify OpenScape Cordless IP
Atos Unify OpenScape Voice Trace Manager
Atos Unify OpenScape 4000 and Manager
Atos Unify OpenScape Alarm Response
Atos Unify OpenScape Xpert Clients
Atos Unify OpenScape Xpert MLC
Atos Unify OpenScape Xpert System Manager
Atos Unify OpenScape Accounting Management
Atos Unify OpenScape Deployment Service
Atos Unify OpenScape Common Management Portal
Atos Unify OpenScape Composer
Atos Unify OpenScape Backup & Recovery
Atos Unify OpenScape Business
Atos Unify OpenScape UC Clients
Atos Unify OpenScape Xpressions
Atos Unify OpenScape Media Server
Atos Unify First Response MSBF
Atos Unify First Response Gemma V2 and V3
Atos Unify Office
Atos Unify OpenScape ESRP
Atos Unify OpenScape Concierge
Atos Unify OpenScape Voice (except simplex deployments)
Atos Unify OpenScape License Management CLA/CLM
Circuit Meeting Room
Atos Unify OpenScape Fault Management
Atos Unify OpenScape DECT Phones S6/SL6
Atos Unify OpenScape WLAN Phone Wireless Service Gateway
Atos Unify OpenScape WLAN Phone WL4
Atos Unify OpenScape Sesap
Atos Unify OpenScape Contact Center Extensions V3R1
Products under investigation
Atos Unify OpenScape Enterprise Express
Opmerkingen
0 opmerkingen
Artikel is gesloten voor opmerkingen.