CVE-2021-45046

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

Severity Score

9.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

Se descubrió que la corrección para abordar CVE-2021-44228 en Apache Log4j versiones 2.15.0 estaba incompleta en ciertas configuraciones no predeterminadas. Esto podría permitir a los atacantes con control sobre los datos de entrada de Thread Context Map (MDC) cuando la configuración de registro utiliza un Pattern Layout no predeterminado con un Context Lookup (por ejemplo, $${ctx:loginId}) o un Thread Context Map pattern (%X, %mdc, o %MDC) para elaborar datos de entrada maliciosos utilizando un patrón JNDI Lookup que resulta en una fuga de información y ejecución de código remoto en algunos entornos y ejecución de código local en todos los entornos. Log4j versiones 2.16.0 (Java 8) y 2.12.2 (Java 7) solucionan este problema eliminando el soporte para los patrones de búsqueda de mensajes y deshabilitando la funcionalidad JNDI por defecto

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-12-14 CVE Reserved
2021-12-14 CVE Published
2021-12-15 First Exploit
2023-05-01 Exploited in Wild
2023-05-22 KEV Due Date
2024-08-04 CVE Updated
2024-08-29 EPSS Updated

CWE

CWE-400: Uncontrolled Resource Consumption
CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CAPEC

References (28)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List
http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List
http://www.openwall.com/lists/oss-security/2021/12/18/1	Mailing List
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
https://security.gentoo.org/glsa/202310-16	Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2021-44228	Not Applicable
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
https://www.kb.cert.org/vuls/id/930724	Third Party Advisory
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory

URL	Date	SRC
https://github.com/BobTheShoplifter/CVE-2021-45046-Info	2021-12-15
https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832	2022-01-03
https://github.com/tejas-nagchandi/CVE-2021-45046	2021-12-16
https://github.com/pravin-pp/log4j2-CVE-2021-45046	2021-12-15

URL	Date	SRC
https://www.oracle.com/security-alerts/cpujan2022.html	2024-06-27

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY	2024-06-27
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ	2024-06-27
https://logging.apache.org/log4j/2.x/security.html	2024-06-27
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	2024-06-27
https://www.debian.org/security/2021/dsa-5022	2024-06-27
https://access.redhat.com/security/cve/CVE-2021-45046	2022-04-11
https://bugzilla.redhat.com/show_bug.cgi?id=2032580	2022-04-11
https://access.redhat.com/security/cve/CVE-2021-44228	2022-04-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	Sppa-t3000 Ses3000 Firmware Search vendor "Siemens" for product "Sppa-t3000 Ses3000 Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Sppa-t3000 Ses3000 Search vendor "Siemens" for product "Sppa-t3000 Ses3000"	-	-	Safe
Siemens Search vendor "Siemens"	6bk1602-0aa12-0tp0 Firmware Search vendor "Siemens" for product "6bk1602-0aa12-0tp0 Firmware"	< 2.7.0 Search vendor "Siemens" for product "6bk1602-0aa12-0tp0 Firmware" and version " < 2.7.0"	-	Affected	in	Siemens Search vendor "Siemens"	6bk1602-0aa12-0tp0 Search vendor "Siemens" for product "6bk1602-0aa12-0tp0"	-	-	Safe
Siemens Search vendor "Siemens"	6bk1602-0aa22-0tp0 Firmware Search vendor "Siemens" for product "6bk1602-0aa22-0tp0 Firmware"	< 2.7.0 Search vendor "Siemens" for product "6bk1602-0aa22-0tp0 Firmware" and version " < 2.7.0"	-	Affected	in	Siemens Search vendor "Siemens"	6bk1602-0aa22-0tp0 Search vendor "Siemens" for product "6bk1602-0aa22-0tp0"	-	-	Safe
Siemens Search vendor "Siemens"	6bk1602-0aa32-0tp0 Firmware Search vendor "Siemens" for product "6bk1602-0aa32-0tp0 Firmware"	< 2.7.0 Search vendor "Siemens" for product "6bk1602-0aa32-0tp0 Firmware" and version " < 2.7.0"	-	Affected	in	Siemens Search vendor "Siemens"	6bk1602-0aa32-0tp0 Search vendor "Siemens" for product "6bk1602-0aa32-0tp0"	-	-	Safe
Siemens Search vendor "Siemens"	6bk1602-0aa42-0tp0 Firmware Search vendor "Siemens" for product "6bk1602-0aa42-0tp0 Firmware"	< 2.7.0 Search vendor "Siemens" for product "6bk1602-0aa42-0tp0 Firmware" and version " < 2.7.0"	-	Affected	in	Siemens Search vendor "Siemens"	6bk1602-0aa42-0tp0 Search vendor "Siemens" for product "6bk1602-0aa42-0tp0"	-	-	Safe
Siemens Search vendor "Siemens"	6bk1602-0aa52-0tp0 Firmware Search vendor "Siemens" for product "6bk1602-0aa52-0tp0 Firmware"	< 2.7.0 Search vendor "Siemens" for product "6bk1602-0aa52-0tp0 Firmware" and version " < 2.7.0"	-	Affected	in	Siemens Search vendor "Siemens"	6bk1602-0aa52-0tp0 Search vendor "Siemens" for product "6bk1602-0aa52-0tp0"	-	-	Safe
Apache Search vendor "Apache"		Log4j Search vendor "Apache" for product "Log4j"				>= 2.0.1 < 2.12.2 Search vendor "Apache" for product "Log4j" and version " >= 2.0.1 < 2.12.2"		-		Affected
Apache Search vendor "Apache"		Log4j Search vendor "Apache" for product "Log4j"				>= 2.13.0 < 2.16.0 Search vendor "Apache" for product "Log4j" and version " >= 2.13.0 < 2.16.0"		-		Affected
Apache Search vendor "Apache"		Log4j Search vendor "Apache" for product "Log4j"				2.0 Search vendor "Apache" for product "Log4j" and version "2.0"		-		Affected
Apache Search vendor "Apache"		Log4j Search vendor "Apache" for product "Log4j"				2.0 Search vendor "Apache" for product "Log4j" and version "2.0"		beta9		Affected
Apache Search vendor "Apache"		Log4j Search vendor "Apache" for product "Log4j"				2.0 Search vendor "Apache" for product "Log4j" and version "2.0"		rc1		Affected
Apache Search vendor "Apache"		Log4j Search vendor "Apache" for product "Log4j"				2.0 Search vendor "Apache" for product "Log4j" and version "2.0"		rc2		Affected
Intel Search vendor "Intel"		Audio Development Kit Search vendor "Intel" for product "Audio Development Kit"				-		-		Affected
Intel Search vendor "Intel"		Computer Vision Annotation Tool Search vendor "Intel" for product "Computer Vision Annotation Tool"				-		-		Affected
Intel Search vendor "Intel"		Datacenter Manager Search vendor "Intel" for product "Datacenter Manager"				-		-		Affected
Intel Search vendor "Intel"		Genomics Kernel Library Search vendor "Intel" for product "Genomics Kernel Library"				-		-		Affected
Intel Search vendor "Intel"		Oneapi Search vendor "Intel" for product "Oneapi"				-		eclipse		Affected
Intel Search vendor "Intel"		Secure Device Onboard Search vendor "Intel" for product "Secure Device Onboard"				-		-		Affected
Intel Search vendor "Intel"		Sensor Solution Firmware Development Kit Search vendor "Intel" for product "Sensor Solution Firmware Development Kit"				-		-		Affected
Intel Search vendor "Intel"		System Debugger Search vendor "Intel" for product "System Debugger"				-		-		Affected
Intel Search vendor "Intel"		System Studio Search vendor "Intel" for product "System Studio"				-		-		Affected
Siemens Search vendor "Siemens"		Captial Search vendor "Siemens" for product "Captial"				< 2019.1 Search vendor "Siemens" for product "Captial" and version " < 2019.1"		-		Affected
Siemens Search vendor "Siemens"		Captial Search vendor "Siemens" for product "Captial"				2019.1 Search vendor "Siemens" for product "Captial" and version "2019.1"		-		Affected
Siemens Search vendor "Siemens"		Captial Search vendor "Siemens" for product "Captial"				2019.1 Search vendor "Siemens" for product "Captial" and version "2019.1"		sp1912		Affected
Siemens Search vendor "Siemens"		Comos Search vendor "Siemens" for product "Comos"				*		-		Affected
Siemens Search vendor "Siemens"		Desigo Cc Advanced Reports Search vendor "Siemens" for product "Desigo Cc Advanced Reports"				4.0 Search vendor "Siemens" for product "Desigo Cc Advanced Reports" and version "4.0"		-		Affected
Siemens Search vendor "Siemens"		Desigo Cc Advanced Reports Search vendor "Siemens" for product "Desigo Cc Advanced Reports"				4.1 Search vendor "Siemens" for product "Desigo Cc Advanced Reports" and version "4.1"		-		Affected
Siemens Search vendor "Siemens"		Desigo Cc Advanced Reports Search vendor "Siemens" for product "Desigo Cc Advanced Reports"				4.2 Search vendor "Siemens" for product "Desigo Cc Advanced Reports" and version "4.2"		-		Affected
Siemens Search vendor "Siemens"		Desigo Cc Advanced Reports Search vendor "Siemens" for product "Desigo Cc Advanced Reports"				5.0 Search vendor "Siemens" for product "Desigo Cc Advanced Reports" and version "5.0"		-		Affected
Siemens Search vendor "Siemens"		Desigo Cc Advanced Reports Search vendor "Siemens" for product "Desigo Cc Advanced Reports"				5.1 Search vendor "Siemens" for product "Desigo Cc Advanced Reports" and version "5.1"		-		Affected
Siemens Search vendor "Siemens"		Desigo Cc Info Center Search vendor "Siemens" for product "Desigo Cc Info Center"				5.0 Search vendor "Siemens" for product "Desigo Cc Info Center" and version "5.0"		-		Affected
Siemens Search vendor "Siemens"		Desigo Cc Info Center Search vendor "Siemens" for product "Desigo Cc Info Center"				5.1 Search vendor "Siemens" for product "Desigo Cc Info Center" and version "5.1"		-		Affected
Siemens Search vendor "Siemens"		E-car Operation Center Search vendor "Siemens" for product "E-car Operation Center"				< 2021-12-13 Search vendor "Siemens" for product "E-car Operation Center" and version " < 2021-12-13"		-		Affected
Siemens Search vendor "Siemens"		Energy Engage Search vendor "Siemens" for product "Energy Engage"				3.1 Search vendor "Siemens" for product "Energy Engage" and version "3.1"		-		Affected
Siemens Search vendor "Siemens"		Energyip Search vendor "Siemens" for product "Energyip"				8.5 Search vendor "Siemens" for product "Energyip" and version "8.5"		-		Affected
Siemens Search vendor "Siemens"		Energyip Search vendor "Siemens" for product "Energyip"				8.6 Search vendor "Siemens" for product "Energyip" and version "8.6"		-		Affected
Siemens Search vendor "Siemens"		Energyip Search vendor "Siemens" for product "Energyip"				8.7 Search vendor "Siemens" for product "Energyip" and version "8.7"		-		Affected
Siemens Search vendor "Siemens"		Energyip Search vendor "Siemens" for product "Energyip"				9.0 Search vendor "Siemens" for product "Energyip" and version "9.0"		-		Affected
Siemens Search vendor "Siemens"		Energyip Prepay Search vendor "Siemens" for product "Energyip Prepay"				3.7 Search vendor "Siemens" for product "Energyip Prepay" and version "3.7"		-		Affected
Siemens Search vendor "Siemens"		Energyip Prepay Search vendor "Siemens" for product "Energyip Prepay"				3.8 Search vendor "Siemens" for product "Energyip Prepay" and version "3.8"		-		Affected
Siemens Search vendor "Siemens"		Gma-manager Search vendor "Siemens" for product "Gma-manager"				< 8.6.2j-398 Search vendor "Siemens" for product "Gma-manager" and version " < 8.6.2j-398"		-		Affected
Siemens Search vendor "Siemens"		Head-end System Universal Device Integration System Search vendor "Siemens" for product "Head-end System Universal Device Integration System"				*		-		Affected
Siemens Search vendor "Siemens"		Industrial Edge Management Search vendor "Siemens" for product "Industrial Edge Management"				*		-		Affected
Siemens Search vendor "Siemens"		Industrial Edge Management Hub Search vendor "Siemens" for product "Industrial Edge Management Hub"				< 2021-12-13 Search vendor "Siemens" for product "Industrial Edge Management Hub" and version " < 2021-12-13"		-		Affected
Siemens Search vendor "Siemens"		Logo\! Soft Comfort Search vendor "Siemens" for product "Logo\! Soft Comfort"				*		-		Affected
Siemens Search vendor "Siemens"		Mendix Search vendor "Siemens" for product "Mendix"				*		-		Affected
Siemens Search vendor "Siemens"		Mindsphere Search vendor "Siemens" for product "Mindsphere"				< 2021-12-11 Search vendor "Siemens" for product "Mindsphere" and version " < 2021-12-11"		-		Affected
Siemens Search vendor "Siemens"		Navigator Search vendor "Siemens" for product "Navigator"				< 2021-12-13 Search vendor "Siemens" for product "Navigator" and version " < 2021-12-13"		-		Affected
Siemens Search vendor "Siemens"		Nx Search vendor "Siemens" for product "Nx"				*		-		Affected
Siemens Search vendor "Siemens"		Opcenter Intelligence Search vendor "Siemens" for product "Opcenter Intelligence"				<= 3.2 Search vendor "Siemens" for product "Opcenter Intelligence" and version " <= 3.2"		-		Affected
Siemens Search vendor "Siemens"		Operation Scheduler Search vendor "Siemens" for product "Operation Scheduler"				<= 1.1.3 Search vendor "Siemens" for product "Operation Scheduler" and version " <= 1.1.3"		-		Affected
Siemens Search vendor "Siemens"		Sentron Powermanager Search vendor "Siemens" for product "Sentron Powermanager"				4.1 Search vendor "Siemens" for product "Sentron Powermanager" and version "4.1"		-		Affected
Siemens Search vendor "Siemens"		Sentron Powermanager Search vendor "Siemens" for product "Sentron Powermanager"				4.2 Search vendor "Siemens" for product "Sentron Powermanager" and version "4.2"		-		Affected
Siemens Search vendor "Siemens"		Siguard Dsa Search vendor "Siemens" for product "Siguard Dsa"				4.2 Search vendor "Siemens" for product "Siguard Dsa" and version "4.2"		-		Affected
Siemens Search vendor "Siemens"		Siguard Dsa Search vendor "Siemens" for product "Siguard Dsa"				4.3 Search vendor "Siemens" for product "Siguard Dsa" and version "4.3"		-		Affected
Siemens Search vendor "Siemens"		Siguard Dsa Search vendor "Siemens" for product "Siguard Dsa"				4.4 Search vendor "Siemens" for product "Siguard Dsa" and version "4.4"		-		Affected
Siemens Search vendor "Siemens"		Sipass Integrated Search vendor "Siemens" for product "Sipass Integrated"				2.80 Search vendor "Siemens" for product "Sipass Integrated" and version "2.80"		-		Affected
Siemens Search vendor "Siemens"		Sipass Integrated Search vendor "Siemens" for product "Sipass Integrated"				2.85 Search vendor "Siemens" for product "Sipass Integrated" and version "2.85"		-		Affected
Siemens Search vendor "Siemens"		Siveillance Command Search vendor "Siemens" for product "Siveillance Command"				<= 4.16.2.1 Search vendor "Siemens" for product "Siveillance Command" and version " <= 4.16.2.1"		-		Affected
Siemens Search vendor "Siemens"		Siveillance Control Pro Search vendor "Siemens" for product "Siveillance Control Pro"				*		-		Affected
Siemens Search vendor "Siemens"		Siveillance Identity Search vendor "Siemens" for product "Siveillance Identity"				1.5 Search vendor "Siemens" for product "Siveillance Identity" and version "1.5"		-		Affected
Siemens Search vendor "Siemens"		Siveillance Identity Search vendor "Siemens" for product "Siveillance Identity"				1.6 Search vendor "Siemens" for product "Siveillance Identity" and version "1.6"		-		Affected
Siemens Search vendor "Siemens"		Siveillance Vantage Search vendor "Siemens" for product "Siveillance Vantage"				*		-		Affected
Siemens Search vendor "Siemens"		Siveillance Viewpoint Search vendor "Siemens" for product "Siveillance Viewpoint"				*		-		Affected
Siemens Search vendor "Siemens"		Solid Edge Cam Pro Search vendor "Siemens" for product "Solid Edge Cam Pro"				*		-		Affected
Siemens Search vendor "Siemens"		Solid Edge Harness Design Search vendor "Siemens" for product "Solid Edge Harness Design"				< 2020 Search vendor "Siemens" for product "Solid Edge Harness Design" and version " < 2020"		-		Affected
Siemens Search vendor "Siemens"		Solid Edge Harness Design Search vendor "Siemens" for product "Solid Edge Harness Design"				2020 Search vendor "Siemens" for product "Solid Edge Harness Design" and version "2020"		-		Affected
Siemens Search vendor "Siemens"		Solid Edge Harness Design Search vendor "Siemens" for product "Solid Edge Harness Design"				2020 Search vendor "Siemens" for product "Solid Edge Harness Design" and version "2020"		-		Affected
Siemens Search vendor "Siemens"		Solid Edge Harness Design Search vendor "Siemens" for product "Solid Edge Harness Design"				2020 Search vendor "Siemens" for product "Solid Edge Harness Design" and version "2020"		sp2002		Affected
Siemens Search vendor "Siemens"		Spectrum Power 4 Search vendor "Siemens" for product "Spectrum Power 4"				< 4.70 Search vendor "Siemens" for product "Spectrum Power 4" and version " < 4.70"		-		Affected
Siemens Search vendor "Siemens"		Spectrum Power 4 Search vendor "Siemens" for product "Spectrum Power 4"				4.70 Search vendor "Siemens" for product "Spectrum Power 4" and version "4.70"		-		Affected
Siemens Search vendor "Siemens"		Spectrum Power 4 Search vendor "Siemens" for product "Spectrum Power 4"				4.70 Search vendor "Siemens" for product "Spectrum Power 4" and version "4.70"		sp7		Affected
Siemens Search vendor "Siemens"		Spectrum Power 4 Search vendor "Siemens" for product "Spectrum Power 4"				4.70 Search vendor "Siemens" for product "Spectrum Power 4" and version "4.70"		sp8		Affected
Siemens Search vendor "Siemens"		Spectrum Power 7 Search vendor "Siemens" for product "Spectrum Power 7"				< 2.30 Search vendor "Siemens" for product "Spectrum Power 7" and version " < 2.30"		-		Affected
Siemens Search vendor "Siemens"		Spectrum Power 7 Search vendor "Siemens" for product "Spectrum Power 7"				2.30 Search vendor "Siemens" for product "Spectrum Power 7" and version "2.30"		-		Affected
Siemens Search vendor "Siemens"		Spectrum Power 7 Search vendor "Siemens" for product "Spectrum Power 7"				2.30 Search vendor "Siemens" for product "Spectrum Power 7" and version "2.30"		-		Affected
Siemens Search vendor "Siemens"		Spectrum Power 7 Search vendor "Siemens" for product "Spectrum Power 7"				2.30 Search vendor "Siemens" for product "Spectrum Power 7" and version "2.30"		sp2		Affected
Siemens Search vendor "Siemens"		Teamcenter Search vendor "Siemens" for product "Teamcenter"				*		-		Affected
Siemens Search vendor "Siemens"		Tracealertserverplus Search vendor "Siemens" for product "Tracealertserverplus"				*		-		Affected
Siemens Search vendor "Siemens"		Vesys Search vendor "Siemens" for product "Vesys"				< 2019.1 Search vendor "Siemens" for product "Vesys" and version " < 2019.1"		-		Affected
Siemens Search vendor "Siemens"		Vesys Search vendor "Siemens" for product "Vesys"				2019.1 Search vendor "Siemens" for product "Vesys" and version "2019.1"		-		Affected
Siemens Search vendor "Siemens"		Vesys Search vendor "Siemens" for product "Vesys"				2019.1 Search vendor "Siemens" for product "Vesys" and version "2019.1"		-		Affected
Siemens Search vendor "Siemens"		Vesys Search vendor "Siemens" for product "Vesys"				2019.1 Search vendor "Siemens" for product "Vesys" and version "2019.1"		sp1912		Affected
Siemens Search vendor "Siemens"		Xpedition Enterprise Search vendor "Siemens" for product "Xpedition Enterprise"				-		-		Affected
Siemens Search vendor "Siemens"		Xpedition Package Integrator Search vendor "Siemens" for product "Xpedition Package Integrator"				-		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected
Sonicwall Search vendor "Sonicwall"		Email Security Search vendor "Sonicwall" for product "Email Security"				< 10.0.12 Search vendor "Sonicwall" for product "Email Security" and version " < 10.0.12"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected