CVE-2021-42550

MEDIUM

QOS Logback < 1.2.7 - Insecure Deserialization

Title source: rule

Description

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

References (7)

Scores

CVSS v3 6.6
EPSS 0.0273
EPSS Percentile 85.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (18)

qos/logback < 1.2.7
qos/logback
qos/logback
qos/logback
qos/logback
qos/logback
qos/logback
qos/logback
qos/logback
qos/logback
qos/logback
qos/logback
redhat/satellite
netapp/cloud_manager
netapp/service_level_manager
... and 3 more

Timeline

Published Dec 16, 2021
Tracked Since Feb 18, 2026