qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Control-M-log4j2-Remote-com...

131 lines
4.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Control-M log4j2 Remote command execution vulnerability (CVE-2021-44228)",
"Description": "<p>Control-M is a cross-platform batch job scheduling management software. It adopts C/S mode, installs Enterprise Manager and server on the server, installs the agent on the controlled host, and the agent can submit the defined by Control-M on the host Job flow, and return the running result.</p><p>Control-M log4j2 has a remote command execution vulnerability. Attackers can use this vulnerability to execute commands arbitrarily on the server side, write to the backdoor, obtain server permissions, and then control the entire web server.</p>",
"Product": "Control-M",
"Homepage": "https://www.bmc.com/it-solutions/control-m.html",
"DisclosureDate": "2021-12-23",
"Author": "fmbd",
"FofaQuery": "app=\"BMC-Control-M-Root-CA\" || product=\"JAVA\"",
"GobyQuery": "app=\"BMC-Control-M-Root-CA\" || product=\"JAVA\"",
"Level": "3",
"Impact": "<p>Control-M log4j2 has a remote command execution vulnerability. Attackers can use this vulnerability to execute commands arbitrarily on the server side, write to the backdoor, obtain server permissions, and then control the entire web server.</p>",
"Recommendation": "<p>The supplier has released a solution, please upgrade to the new version:<a href=\"https://github.com/apache/logging-log4j2/tags/\" target=\"_blank\">https://github.com/apache/logging-log4j2/tags/</a></p><p>1. Deploy a web application firewall to monitor database operations.</p><p>2.If not necessary, prohibit public network access to the system.</p> ",
"Translation": {
"CN": {
"Name": "Control-M log4j2 命令执行漏洞CVE-2021-44228",
"Product": "Control-M",
"VulType": [
"命令执行"
],
"Tags": [
"命令执行"
],
"Description": "<p>Control-M是一个跨平台的批量作业调度管理软件采用C/S模式在服务器上安装Enterprise Manager和服务器在被控主机上安装agent, agent可以在主机上提交由Control-M定义好的作业流并返回运行结果。</p><p>Control-M log4j2 存在命令执行漏洞攻击者可通过该漏洞在服务器端任意执行命令写入后门获取服务器权限进而控制整个web服务器。</p>",
"Impact": "<p>Control-M log4j2 存在命令执行漏洞攻击者可通过该漏洞在服务器端任意执行命令写入后门获取服务器权限进而控制整个web服务器。<br></p>",
"Recommendation": "<p>⼚商已发布了漏洞方案,请及时关注: <a href=\"https://github.com/apache/logging-log4j2/tags/\">https://github.com/apache/logging-log4j2/tags/</a></p><p></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
}
},
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228",
"https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
],
"Is0day": false,
"HasExp": false,
"ExpParams": [],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
"CVE-2021-44228"
],
"CNNVD": [
"CNNVD-202112-799"
],
"CNVD": [
"CNVD-2021-95914"
],
"CVSSScore": "10.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink