UCC Edge: Logback Vulnerability False Positive (CVE-2021-42550)
摘要: This article provides a list of security vulnerabilities that cannot be exploited on Dell UCC Edge 2.0.2, but which may be identified by security scanners.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
安全性文章类型
Security KB
CVE 标识符
CVE-2021-42550
问题摘要
See the 'Recommendation' section below for details on each CVE.
建议
The vulnerabilities listed in the table below are in order by the date on which UCC Edge Engineering determined that the UCC Edge 2.0.2 was not vulnerable.
| Third-party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Logback | CVE-2021-42550 | In Logback version 1.2.7 and earlier versions, an attacker with the required privileges to edit configurations files may potentially craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | Logback 1.2.3 is used in our released product of UCC Edge 2.0.2 but the application is not using any configuration file for Logback, which makes it not possible to exploit this vulnerability. | 2022-01-19 |
法律免责声明
受影响的产品
UCC Edge产品
Product Security Information文章属性
文章编号: 000195400
文章类型: Security KB
上次修改时间: 19 9月 2025
版本: 2
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。