This repository has been archived by the owner on Feb 2, 2023. It is now read-only.
Microsoft PowerAutomate Desktop 10.0.1770.0_x64 #397
Labels
need info
This issue or pull request requires further information
Vendor: Microsoft
Product: PowerAutomate Desktop
Version: 10.0.1770.0_x64
Status: Unknown (disclosed to vendor, awaiting response from vendor)
Update Available: No
Notes: Vulnerability disclosed to vendor. Initially found using PowerShell script at https://github.com/CERTCC/CVE-2021-44228_scanner and confirmed by manually examining unpacked archive.
References: From pom.xml located in C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.1770.0_x64__8wekyb3d8bbwe\java-support pad.javabridge.jar:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j</artifactId> <version>2.12.1</version> <relativePath>../</relativePath> </parent> <artifactId>log4j-core</artifactId> <packaging>jar</packaging> <name>Apache Log4j Core</name> <description>The Apache Log4j Implementation</description> <properties> <log4jParentDir>${basedir}/..</log4jParentDir> <docLabel>Core Documentation</docLabel> <projectDir>/core</projectDir>
Archive contains contains org/apache/logging/log4j/core/lookup/JndiLookup.class
Official Vendor Statement re: CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
Official Vendor-provided mitigation actions (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-44228)
:added links to vendor statements and mitigation pages
The text was updated successfully, but these errors were encountered: