{ "id": "CVE-2021-44832", "sourceIdentifier": "security@apache.org", "published": "2021-12-28T20:15:08.400", "lastModified": "2022-08-09T01:24:01.830", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2." }, { "lang": "es", "value": "Las versiones de Apache Log4j2 de la 2.0-beta7 a la 2.17.0 (excluyendo las versiones de correcci\u00f3n de seguridad 2.3.2 y 2.12.4) son vulnerables a un ataque de ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando una configuraci\u00f3n utiliza un JDBC Appender con un URI de origen de datos JNDI LDAP cuando un atacante tiene el control del servidor LDAP de destino. Este problema se soluciona limitando los nombres de fuentes de datos JNDI al protocolo java en las versiones 2.17.1, 2.12.4 y 2.3.2 de Log4j2" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 0.7, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 8.5 }, "baseSeverity": "HIGH", "exploitabilityScore": 6.8, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] }, { "source": "security@apache.org", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-20" }, { "lang": "en", "value": "CWE-74" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.1", "versionEndExcluding": "2.3.2", "matchCriteriaId": "E5737813-009A-4FDD-AC84-42E871EA1676" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4", "versionEndExcluding": "2.12.4", "matchCriteriaId": "0D1858C4-53AC-4528-B86F-0AB83777B4F4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.13.0", "versionEndExcluding": "2.17.1", "matchCriteriaId": "D127EBB0-E86F-4349-96E5-19BD198E0CCA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", "matchCriteriaId": "17854E42-7063-4A55-BF2A-4C7074CC2D60" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "F9D58C21-34AE-4782-8580-816B2F6A8F9D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "DCFCBA59-E0DF-46FD-8431-C1043E7AB4EE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "53F32FB2-6970-4975-8BD0-EAE12E9AD03A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B773ED91-1D39-42E6-9C52-D02210DE1A94" }, { "vulnerable": true, "criteria": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "EF24312D-1A62-482E-8078-7EC24758B710" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0.0", "versionEndIncluding": "8.5.1.0", "matchCriteriaId": "83F42D52-1E43-44E0-8B53-A2A918BDDEC3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.12.0", "versionEndIncluding": "17.12.11", "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "18.8.0", "versionEndIncluding": "18.8.13", "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "19.12.0", "versionEndIncluding": "19.12.12", "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "20.12.0", "versionEndIncluding": "20.12.7", "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "19.12.0", "versionEndIncluding": "19.12.18.0", "matchCriteriaId": "A66F0C7C-4310-489F-8E91-4171D17DB32F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "20.12.0.0", "versionEndIncluding": "20.12.12.0", "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*", "matchCriteriaId": "A5F6FD19-A314-4A1F-96CB-6DB1CED79430" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*", "matchCriteriaId": "8D62731F-3290-4383-A4F6-5274B4D63B1D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "66AB39B2-0CE1-4C7E-9E7B-B288A080D584" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835" }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", "versionEndExcluding": "12.0.0.4.6", "matchCriteriaId": "6894D860-000E-439D-8AB7-07E9B2ACC31B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD66C717-85E0-40E7-A51F-549C8196D557" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.3.0.0", "versionEndIncluding": "8.5.1.0", "matchCriteriaId": "F9550113-7423-48D8-A1C7-95D6AEE9B33C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "12.0.0.4.4", "matchCriteriaId": "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E6C9A32B-B776-4704-818D-977B4B20D677" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6989178B-A3D5-4441-A56C-6C639D4759DF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F5049591-AA1B-4D64-A925-40D0724074D1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.0", "versionEndIncluding": "12.2.24", "matchCriteriaId": "F47057A9-2DDE-4178-B140-F7D70EAED8F6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.0", "versionEndIncluding": "12.2.24", "matchCriteriaId": "9132D7F2-43B3-4595-B8BF-C9DE897087F6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.12.0", "versionEndIncluding": "17.12.11", "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "18.8.0", "versionEndIncluding": "18.8.13", "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "19.12.0", "versionEndIncluding": "19.12.12", "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "20.12.0", "versionEndIncluding": "20.12.7", "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "19.12.0.0", "versionEndIncluding": "19.12.18.0", "matchCriteriaId": "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "20.12.0.0", "versionEndIncluding": "20.12.12.0", "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0ABA57AC-4BBF-4E4F-9F7E-D42472C36EEB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "versionEndIncluding": "21.12", "matchCriteriaId": "889916ED-5EB2-49D6-8400-E6DBBD6C287F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752" } ] } ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1", "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf", "source": "security@apache.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://issues.apache.org/jira/browse/LOG4J2-3293", "source": "security@apache.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143", "source": "security@apache.org", "tags": [ "Mailing List", "Vendor Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html", "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/", "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/", "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20220104-0001/", "source": "security@apache.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", "source": "security@apache.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html", "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ] } ] }