CVE-2022-23307 vulnerabilities

Vulnerabilities for packages: druid...

CVE-2022-23307 vulnerabilities

Vulnerabilities for packages: druid...

Ubuntu: Security Advisory (USN-7590-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7590-1 apache-log4j1.2 vulnerabilities

It was discovered that several deserialization issues existed within Apache Log4j. An attacker could possibly use these issues to enable the execution of arbitrary code. CVE-2022-23302, CVE-2022-23305, CVE-2022-23307...

USN-7590-1: Apache Log4j vulnerabilities

It was discovered that several deserialization issues existed within Apache Log4j. An attacker could possibly use these issues to enable the execution of arbitrary code. CVE-2022-23302, CVE-2022-23305, CVE-2022-23307...

Oracle Siebel Server <= 23.5 (July 2023 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: EAI JSON-java. Supported versions that are affected are 23.5 and prior...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.11 Security update (Important) (RHSA-2024:10207)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:10207 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release ...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.1.7 on RHEL 7 (RHSA-2024:5856)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5856 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Security Bulletin: Order Management could be subject to Log4j 1.x vulnerability that could be exploited to remotely execute arbitrary code .

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2019-17571, CVE-2020-9493, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2020-9488 however the specific code related to the vulnerability is not in use, therefore the...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Apache Log4j vulnerabilities (USN-5998-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5998-1 advisory. It was discovered that the SocketServer component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could...

Ubuntu: Security Advisory (USN-5998-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: log4j

Issue Overview: A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

Security Bulletin: IBM Cloud Pak for Data System (CPDS) is vulnerable to arbitrary code execution due to Apache Log4j [CVE-2022-23307]

Summary Apache Log4j is used by IBM Cloud Pak for Data System 1.0 in Logging. This bulletin provides a remediation for the Apache Log4j vulnerability CVE-2022-23307 in Log4j version 1.2.17-18. Vulnerability Details CVEID:CVE-2022-23307 DESCRIPTION: Apache Log4j could allow a remote attacker to...

K34002344: Overview of Log4j vulnerabilities (2021 and 2022)

Security Advisory Description This document is intended to serve as an overview of the 2021 and 2022 Log4j vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated security advisory. High CVEs Medium CVEs Not Vulnerable CVEs High CV...

K00322972: Apache Log4j Chainsaw vulnerability CVE-2022-23307

Security Advisory Description CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. CVE-2022-23307 Impact An attacker may be able to use this vulnerability to generat...

OESA-2022-2065 log4j12 security update

With log4j it is possible to enable logging at runtime without modifying the application binary. Security Fixes: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...

Security Bulletin: IBM Sterling Order Management migration strategy to Apache Log4j vulnerability [CVE-2022-23307]

Summary Apache Log4j is used by IBM Sterling Order Management as part of its logging utility and we strongly recommend upgrading to the latest supported version of log4j that was released as part of the latest FixPack CVE-2022-23307. Vulnerability Details CVEID:CVE-2022-23307 DESCRIPTION: Apache...

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x

Summary IBM Data Risk Manager IDRM 2.0.6.13, which is the only supported version, is impacted by multiple vulnerabilities including Apache Log4j 1.x CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2022-23302, CVE-2021-4104, CVE-2020-9488, CVE-2020-9493 which was bundled within hadoop-client...

Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2022-23307).

Summary There is a vulnerability in the Apache Log4j open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. This vulnerability has been addressed. CVE-2022-23307. Vulnerability Details CVEID:CVE-2022-23307 DESCRIPTION: Apache Log4j could allow a...

Security Bulletin: Multiple vulnerabilities in IBM Security Verify Information Queue connect image (CVE-2020-9493, CVE-2022-23307)

Summary The connect image in IBM Security Verify Information Queue ISIQ v10.0.2 uses a Confluent-provided Apache Log4j library. The library includes a log-viewing component known as Chainsaw that has two deserialization flaws. ISIQ v10.0.3 upgraded its connect image to specify a newer Apache Log4...