25 matches found
Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in log4j-core-2.17.2 (CVE-2025-68161)
Summary IBM® Db2® federated server is affected by a vulnerability in log4j-core-2.17.2 CVE-2025-68161 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...
ROOT-APP-MAVEN-CVE-2025-68161 CVE-2025-68161 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root
Root has patched CVE-2025-68161 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...
Security Bulletin: Multiple Vulnerabilities in Apache Log4j Core shipped in Tivoli Netcool/OMNIbus
Summary The Netcool/Omnibus 'Administrator GUI' and 'Accelerated Event Notification GUI' desktop components use a version of Apache Log4j that contains known vulnerabilities. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server
Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin CVE-2025-36122, CVE-2025-14688, CVE-2025-67735, CVE-2025-68161, CVE-2026-1352, CVE-2025-12183, CVE-2026-1577, CVE-2026-3676...
Security Bulletin: IBM SPSS Analytic Server is affected by a TLS hostname verification vulnerability in Apache Log4j Core (CVE-2025-68161)
Summary IBM SPSS Analytic Server is affected by a TLS hostname verification vulnerability in Apache Log4j Core CVE-2025-68161. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9...
Security Bulletin: due to the use of Apache Log4j, IBM Transformation Extender Advanced is vulnerable to Host Mismatch
Summary Apache Log4j is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. Apache Log4j has been updated to address CVE-2025-68161 which causes hostname mismatch. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The...
PT-2026-31939
Name of the Vulnerable Software and Affected Versions Apache Log4j Core versions 2.12.0 through 2.25.3 Description A flaw exists where hostname verification is ignored when configured through the verifyHostName attribute of the '' element. This occurs even if the attribute is explicitly set,...
Security Bulletin: Multiple vulnerabilities in IBM Event Endpoint Management.
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management 11.7.3 Vulnerability Details CVEID:CVE-2025-68470 DESCRIPTION: React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a Rea...
Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9
Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Log4j (CVE-2025-68161)
Summary A vulnerability in Apache Log4j that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificat...
Security Bulletin: IBM App Connect for Manufacturing is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core (CVE-2025-68161)
Summary IBM App Connect for Manufacturing is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostnam...
Security Bulletin: IBM Maximo Asset Configuration Manager uses log4j-core-2.17.1 which is vulnerable to CVE-2025-68161
Summary IBM Maximo Asset Configuration Manager uses log4j-core-2.17.1 which is vulnerable to CVE-2025-68161. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions...
K000160192: Log4j vulnerability CVE-2025-68161
Security Advisory Description The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https: //logging. apache. org/log4j/2.x/manual/appenders/network...
Security Bulletin: Due to use of Apache Log4j, IBM Sterling Connect:Direct Web Services is affected by TLS hostname verification issue.
Summary Apache Log4j is used by IBM Sterling Connect:Direct Web Services CVE-2025-68161. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when...
Security Bulletin: Vulnerablity in Apache Log4j may affect IBM APM Internet Service Monitoring Agent
Summary There is a vulnerability in the Apache log4j library used by IBM APM Internet Service Monitoring Agent. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : log4j (SUSE-SU-2026:0254-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0254-1 advisory. Security fixes: - CVE-2025-68161: Fixed absent TLS hostname verification that may allow a man-in-the-midd...
Oracle Primavera Gateway (January 2026 CPU)
The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Apache Log4j. Supported versions that ar...
SUSE-SU-2026:0254-1 Security update for log4j
This update for log4j fixes the following issues: Security fixes: - CVE-2025-68161: Fixed absent TLS hostname verification that may allow a man-in-the-middle attack bsc1255427 Other fixes: - Upgrade to 2.18.0 Added + Add support for Jakarta Mail API in the SMTP appender. + Add support for custom...
Oracle GoldenGate for Big Data MiTM Vulnerability 19.x < 19.1.0.0.22 (January 2026 CPU)
According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...
[SECURITY] [DLA 4444-1] apache-log4j2 security update
Debian LTS Advisory DLA-4444-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 19, 2026 https://wiki.debian.org/LTS Package : apache-log4j2 Version : 2.17.1-1deb11u2 CVE ID : CVE-2025-68161 Debian Bug : 1123744 In Apache Log4j2, a Java Logging Framework, t...