Security Bulletin: Multiple Vulnerabilities in Apache Log4j Core shipped in Tivoli Netcool/OMNIbus

Summary The Netcool/Omnibus 'Administrator GUI' and 'Accelerated Event Notification GUI' desktop components use a version of Apache Log4j that contains known vulnerabilities. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in...

Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34477, CVE-2026-34478, CVE-2026-34480)

Summary There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed...

ROOT-APP-MAVEN-CVE-2026-34477 CVE-2026-34477 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2026-34477 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle.

Summary IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostnam...

CVE-2026-34477 vulnerabilities

Vulnerabilities for packages: airflow, solr, apache-activemq-artemis, spark, apache-pulsar, infinispan, wavefront-proxy, kserve-modelmesh, zipkin, kafka, akhq, strimzi-kafka-operator, logstash...

CVE-2026-34477 vulnerabilities

Vulnerabilities for packages: logstash, kafka, spark, apache-activemq-artemis, apache-camel-karavan-devmode, apache-pulsar-fips, kafka-bridge, wavefront-proxy, apache-activemq-fips, apache-tika-fips, elasticsearch-fips, kserve-modelmesh, spark-kubernetes-operator-fips, apache-pulsar,...

CVE-2026-34477

A flaw was found in Apache Log4j Core. A network-based attacker can perform a man-in-the-middle MITM attack, allowing them to intercept encrypted communications. This occurs when an SMTP, Socket, or Syslog appender uses Transport Layer Security TLS with a nested element, and the attacker has a...

Linux Distros Unpatched Vulnerability : CVE-2026-34477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the...

bg.codexio.ai:openai-api-examples (>=0.8.0.BETA <=0.9.0.BETA-JDK17), ch.cern:cerndb-sw-zkpolicy (=1.0.1-21) +305 more potentially affected by CVE-2026-34477 via org.apache.logging.log4j:log4j-core (>=3.0.0-alpha1 <=3.0.0-beta3)

org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-alpha1, =0.8.0.BETA, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 and more Source cves: CVE-2026-34477 Source advisory: OSV:GHSA-6HG6-V5C8-FPHQ...

africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +19147 more potentially affected by CVE-2026-34477 via org.apache.logging.log4j:log4j-core (>=2.12.0 <=2.25.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.12.0, =0.14.1, =0.1.0, =0.9.6, =0.12.0, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =4.4.0.1, =1.4.6, =1.4.6, =1.4.8 and more Source cves: CVE-2026-34477 Source advisory: OSV:GHSA-6HG6-V5C8-FPHQ...

africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +19147 more potentially affected by CVE-2026-34477 via org.apache.logging.log4j:log4j-core (>=2.12.0 <=2.25.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.12.0, =0.14.1, =0.1.0, =0.9.6, =0.12.0, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =4.4.0.1, =1.4.6, =1.4.6, =1.4.8 and more Source cves: CVE-2026-34477 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967727...

bg.codexio.ai:openai-api-examples (>=0.8.0.BETA <=0.9.0.BETA-JDK17), ch.cern:cerndb-sw-zkpolicy (=1.0.1-21) +305 more potentially affected by CVE-2026-34477 via org.apache.logging.log4j:log4j-core (>=3.0.0-alpha1 <=3.0.0-beta3)

org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-alpha1, =0.8.0.BETA, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 and more Source cves: CVE-2026-34477 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967727...

CVE-2026-34477

creationtimestamp| type| source ---|---|--- 2026-04-10 15:45:00+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj5o3zfi6q26 2026-05-13 16:36:23+00:00| seen| https://gist.github.com/ppkarwasz/53b0a3c07a9e44aa945726138f67d11c...

CVE-2026-34477

CVE-2025-68161 (and CVE-2026-34477) affect Apache Log4j Core Socket Appender where TLS hostname verification was silently ignored when configured via verifyHostName, leaving potential MITM scenarios under SMTP, Socket, or Syslog Appenders using a nested element. The issue spans versions 2.0-beta...

CVE-2024-34477

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share because of norootsquash and insecure. In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In...

CVE-2022-34477

The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox 102...

CVE-2024-34477

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share because of norootsquash and insecure. In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In...

CVE-2024-34477

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share because of norootsquash and insecure. In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In...

CVE-2024-34477

Summary (CVE-2024-34477) : In FOG projects, the function configureNFS in lib/common/functions.sh up to version 1.5.10 allows local privilege escalation by mounting a crafted NFS share, due to insecure settings (no_root_squash). To exploit, an attacker must mount an NFS share, place an executable ...

CVE-2024-34477

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share because of norootsquash and insecure. In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In...