Apache Log4j 安全漏洞

Apache Log4j is a Java-based open source logging tool from the Apache USA Foundation. A security vulnerability exists in Apache Log4j 2.25.2 and earlier versions, which stems from an unperformed TLS hostname validation and could lead to a man-in-the-middle attack...

Apache Log4j 安全漏洞

Apache Log4j is a Java-based open source logging tool from the Apache USA Foundation. A security vulnerability exists in Apache Log4j version 1.2 that stems from untrusted data deserialization...

Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking

Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms. "Randstorm is a term we coined to describe a collection...

Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2022-23305)

Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability through the JDBCAppender in Log4j 1.2.x which accepts a SQL statement as a configuration parameter. When JDBCAppender is specifically configured to use, malicious values could be inserted. This allo...

Security Bulletin: IBM Sterling Order Management migration strategy to Apache Log4j vulnerability [CVE-2022-23307]

Summary Apache Log4j is used by IBM Sterling Order Management as part of its logging utility and we strongly recommend upgrading to the latest supported version of log4j that was released as part of the latest FixPack CVE-2022-23307. Vulnerability Details CVEID:CVE-2022-23307 DESCRIPTION: Apache...

Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-44832)

Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability in the Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 allowing a remote code execution RCE attack when a configuration uses a JDBC Appender with a...

Security Bulletin: IBM Security Guardium is vulnerable to arbitrary code execution due to Apache log4j (CVE-2021-4104)

Summary IBM Security Guardium has resolved CVE-2021-4104 with an appliance patch. Apache log4j is used as part of its logging infrastructure. The patch removes log4j 1.x from the Guardium system and replaces it with log4j2 V2.17.1. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache...

Security Bulletin: IBM Security Directory Integrator has upgraded log4j

Summary IBM Security Directory Integrator SDI has upgraded to log4j 2.17.1. Although SDI was technically not vulnerable to the issue described below because it did not use JMSAppender, as a matter of good software hygiene the product has upgraded to the current version of log4j. SDI uses log4j as...

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Summary Apache Log4j is used by IBM Cloud Pak for Data System 1.0. This bulletin provides a remediation for the Apache Log4j vulnerability CVE-2021-4104. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: Apache Log4j vulnerability impacts IBM Sterling Partner Engagement Manager (CVE-2021-45105, CVE-2021-45046)

Summary Apache Log4j is used by IBM Sterling Partner Engagement Manager for generating logs in all components and tools. This bulletin provides remediation for the reported vulnerability by upgrading Apache Log4j jars to 2.17.0 in IBM Sterling Partner Engagement Manager. Vulnerability Details...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

XSYS-Log4J2Shell-Ex CVE-2021-44228 log4j2shell PoC as part...

BSA-2021-1655

Security Advisory ID : BSA-2021-1655 Component : Apache Log4j StrSubstitutor Revision : 1.0 Apache Log4j2 versions 2.0-alpha1 through 2.16.0, excluding 2.12.3, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layo...

CVE-2021-45105 Apache Log4j2 does not always protect from infinite recursion in lookup evaluation

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities

CISA has issued Emergency Directive ED 22-02: Mitigate Apache Log4j Vulnerability, directing federal civilian executive branch FCEB agencies to address Log4j vulnerabilities—most notably, CVE-2021-44228. Although ED 22-02 applies to FCEB agencies, CISA strongly recommends that all organizations...

Apache Log4j Code Issue Vulnerability

Apache Log4j is the United States Apache Apache Foundation of a Java-based open source logging tool . Apache Log4J has a code issue vulnerability that can be exploited by an attacker to design a data request to be sent to a server using the Apache Log4j tool, which triggers remote code execution...

Apache Log4j 代码问题漏洞

Apache Log4j is the United States Apache Apache Foundation of a Java-based open source logging tool . Apache Log4J has a code issue vulnerability that can be exploited by an attacker to design a data request to be sent to a server using the Apache Log4j tool, which triggers remote code execution...

Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Log4j vulnerability (CVE-2019-17571)

Summary IBM Tivoli Netcool Impact has addressed the following Apache Log4j vulnerability. Vulnerability Details CVEID: CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in...