31 matches found
CVE-2020-9488
creationtimestamp| type| source ---|---|--- 2025-07-08 03:00:06+00:00| published-proof-of-concept| Telegram/WYTR8OwkLU97UkoTqrFsYkLne3ILyF25xS57SENdXgZRo...
RHEL 7 : nutch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - log4j: improper validation of certificate with host mismatch in SMTP appender CVE-2020-9488 Note that Nessus has no...
RHEL 8 : nutch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - log4j: improper validation of certificate with host mismatch in SMTP appender CVE-2020-9488 Note that Nessus has no...
RHEL 5 : log4j (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - log4j: Socket receiver deserialization vulnerability CVE-2017-5645 - Improper validation of certificate...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7.1 Vulnerability Details CVEID:CVE-2023-0767 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an...
SUSE CVE-2020-9488
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x
Summary IBM Data Risk Manager IDRM 2.0.6.13, which is the only supported version, is impacted by multiple vulnerabilities including Apache Log4j 1.x CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2022-23302, CVE-2021-4104, CVE-2020-9488, CVE-2020-9493 which was bundled within hadoop-client...
Security Bulletin: Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Governance, Identity Manager virtual appliance component
Summary IBM has found several open source vulnerabilites in the IBM Security Verify Governance, Identity Manager virtual appliance product, including Apache Log4j, which is used by IBM Security Verify Governance, Identity Manager virtual appliance component as part of its logging infrastructure...
Security Bulletin: IBM Spectrum LSF Suite and IBM Platform Process Manager are vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-4104, CVE-2020-9488, CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)
Summary Apache Log4j is used by IBM Spectrum LSF Suite and IBM Platform Process Manager as part of its logging infrastructure. These vulnerabilities can be addressed by executing steps detailed in the Workaround section. These issues will be addressed in the next fix patch release 10.2.0.13 by en...
IBM Sterling B2B Integrator and Sterling Filegateway NOT Affected by CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 and CVE-2020-9488 Exploit
Abstract IBM Sterling B2B Integrator and Sterling Filegateway NOT Affected by CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305,CVE-2022-23302 and CVE-2020-9488 Exploit. Security Bulletin Content Summary IBM Sterling B2B Integrator and Sterling Filegateway Products ar...
Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty, IBM Java Runtime, Log4j, and Apache Commons affect IBM Spectrum Protect Snapshot for VMware
Summary Vulnerabilities in IBM WebSphere Application Server Liberty, IBM Runtime Environment Java, Log4j, and Apache Commons affect IBM Spectrum Protect Snapshot for VMware. The IBM Runtime Environment Java vulnerabilities were disclosed as part of the IBM Java SDK updates in April and July 2020...
Apache Log4j 1.x Multiple Vulnerabilities
According to its self-reported version number, the installation of Apache Log4j on the remote host is 1.x and is no longer supported. Log4j reached its end of life prior to 2016. Additionally, Log4j 1.x is affected by multiple vulnerabilities, including : - Log4j includes a SocketServer that...
Debian: Security Advisory (DLA-2852-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Log4j 2.x < 2.13.2 Information Disclosure Vulnerability - Windows
Apache Log4j is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:log4j";...
[SECURITY] [DSA 5020-1] apache-log4j2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5020-1 [email protected] https://www.debian.org/security/ Markus Koschany December 11, 2021 https://www.debian.org/security/faq -...
Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2020-9488)
Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender...
Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from Apache Log4j, please see list of CVEs for vulnerability details Vulnerability Details CVEID: CVE-2017-5645 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: IBM Security Guardium Insights is affected by components with known vulnerabilities (CVE-2018-10237, CVE-2020-9488)
Summary IBM Security Guardium Insights has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sendin...
Security Bulletin: Apache Log4j Vulnerability Affects IBM Control Center (CVE-2020-9488)
Summary Apache Log4j is vulnerable to a man-in-the-middle attack Vulnerability Details CVEID: CVE-2020-9488 DESCRIPTION: Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this...
Important: Red Hat Security Advisory: Red Hat Decision Manager 7.10.0 security update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...