Lucene search
K

204 matches found

OSV
OSV
added 2026/06/17 12:43 p.m.7 views

ROOT-APP-MAVEN-CVE-2021-4104 CVE-2021-4104 in io.root.log4j:log4j - Patched by Root

Root has patched CVE-2021-4104 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...

7.5CVSS7AI score0.81147EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2024/11/27 12:0 a.m.21 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.11 Security update (Important) (RHSA-2024:10207)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:10207 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release ...

10CVSS8.4AI score0.81147EPSS
Exploits23References35
Tenable Nessus
Tenable Nessus
added 2024/08/26 12:0 a.m.38 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.1.7 on RHEL 7 (RHSA-2024:5856)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5856 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS8.4AI score0.87806EPSS
Exploits17References47
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 5:42 p.m.32 views

Security Bulletin: Order Management could be subject to Log4j 1.x vulnerability that could be exploited to remotely execute arbitrary code .

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2019-17571, CVE-2020-9493, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2020-9488 however the specific code related to the vulnerability is not in use, therefore the...

9.8CVSS8.7AI score0.81147EPSS
Exploits13Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/12/22 12:0 a.m.59 views

GLSA-202312-04 : Arduino: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202312-04 Arduino: Remote Code Execution - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...

7.5CVSS8.5AI score0.81147EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2023/12/20 12:0 a.m.68 views

GLSA-202312-02 : Minecraft Server: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202312-02 Minecraft Server: Remote Code Execution - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingNa...

7.5CVSS8.5AI score0.81147EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.80 views

GLSA-202310-16 : Ubiquiti UniFi: remote code execution via bundled log4j

The remote host is affected by the vulnerability described in GLSA-202310-16 Ubiquiti UniFi: remote code execution via bundled log4j - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provid...

10CVSS8.4AI score0.99999EPSS
Exploits355References4
Tenable Nessus
Tenable Nessus
added 2023/08/23 12:0 a.m.68 views

Amazon Linux 2 : log4j (ALAS-2022-1739)

The version of log4j installed on the remote host is prior to 1.2.17-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1739 advisory. A flaw was found in the Java logging library Apache Log4j in version 1.x . This allows a remote attacker to execute code o...

10CVSS8AI score0.99999EPSS
Exploits357References8
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/07 6:39 p.m.51 views

Security Bulletin: IBM i components are affected by CVE-2021-4104 (log4j version 1.x)

Summary Multiple sub-components of IBM i ship log4j version v1.x files making them vulnerable to the issue described in the vulnerability details section. IBM Navigator for i - heritage version uses log4j v1.x and cannot be updated to log4j v2.x. Integrated Web Server IWS V2.6 contains unused...

7.5CVSS8.8AI score0.81147EPSS
Exploits9Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/03 9:23 p.m.57 views

Security Bulletin: Vulnerabilities have been identified in Apache Log4j and the application code shipped with the DS8000 Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2021-44228, CVE-2021-45105, CVE-2021-45046, CVE2021-4104, CVE-2021-38930, and CVE-2021-38929. Vulnerability Details CVEID:CVE-2021-38930 DESCRIPTION: IBM System Storage DS8000 Management Console H...

10CVSS9.2AI score0.99999EPSS
Exploits357Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.25 views

Security Bulletin: Vulnerability in Apache Log4j may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-4104)

Summary A vulnerability in Apache Log4j CVE-2021-4104 has been identified that may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Several components of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer...

7.5CVSS8.6AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/11 8:56 a.m.33 views

Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for Log4j vulnerabilities CVE-2021-4104

Summary Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. The IBM Engineering Lifecycle Engineering products version 901 is vulnerable to this attack, i...

7.5CVSS8.6AI score0.81147EPSS
Exploits9Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.269 views

Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring (CVE-2021-4104)

Summary The following security issue has been identified in components related to IBM Tivoli Monitoring ITM portal server and client. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the...

10CVSS9.2AI score0.99999EPSS
Exploits359Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/30 5:31 p.m.95 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j

Summary The following security issues has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect fr...

10CVSS10AI score0.99999EPSS
Exploits359Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/06 11:22 a.m.34 views

Security Bulletin: TADDM log4j vulnerable to CVE-2021-4104 (Publicly disclosed vulnerability)

Summary Apache log4j version 1 is vulnerable to CVE-2021-4104 Publicly disclosed vulnerability used by IBM Tivoli Application Dependency Discovery Manager Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...

7.5CVSS8.9AI score0.81147EPSS
Exploits9Affected Software1
OSV
OSV
added 2022/11/11 11:4 a.m.11 views

OESA-2022-2065 log4j12 security update

With log4j it is possible to enable logging at runtime without modifying the application binary. Security Fixes: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...

9CVSS9.6AI score0.81147EPSS
Exploits9References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/01 2:32 p.m.67 views

Security Bulletin: Due to use of Apache Log4j, IBM QRadar SIEM is affected by arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104)

Summary IBM QRadar SIEM is affected by arbitrary code execution due to Apache Log4j CVE-2019-17571, CVE-2021-44832, CVE-2021-4104. Apache Log4j is used by IBM QRadar SIEM as part of its logging infrastructure. The fix includes Apache Log4j 2.17.2 Vulnerability Details CVEID:CVE-2019-17571...

9.8CVSS8.5AI score0.97906EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/21 4:34 p.m.32 views

Security Bulletin: IBM Security Identity Manager is affected by log4j vulnerability. (CVE-2021-4104)

Summary The fix removes Apache log4j v1 Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the...

7.5CVSS8.7AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 10:12 p.m.354 views

Security Bulletin: IBM InfoSphere Information Server may be affected by vulnerabilities in Apache log4j 1.x version

Summary Apache Log4j 1.x vulnerabilities may impact IBM InfoSphere Information Server which uses Apache Log4j for logging. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of...

7.5CVSS8.8AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/12 8:38 a.m.13 views

Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104)

Summary IBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability in the JMSAppender in Log4j 1.2 allowing deserialization of untrusted data when the attacker has write access to the Log4j configuration. Vulnerability Details CVEID:CVE-2021-4104 DESCRIPTION: Apach...

7.5CVSS8.6AI score0.81147EPSS
Exploits9Affected Software1
Rows per page
Query Builder