ROOT-APP-MAVEN-CVE-2021-44832 CVE-2021-44832 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2021-44832 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2022-011)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-011 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the...

Ubuntu 18.04 LTS / 20.04 LTS : Apache Log4j 2 vulnerabilities (USN-5222-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5222-1 advisory. It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI...

K14122652: Apache Log4j2 vulnerability CVE-2021-44832

Security Advisory Description Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration...

FreeBSD : Rundeck3 -- Log4J RCE vulnerability (27c822a0-addc-11ed-a9ee-dca632b19f10)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 27c822a0-addc-11ed-a9ee-dca632b19f10 advisory. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j

Summary The following security issues has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect fr...

Amazon Linux 2022 : log4j (ALAS2022-2022-225)

The version of log4j installed on the remote host is prior to 2.17.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-225 advisory. - Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in...

Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis (CVE-2021-44832, CVE-2021-45105)

Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission...

Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832)

Summary The Apache Log4j open source library used by IBM® Db2® is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the log4j library to version...

Security Bulletin: Due to use of Apache Log4j, IBM QRadar SIEM is affected by arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104)

Summary IBM QRadar SIEM is affected by arbitrary code execution due to Apache Log4j CVE-2019-17571, CVE-2021-44832, CVE-2021-4104. Apache Log4j is used by IBM QRadar SIEM as part of its logging infrastructure. The fix includes Apache Log4j 2.17.2 Vulnerability Details CVEID:CVE-2019-17571...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)

Summary An Apache Log4j CVE-2021-44832 vulnerability impacts IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.1. Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission t...

Security Bulletin: Vulnerability have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2021-45105, CVE-2021-44832)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, and IBM Business Process Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2021-45105, CVE-2021-44832)

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent(CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915).

Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915 which is used by IBM LKS Administration And Reporting Tool and its Agent. A fix is available to address the vulnerability. Vulnerability Details CVEID: CVE-2022-33915...

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by IBM Event Streams. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary cod...

Security Bulletin: IBM Rational Software Architect RealTime Edition (RSA RT) is vulnerable to Apache Log4j2 - CVE-2021-44832

Summary Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. Apache...

Security Bulletin: IBM Engineering Systems Design Rhapsody (Rhapsody) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)

Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44832 which is used by IBM Engineering Systems Design Rhapsody RDM components; Knowledge Center and Test Conductor for logging . The fix includes upgrade to Apache Log4j v2.17.1. Vulnerability...

Oracle Enterprise Manager Cloud Control (Apr 2022 CPU)

The 13.4.0.0 and 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory. - Vulnerability in the Oracle Management Service component Apache Log4j of the Enterprise Manager Base Platfor...

Security Bulletin: Crypto Hardware Initialization and Maintenance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)

Summary Crypto Hardware Initialization and Maintenance CHIM as shipped with IBM Common Cryptographic Architecture CCA for MTM 4769 is affected by a vulnerability in Apache Log4j CVE-2021-44832. CHIM is using Apache Log4j for internal logging purposes of regular user activity. The fix includes...

Oracle WebCenter Sites (Apr 2022 CPU)

The 12.2.1.3.0 and 12.2.1.4.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites Cryptacular...