Lucene search
K

21 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/10 5:13 a.m.5 views

Security Bulletin: A security vulnerability in logback-classic-1.3.14.jar affects IBM DevOps Code ClearCase [CVE-2024-12798]

Summary A security vulnerability in logback-classic-1.3.14.jar affects IBM DevOps Code ClearCase CVE-2024-12798 Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java...

5.9CVSS6.1AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:11 a.m.8 views

Security Bulletin: Due to use of QOS.CH logback, IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution

Summary Due to use of QOS.CH logback IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution CVE-2024-12801, CVE-2024-12798. Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version...

5.9CVSS8.1AI score0.00404EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/09 3:11 p.m.3 views

Security Bulletin: Arbitrary Code Execution via JaninoEventEvaluator in Logback-Core (Versions 0.1–1.3.14, 1.4.0–1.5.12) through Malicious Configuration or Environment Variable Injection affects watsonx.data

Summary ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...

5.9CVSS7.8AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:53 p.m.3 views

Security Bulletin: Multiple vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE...

5.9CVSS7.2AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 10:7 p.m.28 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Network Automation

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Network Automation 2.7.8 Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses in the...

9.8CVSS8.5AI score0.14859EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:56 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an arbitrary code execution in logback-core [CVE-2024-12798]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in logback-core, caused by a flaw in the JaninoEventEvaluator extension, that allowsve environment variable injection before program execution CVE-2024-12798. Logback-core is used in our Speech microservices...

5.9CVSS7.7AI score0.00404EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-12798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker t...

5.9CVSS7.2AI score0.00404EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 5:7 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in logback-classic [CVE-2024-12798]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in logback-classic, caused by a flaw in the JaninoEventEvaluator extension CVE-2024-12798. Logback-classic is used by our Speech Microservices. This vulnerabilitiy has been addressed. Please read the details for...

5.9CVSS7.6AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/20 6:2 a.m.13 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798, CVE-2024-12801 logback-core-1.5.12.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-12798, CVE-2024-12801

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798, CVE-2024-12801 logback-core-1.5.12.jar Publicly disclosed vulnerability found by Mend CVE-2024-12798, CVE-2024-12801. This bulletin contains information regarding the vulnerability and its fixture...

5.9CVSS7AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/20 6:0 a.m.18 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-12798

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar Publicly disclosed vulnerability found by Mend CVE-2024-12798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerabilit...

5.9CVSS6.9AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/27 9:4 a.m.18 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 288 Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0...

5.9CVSS7.6AI score0.00404EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2025/01/11 12:0 a.m.17 views

openSUSE Security Advisory (SUSE-SU-2025:0072-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.1AI score0.00404EPSS
Exploits0References5
OSV
OSV
added 2025/01/10 6:33 p.m.14 views

SUSE-SU-2025:0072-1 Security update for logback

This update for logback fixes the following issues: - CVE-2024-12798: Fixed arbitrary code execution via JaninoEventEvaluator bsc1234742 - CVE-2024-12801: Fixed Server-Side Request Forgery in SaxEventRecorder bsc1234743...

5.9CVSS6AI score0.00404EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2025/01/10 12:0 a.m.3 views

logback-1.2.11-4.1 on GA media (moderate)

logback-1.2.11-4.1 on GA media Announcement ID: openSUSE-SU-2025:14627-1 Rating: moderate Cross-References: CVE-2024-12798 CVE-2024-12801 CVSS scores: CVE-2024-12798 SUSE : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2024-12801 SUSE : 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affect...

7.2CVSS8.5AI score0.00404EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/12/19 11:50 p.m.16 views

CVE-2024-12798

A flaw was found in Logback. This flaw allows a privileged attacker with write access to modify Logback configuration files or inject a malicious environment variable to execute arbitrary code via the JaninoEventEvaluator extension...

5.5CVSS6.7AI score0.00404EPSS
Exploits0References4
OSV
OSV
added 2024/12/19 4:15 p.m.35 views

CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

7.5AI score
Exploits0References2
Wolfi
Wolfi
added 2024/12/19 4:15 p.m.23 views

CVE-2024-12798 vulnerabilities

Vulnerabilities for packages: dependency-track, trino, apache-nifi, sonarqube-10, sonarqube, management-api-for-apache-cassandra-5.0, akhq, thingsboard, cassandra, kserve-modelmesh, sonar-scanner-cli, cassandra-reaper, tez...

5.9CVSS6.7AI score0.00404EPSS
Exploits0
NVD
NVD
added 2024/12/19 4:15 p.m.27 views

CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

5.9CVSS0.00404EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/19 3:14 p.m.21 views

CVE-2024-12798 JaninoEventEvaluator vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

5.9CVSS7.1AI score0.00404EPSS
Exploits0References2
CVE
CVE
added 2024/12/19 3:14 p.m.4241 views

CVE-2024-12798

CVE-2024-12798 corresponds to an ACE vulnerability in JaninoEventEvaluator via QOS.CH logback-core, affecting Java applications that rely on logback-core configurations. The connected IBM Security Bulletin pages enumerate the CVE under IBM API Connect context and explicitly list CVE-2024-12798 am...

5.9CVSS7.1AI score0.00404EPSS
Exploits0References2
Rows per page
Query Builder