Lucene search
K

20 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:11 a.m.8 views

Security Bulletin: Due to use of QOS.CH logback, IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution

Summary Due to use of QOS.CH logback IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution CVE-2024-12801, CVE-2024-12798. Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version...

5.9CVSS8.1AI score0.00404EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:53 p.m.3 views

Security Bulletin: Multiple vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE...

5.9CVSS7.2AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 7:59 p.m.14 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a server-side request forgery in logback-core [CVE-2024-12801]

Summary IBM Watson Speech Services Cartridge is vulnerable to a server-side request forgery in logback-core, due to a flaw in SaxEventRecorder by QOS.CH logback, that allows an attacker to forge requests by compromising logback configuration files in XML CVE-2024-12801. Logback-core is used in ou...

2.4CVSS6.4AI score0.00221EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 5:12 p.m.23 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in QOS.CH logback [CVE-2024-12801]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in QOS.CH logback, caused by a flaw in the SaxEventRecorder CVE-2024-12801. QOS.CH logback is used by our Speech Microservices. This vulnerabilitiy has been addressed. Please read the details for remediati...

2.4CVSS6.4AI score0.00221EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/20 6:2 a.m.13 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798, CVE-2024-12801 logback-core-1.5.12.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-12798, CVE-2024-12801

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798, CVE-2024-12801 logback-core-1.5.12.jar Publicly disclosed vulnerability found by Mend CVE-2024-12798, CVE-2024-12801. This bulletin contains information regarding the vulnerability and its fixture...

5.9CVSS7AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/27 9:4 a.m.18 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 288 Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0...

5.9CVSS7.6AI score0.00404EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2025/01/11 12:0 a.m.17 views

openSUSE Security Advisory (SUSE-SU-2025:0072-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.1AI score0.00404EPSS
Exploits0References5
OSV
OSV
added 2025/01/10 6:33 p.m.14 views

SUSE-SU-2025:0072-1 Security update for logback

This update for logback fixes the following issues: - CVE-2024-12798: Fixed arbitrary code execution via JaninoEventEvaluator bsc1234742 - CVE-2024-12801: Fixed Server-Side Request Forgery in SaxEventRecorder bsc1234743...

5.9CVSS6AI score0.00404EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2025/01/10 12:0 a.m.3 views

logback-1.2.11-4.1 on GA media (moderate)

logback-1.2.11-4.1 on GA media Announcement ID: openSUSE-SU-2025:14627-1 Rating: moderate Cross-References: CVE-2024-12798 CVE-2024-12801 CVSS scores: CVE-2024-12798 SUSE : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2024-12801 SUSE : 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affect...

7.2CVSS8.5AI score0.00404EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/12/19 10:19 p.m.17 views

CVE-2024-12801

A Server-Side Request Forgery SSRF vulnerability was found in Logback. This flaw allows a local attacker to forge requests by modifying XML configuration files to ignore external DTD files specified in DOCTYPE declarations, potentially exposing confidential or restricted data...

3.3CVSS5.7AI score0.00221EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2024/12/19 6:31 p.m.9 views

ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0) +16457 more potentially affected by CVE-2024-12801 via ch.qos.logback:logback-core (>=1.4.0 <=1.5.12)

ch.qos.logback:logback-core MAVEN version =1.4.0, =0.1.0, =0.2.0, =0.114.0, =0.103.0, =0.114.0, =0.2.0, =0.8.0, =0.9.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664 =0....

2.4CVSS6.6AI score0.00221EPSS
Exploits0
OSV
OSV
added 2024/12/19 5:15 p.m.11 views

CVE-2024-12801

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...

6.7AI score
Exploits0References2
NVD
NVD
added 2024/12/19 5:15 p.m.11 views

CVE-2024-12801

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...

2.4CVSS0.00221EPSS
Exploits0References2
Chainguard
Chainguard
added 2024/12/19 5:15 p.m.9 views

CVE-2024-12801 vulnerabilities

Vulnerabilities for packages: cassandra-fips, apache-nifi, kserve-modelmesh, management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, tez, management-api-for-apache-cassandra-5.0, sonar-scanner-cli, thingsboard, zookeeper-fips, trino, akhq, cassandra, cassandra-reaper,...

2.4CVSS6.7AI score0.00221EPSS
Exploits0
Wolfi
Wolfi
added 2024/12/19 5:15 p.m.17 views

CVE-2024-12801 vulnerabilities

Vulnerabilities for packages: sonarqube, thingsboard, kserve-modelmesh, trino, tez, dependency-track, cassandra-reaper, sonarqube-10, cassandra, management-api-for-apache-cassandra-5.0, apache-nifi, sonar-scanner-cli, akhq...

2.4CVSS6.7AI score0.00221EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/12/19 5:15 p.m.5 views

CVE-2024-12801

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...

2.4CVSS6.8AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/19 4:11 p.m.18 views

CVE-2024-12801 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...

2.4CVSS0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/19 4:11 p.m.17 views

CVE-2024-12801 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...

2.4CVSS6.3AI score0.00221EPSS
Exploits0References2
CVE
CVE
added 2024/12/19 4:11 p.m.3930 views

CVE-2024-12801

CVE-2024-12801 describes a Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback up to 1.5.12 on the Java platform, enabling forging requests via compromised XML configuration via modification of the DOCTYPE declaration. The connected IBM Security Bulletin for this CVE lists af...

2.4CVSS6.3AI score0.00221EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/12/19 4:11 p.m.5 views

CVE-2024-12801

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...

2.4CVSS6.3AI score0.00221EPSS
Exploits0
Rows per page
Query Builder