Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and ifix Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used,...

Security Bulletin: Multiple Vulnerabilities in Apache Log4j Core shipped in Tivoli Netcool/OMNIbus

Summary The Netcool/Omnibus 'Administrator GUI' and 'Accelerated Event Notification GUI' desktop components use a version of Apache Log4j that contains known vulnerabilities. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in...

Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34477, CVE-2026-34478, CVE-2026-34480)

Summary There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed...

CVE-2026-34477 vulnerabilities

Vulnerabilities for packages: neo4j, logstash, opensearch, solr, wavefront-proxy, zipkin, celeborn, apache-activemq-artemis, infinispan, spark, flink, apache-pulsar, airflow, kserve-modelmesh, kafka, strimzi-kafka-operator, akhq...

CVE-2026-34477

A flaw was found in Apache Log4j Core. A network-based attacker can perform a man-in-the-middle MITM attack, allowing them to intercept encrypted communications. This occurs when an SMTP, Socket, or Syslog appender uses Transport Layer Security TLS with a nested element, and the attacker has a...

Linux Distros Unpatched Vulnerability : CVE-2026-34477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the...

bg.codexio.ai:openai-api-examples (>=0.8.0.BETA <=0.9.0.BETA-JDK17), ch.cern:cerndb-sw-zkpolicy (=1.0.1-21) +307 more potentially affected by CVE-2026-34477 via org.apache.logging.log4j:log4j-core (>=3.0.0-alpha1 <=3.0.0-beta3)

org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-alpha1, =0.8.0.BETA, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 and more Source cves: CVE-2026-34477 Source advisory: OSV:GHSA-6HG6-V5C8-FPHQ...

africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +19209 more potentially affected by CVE-2026-34477 via org.apache.logging.log4j:log4j-core (>=2.12.0 <=2.25.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.12.0, =0.14.1, =0.1.0, =0.9.6, =0.12.0, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =4.4.0.1, =1.4.6, =1.4.6, =1.4.8 and more Source cves: CVE-2026-34477 Source advisory: OSV:GHSA-6HG6-V5C8-FPHQ...

africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +19209 more potentially affected by CVE-2026-34477 via org.apache.logging.log4j:log4j-core (>=2.12.0 <=2.25.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.12.0, =0.14.1, =0.1.0, =0.9.6, =0.12.0, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =4.4.0.1, =1.4.6, =1.4.6, =1.4.8 and more Source cves: CVE-2026-34477 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967727...

bg.codexio.ai:openai-api-examples (>=0.8.0.BETA <=0.9.0.BETA-JDK17), ch.cern:cerndb-sw-zkpolicy (=1.0.1-21) +307 more potentially affected by CVE-2026-34477 via org.apache.logging.log4j:log4j-core (>=3.0.0-alpha1 <=3.0.0-beta3)

org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-alpha1, =0.8.0.BETA, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 and more Source cves: CVE-2026-34477 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967727...

CVE-2026-34477

CVE-2025-68161 (and CVE-2026-34477) affect Apache Log4j Core Socket Appender where TLS hostname verification was silently ignored when configured via verifyHostName, leaving potential MITM scenarios under SMTP, Socket, or Syslog Appenders using a nested element. The issue spans versions 2.0-beta...