46 matches found
openSUSE 15 Security Update : kafka (openSUSE-SU-2022:0038-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0038-1 advisory. - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration...
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...
log4j security update
0:1.2.17-18 - Fix Unsafe deserialization flaw in Chainsaw log viewer - Fix SQL injection when application is configured to use JDBCAppender - Fix remote code execution when application is configured to use JMSSink - Resolves: CVE-2022-23307, CVE-2022-23305, CVE-2022-23302...
RHEL 6 / 7 : log4j (RHSA-2022:0442)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0442 advisory. Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fixes: log4j: SQL injection in Log...
Fix of CVE: CVE-2022-23305
CVE-2022-23305: disable JDBCAppender by default. Add optional parameter for enabling it...
SUSE SLES12 Security Update : log4j (SUSE-SU-2022:0212-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0212-1 advisory. - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. bsc1194844 - CVE-2022-23305: Fix SQL injection by...
openSUSE 15 Security Update : log4j (openSUSE-SU-2022:0214-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0214-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...
SUSE SLES15 Security Update : log4j (SUSE-SU-2022:0214-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0214-1 advisory. - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 -...
SUSE SLES11 Security Update : log4j (SUSE-SU-2022:14881-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14881-1 advisory. - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 -...
Oracle Linux 8 : parfait:0.5 (ELSA-2022-0290)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0290 advisory. - Obsolete remove vulnerable versions of log4j12 NVR 1.2.17-23 when upgrading to parfait 0.5.4-4 CVE-2021-4104 Tenable has extracted the preceding...
Important: Red Hat Security Advisory: parfait:0.5 security update
An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
SQL Injection in Log4j 1.2.x
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...
Apache log4j Chainsaw deserialization code execution vulnerability
Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j Chainsaw is vulnerable to deserialized code execution. The vulnerability stems from insufficient cleanup of user-supplied data in JDBCAppender in a non-default configuration with JDBCAppender enabled. A...
Apache Log4j SQL Injection Vulnerability
Apache Log4j, a Java-based open source logging tool from the Apache Foundation, is vulnerable to SQL injection, which stems from a JDBCAppender in Log4j 1.2.x that accepts a SQL statement as a configuration parameter, where the value to be inserted is from the PatternLayout's converter. The messa...
SQL Injection
JDBCAppender in Log4j is vulnerable to SQL Injection. An attacker is able to execute arbitrary SQL commands via entering crafted strings into input fields and headers where the values to be inserted are converters from PatternLayout...
CVE-2022-23305
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...
DEBIAN-CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...
Design/Logic Flaw
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...