58 matches found
Update Log4J to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302
CVE-2022-23305 Customers that have JDBCAppender configured may be vulnerable to SQL Injection attacks Change Summary: Removed JDBCAppender thus no longer allowing customers to use. CVE-2022-23307 / CVE-2020-9493 Unsafe deserialization issue present in Apache Chainsaw that was bundled in log4j1...
CLSA-2022-1648067792 Fix of CVE: CVE-2021-4104, CVE-2022-23305, CVE-2022-23302, CVE-2022-23307
CVE-2022-23302: remove JMSSink component entrirely - CVE-2022-23305: ensure security of JDBCAppender adding additional check-ups - CVE-2022-23307: restrict chainsaw access list to classes from SYSTEMALLOWEDCLASSES group - CVE-2021-4104: disable JMSAppender by default and add option to manually...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Pak for Data System 1.0
Summary Apache Log4j used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2022-23302 Vulnerability Details CVEID:CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the syste...
CLSA-2022-1644501061 Fixed CVEs in log4j: CVE-2022-23302, CVE-2022-23307
CVE-2022-23307: Fix Unsafe deserialization flaw in Chainsaw log viewer - CVE-2022-23302: Fix remote code execution when application is configured to use JMSSink...
CLSA-2022-1644500972 Fix of CVE: CVE-2022-23307, CVE-2022-23302
CVE-2022-23307: Fix Unsafe deserialization flaw in Chainsaw log viewer - CVE-2022-23302: Fix remote code execution when application is configured to use JMSSink...
Fix of CVE: CVE-2022-23307, CVE-2022-23302
CVE-2022-23307: Fix Unsafe deserialization flaw in Chainsaw log viewer - CVE-2022-23302: Fix remote code execution when application is configured to use JMSSink...
RHEL 6 / 7 : log4j (RHSA-2022:0442)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0442 advisory. Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fixes: log4j: SQL injection in Log...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
Important: Red Hat Security Advisory: rh-maven36-log4j12 security update
An update for rh-maven36-log4j12 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
The vulnerability of the JMSSink class implementation in the Log4j logging library allows a perpetrator to execute arbitrary code.
The vulnerability of the JMSSink class implementation in the Log4j Java logging library is related to deficiencies in the data deserialization mechanism. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by sending specially crafted JNDI requests...
SUSE SLES15 Security Update : log4j (SUSE-SU-2022:0214-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0214-1 advisory. - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 -...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...