Lucene search
+L

58 matches found

atlassian
atlassian
added 2022/04/08 4:20 p.m.416 views

Update Log4J to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302

CVE-2022-23305 Customers that have JDBCAppender configured may be vulnerable to SQL Injection attacks Change Summary: Removed JDBCAppender thus no longer allowing customers to use. CVE-2022-23307 / CVE-2020-9493 Unsafe deserialization issue present in Apache Chainsaw that was bundled in log4j1...

9.8CVSS9.9AI score0.66537EPSS
Exploits1
osv
osv
added 2022/03/23 8:36 p.m.7 views

CLSA-2022-1648067792 Fix of CVE: CVE-2021-4104, CVE-2022-23305, CVE-2022-23302, CVE-2022-23307

CVE-2022-23302: remove JMSSink component entrirely - CVE-2022-23305: ensure security of JDBCAppender adding additional check-ups - CVE-2022-23307: restrict chainsaw access list to classes from SYSTEMALLOWEDCLASSES group - CVE-2021-4104: disable JMSAppender by default and add option to manually...

9.8CVSS7AI score0.81147EPSS
Exploits10References1
ibm
ibm
added 2022/03/21 8:27 a.m.37 views

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Pak for Data System 1.0

Summary Apache Log4j used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2022-23302 Vulnerability Details CVEID:CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the syste...

8.8CVSS7.4AI score0.61785EPSS
Exploits0Affected Software1
osv
osv
added 2022/02/10 1:51 p.m.6 views

CLSA-2022-1644501061 Fixed CVEs in log4j: CVE-2022-23302, CVE-2022-23307

CVE-2022-23307: Fix Unsafe deserialization flaw in Chainsaw log viewer - CVE-2022-23302: Fix remote code execution when application is configured to use JMSSink...

9CVSS7.6AI score0.61785EPSS
Exploits0References1
osv
osv
added 2022/02/10 1:49 p.m.7 views

CLSA-2022-1644500972 Fix of CVE: CVE-2022-23307, CVE-2022-23302

CVE-2022-23307: Fix Unsafe deserialization flaw in Chainsaw log viewer - CVE-2022-23302: Fix remote code execution when application is configured to use JMSSink...

9CVSS7.6AI score0.61785EPSS
Exploits0References1
cloudlinux
cloudlinux
added 2022/02/10 1:49 p.m.328 views

Fix of CVE: CVE-2022-23307, CVE-2022-23302

CVE-2022-23307: Fix Unsafe deserialization flaw in Chainsaw log viewer - CVE-2022-23302: Fix remote code execution when application is configured to use JMSSink...

9CVSS3.2AI score0.61785EPSS
Exploits0References1
nessus
nessus
added 2022/02/08 12:0 a.m.171 views

RHEL 6 / 7 : log4j (RHSA-2022:0442)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0442 advisory. Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fixes: log4j: SQL injection in Log...

9.8CVSS8.6AI score0.66537EPSS
Exploits1References8
redhat
redhat
added 2022/02/07 1:54 p.m.5 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
redhat
redhat
added 2022/02/07 1:48 p.m.6 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
redhat
redhat
added 2022/02/07 1:43 p.m.9 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
redhat
redhat
added 2022/02/07 11:7 a.m.6 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
redhat
redhat
added 2022/02/03 7:9 p.m.85 views

Important: Red Hat Security Advisory: rh-maven36-log4j12 security update

An update for rh-maven36-log4j12 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.4AI score0.66537EPSS
Exploits1References4
redhat
redhat
added 2022/02/03 6:43 p.m.5 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
redhat
redhat
added 2022/02/03 6:30 p.m.5 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
redhat
redhat
added 2022/02/03 6:23 p.m.12 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2022/02/01 12:0 a.m.6 views

The vulnerability of the JMSSink class implementation in the Log4j logging library allows a perpetrator to execute arbitrary code.

The vulnerability of the JMSSink class implementation in the Log4j Java logging library is related to deficiencies in the data deserialization mechanism. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by sending specially crafted JNDI requests...

8.5CVSS7.7AI score0.61785EPSS
Exploits0References9Affected Software17
nessus
nessus
added 2022/01/28 12:0 a.m.55 views

SUSE SLES15 Security Update : log4j (SUSE-SU-2022:0214-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0214-1 advisory. - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. bsc1194844 -...

9.8CVSS7.6AI score0.66537EPSS
Exploits1References10
redhat
redhat
added 2022/01/26 2:57 p.m.8 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
redhat
redhat
added 2022/01/26 2:54 p.m.8 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
redhat
redhat
added 2022/01/26 2:51 p.m.8 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
Rows per page
Query Builder