Lucene search
K

58 matches found

RedHat Linux
RedHat Linux
added 2022/01/26 2:48 p.m.5 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/01/26 2:48 p.m.74 views

Important: Red Hat Security Advisory: parfait:0.5 security update

An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.5AI score0.81147EPSS
Exploits10References6
Github Security Blog
Github Security Blog
added 2022/01/21 11:27 p.m.120 views

Deserialization of Untrusted Data in Log4j 1.x

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

8.8CVSS5.2AI score0.61785EPSS
Exploits0References10Affected Software2
OSV
OSV
added 2022/01/21 11:27 p.m.9 views

GHSA-W9P3-5CR8-M3JJ Deserialization of Untrusted Data in Log4j 1.x

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

8.8CVSS7.6AI score0.61785EPSS
Exploits0References10
CNVD
CNVD
added 2022/01/20 12:0 a.m.45 views

Apache log4j JMSSink deserialization code execution vulnerability

Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j JMSSink is vulnerable to deserialized code execution. The vulnerability stems from insecure input validation when the program is processing serialized data. A remote attacker could exploit the...

8.8CVSS4.2AI score0.61785EPSS
Exploits0References1
Veracode
Veracode
added 2022/01/19 8:50 a.m.61 views

Deserialisation Of Untrusted Object

JMSSink in log4j is vulnerable to deserialization of untrusted object. The insecure use of JNDI in JMSSink allows an attacker to send malicious object in LDAP store if it is accessible by an attacker or is configured to use an untrusted site, leading to a remote code execution. Note: this...

8.8CVSS4.2AI score0.61785EPSS
Exploits0References6Affected Software93
Tenable Nessus
Tenable Nessus
added 2022/01/19 12:0 a.m.970 views

Apache Log4j 1.x Multiple Vulnerabilities

According to its self-reported version number, the installation of Apache Log4j on the remote host is 1.x and is no longer supported. Log4j reached its end of life prior to 2016. Additionally, Log4j 1.x is affected by multiple vulnerabilities, including : - Log4j includes a SocketServer that...

9.8CVSS6.6AI score0.6906EPSS
Exploits4References7
ATTACKERKB
ATTACKERKB
added 2022/01/18 4:15 p.m.3 views

CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

8.8CVSS7.6AI score0.81147EPSS
Exploits9References7Affected Software1
NVD
NVD
added 2022/01/18 4:15 p.m.34 views

CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

8.8CVSS0.61785EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2022/01/18 4:15 p.m.47 views

CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

8.8CVSS7.5AI score0.61785EPSS
Exploits0References6
Prion
Prion
added 2022/01/18 4:15 p.m.38 views

Deserialization of untrusted data

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

6CVSS9.1AI score0.81147EPSS
Exploits9References6Affected Software24
RedhatCVE
RedhatCVE
added 2022/01/18 3:47 p.m.79 views

CVE-2022-23302

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests. Mitigation These...

8.8CVSS4AI score0.61785EPSS
Exploits0References4
CVE
CVE
added 2022/01/18 3:25 p.m.867 views

CVE-2022-23302

CVE-2022-23302 affects Log4j 1.x JMSSink. TheDeserialization flaw allows remote code execution when an attacker can write to the Log4j configuration or when the configuration references an LDAP service the attacker controls. JMSSink can be triggered via a TopicConnectionFactoryBindingName to caus...

8.8CVSS9.3AI score0.61785EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/18 3:25 p.m.10 views

CVE-2022-23302 Deserialization of untrusted data in JMSSink in Apache Log4j 1.x

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

7.5AI score0.61785EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/01/18 3:25 p.m.29 views

CVE-2022-23302 Deserialization of untrusted data in JMSSink in Apache Log4j 1.x

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

9.2AI score0.61785EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2022/01/18 3:25 p.m.81 views

CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

8.8CVSS8.5AI score0.61785EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/18 12:0 a.m.45 views

Apache Log4j 1.x Multiple Vulnerabilities (Linux/Unix, Jan 2022) - Version Check

Apache Log4j is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:log4j"; ifdescription...

9.8CVSS9AI score0.66537EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/01/10 12:0 a.m.9 views

PT-2022-1423

Name of the Vulnerable Software and Affected Versions Log4j versions 1.x Description The issue is related to the deserialization of untrusted data in the JMSSink component of Log4j 1.x, which can lead to remote code execution when the attacker has write access to the Log4j configuration or access...

8.8CVSS7.5AI score0.61785EPSS
Exploits0References111
Rows per page
Query Builder