Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.10 released on December 19, 2025. Vulnerability Details CVEID:CVE-2022-23302 DESCRIPTION: JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the...

log4j1-socketappender: DoS via hashmap logging

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

Vulnerabilities fixed in Red Hat products

Vulnerabilities have been fixed in Log4j version 1 in several Red Hat products. Log4j v1 has been End-of-Life since 2015 and it is recommended to upgrade to v2. In a number of Red Hat products Log4j v1 is still being used. These vulnerabilities allow a remote malicious person to execute arbitrary...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

PT-2021-5597

Name of the Vulnerable Software and Affected Versions Log4j version 1.2 Description The issue is related to the JMSAppender in Log4j 1.2, which is vulnerable to deserialization of untrusted data. An attacker with write access to the Log4j configuration can provide TopicBindingName and...