165 matches found
CVE-2022-41881
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...
Design/Logic Flaw
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...
CVE-2022-41881
Netty CVE-2022-41881 concerns a StackOverflowError when parsing malformed crafted messages due to infinite recursion in the HAProxyMessageDecoder. The issue affects Netty versions before 4.1.86.Final and can lead to denial of service through resource exhaustion. The vulnerability is fixed in 4.1....
CVE-2022-41881
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...
CVE-2022-41881
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...
CVE-2022-41881
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...
Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis (CVE-2021-44832, CVE-2021-45105)
Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission...
Security Bulletin: Hortonworks DataFlow product has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities [CVE-2021-44228], [CVE-2021-45105], and [CVE-2021-45046]
Summary Hortonworks DataFlow product for IBM has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45105, and CVE-2021-45046. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache...
Security Bulletin: Enterprise Content Management System Monitor is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Enterprise Content Management System Monitor is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-45105 and CVE-2021-45046. Apache Log4j is used by Enterprise Content Management System Monitor as part of its logging infrastructure.The fix includes Apache Log4j v2.17.1...
Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)
Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are use...
Security Bulletin: IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)
Summary Apache Log4j is used by IBM Db2 Big SQL as part of its logging infrastructure. IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j CVE-2021-45046, CVE-2021-45105. The fix includes Apache Log4j 2.17.1 Vulnerability Details CVEID: CVE-2021-451...
Security Bulletin: IBM Operational Decision Manager is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) .
Summary The Rule Designer client shipped with IBM Operational Decision Manager includes Apache Log4j CVE-2021-45105 and CVE-2021-45046 which contains vulnerable code. The fix removes Apache Log4j. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...
GHSA-H48W-C35P-6M8X Out-of-bounds Write in Play Framework
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...
Security Bulletin: Netcool Operations Insight is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)
Summary Multiple vulnerabilities were identified within the Apache Log4j library CVE-2021-45046, CVE-2021-45105 that is used by Netcool Operations Insight to provide logging functionality. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...
Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact (CVE-2021-45105, CVE-2021-45046)
Summary The Apache Log4j library used by IBM Tivoli Netcool Impact is vulnerable to denial of service and arbitrary code execution due to Apache Log4j CVE-2021-45105, CVE-2021-45046. The library is used by IBM Tivoli Netcool Impact to provide logging functionality. The fix includes Apache Log4j...
Security Bulletin: IBM Data Management Platform for EDB Postgres Enterprise is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary IBM Data Management Platform for EnterpriseDB EDB Postgres Enterprise contains a component called EDB failover manager EFM and uses a version of log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-45105...
Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Snapshot on Windows (CVE-2021-45105 and CVE-2021-45046)
Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is no...
Security Bulletin: Vulnerability inApache Log4j - CVE-2021-4105 may affect IBM Watson Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability inApache Log4j - CVE-2021-4105 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Several components of IBM Watson Assistant for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. Refer to detail...
Security Bulletin: IBM Tivoli Network Manager IP Edition is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Multiple vulnerabilities identified within the Apache Log4j CVE-2021-45105 and CVE-2021-45046 library that is used by IBM Tivoli Network Manager ITNM IP Edition to provide logging functionality. The fix includes Apache Log4j v2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION:...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45105)
Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability CVE-2021-45105. Vulnerabili...