Security Bulletin: The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2026-34480, CVE-2026-34477, CVE-2026-34478, CVE-2026-34479).

Summary The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability, an Improper Validation of Certificate with Host Mismatch vulnerability and an Improper Output Neutralization for Logs vulnerability CVE-2026-34480,...

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle.

Summary IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostnam...

Apache Log4j 2.12.0 < 2.25.4 SSL Hostname Verification Bypass (CVE-2026-34477)

The version of Apache Log4j on the remote host is 2.12.0 through 2.25.3. It is, therefore, affected by a vulnerability: - The verifyHostName configuration attribute of the Ssl element was silently ignored in all versions through 2.25.3, leaving TLS connections vulnerable to interception via...

Improper Certificate Validation

Apache Log4j Core is vulnerable to Improper Certificate Validation. The vulnerability is due to ignored hostname verification settings in TLS configuration, which allows an attacker to perform a man-in-the-middle attack by presenting a trusted certificate and intercepting secure communications...

CVE-2026-34480

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

Linux Distros Unpatched Vulnerability : CVE-2026-34481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces inval...

Improper Output Handling

Apache Log4j is vulnerable to Improper Output Handling. The vulnerability is due to JsonTemplateLayout generating invalid JSON when processing non-finite floating-point values e.g., NaN, Infinity, which are not compliant with RFC 8259, allowing attacker-controlled data in log events to produce...

EUVD-2026-21412

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

GHSA-445C-VH5M-36RJ Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility

Apache Log4j Core's Rfc5424Layout, in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly:...

CVE-2026-34481

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. Versions of Apache Log4j JSON Template Layout 2.25.3 and earlier contain security vulnerabilities. These vulnerabilities arise from the JsonTemplateLayout generating invalid JSON...

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. Versions of Apache Log4j 2.21.0 to 2.25.3 contain security vulnerabilities. These vulnerabilities stem from CRLF sequence log injection in the RFC5424Layout, which may lead to CRLF...

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. Versions of Apache Log4j Core 2.25.3 and earlier contain security vulnerabilities. These vulnerabilities stem from the silent ignoring of the verifyHostName configuration property,...

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. There is a security vulnerability in Apache Log4j, which stems from Log4j1XmlLayout failing to escape characters prohibited by the XML 1.0 standard, potentially resulting in...

ROS-20260224-73-0013

A vulnerability in the Socket Appender component of the Apache Log4j Core logging library API implementation is related to incorrect certificate authentication. Exploitation of the vulnerability could allow a remote attacker to intercept log traffic...

Oracle Siebel Server <= 25.10 (January 2026 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM component: Application Interface Apache Log4j. Supported versions that...

Apache Log4j 2.x < 2.25.3 Missing TLS Hostname Verification Vulnerability - Linux

Apache Log4j is prone to a missing TLS hostname verification vulnerability in the socket appender. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Apache Log4j 安全漏洞

Apache Log4j is a Java-based open source logging tool from the Apache USA Foundation. A security vulnerability exists in Apache Log4j 2.25.2 and earlier versions, which stems from an unperformed TLS hostname validation and could lead to a man-in-the-middle attack...

EUVD-2021-26452

Malware in sbrugna...

EUVD-2020-0518

Malware in sbrugna...