Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2022/02/18 5:30 a.m.60 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to SQL injection due to Apache Log4j (CVE-2022-23305)

Summary Apache Log4j is used by IBM Sterling Connect:Direct Web Services as part of its logging infrastructure. JDBCAppender in Apache Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The fix includes Apache Log4j...

9.8CVSS7AI score0.09452EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessusadded 2022/01/28 12:0 a.m.52 views

SUSE SLES15 Security Update : log4j (SUSE-SU-2022:0214-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0214-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the...

9.8CVSS8.8AI score0.09452EPSS
Exploits1References10
CVE
CVEadded 2022/01/18 3:25 p.m.688 views

CVE-2022-23307

CVE-2022-23307 concerns a deserialization vulnerability in the Chainsaw component of Apache Log4j 1.x (Chainsaw bundled with Log4j 1.2.x). The root cause is unsafe deserialization of untrusted data via Chainsaw, allowing potential code execution. Multiple Atlassian products initially bundled Chai...

9CVSS9.2AI score0.02603EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder