Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j ( CVE-2026-34477, CVE-2026-34478, CVE-2026-34479 & CVE-2026-34480 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addresse...

Unity Linux 20.1070e Security Update: wildfly-common (UTSA-2026-016751)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016751 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: wildfly-elytron (UTSA-2026-016747)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016747 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-016738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016738 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016742)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016742 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: wildfly-security-manager (UTSA-2026-016746)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016746 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: wildfly-core (UTSA-2026-016752)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016752 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: mybatis (UTSA-2026-016735)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016735 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: jboss-logging (UTSA-2026-016754)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016754 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: jgroups (UTSA-2026-016753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016753 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: log4j (UTSA-2026-016732)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016732 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Astra Linux - уязвимость в apache-log4j2

Improper validation of certificates with host mismatches in the Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack, thereby leaking any log messages sent through that appender. This issue has been fixed in Apache Log4j 2.12.3 and 2.13....

Astra Linux - уязвимость в apache-log4j1.2

Log4j 1.2’s JMSAppender is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide configurations for TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to make JNDI requests that lead to remo...

Astra Linux – Vulnerability in Apache Log4j2

In Apache Log4j Core versions 2.0-beta9 through 2.25.2, the Socket Appender does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostNa...

Security Bulletin: Vulnerability in Iog4j (CVE-2025-68161) affects IBM PowerVM Novalink.

Summary log4j is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

Astra Linux – Vulnerability in Apache Log4j2

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI, provided that the attacker has control over the target LDAP server. Thi...

SUSE CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

GHSA-6HG6-V5C8-FPHQ Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration

The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...

EUVD-2026-21407

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

GHSA-445C-VH5M-36RJ Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility

Apache Log4j Core's Rfc5424Layout, in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly:...