3 matches found
Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34477, CVE-2026-34478, CVE-2026-34480)
Summary There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed...
Apache Log4j 2.21.0 < 2.25.4 Rfc5424Layout Log Injection (CVE-2026-34478)
The version of Apache Log4j on the remote host is 2.21.0 through 2.25.3. It is, therefore, affected by a vulnerability: - The Rfc5424Layout is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. The newLineEscape attribute was...
ch.cern:cerndb-sw-zkpolicy (=1.0.1-21), cloud.metaapi.sdk:metaapi-common-java (>=1.0.0 <=1.0.1) +258 more potentially affected by CVE-2026-34478 via org.apache.logging.log4j:log4j-core (>=3.0.0-beta1 <=3.0.0-beta3)
org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-beta1, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 - com.frostphyr:customappender =1.1.0 and more Source cves: CVE-2026-34478 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967739...