18 matches found
Security Bulletin: Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM
Summary Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM v7.1.9. Upgrade to the latest service pack and hotfix to ensure fixes to the addressed vulnerabilities are obtained. Vulnerability Details CVEID:CVE-2020-9493 DESCRIPTION: A deserialization flaw was found i...
EUVD-2022-0575
Malicious code in bioql PyPI...
Oracle Siebel Server <= 23.5 (July 2023 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: EAI JSON-java. Supported versions that are affected are 23.5 and prior...
Security Bulletin: Order Management could be subject to Log4j 1.x vulnerability that could be exploited to remotely execute arbitrary code .
Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2019-17571, CVE-2020-9493, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2020-9488 however the specific code related to the vulnerability is not in use, therefore the...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x
Summary IBM Data Risk Manager IDRM 2.0.6.13, which is the only supported version, is impacted by multiple vulnerabilities including Apache Log4j 1.x CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2022-23302, CVE-2021-4104, CVE-2020-9488, CVE-2020-9493 which was bundled within hadoop-client...
Security Bulletin: Multiple vulnerabilities in IBM Security Verify Information Queue connect image (CVE-2020-9493, CVE-2022-23307)
Summary The connect image in IBM Security Verify Information Queue ISIQ v10.0.2 uses a Confluent-provided Apache Log4j library. The library includes a log-viewing component known as Chainsaw that has two deserialization flaws. ISIQ v10.0.3 upgraded its connect image to specify a newer Apache Log4...
Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302
Fisheye in version 4.8.9 and older uses a log4j library that has the following vulnerabilities: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 / CVE-2020-9493 Fisheye 4.8.10 uses a custom-built log4j, which has the above vulnerabilities fixed...
Atlassian Jira 8.13.x < 8.13.21 / 8.20.x < 8.20.9 / 8.22.x < 8.22.3 / 9.0.0 SQLI (JRASERVER-73885)
The version of Atlassian Jira installed on the remote host is prior to 8.13.x 8.13.21 / 8.20.x 8.20.9 / 8.22.x 8.22.3 / 9.0.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-73885 advisory. - The version of log4j used by Jira has been updated from version...
Confluence: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
The version of log4j used by Confluence has been updated from version 1.2.7-atlassian-15 to 1.2.7-atlassian-16 to address the following vulnerabilities: CVE-2020-9493|https://vulners.com/cve/CVE-2020-9493 and CVE-2022-23307|https://vulners.com/cve/CVE-2022-23307 Apache Chainsaw is bundled with...
Deserialization of Untrusted Data in Apache Log4j
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. Users are advised to migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the...
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...
Deserialization of untrusted data
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...
CVE-2022-23307
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...
Apache Log4j 1.x Multiple Vulnerabilities (Linux/Unix, Jan 2022) - Version Check
Apache Log4j is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:log4j"; ifdescription...
CVE-2020-9493
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...
CVE-2020-9493
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...
CVE-2020-9493 Java deserialization in Chainsaw
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...
CVE-2020-9493
CVE-2020-9493 is a deserialization flaw in Apache Chainsaw, a component historically bundled with Log4j 1.2.x. The vulnerability allows remote code execution via improper deserialization, affecting Chainsaw before version 2.1.0. The connected advisories confirm Chainsaw as the vulnerable componen...