Lucene search
+L

18 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 2:33 p.m.24 views

Security Bulletin: Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM

Summary Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM v7.1.9. Upgrade to the latest service pack and hotfix to ensure fixes to the addressed vulnerabilities are obtained. Vulnerability Details CVEID:CVE-2020-9493 DESCRIPTION: A deserialization flaw was found i...

9.8CVSS7AI score0.99677EPSS
Exploits110Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-0575

Malicious code in bioql PyPI...

9CVSS7.5AI score0.52458EPSS
Exploits0References40
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.22 views

Oracle Siebel Server <= 23.5 (July 2023 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: EAI JSON-java. Supported versions that are affected are 23.5 and prior...

9.8CVSS6.5AI score0.52458EPSS
Exploits12References14
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 5:42 p.m.33 views

Security Bulletin: Order Management could be subject to Log4j 1.x vulnerability that could be exploited to remotely execute arbitrary code .

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2019-17571, CVE-2020-9493, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2020-9488 however the specific code related to the vulnerability is not in use, therefore the...

9.8CVSS8.7AI score0.81147EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/03 4:43 p.m.166 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x

Summary IBM Data Risk Manager IDRM 2.0.6.13, which is the only supported version, is impacted by multiple vulnerabilities including Apache Log4j 1.x CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2022-23302, CVE-2021-4104, CVE-2020-9488, CVE-2020-9493 which was bundled within hadoop-client...

9.8CVSS10AI score0.81147EPSS
Exploits34Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/20 7:22 p.m.45 views

Security Bulletin: Multiple vulnerabilities in IBM Security Verify Information Queue connect image (CVE-2020-9493, CVE-2022-23307)

Summary The connect image in IBM Security Verify Information Queue ISIQ v10.0.2 uses a Confluent-provided Apache Log4j library. The library includes a log-viewing component known as Chainsaw that has two deserialization flaws. ISIQ v10.0.3 upgraded its connect image to specify a newer Apache Log4...

9.8CVSS9.4AI score0.52458EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2022/07/04 12:1 p.m.53 views

Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302

Fisheye in version 4.8.9 and older uses a log4j library that has the following vulnerabilities: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 / CVE-2020-9493 Fisheye 4.8.10 uses a custom-built log4j, which has the above vulnerabilities fixed...

9.8CVSS7AI score0.66537EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/06/18 12:0 a.m.236 views

Atlassian Jira 8.13.x < 8.13.21 / 8.20.x < 8.20.9 / 8.22.x < 8.22.3 / 9.0.0 SQLI (JRASERVER-73885)

The version of Atlassian Jira installed on the remote host is prior to 8.13.x 8.13.21 / 8.20.x 8.20.9 / 8.22.x 8.22.3 / 9.0.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-73885 advisory. - The version of log4j used by Jira has been updated from version...

9.8CVSS8.5AI score0.81147EPSS
Exploits10References2
Atlassian
Atlassian
added 2022/06/01 7:36 a.m.163 views

Confluence: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16

The version of log4j used by Confluence has been updated from version 1.2.7-atlassian-15 to 1.2.7-atlassian-16 to address the following vulnerabilities: CVE-2020-9493|https://vulners.com/cve/CVE-2020-9493 and CVE-2022-23307|https://vulners.com/cve/CVE-2022-23307 Apache Chainsaw is bundled with...

9.8CVSS10.1AI score0.66537EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/01/19 12:1 a.m.153 views

Deserialization of Untrusted Data in Apache Log4j

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. Users are advised to migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the...

9.8CVSS4.9AI score0.52458EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2022/01/18 4:15 p.m.38 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

9CVSS0.52458EPSS
Exploits0References4
Prion
Prion
added 2022/01/18 4:15 p.m.45 views

Deserialization of untrusted data

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

9CVSS9AI score0.52458EPSS
Exploits0References4Affected Software26
UbuntuCve
UbuntuCve
added 2022/01/18 4:15 p.m.102 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

9CVSS6.9AI score0.52458EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2022/01/18 12:0 a.m.45 views

Apache Log4j 1.x Multiple Vulnerabilities (Linux/Unix, Jan 2022) - Version Check

Apache Log4j is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:log4j"; ifdescription...

9.8CVSS9AI score0.66537EPSS
Exploits1References3
NVD
NVD
added 2021/06/16 8:15 a.m.28 views

CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

9.8CVSS0.04612EPSS
Exploits0References4
OSV
OSV
added 2021/06/16 8:15 a.m.37 views

CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

9.8CVSS6.9AI score
Exploits0References4
Cvelist
Cvelist
added 2021/06/16 7:30 a.m.41 views

CVE-2020-9493 Java deserialization in Chainsaw

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

9.3AI score0.04612EPSS
Exploits0References4
CVE
CVE
added 2021/06/16 7:30 a.m.255 views

CVE-2020-9493

CVE-2020-9493 is a deserialization flaw in Apache Chainsaw, a component historically bundled with Log4j 1.2.x. The vulnerability allows remote code execution via improper deserialization, affecting Chainsaw before version 2.1.0. The connected advisories confirm Chainsaw as the vulnerable componen...

9.8CVSS9.2AI score0.04612EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder