19 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-42550
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowin...
Security Bulletin: There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-1471, CVE-2023-1370 and CVE-2021-42550)
Summary There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the syste...
Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability which can allow an attacker to execute arbitrary code
Summary Logback could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote authenticated attacker to execute arbitrary code on the system. By using a specially-crafted configuration, an...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in Node.js (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)
Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2023-23918, CVE-2023-23920, CVE-2023-24807, CVE-2023-23936, CVE-2023-23919. Node.js has been upgraded in IBM Planning Analytics Workspace to...
SUSE: Security Advisory (SUSE-SU-2023:2097-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)
Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-43548. Angular is a JavaScript framework that extends HTML CVE-2020-7676. Logback is a logging library for Java CVE-2021-42550. Golang Go...
SUSE CVE-2021-42550
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...
Security Bulletin: A vulnerability in logback-classic affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-42550)
Summary Security Bulletin: A vulnerability in logback-classic affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2021-42550. Please see below for details on how to remediate this issue. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote...
Siemens SINEC Network Management System Logback Component
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEC NMS Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with write access to the logback configuration file to...
OESA-2022-1946 logback security update
Logback is intended as a successor to the popular log4j project. Security Fixes: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to arbitrary code execution due to its use of Logback (CVE-2021-42550)
Summary Logback is used by IBM Cloud Pak for Multicloud Management Monitoring in its cassandra component to write logs. This vulnerability is limited to a malicious insider who can find and manipulate the logging configuration files. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback...
Moderate: Red Hat Security Advisory: Satellite 6.11 Release
An update is now available for Red Hat Satellite 6.11 Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: libsolv: Heap-based buff...
Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.12.1 security update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Moderate: Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.1 security update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Logback
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Logback. Vulnerability Details CVEID: CVE-2021-42550 DESCRIPTION: Logback could allow a remote authenticated attacker to execute arbitrary code on the system. By using a specially-crafted configuration, an...
OESA-2021-1476 logback security update
Logback is intended as a successor to the popular log4j project. Security Fixes: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP...
Upgrade Logback for CVE-2021-42550
h3. Issue Summary In the wake of Log4Shell, CVE-2021-42550 has been created for similar JNDI considerations in Logback. The Logback maintainers have removed some functionality from Logback in response and released Logback 1.2.9. Please note: There is no RCE in Logback, and there is no vulnerabili...
CVE-2021-42550
creationtimestamp| type| source ---|---|--- 2021-12-16 22:36:14+00:00| seen| https://t.me/cibsecurity/34169 2022-01-03 05:49:38+00:00| exploited| Telegram/QbzltGTL5MLooH2kEl1qS06h23oJX4UpKYkbnKcssYleTA...
CVE-2021-42550
This CVE affects Logback 1.2.7 and earlier, where an attacker with write access to configuration files can craft a malicious configuration that loads and executes arbitrary code from LDAP servers. The impact is remote code execution with the attacker’s privileges on systems using vulnerable Logba...