Lucene search
+L

19 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-42550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowin...

8.5CVSS7.5AI score0.04439EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/15 6:29 p.m.42 views

Security Bulletin: There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-1471, CVE-2023-1370 and CVE-2021-42550)

Summary There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the syste...

9.8CVSS9.3AI score0.99615EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/26 4:56 a.m.55 views

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability which can allow an attacker to execute arbitrary code

Summary Logback could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote authenticated attacker to execute arbitrary code on the system. By using a specially-crafted configuration, an...

9.8CVSS8.1AI score0.07501EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/22 8:24 p.m.31 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in Node.js (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2023-23918, CVE-2023-23920, CVE-2023-24807, CVE-2023-23936, CVE-2023-23919. Node.js has been upgraded in IBM Planning Analytics Workspace to...

8.5CVSS7.6AI score0.14024EPSS
Exploits3Affected Software1
OpenVAS
OpenVAS
added 2023/05/04 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2023:2097-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS6.8AI score0.04439EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/17 5:13 p.m.51 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-43548. Angular is a JavaScript framework that extends HTML CVE-2020-7676. Logback is a logging library for Java CVE-2021-42550. Golang Go...

8.5CVSS8.6AI score0.14024EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.7 views

SUSE CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

6.6CVSS7.8AI score0.04439EPSS
Exploits1References10
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.33 views

Security Bulletin: A vulnerability in logback-classic affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-42550)

Summary Security Bulletin: A vulnerability in logback-classic affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2021-42550. Please see below for details on how to remediate this issue. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote...

6.6CVSS6.9AI score0.04439EPSS
Exploits1Affected Software1
ICS
ICS
added 2022/11/08 12:0 a.m.73 views

Siemens SINEC Network Management System Logback Component

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEC NMS Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with write access to the logback configuration file to...

8.5CVSS7.8AI score0.04439EPSS
Exploits1References11
OSV
OSV
added 2022/09/23 11:4 a.m.3 views

OESA-2022-1946 logback security update

Logback is intended as a successor to the popular log4j project. Security Fixes: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP...

8.5CVSS7.8AI score0.04439EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/21 12:31 p.m.37 views

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to arbitrary code execution due to its use of Logback (CVE-2021-42550)

Summary Logback is used by IBM Cloud Pak for Multicloud Management Monitoring in its cassandra component to write logs. This vulnerability is limited to a malicious insider who can find and manipulate the logging configuration files. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback...

8.5CVSS6.8AI score0.04439EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2022/07/05 2:41 p.m.578 views

Moderate: Red Hat Security Advisory: Satellite 6.11 Release

An update is now available for Red Hat Satellite 6.11 Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: libsolv: Heap-based buff...

9.8CVSS7.6AI score0.49246EPSS
Exploits14References476
RedHat Linux
RedHat Linux
added 2022/03/29 1:16 p.m.111 views

Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.12.1 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

8.5CVSS7.3AI score0.19442EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2022/03/29 1:0 p.m.99 views

Moderate: Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.1 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

8.5CVSS7.3AI score0.19442EPSS
Exploits4References6
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 5:54 p.m.30 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Logback

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Logback. Vulnerability Details CVEID: CVE-2021-42550 DESCRIPTION: Logback could allow a remote authenticated attacker to execute arbitrary code on the system. By using a specially-crafted configuration, an...

8.5CVSS2.5AI score0.04439EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/12/31 11:3 a.m.4 views

OESA-2021-1476 logback security update

Logback is intended as a successor to the popular log4j project. Security Fixes: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP...

8.5CVSS7.8AI score0.04439EPSS
Exploits1References2
Atlassian
Atlassian
added 2021/12/17 7:3 p.m.67 views

Upgrade Logback for CVE-2021-42550

h3. Issue Summary In the wake of Log4Shell, CVE-2021-42550 has been created for similar JNDI considerations in Logback. The Logback maintainers have removed some functionality from Logback in response and released Logback 1.2.9. Please note: There is no RCE in Logback, and there is no vulnerabili...

8.5CVSS1.8AI score0.04439EPSS
Exploits1Affected Software1
Circl
Circl
added 2021/12/16 10:36 p.m.5 views

CVE-2021-42550

creationtimestamp| type| source ---|---|--- 2021-12-16 22:36:14+00:00| seen| https://t.me/cibsecurity/34169 2022-01-03 05:49:38+00:00| exploited| Telegram/QbzltGTL5MLooH2kEl1qS06h23oJX4UpKYkbnKcssYleTA...

8.5CVSS6.8AI score0.04439EPSS
Exploits1References1
CVE
CVE
added 2021/12/16 12:0 a.m.323 views

CVE-2021-42550

This CVE affects Logback 1.2.7 and earlier, where an attacker with write access to configuration files can craft a malicious configuration that loads and executes arbitrary code from LDAP servers. The impact is remote code execution with the attacker’s privileges on systems using vulnerable Logba...

8.5CVSS7AI score0.04439EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder