Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.4 (RHSA-2022:1297)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1297 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.4 (RHSA-2022:1296)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1296 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.3 (RHSA-2022:0400)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0400 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.3 (RHSA-2022:0401)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0401 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.3 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Denial Of Service (DoS)

openjdk17 is vulnerable to denial of service. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle...

Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15483)

Oracle Java SE, an Oracle company, is used to develop and deploy Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause unauthorized read access to a subse...

Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15485)

Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause an unauthorized...

Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15489)

Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to potentially cause an...

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

How to Make Log4Shell Remediation Quick & Effective

Confronting the Log4Shell vulnerability in your environment has seemed anything but “easy” due to its prevalence in Java applications. Rapid remediation is critical. In this blog, Qualys offers some advice – and a new utility – to speed up the process. Remediation is a critical step to ensure tha...

Security Bulletin: Apache Log4j vulnerabilities impact z/Transaction Processing Facility (z/TPF) and TPF Operations Server (CVE-2021-45105, CVE-2021-45046)

Summary The Apache Log4j vulnerabilities affect the z/Transaction Processing Facility z/TPF system and TPF Operations Server. Several Java applications on the z/TPF system depend on Apache Log4j capabilities. Additionally, the 64-bit Java support in TPF Operations Server uses Apache Log4j...

How to Discover Log4Shell Vulnerabilities in Running Containers & Images

If you run Java applications in containers, then it is critical that you check for Log4Shell vulnerabilities, given the high severity of this potential exploit. Qualys Container Security offers multiple methods to help you detect Log4Shell in your container environment. The Container Security...

Our Journey to Detect Log4j-Vulnerable Machines

Log4Shell CVE-2021-44228 is a remote code execution RCE vulnerability in the Apache-foundation open-source logging library Log4j. It was published on December 9, 2021, and then all hell broke loose. As Log4j is a common logging library for Java applications, it is highly widespread...

Security Bulletin: The Apache Log4j (CVE-2021-44228) vulnerability affects z/TPF and TPF Operations Server

Summary The Apache Log4j vulnerability CVE-2021-44228 affects the z/Transaction Processing Facility z/TPF system and TPF Operations Server. Several Java applications on the z/TPF system depend on Apache Log4j capabilities. Additionally, the 64-bit Java support in TPF Operations Server uses Apache...