MiracleLinux 7 : log4j-1.2.17-17.0.1.el7.AXS7 (AXSA:2021-2848:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2848:01 advisory. log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender CVE-2021-4104 Tenable has extracted the preceding description blo...

MiracleLinux 4 : log4j-1.2.14-6.4.0.1.AXS4 (AXSA:2021-2880:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2880:02 advisory. log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender CVE-2021-4104 Tenable has extracted the preceding description blo...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

Advisory ROSA-SA-2024-2519

software: log4j12 1.2.17 OS: ROSA-CHROME packageevrstring: log4j12-1.2.17-26 CVE-ID: CVE-2019-17571 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: Log4j 1.2 includes a SocketServer class that is vulnerable to unreliable data deserialization, which can be used to remotely execute arbitrary code in...

GLSA-202312-04 : Arduino: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202312-04 Arduino: Remote Code Execution - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and...

GLSA-202312-02 : Minecraft Server: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202312-02 Minecraft Server: Remote Code Execution - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingNa...

GLSA-202310-16 : Ubiquiti UniFi: remote code execution via bundled log4j

The remote host is affected by the vulnerability described in GLSA-202310-16 Ubiquiti UniFi: remote code execution via bundled log4j - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provid...

Ubuntu 16.04 ESM : Apache Log4j 1.2 vulnerability (USN-5223-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5223-2 advisory. USN-5223-1 fixed a vulnerability in Apache Log4j 1.2. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding...

Updated davmail packages fix security vulnerability

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1...

SUSE CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

Security Bulletin: Due to use of Apache Log4j, IBM QRadar SIEM is affected by arbitrary code execution (CVE-2019-17571, CVE-2021-44832, CVE-2021-4104)

Summary IBM QRadar SIEM is affected by arbitrary code execution due to Apache Log4j CVE-2019-17571, CVE-2021-44832, CVE-2021-4104. Apache Log4j is used by IBM QRadar SIEM as part of its logging infrastructure. The fix includes Apache Log4j 2.17.2 Vulnerability Details CVEID:CVE-2019-17571...

Security Bulletin: The IBM® Engineering Requirements Management DOORS/DWA fixes for Log4j vulnerabilities CVE-2021-4104

Summary Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. The IBM® Engineering Requirements Management DOORS/DWA product versions 9.6.1.x, 9.7.0.x,...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to remote code execution due to Apache Log4j (CVE-2021-4104)

Summary Apache Log4j is used by IBM Sterling Global Mailbox as part of its logging infrastructure. This fix includes Apache Log4j v2.17.1. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the...

Security Bulletin: Multiple vulnerabilities have been identified in Apache Log4j shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228)

Summary Multiple vulnerabilities have been identified within the Apache Log4j library that is used within IBM Tivoli Netcool/OMNIbus Common Integration Libraries. These vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote...

Security Bulletin: Log4j vulnerability affects IBM Netezza Analytics for NPS

Summary IBM Netezza Analytics for NPS uses Log4j version 1.x. IBM Netezza Analytics for NPS has addressed the aplicable CVE Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of...

CVE-2021-4104

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

Security Bulletin: IBM Integration Designer is vulnerable to arbitrary code execution because of Apache Log4j (CVE-2021-4104)

Summary This fix removes the Apache Log4j.jar file from IBM Integration Designer. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write...

Security Bulletin: The Apache Log4j (CVE-2021-4104) vulnerability affects TPF Operations Server

Summary The Apache Log4j vulnerability CVE-2021-4104 affects the TPF Operations Server, which runs with the z/Transaction Processing Facility z/TPF. The TPF Operations Server uses Apache Log4j as part of its logging infrastructure. All components in the TPF Operations Server that use Apache Log4j...

CLSA-2022-1648067792 Fix of CVE: CVE-2021-4104, CVE-2022-23305, CVE-2022-23302, CVE-2022-23307

CVE-2022-23302: remove JMSSink component entrirely - CVE-2022-23305: ensure security of JDBCAppender adding additional check-ups - CVE-2022-23307: restrict chainsaw access list to classes from SYSTEMALLOWEDCLASSES group - CVE-2021-4104: disable JMSAppender by default and add option to manually...

Security Bulletin: IBM Transformation Extender Advanced is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

Summary IBM Transformation Extender Advanced, previously known as IBM Standards Processing Engine, uses Apache Log4j as part of its logging infrastructure. An arbitrary remote code execution vulnerability has been addressed. The fix incudes Apache Log4j 2.17.1. Vulnerability Details CVEID:...