Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in log4j-core-2.17.2 (CVE-2025-68161)

Summary IBM® Db2® federated server is affected by a vulnerability in log4j-core-2.17.2 CVE-2025-68161 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

ROOT-APP-MAVEN-CVE-2026-34477 CVE-2026-34477 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2026-34477 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-34480 CVE-2026-34480 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2026-34480 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-34478 CVE-2026-34478 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2026-34478 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-34481 CVE-2026-34481 in io.root.org.apache.logging.log4j:log4j-layout-template-json - Patched by Root

Root has patched CVE-2026-34481 in the io.root.org.apache.logging.log4j:log4j-layout-template-json package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-68161 CVE-2025-68161 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2025-68161 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-34479 CVE-2026-34479 in io.root.org.apache.logging.log4j:log4j-1.2-api - Patched by Root

Root has patched CVE-2026-34479 in the io.root.org.apache.logging.log4j:log4j-1.2-api package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2021-44832 CVE-2021-44832 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2021-44832 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

Astra Linux – Vulnerability in Apache Log4j1.2

The JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration, or when the configuration references an LDAP service to which the attacker has access. The attacker can provide a...

Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.1 patch 6 Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname...

ROOT-APP-MAVEN-CVE-2023-26464 CVE-2023-26464 in io.root.log4j:log4j - Patched by Root

Root has patched CVE-2023-26464 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2022-23307 CVE-2022-23307 in io.root.log4j:log4j - Patched by Root

Root has patched CVE-2022-23307 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2022-23302 CVE-2022-23302 in io.root.log4j:log4j - Patched by Root

Root has patched CVE-2022-23302 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2019-17571 CVE-2019-17571 in io.root.log4j:log4j - Patched by Root

Root has patched CVE-2019-17571 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2022-23305 CVE-2022-23305 in io.root.log4j:log4j - Patched by Root

Root has patched CVE-2022-23305 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2021-4104 CVE-2021-4104 in io.root.log4j:log4j - Patched by Root

Root has patched CVE-2021-4104 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified several vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges, and access via HTTP or HTTPS, to gain complete control over the...

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 008. Vulnerability Details CVEID:CVE-2026-45205 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a...

Apache Log4j2 - Remote Code Injection

Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. id: CVE-2021-45046 info: name: Apache Log4j2 - Remote Code Injection author: ImNightmaree severity: critical description: Apache Log4j2 Thread Context Lookup Pattern is...

Apache Log4j2 Remote Code Injection

Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when...