13 matches found
ROOT-APP-MAVEN-CVE-2021-4104 CVE-2021-4104 in io.root.log4j:log4j - Patched by Root
Root has patched CVE-2021-4104 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-26464 CVE-2023-26464 in io.root.log4j:log4j - Patched by Root
Root has patched CVE-2023-26464 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2022-23307 CVE-2022-23307 in io.root.log4j:log4j - Patched by Root
Root has patched CVE-2022-23307 in the io.root.log4j:log4j package for Root:Maven. Multiple fixed versions available...
Apache Archiva < 2.2.6 Multiple Log4j Vulnerabilities (Log4Shell) - Active Check
Apache Archiva is prone to multiple vulnerabilities in the Apache Log4j library. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...
log4j-core: remote code execution via JDBC Appender
Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...
Static Code Injection in playframework/play-samples
Description "play-samples" project uses the vulnerable log4j library 2.17.0. This can cause potential RCE vulnerability on the project. Vulnerability: CVE-2021-44832 Remote Code Execution. Another reference from Apache for CVE-2021-44832. You should upgrade the log4j library to latest version...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-45046)
Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-45046 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...
CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities
Cybersecurity agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries. "These vulnerabilities, especially Log4Shell, a...
Apache Tika 2.x < 2.2.0 Log4j RCE Vulnerability (Log4Shell)
Apache Tika is prone to a remote code execution RCE vulnerability in the Apache Log4j library dubbed SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Answering Log4Shell-related questions
Important notice On December 18th, Log4j version 2.17.0 was released to address open vulnerabilities. It is highly recommended to update your systems as soon as possible. History of the Log4j library vulnerabilities CVE-2021-44228 initial vulnerability – partially fixed in 2.15.0 CVE-2021-45046...
log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint...
CVE-2021-44228 - Patching is Recommended for Evolving Zero Day Vulnerability in Apache Log4j that allows remote code execution (RCE)
Akamai has been monitoring the rapidly evolving developments of CVE-2021-44228. We have been working closely with our customers and internal application teams to mitigate the risks posed by the threat of unauthorized remote code execution. This includes deploying an update to our existing Apache...