Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:16 a.m.4 views

Security Bulletin: There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-68161)

Summary There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS5.9AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/16 2:35 a.m.55 views

Security Bulletin: Due to use of Apache Log4j, IBM Netcool/OMNIbus Probe DSL Factory Framework is vulnerable to arbitrary code execution (CVE-2022-23302, CVE-2022-23307) and SQL injection (CVE-2022-23305)

Summary Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 is a dependency component shipped with the IBM Netcool/OMNIbus Probe DSL Factory Framework. The latest patch upgraded to Apache Log4j 2.17.1 that remediates the security vulnerabilities. Vulnerability Details CVEID: CVE-2022-2330...

9.8CVSS10.2AI score0.66537EPSS
Exploits1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/18 4:15 p.m.7 views

CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

9.8CVSS7AI score0.66537EPSS
Exploits1References7Affected Software1
Debian CVE
Debian CVE
added 2022/01/18 3:25 p.m.49 views

CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

9.8CVSS7.8AI score0.66537EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2021/12/22 9:50 p.m.273 views

Test for Log4Shell With InsightAppSec Using New Functionality

We can all agree at this point that the Log4Shell vulnerability CVE-2021-44228 can rightfully be categorized as a celebrity vulnerability. Security teams have been working around the clock investigating whether they have instances of Log4j in their environment. You are likely very familiar with...

9.3CVSS0.99999EPSS
Exploits354
Rows per page
Query Builder