Lucene search
K

38 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.20 views

Astra Linux – Vulnerability in Apache Log4j1.2

In Log4j 1.2, the JMSAppender component is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide configurations for TopicBindingName and TopicConnectionFactoryBindingName, causing the JMSAppender to make JNDI reques...

7.5CVSS7.3AI score0.81147EPSS
Exploits9References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:10 a.m.13 views

Security Bulletin: IBM Content Navigator is affected by Log4J

Summary IBM Content Navigator is affected by multiple vulnerabilities in Apache Log4j 1.x, a logging library that reached end of life in August 2015. These include multiple Deserialization of Untrusted Data flaws CVE-2019-17571, CVE-2021-4104, CVE-2022-23302, CVE-2022-23307, CVE-2023-26464 in...

9.8CVSS7.2AI score0.66537EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/12 5:46 p.m.12 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.10 released on December 19, 2025. Vulnerability Details CVEID:CVE-2022-23302 DESCRIPTION: JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the...

9.8CVSS8.5AI score0.66537EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2024/11/25 12:12 a.m.4 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.2 views

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

9CVSS7.1AI score0.52458EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.3 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
RedHat Linux
RedHat Linux
added 2023/10/05 8:23 p.m.4 views

log4j1-socketappender: DoS via hashmap logging

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

7.5CVSS7AI score0.01905EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/30 7:0 p.m.5 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
OSV
OSV
added 2022/06/14 7:15 p.m.7 views

CVE-2022-29615

SAP NetWeaver Developer Studio NWDS - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x...

3.4CVSS5.8AI score0.00243EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.3 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.2 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.3 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/15 6:54 p.m.4 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
RedHat Linux
RedHat Linux
added 2022/02/15 6:54 p.m.6 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/14 5:30 p.m.7 views

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS7AI score0.66537EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/02/14 5:10 p.m.5 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/14 5:10 p.m.4 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
RedHat Linux
RedHat Linux
added 2022/02/08 5:0 p.m.2 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/08 5:0 p.m.4 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
RedHat Linux
RedHat Linux
added 2022/02/08 12:52 p.m.4 views

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS7AI score0.66537EPSS
Exploits1References5
Rows per page
Query Builder