Lucene search
K

29 matches found

Positive Technologies
Positive Technologies
added 2023/11/29 12:0 a.m.8 views

PT-2023-7936

Name of the Vulnerable Software and Affected Versions logback version 1.4.11 Confluence Data Center and Server versions from 6.0.1 to 8.7.1 Confluence Data Center and Server versions from 8.7.0 to 8.7.1 Confluence Data Center versions from 8.6.0 to 8.6.2 Confluence Data Center versions from 8.5.0...

7.5CVSS6.7AI score0.009EPSS
Exploits0References106
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.33 views

Security Bulletin: A vulnerability in logback-classic affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-42550)

Summary Security Bulletin: A vulnerability in logback-classic affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2021-42550. Please see below for details on how to remediate this issue. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote...

6.6CVSS6.9AI score0.04439EPSS
Exploits1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/12/17 12:0 a.m.32 views

Deserialization of Untrusted Data

In logback version 1.2.9 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

8.5CVSS7.6AI score0.04439EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2021/12/16 7:15 p.m.18 views

CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

8.5CVSS0.04439EPSS
Exploits1References7
CNNVD
CNNVD
added 2021/12/16 12:0 a.m.4 views

Quality Open Software Logback 代码问题漏洞

Quality Open Software logback is a logging framework for Java applications from Quality Open Software of Switzerland. quality Open Software logback in versions 1.2.7 and earlier is vulnerable to remote code execution, which stems from a failure to effectively filter user input. The vulnerability...

8.5CVSS6.4AI score0.04439EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2021/12/16 12:0 a.m.3 views

PT-2021-6084

Name of the Vulnerable Software and Affected Versions logback versions 1.2.7 and prior Description The issue is related to the deserialization mechanism in the logback library, which can be exploited by an attacker with the required privileges to edit configuration files. This could allow the...

8.5CVSS7.1AI score0.04439EPSS
Exploits1
OSV
OSV
added 2019/02/14 8:38 a.m.8 views

MGASA-2019-0079 Updated logback packages fix security vulnerability

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

9.8CVSS9.7AI score0.07501EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/08/10 11:3 p.m.121 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update

An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.1AI score0.11167EPSS
Exploits1References15
NVD
NVD
added 2017/03/13 6:59 a.m.25 views

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

9.8CVSS9.5AI score0.07501EPSS
Exploits0References21
Rows per page
Query Builder