Lucene search
K

15 matches found

EUVD
EUVD
added 2026/06/24 5:41 a.m.6 views

EUVD-2026-38691

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.34 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...

7CVSS6.2AI score0.00181EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 4:54 p.m.17 views

Security Bulletin: A logback-core-1.5.18.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in logback-core-1.5.18.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.C...

7CVSS6.2AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:41 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses logback-core-1.5.21.jar which is vulnerable to CVE-2026-1225

Summary IBM Maximo Application Suite - Visual Inspection component uses logback-core-1.5.21.jar which is vulnerable to CVE-2026-1225, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in...

1.8CVSS5.7AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 2:40 p.m.8 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use os qOS.ch Logback-core

Summary Due to use of qOS.ch Logback-core, DevOps Test Performance and Rational Performance Tester contain a potential Remote Code Execution RCE vulnerability. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.CH...

7CVSS6.3AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 12:55 p.m.9 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the logback-core library

Summary Due to use of the logback-core library, DevOps Test Performance and Rational Performance Tester contain a potential Arbitrary Code Execution ACE vulnerability. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-core ...

1.8CVSS5.8AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/10 5:12 a.m.8 views

Security Bulletin: Multiple vulnerabilities in logback-core-1.3.14.jar affects IBM DevOps Code ClearCase [CVE-2024-12798, CVE-2024-12801, CVE-2025-11226,CVE-2026-1225]

Summary Multiple vulnerabilities in logback-core-1.3.14.jar affects IBM DevOps Code ClearCase CVE-2024-12798, CVE-2024-12801, CVE-2025-11226,CVE-2026-1225 Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-core up to and...

7CVSS6.1AI score0.00404EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/22 9:24 a.m.7 views

CVE-2026-1225 Malicious logback.xml configuration file allows instantiation of arbitrary classes

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS5.5AI score0.00159EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/10/01 9:30 a.m.7 views

ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +23288 more potentially affected by CVE-2025-11226 via ch.qos.logback:logback-core (>=1.4.0 <=1.5.18)

ch.qos.logback:logback-core MAVEN version =1.4.0, =0.1.0, =0.1.0, =0.2.0, =0.114.0, =0.103.0, =0.114.0, =0.2.0, =0.8.0, =0.9.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 -...

5.9CVSS5.4AI score0.00181EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:39 a.m.21 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in logback-core

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of logback-core Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allo...

5.9CVSS7.2AI score0.00404EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/01/07 6:52 a.m.11 views

Server-Side Request Forgery (SSRF)

ch.qos.logback, logback-core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of the DOCTYPE declaration in XML configuration files, allowing an attacker to forge requests...

2.4CVSS6.6AI score0.00221EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2024/12/19 6:31 p.m.9 views

ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0) +16388 more potentially affected by CVE-2024-12801 via ch.qos.logback:logback-core (>=1.4.0 <=1.5.12)

ch.qos.logback:logback-core MAVEN version =1.4.0, =0.1.0, =0.2.0, =0.114.0, =0.103.0, =0.114.0, =0.2.0, =0.8.0, =0.9.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664 =0....

2.4CVSS6.5AI score0.00221EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/09 5:46 a.m.43 views

DoS (Denial of Service) ch.qos.logback:logback-core Dependency in Bitbucket Data Center and Server

This High severity ch.qos.logback:logback-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This ch.qos.logback:logback-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.1AI score0.00682EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/04 9:30 a.m.5 views

ch.qos.logback:logback-access (=1.3.13), ch.qos.logback:logback-classic (=1.3.13) +28 more potentially affected by CVE-2023-6481 via ch.qos.logback:logback-core (=1.3.13)

ch.qos.logback:logback-core MAVEN version =1.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on ch.qos.logback:logback-core and may be impacted: - ch.qos.logback:logback-access =1.3.13 - ch.qos.logback:logback-classic =1.3.13 -...

7.5CVSS7.1AI score0.00682EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/04/22 12:0 a.m.22 views

The vulnerability of the logback-core class in the QOS.ch file of the Jackson-databind library allows a hacker to execute arbitrary code.

The vulnerability of the logback-core class in the QOS.ch file of the Jackson-databind library is related to the recovery of unreliable data in memory. Exploiting this vulnerability may allow a remote attacker to execute arbitrary code...

10CVSS7AI score0.07501EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/08/20 12:0 a.m.3 views

The vulnerability of the logback-core class in the Jackson-databind library, allowing attackers to execute arbitrary code.

The vulnerability of the logback-core class in the Jackson-databind library is related to the memory restoration of unreliable data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

7.1CVSS8.1AI score0.45205EPSS
Exploits2References45Affected Software16
Rows per page
Query Builder