Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a server-side request forgery in logback-core [CVE-2024-12801]

Summary IBM Watson Speech Services Cartridge is vulnerable to a server-side request forgery in logback-core, due to a flaw in SaxEventRecorder by QOS.CH logback, that allows an attacker to forge requests by compromising logback configuration files in XML CVE-2024-12801. Logback-core is used in ou...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an arbitrary code execution in logback-core [CVE-2024-12798]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in logback-core, caused by a flaw in the JaninoEventEvaluator extension, that allowsve environment variable injection before program execution CVE-2024-12798. Logback-core is used in our Speech microservices...

Security Bulletin: Denial of Service in Logback used by Apache Zookeeper affect IBM Operations Analytics - Log Analysis (CVE-2023-6481)

Summary There is a potential denial of service in Logback that is used by Apache Zookeeper. This is caused by serialization vulnerability in Logback. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in logback-core

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of logback-core Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allo...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in logback-classic

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of logback-classic Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java...

Security Bulletin: Vulnerability in logback affects IBM Storage Insights

Summary logback is vulnerable to forging requests, arbitrary code execution, These vulnerabilities affect IBM Storage Insights. Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 ...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in QOS.CH logback [CVE-2024-12801]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in QOS.CH logback, caused by a flaw in the SaxEventRecorder CVE-2024-12801. QOS.CH logback is used by our Speech Microservices. This vulnerabilitiy has been addressed. Please read the details for remediati...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in logback-classic [CVE-2024-12798]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in logback-classic, caused by a flaw in the JaninoEventEvaluator extension CVE-2024-12798. Logback-classic is used by our Speech Microservices. This vulnerabilitiy has been addressed. Please read the details for...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798, CVE-2024-12801 logback-core-1.5.12.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-12798, CVE-2024-12801

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798, CVE-2024-12801 logback-core-1.5.12.jar Publicly disclosed vulnerability found by Mend CVE-2024-12798, CVE-2024-12801. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-12798

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar Publicly disclosed vulnerability found by Mend CVE-2024-12798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerabilit...

SUSE CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

SUSE CVE-2024-12801

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...

Security Bulletin: IBM Asset Data Dictionary uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Asset Data Dictionary uses...

logback-core: arbitrary code execution via JaninoEventEvaluator

A flaw was found in Logback. This flaw allows a privileged attacker with write access to modify Logback configuration files or inject a malicious environment variable to execute arbitrary code via the JaninoEventEvaluator extension...

The vulnerability of the logback-core module in the QOS monitoring system allows a perpetrator to execute arbitrary code.

The vulnerability of the logback-core module in the QOS monitoring system is related to the failure to take measures to neutralize special elements used in the expression language operator. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by using the...

openSUSE 15 Security Update : logback (SUSE-SU-2025:0072-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0072-1 advisory. - CVE-2024-12798: Fixed arbitrary code execution via JaninoEventEvaluator bsc1234742 - CVE-2024-12801: Fixed Server-Side Request Forgery in...

openSUSE Security Advisory (SUSE-SU-2025:0072-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for logback

This update for logback fixes the following issues: CVE-2024-12798: Fixed arbitrary code execution via JaninoEventEvaluator bsc1234742 CVE-2024-12801: Fixed Server-Side Request Forgery in SaxEventRecorder bsc1234743 Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2025:0072-1 Security update for logback

This update for logback fixes the following issues: - CVE-2024-12798: Fixed arbitrary code execution via JaninoEventEvaluator bsc1234742 - CVE-2024-12801: Fixed Server-Side Request Forgery in SaxEventRecorder bsc1234743...

logback-1.2.11-4.1 on GA media (moderate)

logback-1.2.11-4.1 on GA media Announcement ID: openSUSE-SU-2025:14627-1 Rating: moderate Cross-References: CVE-2024-12798 CVE-2024-12801 CVSS scores: CVE-2024-12798 SUSE : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2024-12801 SUSE : 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affect...