Security Bulletin: A vulnerability in logback-classic affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-42550)

Summary Security Bulletin: A vulnerability in logback-classic affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data CVE-2021-42550. Please see below for details on how to remediate this issue. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote...

Siemens SINEC Network Management System Logback Component

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEC NMS Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with write access to the logback configuration file to...

Hyperledger: CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data

Vulnerability Overview Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used f...

OESA-2022-1946 logback security update

Logback is intended as a successor to the popular log4j project. Security Fixes: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP...

Security Bulletin: Vulnerabilities in IBM Db2, Golang Go, and Logback may affect the IBM Spectrum Protect Server (CVE-2022-30631, CVE-2022-30633, CVE-2022-1705, CVE-2022-22389, CVE-2022-22390, CVE-2021-42550, CVE-2022-30629)

Summary The IBM Spectrum Protect Server may be affected by vulnerabilities in IBM Db2, Golang Go, and Logback such as denial of service, HTTP request smuggling, obtaining sensitive information, and execution of arbitrary code. Vulnerability Details CVEID:CVE-2022-30631 DESCRIPTION: Golang Go is...

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to arbitrary code execution due to its use of Logback (CVE-2021-42550)

Summary Logback is used by IBM Cloud Pak for Multicloud Management Monitoring in its cassandra component to write logs. This vulnerability is limited to a malicious insider who can find and manipulate the logging configuration files. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback...

logback: remote code execution through JNDI call from within its configuration file

A flaw was found in the logback package. When using a specially-crafted configuration, this issue could allow a remote authenticated attacker to execute arbitrary code loaded from LDAP servers...

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update

A minor version update from 7.10 to 7.11 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...

logback: remote code execution through JNDI call from within its configuration file

A flaw was found in the logback package. When using a specially-crafted configuration, this issue could allow a remote authenticated attacker to execute arbitrary code loaded from LDAP servers...

acegisecurity:acegi-security-resin (=0.9.0), ch.qos.logback:logback-access (>=${parent.version} <=0.3) +3 more potentially affected by CVE-2012-2967 via com.caucho:resin (=3.0.9)

com.caucho:resin MAVEN version =3.0.9 is affected by a known vulnerability. The following packages have a transitive dependency on com.caucho:resin and may be impacted: - acegisecurity:acegi-security-resin =0.9.0 - ch.qos.logback:logback-access =$parent.version, =2.3.0, =1.0.0, =2.0.0, =2.0.4...

acegisecurity:acegi-security-resin (=0.9.0), ch.qos.logback:logback-access (>=${parent.version} <=0.3) +3 more potentially affected by CVE-2012-2965 via com.caucho:resin (=3.0.9)

com.caucho:resin MAVEN version =3.0.9 is affected by a known vulnerability. The following packages have a transitive dependency on com.caucho:resin and may be impacted: - acegisecurity:acegi-security-resin =0.9.0 - ch.qos.logback:logback-access =$parent.version, =2.3.0, =1.0.0, =2.0.0, =2.0.4...

ch.qos.logback:logback-examples (>=1.3.0-alpha0 <=1.3.0-alpha4) potentially affected by CVE-2018-8088 via org.slf4j:slf4j-ext (>=1.8.0-beta0 <=1.8.0-beta1)

org.slf4j:slf4j-ext MAVEN version =1.8.0-beta0, =1.3.0-alpha0, =1.3.0-alpha4 Source cves: CVE-2018-8088 Source advisory: OSV:GHSA-W77P-8CFG-2X43...

ch.qos.logback:logback-access (>=${parent.version} <=0.8), ch.qos.logback:logback-examples (>=0.6 <=0.8) +933 more potentially affected by CVE-2009-4611 via org.mortbay.jetty:jetty (>=6.0.0 <=6.1.22)

org.mortbay.jetty:jetty MAVEN version =6.0.0, =$parent.version, =0.6, =0.1.0, =0.2.2, =2.8.1, =3.4.0, =4.2.0, =1.4.42g, =4.2.1, =4.3.0, =4.3.0, =4.2.1, =4.5.1 and more Source cves: CVE-2009-4611 Source advisory: OSV:GHSA-6JXP-7G74-2RC3...

ch.qos.logback:logback-access (>=${parent.version} <=0.8), ch.qos.logback:logback-examples (>=0.6 <=0.8) +372 more potentially affected by CVE-2009-1523 via org.mortbay.jetty:jetty (>=6.0.0 <=6.1.16)

org.mortbay.jetty:jetty MAVEN version =6.0.0, =$parent.version, =0.6, =4.2.1, =4.3.0, =4.3.0, =4.2.1, =4.2.1, =4.3.0, =0.5, =0.5, =0.60.3, =1.2.4, =1.2.7 and more Source cves: CVE-2009-1523 Source advisory: OSV:GHSA-9986-W5H5-VW59...

logback: remote code execution through JNDI call from within its configuration file

A flaw was found in the logback package. When using a specially-crafted configuration, this issue could allow a remote authenticated attacker to execute arbitrary code loaded from LDAP servers...

logback: remote code execution through JNDI call from within its configuration file

A flaw was found in the logback package. When using a specially-crafted configuration, this issue could allow a remote authenticated attacker to execute arbitrary code loaded from LDAP servers...

Moderate: Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.1 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

BSA-2022-1675

Security Advisory ID : BSA-2022-1675 Component : logback Revision : 1.0 In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. Brocade has...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Logback

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Logback. Vulnerability Details CVEID: CVE-2021-42550 DESCRIPTION: Logback could allow a remote authenticated attacker to execute arbitrary code on the system. By using a specially-crafted configuration, an...

The vulnerability of the logback logging library, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code.

The vulnerability of the logback logging library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...