logback serialization vulnerability

A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html...

logback serialization vulnerability

A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability which can allow an attacker to execute arbitrary code

Summary Logback could allow a remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback could allow a remote authenticated attacker to execute arbitrary code on the system. By using a specially-crafted configuration, an...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : maven and recommended update for antlr3, minlog, sbt, xmvn (SUSE-SU-2023:2097-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2097-1 advisory. - In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit...

CVE-2023-23591

The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1...

CVE-2023-23591

The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1...

Design/Logic Flaw

The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1...

CVE-2023-23591

CVE-2023-23591 affects Terminalfour’s Logback component. An information disclosure vulnerability allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. Fixed releases are Terminalfour 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1. The i...

PT-2023-19064 · Unknown +1 · Terminalfour +1

Name of the Vulnerable Software and Affected Versions: Terminalfour versions prior to 8.2.18.7 Terminalfour versions prior to 8.2.18.2.2 Terminalfour versions prior to 8.3.11.1 Terminalfour versions prior to 8.3.14.1 Description: The Logback component in Terminalfour allows OS administrators to...

CVE-2023-23591

The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-43548. Angular is a JavaScript framework that extends HTML CVE-2020-7676. Logback is a logging library for Java CVE-2021-42550. Golang Go...

SUSE CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

SUSE CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

This Week in Spring - January 31st, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm not going to spend too much time here in the preamble because a today's both my birthday and my late father's birthday and b I got the worst gift ever: COVID-19. Sigh. So, I'm going back to bed. Without further ado, let's...

This Week in Spring - January 31st, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm not going to spend too much time here in the preamble because a today's both my birthday and my late father's birthday and b I got the worst gift ever: COVID-19. Sigh. So, I'm going back to bed. Without further ado, let's...

Hyperledger: CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data

Vulnerability Overview Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used f...

OESA-2022-1946 logback security update

Logback is intended as a successor to the popular log4j project. Security Fixes: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP...

Security Bulletin: Vulnerabilities in IBM Db2, Golang Go, and Logback may affect the IBM Spectrum Protect Server (CVE-2022-30631, CVE-2022-30633, CVE-2022-1705, CVE-2022-22389, CVE-2022-22390, CVE-2021-42550, CVE-2022-30629)

Summary The IBM Spectrum Protect Server may be affected by vulnerabilities in IBM Db2, Golang Go, and Logback such as denial of service, HTTP request smuggling, obtaining sensitive information, and execution of arbitrary code. Vulnerability Details CVEID:CVE-2022-30631 DESCRIPTION: Golang Go is...

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to arbitrary code execution due to its use of Logback (CVE-2021-42550)

Summary Logback is used by IBM Cloud Pak for Multicloud Management Monitoring in its cassandra component to write logs. This vulnerability is limited to a malicious insider who can find and manipulate the logging configuration files. Vulnerability Details CVEID:CVE-2021-42550 DESCRIPTION: Logback...

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update

A minor version update from 7.10 to 7.11 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...