3 matches found
PT-2026-31939
Name of the Vulnerable Software and Affected Versions Apache Log4j Core versions 2.12.0 through 2.25.3 Description A flaw exists where hostname verification is ignored when configured through the verifyHostName attribute of the '' element. This occurs even if the attribute is explicitly set,...
Security Bulletin: Due to use of Apache Log4j, IBM Sterling Connect:Direct Web Services is affected by TLS hostname verification issue.
Summary Apache Log4j is used by IBM Sterling Connect:Direct Web Services CVE-2025-68161. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when...
CVE-2025-68161 vulnerabilities
Vulnerabilities for packages: akhq, wavefront-proxy, solr, kafka, druid, strimzi-kafka-operator, sonarqube, celeborn, infinispan, kserve-modelmesh, zipkin, neo4j, apache-activemq-artemis, flink, logstash, opensearch, apache-tika, confluent-kafka, apache-pulsar, spark...