3 matches found
PT-2026-31939
Name of the Vulnerable Software and Affected Versions Apache Log4j Core versions 2.12.0 through 2.25.3 Description A flaw exists where hostname verification is ignored when configured through the verifyHostName attribute of the '' element. This occurs even if the attribute is explicitly set,...
Security Bulletin: Due to use of Apache Log4j, IBM Sterling Connect:Direct Web Services is affected by TLS hostname verification issue.
Summary Apache Log4j is used by IBM Sterling Connect:Direct Web Services CVE-2025-68161. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when...
CVE-2025-68161 vulnerabilities
Vulnerabilities for packages: kafka, logstash, strimzi-kafka-operator, druid, zipkin, neo4j, celeborn, spark, sonarqube, apache-tika, akhq, opensearch, apache-activemq-artemis, infinispan, apache-pulsar, wavefront-proxy, solr, flink, kserve-modelmesh, confluent-kafka...