Lucene search
K
OracleHyperion Infrastructure Technology*

7 matches found

CVE
CVE
added 2021/12/14 12:0 a.m.1455 views

CVE-2021-4104

CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...

7.5CVSS9.4AI score0.81147EPSS
In wildWeb
CVE
CVE
added 2021/12/18 11:55 a.m.1186 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2022/01/18 3:25 p.m.867 views

CVE-2022-23302

CVE-2022-23302 affects Log4j 1.x JMSSink. TheDeserialization flaw allows remote code execution when an attacker can write to the Log4j configuration or when the configuration references an LDAP service the attacker controls. JMSSink can be triggered via a TopicConnectionFactoryBindingName to caus...

8.8CVSS9.3AI score0.61785EPSS
CVE
CVE
added 2022/01/18 3:25 p.m.812 views

CVE-2022-23307

CVE-2022-23307 concerns a deserialization vulnerability in the Chainsaw component of Apache Log4j 1.x (Chainsaw bundled with Log4j 1.2.x). The root cause is unsafe deserialization of untrusted data via Chainsaw, allowing potential code execution. Multiple Atlassian products initially bundled Chai...

9CVSS9.2AI score0.52458EPSS
CVE
CVE
added 2022/01/18 3:25 p.m.740 views

CVE-2022-23305

CVE-2022-23305 concerns Apache Log4j 1.x when configured with JDBCAppender: an SQL statement is built from a PatternLayout-converted value (notably %m), allowing an attacker to craft input to alter and potentially execute SQL. The issue is specific to Log4j 1.x if JDBCAppender is used; JDBCAppend...

9.8CVSS9.4AI score0.66537EPSS
Web
CVE
CVE
added 2021/03/19 4:5 p.m.187 views

CVE-2021-27807

CVE-2021-27807 affects Apache PDFBox 2.0.22 and earlier 2.0.x. The issue arises when loading a crafted PDF, triggering an infinite loop and causing denial of service. Connected IBM advisories confirm the same description and map remediation to upgrading to fixed PDFBox versions via product-specif...

5.5CVSS5.6AI score0.02979EPSS
CVE
CVE
added 2021/03/19 4:5 p.m.186 views

CVE-2021-27906

CVE-2021-27906 affects Apache PDFBox; a crafted PDF can trigger an OutOfMemoryError when loading, impacting PDFBox 2.0.22 and earlier 2.0.x. The connected IBM/QRadar security bulletin confirms the same CVE ID and notes remediation: upgrade to IBM Cognos-related 2.0.6.12, then apply FixPack 2.0.6....

5.5CVSS5.6AI score0.03337EPSS