The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0038-1 advisory.

  - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write     access to the Log4j configuration. The attacker can provide TopicBindingName and     TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result     in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2     when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2021-4104)

  - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker     has write access to the Log4j configuration or if the configuration references an LDAP service the     attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing     JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to     CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which     is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2     as it addresses numerous other issues from the previous versions. (CVE-2022-23302)

  - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the     values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be     included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or     headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue     only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.
    Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized     SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2022-23305)

  - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw     V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0290 advisory.

  - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker     has write access to the Log4j configuration or if the configuration references an LDAP service the     attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing     JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to     CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which     is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2     as it addresses numerous other issues from the previous versions. (CVE-2022-23302)

  - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the     values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be     included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or     headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue     only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.
    Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized     SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2022-23305)

  - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw     V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)

  - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write     access to the Log4j configuration. The attacker can provide TopicBindingName and     TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result     in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2     when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2021-4104)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0290 advisory.

  - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write     access to the Log4j configuration. The attacker can provide TopicBindingName and     TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result     in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2     when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2021-4104)

  - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker     has write access to the Log4j configuration or if the configuration references an LDAP service the     attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing     JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to     CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which     is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2     as it addresses numerous other issues from the previous versions. (CVE-2022-23302)

  - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the     values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be     included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or     headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue     only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.
    Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized     SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2022-23305)

  - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw     V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0290 advisory.

  - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write     access to the Log4j configuration. The attacker can provide TopicBindingName and     TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result     in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2     when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2021-4104)

  - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker     has write access to the Log4j configuration or if the configuration references an LDAP service the     attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing     JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to     CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which     is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2     as it addresses numerous other issues from the previous versions. (CVE-2022-23302)

  - By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the     values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be     included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or     headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue     only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.
    Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized     SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2022-23305)

  - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw     V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. (CVE-2022-23307)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apache Log4j is an open source Java-based logging framework leveraged within numerous Java applications. The scanner detected the presence of installation files referring to the usage of Apache Log4j.

The remote host is affected by the vulnerability described in GLSA-202209-02 (IBM Spectrum Protect: Multiple Vulnerabilities)

  - IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow,     caused by improper bounds checking when processing the current locale settings. A local attacker could     overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the     application to crash. IBM X-Force ID: 199479 (CVE-2021-29672)

  - In order to decrypt SM2 encrypted data an application is expected to call the API function     EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the     out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size     required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer     and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug     in the implementation of the SM2 decryption code means that the calculation of the buffer size required to     hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size     required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the     application a second time with a buffer that is too small. A malicious attacker who is able present SM2     content for decryption to an application could cause attacker chosen data to overflow the buffer by up to     a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing     application behaviour or causing the application to crash. The location of the buffer is application     dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
    (CVE-2021-3711)

  - ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a     buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings     which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not     a strict requirement, ASN.1 strings that are parsed using OpenSSL's own d2i functions (and other similar     parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will     additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for     applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array     by directly setting the data and length fields in the ASN1_STRING array. This can also happen by using     the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to     assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for     strings that have been directly constructed. Where an application requests an ASN.1 structure to be     printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the     application without NUL terminating the data field, then a read buffer overrun can occur. The same thing     can also occur during name constraints processing of certificates (for example if a certificate has been     directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the     certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the     X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an     application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL     functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack).
    It could also result in the disclosure of private memory contents (such as private keys, or sensitive     plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected     1.0.2-1.0.2y). (CVE-2021-3712)

  - IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper     bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM     X-Force ID: 214438. (CVE-2021-39048)

  - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write     access to the Log4j configuration. The attacker can provide TopicBindingName and     TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result     in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2     when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of     life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the     previous versions. (CVE-2021-4104)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
158150	openSUSE 15 Security Update : kafka (openSUSE-SU-2022:0038-1)	Nessus	SuSE Local Security Checks	2/18/2022	11/8/2023	critical
157159	Oracle Linux 8 : parfait:0.5 (ELSA-2022-0290)	Nessus	Oracle Linux Local Security Checks	1/27/2022	11/17/2023	critical
158832	AlmaLinux 8 : parfait:0.5 (ALSA-2022:0290)	Nessus	Alma Linux Local Security Checks	3/11/2022	11/6/2023	critical
184625	Rocky Linux 8 : parfait:0.5 (RLSA-2022:0290)	Nessus	Rocky Linux Local Security Checks	11/6/2023	11/6/2023	critical
113076	Apache Log4j Installation File Detected	Web App Scanning	Data Exposure	12/14/2021	12/14/2021	high
164805	GLSA-202209-02 : IBM Spectrum Protect: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	9/7/2022	10/12/2023	critical
164564	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.2.5)	Nessus	Misc.	9/1/2022	2/2/2024	critical
164601	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.4)	Nessus	Misc.	9/1/2022	3/25/2024	critical
164603	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.1)	Nessus	Misc.	9/1/2022	3/5/2024	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

high

critical

critical

critical

critical