View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-1285 severity moderate: SUSE including 2 source package names (log4net-1.2.10-3.3.1, log4net-1.2.10-78.1), 2 product×package rows across 2 product lines (SUSE Linux Enterprise Server 11 SP3-TERADATA, openSUSE Tumbleweed): Fixed 2.
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.