{"containers": {"cna": {"affected": [{"product": "Apache Log4j 1.x ", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "1.2.1", "versionType": "custom"}, {"lessThan": "2.0-alpha1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Daniel Martin of NCC Group"}], "descriptions": [{"lang": "en", "value": "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."}], "metrics": [{"other": {"content": {"other": "high"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-25T16:49:18", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y"}, {"name": "[oss-security] 20220118 CVE-2022-23305: SQL injection in JDBC Appender in Apache Log4j V1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/4"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20220217-0007/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "source": {"discovery": "UNKNOWN"}, "title": "SQL injection in JDBC Appender in Apache Log4j V1", "workarounds": [{"lang": "en", "value": "Users should upgrade to Log4j 2 or remove usage of the JDBCAppender from their configurations."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-23305", "STATE": "PUBLIC", "TITLE": "SQL injection in JDBC Appender in Apache Log4j V1"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Log4j 1.x ", "version": {"version_data": [{"version_affected": ">=", "version_value": "1.2.1"}, {"version_affected": "<", "version_value": "2.0-alpha1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Daniel Martin of NCC Group"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "high"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}]}, "references": {"reference_data": [{"name": "https://logging.apache.org/log4j/1.2/index.html", "refsource": "MISC", "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"name": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y", "refsource": "MISC", "url": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y"}, {"name": "[oss-security] 20220118 CVE-2022-23305: SQL injection in JDBC Appender in Apache Log4j V1", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/18/4"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://security.netapp.com/advisory/ntap-20220217-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220217-0007/"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}, "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Users should upgrade to Log4j 2 or remove usage of the JDBCAppender from their configurations."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:36:20.421Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y"}, {"name": "[oss-security] 20220118 CVE-2022-23305: SQL injection in JDBC Appender in Apache Log4j V1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20220217-0007/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-23305", "datePublished": "2022-01-18T15:25:22", "dateReserved": "2022-01-17T00:00:00", "dateUpdated": "2024-08-03T03:36:20.421Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C02831A-AD76-43D3-BEB1-DA94FA70A25E", "versionEndIncluding": "1.2.17", "versionStartIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*", "matchCriteriaId": "75B1EDA5-F189-440D-AD0E-C70DD2C0FEE5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDAF3CC9-3827-4634-85B6-DA94368067EB", "versionEndExcluding": "1.2.18.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "0331158C-BBE0-42DB-8180-EB1FCD290567", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11", "versionEndExcluding": "12.0.0.4.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "86EF205C-9CB1-4772-94D1-0B744EF3342D", "versionEndExcluding": "2.2.1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6ED0EE39-C080-4E75-AE0F-3859B57EF851", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:e-business_suite_information_discovery:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D63C2CE-622B-48A8-BD74-09A9B05EDE7C", "versionEndIncluding": "12.2.11", "versionStartIncluding": "12.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "054B56E0-F11B-4939-B7E1-E722C67A041A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "250A493C-E052-4978-ABBE-786DC8038448", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E2B771B-230A-4811-94D7-065C2722E428", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E67501BE-206A-49FD-8CBA-22935DF917F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", "matchCriteriaId": "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1489DDA7-EDBE-404C-B48D-F0B52B741708", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "535BC19C-21A1-48E3-8CC0-B276BA5D494E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EA92D-9F26-4292-991A-891597337DFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", "versionEndIncluding": "8.0.29", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "30501D23-5044-477A-8DC3-7610126AEFD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB7D0A30-3986-49AB-B7F3-DAE0024504BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."}, {"lang": "es", "value": "Por dise\u00f1o, el JDBCAppender en Log4j versiones 1.2.x, acepta una sentencia SQL como par\u00e1metro de configuraci\u00f3n donde los valores a insertar son convertidores de PatternLayout. Es probable que el convertidor de mensajes, %m, sea incluido siempre. Esto permite a atacantes manipular el SQL introduciendo cadenas dise\u00f1adas en los campos de entrada o en los encabezados de una aplicaci\u00f3n que son registradas permitiendo una ejecuci\u00f3n de consultas SQL no deseadas. Tenga en cuenta que este problema s\u00f3lo afecta a Log4j versiones 1.x cuando es configurado espec\u00edficamente para usar el JDBCAppender, que no es el predeterminado. A partir de la versi\u00f3n 2.0-beta8, fue reintroducido el JDBCAppender con soporte apropiado para consultas SQL parametrizadas y mayor personalizaci\u00f3n sobre las columnas escritas en los registros. Apache Log4j versiones 1.2 lleg\u00f3 al final de su vida \u00fatil en agosto de 2015. Los usuarios deber\u00edan actualizar a Log4j 2, ya que aborda numerosos problemas de las versiones anteriores"}], "id": "CVE-2022-23305", "lastModified": "2024-11-21T06:48:22.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-18T16:15:08.350", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/4"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220217-0007/"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220217-0007/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5458", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "product_name": "EAP 6.4.24 release", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:0437", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4", "impact": "low", "package": "log4j", "product_name": "EAP 6.4 log4j async", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:1299", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "log4j", "product_name": "EAP 7.4.4 release", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:0435", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "log4j", "product_name": "EAP 7.4 log4j async", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0467", "cpe": "cpe:/a:redhat:amq_streams:1", "product_name": "Red Hat AMQ Streams 1.6.7", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0469", "cpe": "cpe:/a:redhat:amq_streams:2", "package": "log4j", "product_name": "Red Hat AMQ Streams 2.0.1", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0430", "cpe": "cpe:/a:redhat:jboss_data_grid:7.3", "impact": "low", "package": "log4j", "product_name": "Red Hat Data Grid 7.3.9", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "log4j-0:1.2.14-6.6.el6_10", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "log4j-0:1.2.17-17.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0290", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "parfait:0.5-8050020220124063900.6b489b78", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0294", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "parfait:0.5-8010020220124232535.d5701770", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0291", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "parfait:0.5-8020020220124231008.1c5d4e8a", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0289", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "parfait:0.5-8040020220124230039.d304d9ed", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0661", "cpe": "cpe:/a:redhat:jboss_fuse:7", "impact": "moderate", "package": "log4j", "product_name": "Red Hat Fuse 7.10.1", "release_date": "2022-02-23T00:00:00Z"}, {"advisory": "RHSA-2022:0553", "cpe": "cpe:/a:redhat:jboss_amq:6.3", "impact": "moderate", "package": "log4j", "product_name": "Red Hat Fuse/AMQ 6.3.20", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0553", "cpe": "cpe:/a:redhat:jboss_fuse:6.3", "package": "log4j", "product_name": "Red Hat Fuse/AMQ 6.3.20", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0497", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.4", "package": "log4j", "product_name": "Red Hat JBoss Data Virtualization 6.4.8.SP1", "release_date": "2022-02-09T00:00:00Z"}, {"advisory": "RHSA-2022:0507", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.4", "package": "log4j", "product_name": "Red Hat JBoss Data Virtualization 6.4.8.SP2", "release_date": "2022-02-10T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2024:5856", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2022:0436", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:1297", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:0436", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:1296", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:0527", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1", "impact": "low", "package": "log4j-eap6", "product_name": "Red Hat JBoss Web Server 3.1", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "tomcat7-0:7.0.70-46.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "tomcat8-0:8.0.36-49.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "tomcat-native-0:1.2.23-26.redhat_26.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0446", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "impact": "low", "package": "log4j", "product_name": "Red Hat Single Sign-On 7.4.10", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0447", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7", "impact": "low", "package": "rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el7sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 7", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0448", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8", "impact": "low", "package": "rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el8sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 8", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0439", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-maven36-log4j12-0:1.2.17-23.4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0475", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "impact": "low", "package": "org.ovirt.engine-root-0:4.4.10.6-1", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0475", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "impact": "low", "package": "snmp4j-0:3.6.4-0.1.el8ev", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0444", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso74-openshift-rhel8:7.4-45", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0445", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso74-openj9-openshift-rhel8:7.4-60", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0450", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso75-openshift-rhel8:7.5-17", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0450", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso7-rhel8-operator-bundle:7.5.1-9", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0449", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "impact": "low", "package": "log4j", "product_name": "RHSSO 7.5.1", "release_date": "2022-02-07T00:00:00Z"}], "bugzilla": {"description": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", "id": "2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-89", "details": ["By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens."], "mitigation": {"lang": "en:us", "value": "These are the possible mitigations for this flaw for releases version 1.x:\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server's jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```"}, "name": "CVE-2022-23305", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Affected", "impact": "moderate", "package_name": "log4j", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "impact": "moderate", "package_name": "log4j", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_developer_studio:12.", "fix_state": "Affected", "package_name": "log4j", "product_name": "Red Hat CodeReady Studio 12"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Integration Camel Quarkus 1"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "log4j", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Out of support scope", "impact": "low", "package_name": "log4j", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-metering-hadoop", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-metering-hive", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-metering-presto", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "log4j-over-slf4j", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "ovirt-engine", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "ovirt-engine-extension-logger-log4j", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "vdsm-jsonrpc-java", "product_name": "Red Hat Virtualization 4"}], "public_date": "2022-01-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-23305\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23305\nhttps://www.openwall.com/lists/oss-security/2022/01/18/4"], "statement": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", "threat_severity": "Important"}

{}