{"containers": {"cna": {"affected": [{"product": "Apache Log4j 1.x", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "1.0.1", "versionType": "custom"}, {"lessThan": "2.0-alpha1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Eduardo' Vela, Maksim Shudrak and Jacob Butler from Google."}], "descriptions": [{"lang": "en", "value": "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."}], "metrics": [{"other": {"content": {"other": "high"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-25T16:49:03", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w"}, {"tags": ["x_refsource_MISC"], "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"name": "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20220217-0006/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", "workarounds": [{"lang": "en", "value": "Users should upgrade to Log4j 2 or remove usage of the JMSSink from their configurations."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-23302", "STATE": "PUBLIC", "TITLE": "Deserialization of untrusted data in JMSSink in Apache Log4j 1.x"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Log4j 1.x", "version": {"version_data": [{"version_affected": ">=", "version_value": "1.0.1"}, {"version_affected": "<", "version_value": "2.0-alpha1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Eduardo' Vela, Maksim Shudrak and Jacob Butler from Google."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "high"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-502 Deserialization of Untrusted Data"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w", "refsource": "MISC", "url": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w"}, {"name": "https://logging.apache.org/log4j/1.2/index.html", "refsource": "MISC", "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"name": "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://security.netapp.com/advisory/ntap-20220217-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220217-0006/"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}, "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Users should upgrade to Log4j 2 or remove usage of the JMSSink from their configurations."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:36:20.336Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"name": "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20220217-0006/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-23302", "datePublished": "2022-01-18T15:25:20", "dateReserved": "2022-01-16T00:00:00", "dateUpdated": "2024-08-03T03:36:20.336Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A81678B-BD7A-42A5-84FF-DC2D3D650650", "versionEndIncluding": "1.2.17", "versionStartIncluding": "1.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*", "matchCriteriaId": "75B1EDA5-F189-440D-AD0E-C70DD2C0FEE5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB681829-2B2A-4BDB-8DC5-B3C7D359F4C5", "versionEndExcluding": "1.2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "0331158C-BBE0-42DB-8180-EB1FCD290567", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11", "versionEndExcluding": "12.0.0.4.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "86EF205C-9CB1-4772-94D1-0B744EF3342D", "versionEndExcluding": "2.2.1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6ED0EE39-C080-4E75-AE0F-3859B57EF851", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "054B56E0-F11B-4939-B7E1-E722C67A041A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "250A493C-E052-4978-ABBE-786DC8038448", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E2B771B-230A-4811-94D7-065C2722E428", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E67501BE-206A-49FD-8CBA-22935DF917F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", "matchCriteriaId": "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1489DDA7-EDBE-404C-B48D-F0B52B741708", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "535BC19C-21A1-48E3-8CC0-B276BA5D494E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EA92D-9F26-4292-991A-891597337DFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", "versionEndIncluding": "8.0.29", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB7D0A30-3986-49AB-B7F3-DAE0024504BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."}, {"lang": "es", "value": "JMSSink en todas las versiones de Log4j 1.x, es vulnerable a una deserializaci\u00f3n de datos no confiables cuando el atacante presenta acceso de escritura a la configuraci\u00f3n de Log4j o si la configuraci\u00f3n hace referencia a un servicio LDAP al que el atacante presenta acceso. El atacante puede proporcionar una configuraci\u00f3n TopicConnectionFactoryBindingName causando que JMSSink lleve a cabo peticiones JNDI que resulten en la ejecuci\u00f3n de c\u00f3digo remota de forma similar a CVE-2021-4104. Tenga en cuenta que este problema s\u00f3lo afecta a Log4j versiones 1.x cuando es configurado espec\u00edficamente para usar JMSSink, que no es el predeterminado. Apache Log4j versi\u00f3n 1.2 lleg\u00f3 al final de su vida \u00fatil en agosto de 2015. Los usuarios deber\u00edan actualizar a Log4j 2 ya que aborda otros numerosos problemas de las versiones anteriores"}], "id": "CVE-2022-23302", "lastModified": "2023-02-24T15:30:46.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-18T16:15:08.300", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"}, {"source": "security@apache.org", "tags": ["Mailing List", "Mitigation", "Vendor Advisory"], "url": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220217-0006/"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "security@apache.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5458", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "product_name": "EAP 6.4.24 release", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:0437", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4", "impact": "low", "package": "log4j", "product_name": "EAP 6.4 log4j async", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:1299", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "log4j", "product_name": "EAP 7.4.4 release", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:0435", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "log4j", "product_name": "EAP 7.4 log4j async", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0467", "cpe": "cpe:/a:redhat:amq_streams:1", "product_name": "Red Hat AMQ Streams 1.6.7", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0469", "cpe": "cpe:/a:redhat:amq_streams:2", "package": "log4j", "product_name": "Red Hat AMQ Streams 2.0.1", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0430", "cpe": "cpe:/a:redhat:jboss_data_grid:7.3", "impact": "low", "package": "log4j", "product_name": "Red Hat Data Grid 7.3.9", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "log4j-0:1.2.14-6.6.el6_10", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "log4j-0:1.2.17-17.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0290", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "parfait:0.5-8050020220124063900.6b489b78", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0294", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "parfait:0.5-8010020220124232535.d5701770", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0291", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "parfait:0.5-8020020220124231008.1c5d4e8a", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0289", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "parfait:0.5-8040020220124230039.d304d9ed", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0661", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "log4j", "product_name": "Red Hat Fuse 7.10.1", "release_date": "2022-02-23T00:00:00Z"}, {"advisory": "RHSA-2022:0553", "cpe": "cpe:/a:redhat:jboss_amq:6.3", "package": "log4j", "product_name": "Red Hat Fuse/AMQ 6.3.20", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0553", "cpe": "cpe:/a:redhat:jboss_fuse:6.3", "package": "log4j", "product_name": "Red Hat Fuse/AMQ 6.3.20", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0497", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.4", "package": "log4j", "product_name": "Red Hat JBoss Data Virtualization 6.4.8.SP1", "release_date": "2022-02-09T00:00:00Z"}, {"advisory": "RHSA-2022:0507", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.4", "package": "log4j", "product_name": "Red Hat JBoss Data Virtualization 6.4.8.SP2", "release_date": "2022-02-10T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2024:5856", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2022:0436", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:1297", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:0436", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:1296", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:0527", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1", "impact": "low", "package": "log4j-eap6", "product_name": "Red Hat JBoss Web Server 3.1", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "tomcat7-0:7.0.70-46.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "tomcat8-0:8.0.36-49.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "tomcat-native-0:1.2.23-26.redhat_26.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0446", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "impact": "low", "package": "log4j", "product_name": "Red Hat Single Sign-On 7.4.10", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0447", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7", "impact": "low", "package": "rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el7sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 7", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0448", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8", "impact": "low", "package": "rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el8sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 8", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0439", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-maven36-log4j12-0:1.2.17-23.4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0475", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "impact": "low", "package": "org.ovirt.engine-root-0:4.4.10.6-1", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0475", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "impact": "low", "package": "snmp4j-0:3.6.4-0.1.el8ev", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0444", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso74-openshift-rhel8:7.4-45", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0445", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso74-openj9-openshift-rhel8:7.4-60", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0450", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "redhat-sso-7-sso75-openshift-rhel8-container-7.5-17", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0450", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso7-rhel8-operator-bundle:7.5.1-9", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0449", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "impact": "low", "package": "log4j", "product_name": "RHSSO 7.5.1", "release_date": "2022-02-07T00:00:00Z"}], "bugzilla": {"description": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink", "id": "2041949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-502", "details": ["JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests."], "mitigation": {"lang": "en:us", "value": "These are the possible mitigations for this flaw for releases version 1.x:\n- Comment out or remove JMSSink in the Log4j configuration if it is used\n- Remove the JMSSink class from the server's jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSSink.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker."}, "name": "CVE-2022-23302", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Affected", "package_name": "log4j", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "package_name": "log4j", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_developer_studio:12.", "fix_state": "Affected", "package_name": "log4j", "product_name": "Red Hat CodeReady Studio 12"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Integration Camel Quarkus"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "log4j", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Out of support scope", "impact": "low", "package_name": "log4j", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "hadoop-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-metering-hive", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-metering-presto", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "log4j-over-slf4j", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "ovirt-engine", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "ovirt-engine-extension-logger-log4j", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "vdsm-jsonrpc-java", "product_name": "Red Hat Virtualization 4"}], "public_date": "2022-01-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-23302\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23302\nhttps://www.openwall.com/lists/oss-security/2022/01/18/3"], "statement": "Note this flaw ONLY affects applications which are specifically configured to use JMSSink, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSSink to the attacker's JNDI LDAP endpoint.\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JMSSink is not used. Therefore the impact of this vulnerability for these products is rated Low.", "threat_severity": "Moderate"}