CVE-2022-23302 - Vulnerability Details

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00476.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache Subscribe	Log4j Subscribe
Broadcom Subscribe	Brocade Sannav Subscribe
Netapp Subscribe	Snapmanager Subscribe
Oracle Subscribe	Advanced Supply Chain Planning Subscribe Business Intelligence Subscribe Business Process Management Suite Subscribe Communications Eagle Ftp Table Base Retrieval Subscribe Communications Instant Messaging Server Subscribe Communications Messaging Server Subscribe Communications Network Integrity Subscribe Communications Offline Mediation Controller Subscribe Communications Unified Inventory Management Subscribe E-business Suite Cloud Manager And Cloud Backup Module Subscribe Enterprise Manager Base Platform Subscribe Financial Services Revenue Management And Billing Analytics Subscribe Healthcare Foundation Subscribe Hyperion Data Relationship Management Subscribe Hyperion Infrastructure Technology Subscribe Identity Management Suite Subscribe Identity Manager Connector Subscribe Jdeveloper Subscribe Middleware Common Libraries And Tools Subscribe Mysql Enterprise Monitor Subscribe Tuxedo Subscribe Weblogic Server Subscribe
Qos Subscribe	Reload4j Subscribe
Redhat Subscribe	Amq Streams Subscribe Enterprise Linux Subscribe Jboss Amq Subscribe Jboss Data Grid Subscribe Jboss Data Virtualization Subscribe Jboss Enterprise Application Platform Subscribe Jboss Enterprise Application Platform Eus Subscribe Jboss Enterprise Web Server Subscribe Jboss Fuse Subscribe Red Hat Single Sign On Subscribe Rhel Aus Subscribe Rhel E4s Subscribe Rhel Els Subscribe Rhel Eus Subscribe Rhel Software Collections Subscribe Rhel Tus Subscribe Rhev Manager Subscribe Rhosemc Subscribe

Configuration 1 [-]

cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:netapp:snapmanager:-:::::oracle::
	cpe:2.3:a:netapp:snapmanager:-:::::sap::

Configuration 3 [-]

cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:::::::*
	cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:::::::*
	cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0::::enterprise:::
	cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0::::enterprise:::
	cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:::::::*
	cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:::::::*
	cpe:2.3:a:oracle:communications_messaging_server:8.1:::::::*
	cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
	cpe:2.3:a:oracle:communications_offline_mediation_controller::::::::
	cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:::::::*
	cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module::::::::
	cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:::::::*
	cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:8.1.0:::::::*
	cpe:2.3:a:oracle:hyperion_data_relationship_management::::::::
	cpe:2.3:a:oracle:hyperion_infrastructure_technology::::::::
	cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Package	CPE	Advisory	Released Date
EAP 6.4.24 release
	cpe:/a:redhat:jboss_enterprise_application_platform:6	RHSA-2022:5458	2022-06-30T00:00:00Z
EAP 6.4 log4j async
log4j	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2022:0437	2022-02-03T00:00:00Z
EAP 7.4.4 release
log4j	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:1299	2022-04-11T00:00:00Z
EAP 7.4 log4j async
log4j	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:0435	2022-02-03T00:00:00Z
Red Hat AMQ Streams 1.6.7
	cpe:/a:redhat:amq_streams:1	RHSA-2022:0467	2022-02-08T00:00:00Z
Red Hat AMQ Streams 2.0.1
log4j	cpe:/a:redhat:amq_streams:2	RHSA-2022:0469	2022-02-08T00:00:00Z
Red Hat Data Grid 7.3.9
log4j	cpe:/a:redhat:jboss_data_grid:7.3	RHSA-2022:0430	2022-02-03T00:00:00Z
Red Hat Enterprise Linux 6 Extended Lifecycle Support
log4j-0:1.2.14-6.6.el6_10	cpe:/o:redhat:rhel_els:6	RHSA-2022:0442	2022-02-07T00:00:00Z
Red Hat Enterprise Linux 7
log4j-0:1.2.17-18.el7_4	cpe:/o:redhat:enterprise_linux:7	RHSA-2022:0442	2022-02-07T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
log4j-0:1.2.17-17.el7_3	cpe:/o:redhat:rhel_aus:7.3	RHSA-2022:0442	2022-02-07T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
log4j-0:1.2.17-18.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2022:0442	2022-02-07T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)
log4j-0:1.2.17-18.el7_4	cpe:/o:redhat:rhel_aus:7.6	RHSA-2022:0442	2022-02-07T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support
log4j-0:1.2.17-18.el7_4	cpe:/o:redhat:rhel_tus:7.6	RHSA-2022:0442	2022-02-07T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
log4j-0:1.2.17-18.el7_4	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2022:0442	2022-02-07T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
log4j-0:1.2.17-18.el7_4	cpe:/o:redhat:rhel_aus:7.7	RHSA-2022:0442	2022-02-07T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support
log4j-0:1.2.17-18.el7_4	cpe:/o:redhat:rhel_tus:7.7	RHSA-2022:0442	2022-02-07T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
log4j-0:1.2.17-18.el7_4	cpe:/o:redhat:rhel_e4s:7.7	RHSA-2022:0442	2022-02-07T00:00:00Z
Red Hat Enterprise Linux 8
parfait:0.5-8050020220124063900.6b489b78	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:0290	2022-01-26T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
parfait:0.5-8010020220124232535.d5701770	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2022:0294	2022-01-26T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
parfait:0.5-8020020220124231008.1c5d4e8a	cpe:/a:redhat:rhel_eus:8.2	RHSA-2022:0291	2022-01-26T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
parfait:0.5-8040020220124230039.d304d9ed	cpe:/a:redhat:rhel_eus:8.4	RHSA-2022:0289	2022-01-26T00:00:00Z
Red Hat Fuse 7.10.1
log4j	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:0661	2022-02-23T00:00:00Z
Red Hat Fuse/AMQ 6.3.20
log4j	cpe:/a:redhat:jboss_amq:6.3	RHSA-2022:0553	2022-02-15T00:00:00Z
log4j	cpe:/a:redhat:jboss_fuse:6.3	RHSA-2022:0553	2022-02-15T00:00:00Z
Red Hat JBoss Data Virtualization 6.4.8.SP1
log4j	cpe:/a:redhat:jboss_data_virtualization:6.4	RHSA-2022:0497	2022-02-09T00:00:00Z
Red Hat JBoss Data Virtualization 6.4.8.SP2
log4j	cpe:/a:redhat:jboss_data_virtualization:6.4	RHSA-2022:0507	2022-02-10T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:0438	2022-02-03T00:00:00Z
log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:0438	2022-02-03T00:00:00Z
jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2022:5459	2022-06-30T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:0438	2022-02-03T00:00:00Z
log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:0438	2022-02-03T00:00:00Z
jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2022:5460	2022-06-30T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:5856	2024-08-26T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2022:0436	2022-02-03T00:00:00Z
eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2022:1297	2022-04-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2022:0436	2022-02-03T00:00:00Z
eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2022:1296	2022-04-11T00:00:00Z
Red Hat JBoss Web Server 3.1
log4j-eap6	cpe:/a:redhat:jboss_enterprise_web_server:3.1	RHSA-2022:0527	2022-02-14T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
tomcat7-0:7.0.70-46.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
tomcat8-0:8.0.36-49.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
tomcat-native-0:1.2.23-26.redhat_26.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2022:0524	2022-02-14T00:00:00Z
Red Hat Single Sign-On 7.4.10
log4j	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2022:0446	2022-02-07T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 7
rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el7	RHSA-2022:0447	2022-02-07T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 8
rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el8	RHSA-2022:0448	2022-02-07T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-maven36-log4j12-0:1.2.17-23.4.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2022:0439	2022-02-03T00:00:00Z
Red Hat Virtualization Engine 4.4
org.ovirt.engine-root-0:4.4.10.6-1	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2022:0475	2022-02-08T00:00:00Z
snmp4j-0:3.6.4-0.1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2022:0475	2022-02-08T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso74-openshift-rhel8:7.4-45	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0444	2022-02-07T00:00:00Z
rh-sso-7/sso74-openj9-openshift-rhel8:7.4-60	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0445	2022-02-07T00:00:00Z
rh-sso-7/sso75-openshift-rhel8:7.5-17	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0450	2022-02-07T00:00:00Z
rh-sso-7/sso7-rhel8-operator-bundle:7.5.1-9	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:0450	2022-02-07T00:00:00Z
RHSSO 7.5.1
log4j	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2022:0449	2022-02-07T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2905-1	apache-log4j1.2 security update
EUVD	EUVD-2022-0721	JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Github GHSA	GHSA-w9p3-5cr8-m3jj	Deserialization of Untrusted Data in Log4j 1.x
Ubuntu USN	USN-5998-1	Apache Log4j vulnerabilities
Ubuntu USN	USN-7590-1	Apache Log4j vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

Users should upgrade to Log4j 2 or remove usage of the JMSSink from their configurations.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/01/18/3
https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w
https://logging.apache.org/log4j/1.2/index.html
https://nvd.nist.gov/vuln/detail/CVE-2022-23302
https://security.netapp.com/advisory/ntap-20220217-0006/
https://www.cve.org/CVERecord?id=CVE-2022-23302
https://www.openwall.com/lists/oss-security/2022/01/18/3
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.vicarius.io/vsociety/posts/cve-2022-23302-detect-log4j-1217-vulnerability
https://www.vicarius.io/vsociety/posts/cve-2022-23302-mitigate-log4j-1217-vulnerability

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00476}`	epss `{'score': 0.00492}`

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0049}`	epss `{'score': 0.00476}`

Mon, 07 Jul 2025 18:30:00 +0000

Type	Values Removed	Values Added
References		https://www.vicarius.io/vsociety/posts/cve-2022-23302-detect-log4j-1217-vulnerability https://www.vicarius.io/vsociety/posts/cve-2022-23302-mitigate-log4j-1217-vulnerability

Mon, 26 Aug 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-01-18T15:25:20.000Z

Updated: 2025-07-07T17:47:01.136Z

Reserved: 2022-01-16T00:00:00.000Z

Link: CVE-2022-23302

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-18T16:15:08.300

Modified: 2025-07-07T18:15:24.713

Link: CVE-2022-23302

Redhat

Severity : Moderate

Publid Date: 2022-01-18T00:00:00Z

Links: CVE-2022-23302 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object