{"containers": {"cna": {"affected": [{"product": "Apache Log4j 1.x", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "1.2.1", "versionType": "custom"}, {"lessThanOrEqual": "2.0-alpha1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "@kingkk"}], "descriptions": [{"lang": "en", "value": "CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists."}], "metrics": [{"other": {"content": {"other": "Critical"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-25T16:49:30", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "source": {"discovery": "UNKNOWN"}, "title": " A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.", "workarounds": [{"lang": "en", "value": "Upgrade to Apache Log4j 2 and Apache Chainsaw 2.1.0."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-23307", "STATE": "PUBLIC", "TITLE": " A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Log4j 1.x", "version": {"version_data": [{"version_affected": ">=", "version_value": "1.2.1"}, {"version_affected": "<=", "version_value": "2.0-alpha1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "@kingkk"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "Critical"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-502 Deserialization of Untrusted Data"}]}]}, "references": {"reference_data": [{"name": "https://logging.apache.org/log4j/1.2/index.html", "refsource": "MISC", "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"name": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh", "refsource": "MISC", "url": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}, "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Upgrade to Apache Log4j 2 and Apache Chainsaw 2.1.0."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:36:20.396Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-23307", "datePublished": "2022-01-18T15:25:23", "dateReserved": "2022-01-17T00:00:00", "dateUpdated": "2024-08-03T03:36:20.396Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A0D9BED-411E-4E62-A281-237D3C90FFEB", "versionEndExcluding": "2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "56EF3EFE-3632-4CDD-90EF-D2E614E05886", "versionEndExcluding": "2.0", "versionStartIncluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB681829-2B2A-4BDB-8DC5-B3C7D359F4C5", "versionEndExcluding": "1.2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "0331158C-BBE0-42DB-8180-EB1FCD290567", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11", "versionEndExcluding": "12.0.0.4.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "86EF205C-9CB1-4772-94D1-0B744EF3342D", "versionEndExcluding": "2.2.1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6ED0EE39-C080-4E75-AE0F-3859B57EF851", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "054B56E0-F11B-4939-B7E1-E722C67A041A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "250A493C-E052-4978-ABBE-786DC8038448", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E2B771B-230A-4811-94D7-065C2722E428", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E67501BE-206A-49FD-8CBA-22935DF917F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", "matchCriteriaId": "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4", "versionEndExcluding": "11.2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1489DDA7-EDBE-404C-B48D-F0B52B741708", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "535BC19C-21A1-48E3-8CC0-B276BA5D494E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EA92D-9F26-4292-991A-891597337DFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", "versionEndIncluding": "8.0.29", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "30501D23-5044-477A-8DC3-7610126AEFD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB7D0A30-3986-49AB-B7F3-DAE0024504BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists."}, {"lang": "es", "value": "CVE-2020-9493 identific\u00f3 un problema de deserializaci\u00f3n presente en Apache Chainsaw. Versiones anteriores a Chainsaw V2.0 Chainsaw era un componente de Apache Log4j versiones 1.2.x donde se presenta el mismo problema"}], "id": "CVE-2022-23307", "lastModified": "2023-02-24T15:29:49.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-18T16:15:08.403", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://logging.apache.org/log4j/1.2/index.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "security@apache.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5458", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "product_name": "EAP 6.4.24 release", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:0437", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4", "impact": "low", "package": "log4j", "product_name": "EAP 6.4 log4j async", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:1299", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "log4j", "product_name": "EAP 7.4.4 release", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:0435", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "log4j", "product_name": "EAP 7.4 log4j async", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0467", "cpe": "cpe:/a:redhat:amq_streams:1", "product_name": "Red Hat AMQ Streams 1.6.7", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0469", "cpe": "cpe:/a:redhat:amq_streams:2", "package": "log4j", "product_name": "Red Hat AMQ Streams 2.0.1", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0430", "cpe": "cpe:/a:redhat:jboss_data_grid:7.3", "impact": "low", "package": "log4j", "product_name": "Red Hat Data Grid 7.3.9", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "log4j-0:1.2.14-6.6.el6_10", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "log4j-0:1.2.17-17.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0442", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "log4j-0:1.2.17-18.el7_4", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0290", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "parfait:0.5-8050020220124063900.6b489b78", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0294", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "parfait:0.5-8010020220124232535.d5701770", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0291", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "parfait:0.5-8020020220124231008.1c5d4e8a", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0289", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "parfait:0.5-8040020220124230039.d304d9ed", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-01-26T00:00:00Z"}, {"advisory": "RHSA-2022:0661", "cpe": "cpe:/a:redhat:jboss_fuse:7", "impact": "moderate", "package": "log4j", "product_name": "Red Hat Fuse 7.10.1", "release_date": "2022-02-23T00:00:00Z"}, {"advisory": "RHSA-2022:0553", "cpe": "cpe:/a:redhat:jboss_amq:6.3", "impact": "moderate", "package": "log4j", "product_name": "Red Hat Fuse/AMQ 6.3.20", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0553", "cpe": "cpe:/a:redhat:jboss_fuse:6.3", "package": "log4j", "product_name": "Red Hat Fuse/AMQ 6.3.20", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0497", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.4", "package": "log4j", "product_name": "Red Hat JBoss Data Virtualization 6.4.8.SP1", "release_date": "2022-02-09T00:00:00Z"}, {"advisory": "RHSA-2022:0507", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.4", "package": "log4j", "product_name": "Red Hat JBoss Data Virtualization 6.4.8.SP2", "release_date": "2022-02-10T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "impact": "low", "package": "jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0438", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "log4j-jboss-logmanager-0:1.1.4-3.Final_redhat_00002.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-appclient-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-bundles-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-cli-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-client-all-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-clustering-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-cmp-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-connector-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-controller-client-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-core-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-core-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-deployment-repository-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-deployment-scanner-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-domain-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-domain-http-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-domain-management-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-ee-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-ee-deployment-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-ejb3-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-embedded-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-host-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jacorb-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-javadocs-0:7.5.24-1.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jaxr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jaxrs-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jdr-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jpa-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jsf-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-jsr77-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-logging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-mail-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-management-client-content-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-messaging-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-modcluster-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-modules-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-naming-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-network-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-osgi-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-osgi-configadmin-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-osgi-service-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-picketlink-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-platform-mbean-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-pojo-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-process-controller-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-product-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-protocol-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-remoting-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-sar-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-security-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-server-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-standalone-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-system-jmx-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-threads-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-transactions-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-version-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-web-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-webservices-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossas-welcome-content-eap-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-weld-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jboss-as-xts-0:7.5.24-2.Final_redhat_00001.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossts-1:4.17.45-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2022:5460", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "impact": "low", "package": "jbossweb-0:7.5.32-2.Final_redhat_1.2.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2022-06-30T00:00:00Z"}, {"advisory": "RHSA-2024:5856", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2022:0436", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:1297", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:0436", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:1296", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-log4j-0:2.17.1-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:0527", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1", "impact": "low", "package": "log4j-eap6", "product_name": "Red Hat JBoss Web Server 3.1", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "log4j-eap6-0:1.2.17-3.redhat_00008.1.ep6.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "tomcat7-0:7.0.70-46.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "tomcat8-0:8.0.36-49.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0524", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "impact": "low", "package": "tomcat-native-0:1.2.23-26.redhat_26.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0446", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "impact": "low", "package": "log4j", "product_name": "Red Hat Single Sign-On 7.4.10", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0447", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7", "impact": "low", "package": "rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el7sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 7", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0448", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8", "impact": "low", "package": "rh-sso7-keycloak-0:15.0.4-1.redhat_00003.1.el8sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 8", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0439", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-maven36-log4j12-0:1.2.17-23.4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2022-02-03T00:00:00Z"}, {"advisory": "RHSA-2022:0475", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "impact": "low", "package": "org.ovirt.engine-root-0:4.4.10.6-1", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0475", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "impact": "low", "package": "snmp4j-0:3.6.4-0.1.el8ev", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2022-02-08T00:00:00Z"}, {"advisory": "RHSA-2022:0444", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso74-openshift-rhel8:7.4-45", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0445", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso74-openj9-openshift-rhel8:7.4-60", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0450", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "redhat-sso-7-sso75-openshift-rhel8-container-7.5-17", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0450", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso7-rhel8-operator-bundle:7.5.1-9", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-02-07T00:00:00Z"}, {"advisory": "RHSA-2022:0449", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "impact": "low", "package": "log4j", "product_name": "RHSSO 7.5.1", "release_date": "2022-02-07T00:00:00Z"}], "bugzilla": {"description": "log4j: Unsafe deserialization flaw in Chainsaw log viewer", "id": "2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-502", "details": ["CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.", "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run."], "mitigation": {"lang": "en:us", "value": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)"}, "name": "CVE-2022-23307", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Affected", "impact": "moderate", "package_name": "log4j", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "impact": "moderate", "package_name": "log4j", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_developer_studio:12.", "fix_state": "Affected", "package_name": "log4j", "product_name": "Red Hat CodeReady Studio 12"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Integration Camel Quarkus"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "log4j", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Out of support scope", "impact": "low", "package_name": "log4j", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "hadoop-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-metering-hive", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-metering-presto", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "log4j-over-slf4j", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "ovirt-engine", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "ovirt-engine-extension-logger-log4j", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "vdsm-jsonrpc-java", "product_name": "Red Hat Virtualization 4"}], "public_date": "2022-01-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-23307\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23307\nhttps://www.openwall.com/lists/oss-security/2022/01/18/5"], "statement": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", "threat_severity": "Important"}